summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSona Sarmadi <sona.sarmadi@enea.com>2017-03-16 10:54:31 +0100
committerAdrian Dudau <adrian.dudau@enea.com>2017-03-21 11:29:21 +0100
commit7e14191bb3bf457907727f3125e5cbc846d39b9f (patch)
tree9770da8380271fe318845b69262590263ee0ebe9
parentdfde5b94e82264ea16a189252d615d67366e3d98 (diff)
downloadpoky-7e14191bb3bf457907727f3125e5cbc846d39b9f.tar.gz
openssl: upgrade to 1.0.2k
Following vulnerabilities have been solved between 1.0.2h and 1.0.2k releases: Vulnerabilities detected in 1.0.2h and fixed in 1.0.2i ====================================================== Ref: https://www.openssl.org/news/secadv/20160922.txt CVE-2016-6304 (High): OCSP Status Request extension unbounded memory growth CVE-2016-2183 (Low): SWEET32 Mitigation CVE-2016-6303 (Low): OOB write in MDC2_Update() CVE-2016-6302 (Low): Malformed SHA512 ticket DoS CVE-2016-2182 (Low): OOB write in BN_bn2dec() CVE-2016-2180 (Low): OOB read in TS_OBJ_print_bio() CVE-2016-2177 (Low): Pointer arithmetic undefined behaviour CVE-2016-2178 (Low): Constant time flag not preserved in DSA signing CVE-2016-2179 (Low): DTLS buffered message DoS CVE-2016-2181 (Low): DTLS replay protection DoS CVE-2016-6306 (Low): Certificate message OOB reads Vulnerabilities detected in 1.0.ih and fixed in 1.0.2j ====================================================== https://www.openssl.org/news/secadv/20160926.txt CVE-2016-7052 (Moderate): This issue only affects OpenSSL 1.0.2i 1.0.2j - 1.0.2k Vulnerabilities detected in 1.0.2j and fixed in 1.0.2k ====================================================== CVE-2017-3731 (Moderate): For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k CVE-2017-3732 (Moderate): BN_mod_exp may produce incorrect results on x86_64 CVE-2016-7055 (Low): Montgomery multiplication may produce incorrect results References: https://www.openssl.org/news/secadv/20160922.txt https://www.openssl.org/news/secadv/20160926.txt https://www.openssl.org/news/secadv/20170126.txt Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
-rw-r--r--meta/recipes-connectivity/openssl/openssl/Use-SHA256-not-MD5-as-default-digest.patch69
-rw-r--r--meta/recipes-connectivity/openssl/openssl/debian/ca.patch2
-rw-r--r--meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh222
-rw-r--r--meta/recipes-connectivity/openssl/openssl/openssl-util-perlpath.pl-cwd.patch35
-rw-r--r--meta/recipes-connectivity/openssl/openssl/parallel.patch17
-rw-r--r--meta/recipes-connectivity/openssl/openssl_1.0.2k.bb (renamed from meta/recipes-connectivity/openssl/openssl_1.0.2h.bb)20
6 files changed, 347 insertions, 18 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/Use-SHA256-not-MD5-as-default-digest.patch b/meta/recipes-connectivity/openssl/openssl/Use-SHA256-not-MD5-as-default-digest.patch
new file mode 100644
index 0000000000..e6e297e47f
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/Use-SHA256-not-MD5-as-default-digest.patch
@@ -0,0 +1,69 @@
1From d795f5f20a29adecf92c09459a3ee07ffac01a99 Mon Sep 17 00:00:00 2001
2From: Rich Salz <rsalz@akamai.com>
3Date: Sat, 13 Jun 2015 17:03:39 -0400
4Subject: [PATCH] Use SHA256 not MD5 as default digest.
5
6Commit f8547f62c212837dbf44fb7e2755e5774a59a57b upstream.
7
8Upstream-Status: Backport
9Backport from OpenSSL 2.0 to OpenSSL 1.0.2
10Commit f8547f62c212837dbf44fb7e2755e5774a59a57b
11
12CVE: CVE-2004-2761
13
14 The MD5 Message-Digest Algorithm is not collision resistant,
15 which makes it easier for context-dependent attackers to
16 conduct spoofing attacks, as demonstrated by attacks on the
17 use of MD5 in the signature algorithm of an X.509 certificate.
