From c2c57aa30f4a77c1b7b835ed2f9002ecd35b7aac Mon Sep 17 00:00:00 2001
From: Peter Korsgaard <peter@korsgaard.com>
Date: Thu, 21 Mar 2019 21:47:02 +0100
Subject: [PATCH] package/libopenssl: bump to version 1.1.1b

Drop patches 4..6 as they are now upstream.

Update the hash of the license file as the copyright dates changed.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 ...the-same-HAVE_FORK-NO_FORK-as-in-spe.patch |  46 --
 ...uce-stack-usage-in-tls13_hkdf_expand.patch |  62 ---
 ...me-SSL_export_keying_material-issues.patch | 426 ------------------
 package/libopenssl/libopenssl.hash            |   6 +-
 package/libopenssl/libopenssl.mk              |   2 +-
 5 files changed, 4 insertions(+), 538 deletions(-)
 delete mode 100644 package/libopenssl/0004-apps-ocsp.c-Use-the-same-HAVE_FORK-NO_FORK-as-in-spe.patch
 delete mode 100644 package/libopenssl/0005-Revert-Reduce-stack-usage-in-tls13_hkdf_expand.patch
 delete mode 100644 package/libopenssl/0006-Fix-some-SSL_export_keying_material-issues.patch

diff --git a/package/libopenssl/0004-apps-ocsp.c-Use-the-same-HAVE_FORK-NO_FORK-as-in-spe.patch b/package/libopenssl/0004-apps-ocsp.c-Use-the-same-HAVE_FORK-NO_FORK-as-in-spe.patch
deleted file mode 100644
index 83989fe742..0000000000
--- a/package/libopenssl/0004-apps-ocsp.c-Use-the-same-HAVE_FORK-NO_FORK-as-in-spe.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 4c992673890f1d1ecb9aa46112b2ca80db016b67 Mon Sep 17 00:00:00 2001
-From: Richard Levitte <levitte@openssl.org>
-Date: Mon, 12 Nov 2018 18:16:27 +0100
-Subject: [PATCH] apps/ocsp.c Use the same HAVE_FORK / NO_FORK as in speed.c
-
-This allows the user to override our defaults if needed, and in a
-consistent manner.
-
-Partial fix for #7607
-
-Upstream: https://github.com/openssl/openssl/pull/7624
-Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com>
----
- apps/ocsp.c | 16 +++++++++++++++-
- 1 file changed, 15 insertions(+), 1 deletion(-)
-
-diff --git a/apps/ocsp.c b/apps/ocsp.c
-index 7fd78624bb..315b072932 100644
---- a/apps/ocsp.c
-+++ b/apps/ocsp.c
-@@ -36,7 +36,21 @@ NON_EMPTY_TRANSLATION_UNIT
- # include <openssl/x509v3.h>
- # include <openssl/rand.h>
- 
--# if defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_NO_SOCK) \
-+#ifndef HAVE_FORK
-+# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS)
-+#  define HAVE_FORK 0
-+# else
-+#  define HAVE_FORK 1
-+# endif
-+#endif
-+
-+#if HAVE_FORK
-+# undef NO_FORK
-+#else
-+# define NO_FORK
-+#endif
-+
-+# if !defined(NO_FORK) && !defined(OPENSSL_NO_SOCK) \
-      && !defined(OPENSSL_NO_POSIX_IO)
- #  define OCSP_DAEMON
- #  include <sys/types.h>
--- 
-2.17.1
-
diff --git a/package/libopenssl/0005-Revert-Reduce-stack-usage-in-tls13_hkdf_expand.patch b/package/libopenssl/0005-Revert-Reduce-stack-usage-in-tls13_hkdf_expand.patch
deleted file mode 100644
index 104fa476a2..0000000000
--- a/package/libopenssl/0005-Revert-Reduce-stack-usage-in-tls13_hkdf_expand.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From 56e0f123dc17cb99f50efbae4bbbab77f360818f Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Mon, 3 Dec 2018 18:14:57 +0000
-Subject: [PATCH] Revert "Reduce stack usage in tls13_hkdf_expand"
-
-This reverts commit ec0c5f5693e39c5a013f81e6dd9dfd09ec65162d.
