Age | Commit message (Collapse) | Author |
|
Changes between 1.0.0d and 1.0.0e [6 Sep 2011]
*) Fix bug where CRLs with nextUpdate in the past are sometimes accepted
by initialising X509_STORE_CTX properly. (CVE-2011-3207)
[Kaspar Brand <ossl@velox.ch>]
*) Fix SSL memory handling for (EC)DH ciphersuites, in particular
for multi-threaded use of ECDH. (CVE-2011-3210)
[Adam Langley (Google)]
*) Fix x509_name_ex_d2i memory leak on bad inputs.
[Bodo Moeller]
*) Remove hard coded ecdsaWithSHA1 signature tests in ssl code and check
signature public key algorithm by using OID xref utilities instead.
Before this you could only use some ECC ciphersuites with SHA1 only.
[Steve Henson]
*) Add protection against ECDSA timing attacks as mentioned in the paper
by Billy Bob Brumley and Nicola Tuveri, see:
http://eprint.iacr.org/2011/232.pdf
[Billy Bob Brumley and Nicola Tuveri]
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
Closes #3445.
OpenSSL emits bswap instructions when building for i386 targets which
unfortunately is only available on 486+ class processors.
Since the normal workaround is detected at build time and we are cross
compiling we need to specify this.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
Closes #3205
OpenSSL's build system tries to be too wise for it's own good when
guessing what libdir should be.
This causes problems like the one reported in bug #3205 so just specify
libdir to point to /lib (since it's prefixed it would finally be
/usr/lib) since it should be present on 32 and 64 bit targets.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
CVE-2011-0014
http://www.openssl.org/news/secadv_20110208.txt
OCSP stapling vulnerability in OpenSSL
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
Enable OCF (cryptodev) support for openssl as an option.
This requires a patched kernel to export hardware acceleration for
openssl to use it.
If you lack a patched kernel or support it won't break anything, it will
simply fall back to the default software engine from openssl, you'll
just have a slightly bigger libssl/libcrypto.
Tested with 20100325 release + 20101223 patch from the mailing list.
[Peter: slightly tweaked .mk]
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
Closes #1951
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
OpenSSL is not using the autotools as its build system. Therefore, we
must use the generic infrastructure instead of the autotools one.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
Closes #1411
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
Closes #703
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
Upstream openssl doesn't have avr32 support, and we dropped the
avr32 optimization patch some time ago.
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
Thanks for Thomas for noticing.
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
Closes #497
Use ARCH instead of BR2_ARCH as BR2_ARCH won't match because of the
surrounding quotes.
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
|
|
|
|
|
|
And remove the unnedded c_rehash binary while we're at it.
Patch by Gustavo Zacarias <gustavo@zacarias.com.br>, closes #307.
Saves ~250k on PPC with default config (E.G. -Os)
|
|
Patch by Gustavo Zacarias <gustavo@zacarias.com.ar>, closes #217
Fixes multiple security flaws - See
http://www.openssl.org/news/secadv_20090325.txt for details.
|
|
|
|
Patch by Gustavo Zacarias <gustavo@zacarias.com.ar>
Closes #151.
* Avoid fips directory completely since it just installs source file cruft
inlib
* Point openssldir to a more friendly and common /etc/ssl rather than
/usr/lib/ssl
|
|
|
|
This patch will default to linux-generic32, unless a known optimized
architecture is selected.
As of today it will select optimized config for; avr32, ia64, powerpc and
x86_64.
This fixes bug #5344.
Signed-off-by: Hans-Christian Egtvedt <hans-christian.egtvedt@atmel.com>
|
|
This patch will use linux-generic32 for all i386 target architectures, which
fixes bug #5274.
Signed-off-by: Hans-Christian Egtvedt <hans-christian.egtvedt@atmel.com>
|
|
This patch converts building of OpenSSL to use Makefile.autotools.in and bumps
the version to 0.9.8g. The patches are updated to reflect this version upgrade.
A kconfig option for adding the OpenSSL engines is also added.
Signed-off-by: Hans-Christian Egtvedt <hans-christian.egtvedt@atmel.com>
|
|
The build without CONFIG_UPDATE has now been verified on arm/armeb/avr32,
so lets revert this for good.
|
|
|
|
|
|
softfloat
|
|
|
|
Based on input from Arndt Kritzner & Bernhard Fischer.
|
|
- use $(STRIPCMD) in packages to avoid clashes with $(STRIP)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
First hunk of fixes for bug #1290
|
|
|
|
|
|
|
|
|
|
Sieg on irc
|
|
|
|
targets by schieli in Bug 450
|
|
If I understand you correctly, you want the ncurses development headers
on the target.
a patch for this (named target_headers.patch and includes similar
options for a few other libs in buildroot) can be found at:
http://www.zelow.no/floppyfw/download/Development/Patches/buildroot/
(a few packages there aswell)
it will add an option to put headers on target for ncurses, zlib and
openssl.
Thomas.
|