18
19Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
20Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
21Signed-off-by: T.O. Radzy Radzykewycz <radzy@windriver.com>
22---
23 apps/ca.c | 2 +-
24 apps/dgst.c | 2 +-
25 apps/enc.c | 2 +-
26 3 files changed, 3 insertions(+), 3 deletions(-)
27
28diff --git a/apps/ca.c b/apps/ca.c
29index 3b7336c..8f3a84b 100644
30--- a/apps/ca.c
31+++ b/apps/ca.c
32@@ -1612,7 +1612,7 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
33 } else
34 BIO_printf(bio_err, "Signature ok\n");
35
36- if ((rreq = X509_to_X509_REQ(req, NULL, EVP_md5())) == NULL)
37+ if ((rreq = X509_to_X509_REQ(req, NULL, NULL)) == NULL)
38 goto err;
39
40 ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj,
41diff --git a/apps/dgst.c b/apps/dgst.c
42index 95e5fa3..0d1529f 100644
43--- a/apps/dgst.c
44+++ b/apps/dgst.c
45@@ -442,7 +442,7 @@ int MAIN(int argc, char **argv)
46 goto end;
47 }
48 if (md == NULL)
49- md = EVP_md5();
50+ md = EVP_sha256();
51 if (!EVP_DigestInit_ex(mctx, md, impl)) {
52 BIO_printf(bio_err, "Error setting digest %s\n", pname);
53 ERR_print_errors(bio_err);
54diff --git a/apps/enc.c b/apps/enc.c
55index 7b7c70b..a7d944c 100644
56--- a/apps/enc.c
57+++ b/apps/enc.c
58@@ -344,7 +344,7 @@ int MAIN(int argc, char **argv)
59 }
60
61 if (dgst == NULL) {
62- dgst = EVP_md5();
63+ dgst = EVP_sha256();
64 }
65
66 if (bufsize != NULL) {
67--
681.9.1
69
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/ca.patch b/meta/recipes-connectivity/openssl/openssl/debian/ca.patch
index aba4d42983..fb745e4394 100644
--- a/meta/recipes-connectivity/openssl/openssl/debian/ca.patch
+++ b/meta/recipes-connectivity/openssl/openssl/debian/ca.patch
@@ -7,7 +7,7 @@ Index: openssl-0.9.8m/apps/CA.pl.in
7@@ -65,6 +65,7 @@ 7@@ -65,6 +65,7 @@
8 foreach (@ARGV) { 8 foreach (@ARGV) {
9 if ( /^(-\?|-h|-help)$/ ) { 9 if ( /^(-\?|-h|-help)$/ ) {
10 print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; 10 print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n";
11+ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n"; 11+ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n";
12 exit 0; 12 exit 0;
13 } elsif (/^-newcert$/) { 13 } elsif (/^-newcert$/) {
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh b/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh
new file mode 100644
index 0000000000..6620fdcb53
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh
@@ -0,0 +1,222 @@
1#!/bin/sh
2#
3# Ben Secrest <blsecres@gmail.com>
4#
5# sh c_rehash script, scan all files in a directory
6# and add symbolic links to their hash values.
7#
8# based on the c_rehash perl script distributed with openssl
9#
10# LICENSE: See OpenSSL license
11# ^^acceptable?^^
12#
13
14# default certificate location
15DIR=/etc/openssl
16
17# for filetype bitfield
18IS_CERT=$(( 1 << 0 ))
19IS_CRL=$(( 1 << 1 ))
20
21
22# check to see if a file is a certificate file or a CRL file
23# arguments:
24# 1. the filename to be scanned
25# returns:
26# bitfield of file type; uses ${IS_CERT} and ${IS_CRL}
27#
28check_file()
29{
30 local IS_TYPE=0
31
32 # make IFS a newline so we can process grep output line by line
33 local OLDIFS=${IFS}
34 IFS=$( printf "\n" )
35
36 # XXX: could be more efficient to have two 'grep -m' but is -m portable?