-
-SSL_export_keying_material() may use longer label lengths.
-
-Fixes #7712
-
-Reviewed-by: Tim Hudson <tjh@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/7755)
-
-(cherry picked from commit ed371b8cbac0d0349667558c061c1ae380cf75eb)
-Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
----
- ssl/tls13_enc.c | 16 ++++------------
- 1 file changed, 4 insertions(+), 12 deletions(-)
-
-diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
-index b6825d20c2..f7ab0fa470 100644
---- a/ssl/tls13_enc.c
-+++ b/ssl/tls13_enc.c
-@@ -13,14 +13,7 @@
- #include <openssl/evp.h>
- #include <openssl/kdf.h>
- 
--/*
-- * RFC 8446, 7.1 Key Schedule, says:
-- * Note: With common hash functions, any label longer than 12 characters
-- * requires an additional iteration of the hash function to compute.
-- * The labels in this specification have all been chosen to fit within
-- * this limit.
-- */
--#define TLS13_MAX_LABEL_LEN     12
-+#define TLS13_MAX_LABEL_LEN     246
- 
- /* Always filled with zeros */
- static const unsigned char default_zeros[EVP_MAX_MD_SIZE];
-@@ -36,15 +29,14 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
-                              const unsigned char *data, size_t datalen,
-                              unsigned char *out, size_t outlen)
- {
--    static const unsigned char label_prefix[] = "tls13 ";
-+    const unsigned char label_prefix[] = "tls13 ";
-     EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
-     int ret;
-     size_t hkdflabellen;
-     size_t hashlen;
-     /*
--     * 2 bytes for length of derived secret + 1 byte for length of combined
--     * prefix and label + bytes for the label itself + 1 byte length of hash
--     * + bytes for the hash itself
-+     * 2 bytes for length of whole HkdfLabel + 1 byte for length of combined
-+     * prefix and label + bytes for the label itself + bytes for the hash
-      */
-     unsigned char hkdflabel[sizeof(uint16_t) + sizeof(uint8_t) +
-                             + sizeof(label_prefix) + TLS13_MAX_LABEL_LEN
--- 
-2.20.1
-
diff --git a/package/libopenssl/0006-Fix-some-SSL_export_keying_material-issues.patch b/package/libopenssl/0006-Fix-some-SSL_export_keying_material-issues.patch
deleted file mode 100644
index 242ec7a8cd..0000000000
--- a/package/libopenssl/0006-Fix-some-SSL_export_keying_material-issues.patch
+++ /dev/null
@@ -1,426 +0,0 @@
-From db860ea3dcf56a1993c66da22bd44460d7ac4914 Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Tue, 4 Dec 2018 08:37:04 +0000
-Subject: [PATCH] Fix some SSL_export_keying_material() issues
-
-Fix some issues in tls13_hkdf_expand() which impact the above function
-for TLSv1.3. In particular test that we can use the maximum label length
-in TLSv1.3.
-
-Reviewed-by: Tim Hudson <tjh@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/7755)
-
-(cherry picked from commit 0fb2815b873304d145ed00283454fc9f3bd35e6b)
-Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
----
- doc/man3/SSL_export_keying_material.pod |  3 +-
- ssl/ssl_locl.h                          |  2 +-
- ssl/statem/extensions.c                 |  2 +-
- ssl/statem/statem_clnt.c                |  2 +-
- ssl/statem/statem_srvr.c                |  2 +-
- ssl/tls13_enc.c                         | 73 +++++++++++++++++--------
- test/sslapitest.c                       | 48 ++++++++++++----
- test/tls13secretstest.c                 |  2 +-
- 8 files changed, 92 insertions(+), 42 deletions(-)
-
-diff --git a/doc/man3/SSL_export_keying_material.pod b/doc/man3/SSL_export_keying_material.pod
-index abebf911fc..4c81a60ffb 100644
---- a/doc/man3/SSL_export_keying_material.pod
-+++ b/doc/man3/SSL_export_keying_material.pod
-@@ -59,7 +59,8 @@ B<label> and should be B<llen> bytes long. Typically this will be a value from
- the IANA Exporter Label Registry
- (L<https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#exporter-labels>).
