package/libopenssl: bump version to 1.1.1n

Changes between 1.1.1m and 1.1.1n [15 Mar 2022]

  *) Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever
     for non-prime moduli.

     Internally this function is used when parsing certificates that contain
     elliptic curve public keys in compressed form or explicit elliptic curve
     parameters with a base point encoded in compressed form.

     It is possible to trigger the infinite loop by crafting a certificate that
     has invalid explicit curve parameters.

     Since certificate parsing happens prior to verification of the certificate
     signature, any process that parses an externally supplied certificate may
     thus be subject to a denial of service attack. The infinite loop can also
     be reached when parsing crafted private keys as they can contain explicit
     elliptic curve parameters.

     Thus vulnerable situations include:

      - TLS clients consuming server certificates
      - TLS servers consuming client certificates
      - Hosting providers taking certificates or private keys from customers
      - Certificate authorities parsing certification requests from subscribers
      - Anything else which parses ASN.1 elliptic curve parameters

     Also any other applications that use the BN_mod_sqrt() where the attacker
     can control the parameter values are vulnerable to this DoS issue.
     (CVE-2022-0778)
     [Tomáš Mráz]

  *) Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK (RFC 5489)
     to the list of ciphersuites providing Perfect Forward Secrecy as
     required by SECLEVEL >= 3.

     [Dmitry Belyavskiy, Nicola Tuveri]

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit is contained in:
Peter Seiderer 2022-03-15 21:54:05 +01:00 committed by Yann E. MORIN
parent a8c07b6846
commit 66868e9fab
2 changed files with 3 additions and 3 deletions

View File

@ -1,5 +1,5 @@
# From https://www.openssl.org/source/openssl-1.1.1m.tar.gz.sha256
sha256 f89199be8b23ca45fc7cb9f1d8d3ee67312318286ad030f5316aca6462db6c96 openssl-1.1.1m.tar.gz
# From https://www.openssl.org/source/openssl-1.1.1n.tar.gz.sha256
sha256 40dceb51a4f6a5275bde0e6bf20ef4b91bfc32ed57c0552e2e8e15463372b17a openssl-1.1.1n.tar.gz
# License files
sha256 c32913b33252e71190af2066f08115c69bc9fddadf3bf29296e20c835389841c LICENSE

View File

@ -4,7 +4,7 @@
#
################################################################################
LIBOPENSSL_VERSION = 1.1.1m
LIBOPENSSL_VERSION = 1.1.1n
LIBOPENSSL_SITE = https://www.openssl.org/source
LIBOPENSSL_SOURCE = openssl-$(LIBOPENSSL_VERSION).tar.gz
LIBOPENSSL_LICENSE = OpenSSL or SSLeay