37 for LINE in $( grep '^-----BEGIN .*-----' ${1} )
38 do
39 if echo ${LINE} \
40 | grep -q -E '^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----'
41 then
42 IS_TYPE=$(( ${IS_TYPE} | ${IS_CERT} ))
43
44 if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ]
45 then
46 break
47 fi
48 elif echo ${LINE} | grep -q '^-----BEGIN X509 CRL-----'
49 then
50 IS_TYPE=$(( ${IS_TYPE} | ${IS_CRL} ))
51
52 if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ]
53 then
54 break
55 fi
56 fi
57 done
58
59 # restore IFS
60 IFS=${OLDIFS}
61
62 return ${IS_TYPE}
63}
64
65
66#
67# use openssl to fingerprint a file
68# arguments:
69# 1. the filename to fingerprint
70# 2. the method to use (x509, crl)
71# returns:
72# none
73# assumptions:
74# user will capture output from last stage of pipeline
75#
76fingerprint()
77{
78 ${SSL_CMD} ${2} -fingerprint -noout -in ${1} | sed 's/^.*=//' | tr -d ':'
79}
80
81
82#
83# link_hash - create links to certificate files
84# arguments:
85# 1. the filename to create a link for
86# 2. the type of certificate being linked (x509, crl)
87# returns:
88# 0 on success, 1 otherwise
89#
90link_hash()
91{
92 local FINGERPRINT=$( fingerprint ${1} ${2} )
93 local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} )
94 local SUFFIX=0
95 local LINKFILE=''
96 local TAG=''
97
98 if [ ${2} = "crl" ]
99 then
100 TAG='r'
101 fi
102
103 LINKFILE=${HASH}.${TAG}${SUFFIX}
104
105 while [ -f ${LINKFILE} ]
106 do
107 if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ]
108 then
109 echo "NOTE: Skipping duplicate file ${1}" >&2
110 return 1
111 fi
112
113 SUFFIX=$(( ${SUFFIX} + 1 ))
114 LINKFILE=${HASH}.${TAG}${SUFFIX}
115 done
116
117 echo "${3} => ${LINKFILE}"
118
119 # assume any system with a POSIX shell will either support symlinks or
120 # do something to handle this gracefully
121 ln -s ${3} ${LINKFILE}
122
123 return 0
124}
125
126
127# hash_dir create hash links in a given directory
128hash_dir()
129{
130 echo "Doing ${1}"
131
132 cd ${1}
133
134 ls -1 * 2>/dev/null | while read FILE
135 do
136 if echo ${FILE} | grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \
137 && [ -h "${FILE}" ]
138 then
139 rm ${FILE}
140 fi
141 done
142
143 ls -1 *.pem *.cer *.crt *.crl 2>/dev/null | while read FILE
144 do
145 REAL_FILE=${FILE}
146 # if we run on build host then get to the real files in rootfs
147 if [ -n "${SYSROOT}" -a -h ${FILE} ]
148 then
149 FILE=$( readlink ${FILE} )
150 # check the symlink is absolute (or dangling in other word)
151 if [ "x/" = "x$( echo ${FILE} | cut -c1 -)" ]
152 then
153 REAL_FILE=${SYSROOT}/${FILE}
154 fi
155 fi
156
157 check_file ${REAL_FILE}
158 local FILE_TYPE=${?}
159 local TYPE_STR=''
160
161 if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ]
162 then
163 TYPE_STR='x509'
164 elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ]
165 then
166 TYPE_STR='crl'
167 else
168 echo "NOTE: ${FILE} does not contain a certificate or CRL: skipping" >&2
169 continue
170 fi
171
172 link_hash ${REAL_FILE} ${TYPE_STR} ${FILE}
173 done
174}
175
176
177# choose the name of an ssl application
178if [ -n "${OPENSSL}" ]
179then
180 SSL_CMD=$(which ${OPENSSL} 2>/dev/null)
181else
182 SSL_CMD=/usr/bin/openssl
183 OPENSSL=${SSL_CMD}
184 export OPENSSL
185fi
186
187# fix paths
188PATH=${PATH}:${DIR}/bin
189export PATH
190
191# confirm existance/executability of ssl command
192if ! [ -x ${SSL_CMD} ]
193then
194 echo "${0}: rehashing skipped ('openssl' program not available)" >&2
195 exit 0
196fi
197