- Alternatively labels beginning with "EXPERIMENTAL" are permitted by the standard
--to be used without registration.
-+to be used without registration. TLSv1.3 imposes a maximum label length of
-+249 bytes.
- 
- Note that this function is only defined for TLSv1.0 and above, and DTLSv1.0 and
- above. Attempting to use it in SSLv3 will result in an error.
-diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
-index 70e5a1740f..307131de93 100644
---- a/ssl/ssl_locl.h
-+++ b/ssl/ssl_locl.h
-@@ -2461,7 +2461,7 @@ __owur int tls13_hkdf_expand(SSL *s, const EVP_MD *md,
-                              const unsigned char *secret,
-                              const unsigned char *label, size_t labellen,
-                              const unsigned char *data, size_t datalen,
--                             unsigned char *out, size_t outlen);
-+                             unsigned char *out, size_t outlen, int fatal);
- __owur int tls13_derive_key(SSL *s, const EVP_MD *md,
-                             const unsigned char *secret, unsigned char *key,
-                             size_t keylen);
-diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
-index 63e61c6184..716d6d23e0 100644
---- a/ssl/statem/extensions.c
-+++ b/ssl/statem/extensions.c
-@@ -1506,7 +1506,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
- 
-     /* Generate the binder key */
-     if (!tls13_hkdf_expand(s, md, early_secret, label, labelsize, hash,
--                           hashsize, binderkey, hashsize)) {
-+                           hashsize, binderkey, hashsize, 1)) {
-         /* SSLfatal() already called */
-         goto err;
-     }
-diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
-index 5a8f1163df..a0e495d8e8 100644
---- a/ssl/statem/statem_clnt.c
-+++ b/ssl/statem/statem_clnt.c
-@@ -2740,7 +2740,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
-                                PACKET_data(&nonce),
-                                PACKET_remaining(&nonce),
-                                s->session->master_key,
--                               hashlen)) {
-+                               hashlen, 1)) {
-             /* SSLfatal() already called */
-             goto err;
-         }
-diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
-index e7c11c4bea..a8e862ced5 100644
---- a/ssl/statem/statem_srvr.c
-+++ b/ssl/statem/statem_srvr.c
-@@ -4099,7 +4099,7 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
-                                tick_nonce,
-                                TICKET_NONCE_SIZE,
-                                s->session->master_key,
--                               hashlen)) {
-+                               hashlen, 1)) {
-             /* SSLfatal() already called */
-             goto err;
-         }
-diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
-index f7ab0fa470..c3021d18aa 100644
---- a/ssl/tls13_enc.c
-+++ b/ssl/tls13_enc.c
-@@ -13,7 +13,7 @@
- #include <openssl/evp.h>
- #include <openssl/kdf.h>
- 
--#define TLS13_MAX_LABEL_LEN     246
-+#define TLS13_MAX_LABEL_LEN     249
- 
- /* Always filled with zeros */
- static const unsigned char default_zeros[EVP_MAX_MD_SIZE];
-@@ -22,30 +22,47 @@ static const unsigned char default_zeros[EVP_MAX_MD_SIZE];
-  * Given a |secret|; a |label| of length |labellen|; and |data| of length
-  * |datalen| (e.g. typically a hash of the handshake messages), derive a new
-  * secret |outlen| bytes long and store it in the location pointed to be |out|.
