openssl-qoriq: update to 1.1.0

*update to lsdk 1809 tag include the following changes: c2300d1 - eng_cryptodev: add support for TLS algorithms offload b2758a2 - Prepare for 1.1.0g release 6190960 - Update CHANGES and NEWS for new release 4443cf7 - bn/asm/x86_64-mont5.pl: fix carry bug in bn_sqrx8x_internal. b701fa8 - Fix small but important regression ab91952 - Address a timing side channel whereby it is possible to determine some 7184480 - Address a timing side channel whereby it is possible to determine some bb0c588 - Travis: Add a docs checking job df45d1a - docs: assign section 7 where appropriate 847685c - doc/crypto/OPENSSL_secure_malloc: add missing names 4401e28 - docs: fixup OpenSSL version style 41d74a5 - Adapt util/find-doc-nits back to 1.1.0 7fb4278 - Fix EVP_PKEY_ASN1_METHOD manual 0d9fece - afalg: Fix kernel version check a0c2626 - afalg: Use eventfd2 syscall instead of eventfd 605fa68 - EVP_PKEY_asn1_add0(): Check that this method isn't already registered 6088fb7 - Document EVP_PKEY_ASN1_METHOD and associated functions 5a3d24a - Only reset the ctx when a cipher is given 257a03c - Add missing paren. *update to 1.1.1 Signed-off-by: Chunrong Guo <chunrong.guo@nxp.com> Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
author: Chunrong Guo <chunrong.guo@nxp.com> 2018-09-29 16:59:47 +0800
committer: Otavio Salvador <otavio@ossystems.com.br> 2018-10-01 13:51:02 -0300
commit: 948d257eee170bf1d6dc40a01d9bf17a3c3549b9 (patch)
tree: 2602d7d34fe85807f1b45c97821c9bb5ae4e9db0 /recipes-connectivity/openssl/openssl-qoriq/Use-SHA256-not-MD5-as-default-digest.patch
parent: 6c2aabd5a2f5e81c1f1b18df20523cd12d6a344e (diff)
download: meta-freescale-948d257eee170bf1d6dc40a01d9bf17a3c3549b9.tar.gz
1 files changed, 0 insertions, 69 deletions
diff --git a/recipes-connectivity/openssl/openssl-qoriq/Use-SHA256-not-MD5-as-default-digest.patch b/recipes-connectivity/openssl/openssl-qoriq/Use-SHA256-not-MD5-as-default-digest.patch
deleted file mode 100644
index 58c9ee78..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/Use-SHA256-not-MD5-as-default-digest.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From d795f5f20a29adecf92c09459a3ee07ffac01a99 Mon Sep 17 00:00:00 2001
-From: Rich Salz <rsalz@akamai.com>
-Date: Sat, 13 Jun 2015 17:03:39 -0400
-Subject: [PATCH] Use SHA256 not MD5 as default digest.
-Commit f8547f62c212837dbf44fb7e2755e5774a59a57b upstream.
-Upstream-Status: Backport
-Backport from OpenSSL 2.0 to OpenSSL 1.0.2
-Commit f8547f62c212837dbf44fb7e2755e5774a59a57b   
-CVE: CVE-2004-2761
-    The MD5 Message-Digest Algorithm is not collision resistant,
-    which makes it easier for context-dependent attackers to            
-    conduct spoofing attacks, as demonstrated by attacks on the     
-    use of MD5 in the signature algorithm of an X.509 certificate.     
-Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>     
-Signed-off-by: T.O. Radzy Radzykewycz <radzy@windriver.com> 
---
- apps/ca.c   | 2 +-
- apps/dgst.c | 2 +-
- apps/enc.c  | 2 +-
- 3 files changed, 3 insertions(+), 3 deletions(-)
-diff --git a/apps/ca.c b/apps/ca.c
-index 3b7336c..8f3a84b 100644
--- a/apps/ca.c
-+++ b/apps/ca.c
-@@ -1612,7 +1612,7 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
-     } else
-         BIO_printf(bio_err, "Signature ok\n");
- 
-    if ((rreq = X509_to_X509_REQ(req, NULL, EVP_md5())) == NULL)
-+    if ((rreq = X509_to_X509_REQ(req, NULL, NULL)) == NULL)
-         goto err;
- 
-     ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj,
-diff --git a/apps/dgst.c b/apps/dgst.c
-index 95e5fa3..0d1529f 100644
--- a/apps/dgst.c
-+++ b/apps/dgst.c
-@@ -442,7 +442,7 @@ int MAIN(int argc, char **argv)
-             goto end;
-         }
-         if (md == NULL)
-            md = EVP_md5();
-+            md = EVP_sha256();
-         if (!EVP_DigestInit_ex(mctx, md, impl)) {
-             BIO_printf(bio_err, "Error setting digest %s\n", pname);
-             ERR_print_errors(bio_err);
-diff --git a/apps/enc.c b/apps/enc.c
-index 7b7c70b..a7d944c 100644
--- a/apps/enc.c
-+++ b/apps/enc.c
-@@ -344,7 +344,7 @@ int MAIN(int argc, char **argv)
-     }
- 
-     if (dgst == NULL) {
-        dgst = EVP_md5();
-+        dgst = EVP_sha256();
-     }
- 
-     if (bufsize != NULL) {
-- 
-1.9.1
author	Chunrong Guo <chunrong.guo@nxp.com>	2018-09-29 16:59:47 +0800
committer	Otavio Salvador <otavio@ossystems.com.br>	2018-10-01 13:51:02 -0300
commit	948d257eee170bf1d6dc40a01d9bf17a3c3549b9 (patch)
tree	2602d7d34fe85807f1b45c97821c9bb5ae4e9db0 /recipes-connectivity/openssl/openssl-qoriq/Use-SHA256-not-MD5-as-default-digest.patch
parent	6c2aabd5a2f5e81c1f1b18df20523cd12d6a344e (diff)
download	meta-freescale-948d257eee170bf1d6dc40a01d9bf17a3c3549b9.tar.gz

diff --git a/recipes-connectivity/openssl/openssl-qoriq/Use-SHA256-not-MD5-as-default-digest.patch b/recipes-connectivity/openssl/openssl-qoriq/Use-SHA256-not-MD5-as-default-digest.patch deleted file mode 100644 index 58c9ee78..00000000 --- a/recipes-connectivity/openssl/openssl-qoriq/Use-SHA256-not-MD5-as-default-digest.patch +++ /dev/null
@@ -1,69 +0,0 @@
1	From d795f5f20a29adecf92c09459a3ee07ffac01a99 Mon Sep 17 00:00:00 2001
2	From: Rich Salz <rsalz@akamai.com>
3	Date: Sat, 13 Jun 2015 17:03:39 -0400
4	Subject: [PATCH] Use SHA256 not MD5 as default digest.
5
6	Commit f8547f62c212837dbf44fb7e2755e5774a59a57b upstream.
7
8	Upstream-Status: Backport
9	Backport from OpenSSL 2.0 to OpenSSL 1.0.2
10	Commit f8547f62c212837dbf44fb7e2755e5774a59a57b
11
12	CVE: CVE-2004-2761
13
14	The MD5 Message-Digest Algorithm is not collision resistant,
15	which makes it easier for context-dependent attackers to
16	conduct spoofing attacks, as demonstrated by attacks on the
17	use of MD5 in the signature algorithm of an X.509 certificate.
18
19	Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
20	Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
21	Signed-off-by: T.O. Radzy Radzykewycz <radzy@windriver.com>
22	---
23	apps/ca.c \| 2 +-
24	apps/dgst.c \| 2 +-
25	apps/enc.c \| 2 +-
26	3 files changed, 3 insertions(+), 3 deletions(-)
27
28	diff --git a/apps/ca.c b/apps/ca.c
29	index 3b7336c..8f3a84b 100644
30	--- a/apps/ca.c
31	+++ b/apps/ca.c
32	@@ -1612,7 +1612,7 @@ static int certify_cert(X509 *xret, char infile, EVP_PKEY pkey, X509 x509,
33	} else
34	BIO_printf(bio_err, "Signature ok\n");
35
36	- if ((rreq = X509_to_X509_REQ(req, NULL, EVP_md5())) == NULL)
37	+ if ((rreq = X509_to_X509_REQ(req, NULL, NULL)) == NULL)
38	goto err;
39
40	ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj,
41	diff --git a/apps/dgst.c b/apps/dgst.c
42	index 95e5fa3..0d1529f 100644
43	--- a/apps/dgst.c
44	+++ b/apps/dgst.c
45	@@ -442,7 +442,7 @@ int MAIN(int argc, char **argv)
46	goto end;
47	}
48	if (md == NULL)
49	- md = EVP_md5();
50	+ md = EVP_sha256();
51	if (!EVP_DigestInit_ex(mctx, md, impl)) {
52	BIO_printf(bio_err, "Error setting digest %s\n", pname);
53	ERR_print_errors(bio_err);
54	diff --git a/apps/enc.c b/apps/enc.c
55	index 7b7c70b..a7d944c 100644
56	--- a/apps/enc.c
57	+++ b/apps/enc.c
58	@@ -344,7 +344,7 @@ int MAIN(int argc, char **argv)
59	}
60
61	if (dgst == NULL) {
62	- dgst = EVP_md5();
63	+ dgst = EVP_sha256();
64	}
65
66	if (bufsize != NULL) {
67	--
68	1.9.1
69