198# determine which directories to process
199old_IFS=$IFS
200if [ ${#} -gt 0 ]
201then
202 IFS=':'
203 DIRLIST=${*}
204elif [ -n "${SSL_CERT_DIR}" ]
205then
206 DIRLIST=$SSL_CERT_DIR
207else
208 DIRLIST=${DIR}/certs
209fi
210
211IFS=':'
212
213# process directories
214for CERT_DIR in ${DIRLIST}
215do
216 if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ]
217 then
218 IFS=$old_IFS
219 hash_dir ${CERT_DIR}
220 IFS=':'
221 fi
222done
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-util-perlpath.pl-cwd.patch b/meta/recipes-connectivity/openssl/openssl/openssl-util-perlpath.pl-cwd.patch
new file mode 100644
index 0000000000..e975a4e7db
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/openssl-util-perlpath.pl-cwd.patch
@@ -0,0 +1,35 @@
1From e427748f3bb5d37e78dc8d70a558c373aa8ababb Mon Sep 17 00:00:00 2001
2From: Robert Yang <liezhi.yang@windriver.com>
3Date: Mon, 19 Sep 2016 22:06:28 -0700
4Subject: [PATCH] util/perlpath.pl: make it work when cwd is not in @INC
5
6Fixed when building on Debian-testing:
7| Can't locate find.pl in @INC (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.22.2 /usr/local/share/perl/5.22.2 /usr/lib/x86_64-linux-gnu/perl5/5.22 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.22 /usr/share/perl/5.22 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at perlpath.pl line 7.
8
9The find.pl is added by oe-core, so once openssl/find.pl is removed,
10then this patch can be dropped.
11
12Upstream-Status: Inappropriate [OE-Specific]
13
14Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
15Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
16---
17 util/perlpath.pl | 2 ++
18 1 file changed, 2 insertions(+)
19
20diff --git a/util/perlpath.pl b/util/perlpath.pl
21index a1f236b..5599892 100755
22--- a/util/perlpath.pl
23+++ b/util/perlpath.pl
24@@ -4,6 +4,8 @@
25 # line in all scripts that rely on perl.
26 #
27
28+BEGIN { unshift @INC, "."; }
29+
30 require "find.pl";
31
32 $#ARGV == 0 || print STDERR "usage: perlpath newpath (eg /usr/bin)\n";
33--
342.9.0
35
diff --git a/meta/recipes-connectivity/openssl/openssl/parallel.patch b/meta/recipes-connectivity/openssl/openssl/parallel.patch
index b6c2c148b1..f3f4c99888 100644
--- a/meta/recipes-connectivity/openssl/openssl/parallel.patch
+++ b/meta/recipes-connectivity/openssl/openssl/parallel.patch
@@ -6,6 +6,9 @@ https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/openssl/files/openssl-1
6Upstream-Status: Pending 6Upstream-Status: Pending
7Signed-off-by: Ross Burton <ross.burton@intel.com> 7Signed-off-by: Ross Burton <ross.burton@intel.com>
8 8
9Refreshed for 1.0.2i
10Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
11
9--- openssl-1.0.2g/crypto/Makefile 12--- openssl-1.0.2g/crypto/Makefile
10+++ openssl-1.0.2g/crypto/Makefile 13+++ openssl-1.0.2g/crypto/Makefile
11@@ -85,11 +85,11 @@ 14@@ -85,11 +85,11 @@
@@ -133,7 +136,7 @@ Signed-off-by: Ross Burton <ross.burton@intel.com>
133 fi; \ 136 fi; \
134--- openssl-1.0.2g/test/Makefile 137--- openssl-1.0.2g/test/Makefile
135+++ openssl-1.0.2g/test/Makefile 138+++ openssl-1.0.2g/test/Makefile
136@@ -139,7 +139,7 @@ 139@@ -144,7 +144,7 @@
137 tags: 140 tags:
138 ctags $(SRC) 141 ctags $(SRC)
139 142
@@ -142,7 +145,7 @@ Signed-off-by: Ross Burton <ross.burton@intel.com>
142 145
143 apps: 146 apps:
144 @(cd ..; $(MAKE) DIRS=apps all) 147 @(cd ..; $(MAKE) DIRS=apps all)
145@@ -421,130 +421,130 @@ 148@@ -438,136 +438,136 @@
146 link_app.$${shlib_target} 149 link_app.$${shlib_target}
147 150