-- * The |data| value may be zero length. Returns 1 on success  0 on failure.
-+ * The |data| value may be zero length. Any errors will be treated as fatal if
-+ * |fatal| is set. Returns 1 on success  0 on failure.
-  */
- int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
-                              const unsigned char *label, size_t labellen,
-                              const unsigned char *data, size_t datalen,
--                             unsigned char *out, size_t outlen)
-+                             unsigned char *out, size_t outlen, int fatal)
- {
--    const unsigned char label_prefix[] = "tls13 ";
-+    static const unsigned char label_prefix[] = "tls13 ";
-     EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
-     int ret;
-     size_t hkdflabellen;
-     size_t hashlen;
-     /*
--     * 2 bytes for length of whole HkdfLabel + 1 byte for length of combined
--     * prefix and label + bytes for the label itself + bytes for the hash
-+     * 2 bytes for length of derived secret + 1 byte for length of combined
-+     * prefix and label + bytes for the label itself + 1 byte length of hash
-+     * + bytes for the hash itself
-      */
-     unsigned char hkdflabel[sizeof(uint16_t) + sizeof(uint8_t) +
-                             + sizeof(label_prefix) + TLS13_MAX_LABEL_LEN
--                            + EVP_MAX_MD_SIZE];
-+                            + 1 + EVP_MAX_MD_SIZE];
-     WPACKET pkt;
- 
-     if (pctx == NULL)
-         return 0;
- 
-+    if (labellen > TLS13_MAX_LABEL_LEN) {
-+        if (fatal) {
-+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND,
-+                     ERR_R_INTERNAL_ERROR);
-+        } else {
-+            /*
-+             * Probably we have been called from SSL_export_keying_material(),
-+             * or SSL_export_keying_material_early().
-+             */
-+            SSLerr(SSL_F_TLS13_HKDF_EXPAND, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
-+        }
-+        EVP_PKEY_CTX_free(pctx);
-+        return 0;
-+    }
-+
-     hashlen = EVP_MD_size(md);
- 
-     if (!WPACKET_init_static_len(&pkt, hkdflabel, sizeof(hkdflabel), 0)
-@@ -59,8 +76,11 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
-             || !WPACKET_finish(&pkt)) {
-         EVP_PKEY_CTX_free(pctx);
-         WPACKET_cleanup(&pkt);
--        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND,
--                 ERR_R_INTERNAL_ERROR);
-+        if (fatal)
-+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND,
-+                     ERR_R_INTERNAL_ERROR);
-+        else
-+            SSLerr(SSL_F_TLS13_HKDF_EXPAND, ERR_R_INTERNAL_ERROR);
-         return 0;
-     }
- 
-@@ -74,9 +94,13 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
- 
-     EVP_PKEY_CTX_free(pctx);
- 
--    if (ret != 0)
--        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND,
--                 ERR_R_INTERNAL_ERROR);
-+    if (ret != 0) {
-+        if (fatal)
-+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND,
-+                     ERR_R_INTERNAL_ERROR);
-+        else
-+            SSLerr(SSL_F_TLS13_HKDF_EXPAND, ERR_R_INTERNAL_ERROR);
-+    }
- 
-     return ret == 0;
- }
-@@ -91,7 +115,7 @@ int tls13_derive_key(SSL *s, const EVP_MD *md, const unsigned char *secret,
-     static const unsigned char keylabel[] = "key";
- 
-     return tls13_hkdf_expand(s, md, secret, keylabel, sizeof(keylabel) - 1,
--                             NULL, 0, key, keylen);
-+                             NULL, 0, key, keylen, 1);
- }
- 
- /*
-@@ -104,7 +128,7 @@ int tls13_derive_iv(SSL *s, const EVP_MD *md, const unsigned char *secret,
-     static const unsigned char ivlabel[] = "iv";
- 
-     return tls13_hkdf_expand(s, md, secret, ivlabel, sizeof(ivlabel) - 1,
--                             NULL, 0, iv, ivlen);
-+                             NULL, 0, iv, ivlen, 1);
- }
- 
- int tls13_derive_finishedkey(SSL *s, const EVP_MD *md,
-@@ -114,7 +138,7 @@ int tls13_derive_finishedkey(SSL *s, const EVP_MD *md,
-     static const unsigned char finishedlabel[] = "finished";
- 
-     return tls13_hkdf_expand(s, md, secret, finishedlabel,
--                             sizeof(finishedlabel) - 1, NULL, 0, fin, finlen);
-+                             sizeof(finishedlabel) - 1, NULL, 0, fin, finlen, 1);
- }
- 
- /*
-@@ -177,7 +201,7 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md,
-         if (!tls13_hkdf_expand(s, md, prevsecret,
-                                (unsigned char *)derived_secret_label,
-                                sizeof(derived_secret_label) - 1, hash, mdlen,
--                               preextractsec, mdlen)) {
-+                               preextractsec, mdlen, 1)) {
-             /* SSLfatal() already called */
-             EVP_PKEY_CTX_free(pctx);
-             return 0;
-@@ -337,7 +361,7 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md,
-     hashlen = (size_t)hashleni;
- 
-     if (!tls13_hkdf_expand(s, md, insecret, label, labellen, hash, hashlen,
--                           secret, hashlen)) {
-+                           secret, hashlen, 1)) {
-         /* SSLfatal() already called */
-         goto err;
-     }
-@@ -517,7 +541,8 @@ int tls13_change_cipher_state(SSL *s, int which)
-                                    early_exporter_master_secret,
-                                    sizeof(early_exporter_master_secret) - 1,
-                                    hashval, hashlen,
--                                   s->early_exporter_master_secret, hashlen)) {
-+                                   s->early_exporter_master_secret, hashlen,
-+                                   1)) {
-                 SSLfatal(s, SSL_AD_INTERNAL_ERROR,
-                          SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
-                 goto err;
-@@ -604,7 +629,7 @@ int tls13_change_cipher_state(SSL *s, int which)
-                                resumption_master_secret,
-                                sizeof(resumption_master_secret) - 1,
-                                hashval, hashlen, s->resumption_master_secret,
--                               hashlen)) {
-+                               hashlen, 1)) {
-             /* SSLfatal() already called */
-             goto err;
-         }
-@@ -624,7 +649,7 @@ int tls13_change_cipher_state(SSL *s, int which)
-                                exporter_master_secret,
-                                sizeof(exporter_master_secret) - 1,
-                                hash, hashlen, s->exporter_master_secret,
--                               hashlen)) {
-+                               hashlen, 1)) {
-             /* SSLfatal() already called */
-             goto err;
-         }
-@@ -738,10 +763,10 @@ int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen,
-             || EVP_DigestFinal_ex(ctx, data, &datalen) <= 0
-             || !tls13_hkdf_expand(s, md, s->exporter_master_secret,
-                                   (const unsigned char *)label, llen,
--                                  data, datalen, exportsecret, hashsize)
-+                                  data, datalen, exportsecret, hashsize, 0)
-             || !tls13_hkdf_expand(s, md, exportsecret, exporterlabel,
-                                   sizeof(exporterlabel) - 1, hash, hashsize,
--                                  out, olen))
-+                                  out, olen, 0))
-         goto err;
- 
-     ret = 1;
-@@ -797,10 +822,10 @@ int tls13_export_keying_material_early(SSL *s, unsigned char *out, size_t olen,
-             || EVP_DigestFinal_ex(ctx, data, &datalen) <= 0
-             || !tls13_hkdf_expand(s, md, s->early_exporter_master_secret,
-                                   (const unsigned char *)label, llen,
--                                  data, datalen, exportsecret, hashsize)
-+                                  data, datalen, exportsecret, hashsize, 0)
-             || !tls13_hkdf_expand(s, md, exportsecret, exporterlabel,
-                                   sizeof(exporterlabel) - 1, hash, hashsize,
--                                  out, olen))
-+                                  out, olen, 0))
-         goto err;
- 
-     ret = 1;
-diff --git a/test/sslapitest.c b/test/sslapitest.c
-index 108d57e478..a4bbb4fead 100644
---- a/test/sslapitest.c
-+++ b/test/sslapitest.c
-@@ -4028,20 +4028,25 @@ static int test_serverinfo(int tst)
-  * no test vectors so all we do is test that both sides of the communication
-  * produce the same results for different protocol versions.