148 $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO) 151 $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
@@ -309,13 +312,21 @@ Signed-off-by: Ross Burton <ross.burton@intel.com>
309- @target=$(CLIENTHELLOTEST) $(BUILD_CMD) 312- @target=$(CLIENTHELLOTEST) $(BUILD_CMD)
310+ +@target=$(CLIENTHELLOTEST) $(BUILD_CMD) 313+ +@target=$(CLIENTHELLOTEST) $(BUILD_CMD)
311 314
315 $(BADDTLSTEST)$(EXE_EXT): $(BADDTLSTEST).o
316- @target=$(BADDTLSTEST) $(BUILD_CMD)
317+ +@target=$(BADDTLSTEST) $(BUILD_CMD)
318
312 $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o 319 $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o
313- @target=$(SSLV2CONFTEST) $(BUILD_CMD) 320- @target=$(SSLV2CONFTEST) $(BUILD_CMD)
314+ +@target=$(SSLV2CONFTEST) $(BUILD_CMD) 321+ +@target=$(SSLV2CONFTEST) $(BUILD_CMD)
315 322
323 $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO)
324- @target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD)
325+ +@target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD)
326
316 #$(AESTEST).o: $(AESTEST).c 327 #$(AESTEST).o: $(AESTEST).c
317 # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c 328 # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
318@@ -557,7 +557,7 @@ 329@@ -580,6 +580,6 @@
319 # fi 330 # fi
320 331
321 dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO) 332 dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb
index a9146bb1dc..922819b3d5 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb
@@ -5,6 +5,7 @@ require openssl.inc
5DEPENDS += "cryptodev-linux" 5DEPENDS += "cryptodev-linux"
6 6
7CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS" 7CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
8CFLAG_append_class-native = " -fPIC"
8 9
9LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6" 10LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6"
10 11
@@ -13,6 +14,7 @@ export OE_LDFLAGS="${LDFLAGS}"
13 14
14SRC_URI += "file://find.pl;subdir=${BP}/util/ \ 15SRC_URI += "file://find.pl;subdir=${BP}/util/ \
15 file://run-ptest \ 16 file://run-ptest \
17 file://openssl-c_rehash.sh \
16 file://configure-targets.patch \ 18 file://configure-targets.patch \
17 file://shared-libs.patch \ 19 file://shared-libs.patch \
18 file://oe-ldflags.patch \ 20 file://oe-ldflags.patch \
@@ -38,21 +40,11 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \
38 file://ptest_makefile_deps.patch \ 40 file://ptest_makefile_deps.patch \
39 file://configure-musl-target.patch \ 41 file://configure-musl-target.patch \
40 file://parallel.patch \ 42 file://parallel.patch \
41 file://CVE-2016-2178.patch \ 43 file://openssl-util-perlpath.pl-cwd.patch \
42 file://CVE-2016-2179.patch \ 44 file://Use-SHA256-not-MD5-as-default-digest.patch \
43 file://CVE-2016-2180.patch \
44 file://CVE-2016-2181_p1.patch \
45 file://CVE-2016-2181_p2.patch \
46 file://CVE-2016-2181_p3.patch \
47 file://CVE-2016-2182.patch \
48 file://CVE-2016-6302.patch \
49 file://CVE-2016-6303.patch \
50 file://CVE-2016-6304.patch \
51 file://CVE-2016-6306.patch \
52 file://CVE-2016-8610.patch \
53 " 45 "
54SRC_URI[md5sum] = "9392e65072ce4b614c1392eefc1f23d0" 46SRC_URI[md5sum] = "f965fc0bf01bf882b31314b61391ae65"
55SRC_URI[sha256sum] = "1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919" 47SRC_URI[sha256sum] = "6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0"
56 48
57PACKAGES =+ "${PN}-engines" 49PACKAGES =+ "${PN}-engines"
58FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines" 50FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"