-  */
-+#define SMALL_LABEL_LEN 10
-+#define LONG_LABEL_LEN  249
- static int test_export_key_mat(int tst)
- {
-     int testresult = 0;
-     SSL_CTX *cctx = NULL, *sctx = NULL, *sctx2 = NULL;
-     SSL *clientssl = NULL, *serverssl = NULL;
--    const char label[] = "test label";
-+    const char label[LONG_LABEL_LEN + 1] = "test label";
-     const unsigned char context[] = "context";
-     const unsigned char *emptycontext = NULL;
-     unsigned char ckeymat1[80], ckeymat2[80], ckeymat3[80];
-     unsigned char skeymat1[80], skeymat2[80], skeymat3[80];
-+    size_t labellen;
-     const int protocols[] = {
-         TLS1_VERSION,
-         TLS1_1_VERSION,
-         TLS1_2_VERSION,
-+        TLS1_3_VERSION,
-+        TLS1_3_VERSION,
-         TLS1_3_VERSION
-     };
- 
-@@ -4058,7 +4063,7 @@ static int test_export_key_mat(int tst)
-         return 1;
- #endif
- #ifdef OPENSSL_NO_TLS1_3
--    if (tst == 3)
-+    if (tst >= 3)
-         return 1;
- #endif
-     if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
-@@ -4076,33 +4081,52 @@ static int test_export_key_mat(int tst)
-                                                 SSL_ERROR_NONE)))
-         goto end;
- 
-+    if (tst == 5) {
-+        /*
-+         * TLSv1.3 imposes a maximum label len of 249 bytes. Check we fail if we
-+         * go over that.
-+         */
-+        if (!TEST_int_le(SSL_export_keying_material(clientssl, ckeymat1,
-+                                                    sizeof(ckeymat1), label,
-+                                                    LONG_LABEL_LEN + 1, context,
-+                                                    sizeof(context) - 1, 1), 0))
-+            goto end;
-+
-+        testresult = 1;
-+        goto end;
-+    } else if (tst == 4) {
-+        labellen = LONG_LABEL_LEN;
-+    } else {
-+        labellen = SMALL_LABEL_LEN;
-+    }
-+
-     if (!TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat1,
-                                                 sizeof(ckeymat1), label,
--                                                sizeof(label) - 1, context,
-+                                                labellen, context,
-                                                 sizeof(context) - 1, 1), 1)
-             || !TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat2,
-                                                        sizeof(ckeymat2), label,
--                                                       sizeof(label) - 1,
-+                                                       labellen,
-                                                        emptycontext,
-                                                        0, 1), 1)
-             || !TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat3,
-                                                        sizeof(ckeymat3), label,
--                                                       sizeof(label) - 1,
-+                                                       labellen,
-                                                        NULL, 0, 0), 1)
-             || !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat1,
-                                                        sizeof(skeymat1), label,
--                                                       sizeof(label) - 1,
-+                                                       labellen,
-                                                        context,
-                                                        sizeof(context) -1, 1),
-                             1)
-             || !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat2,
-                                                        sizeof(skeymat2), label,
--                                                       sizeof(label) - 1,
-+                                                       labellen,
-                                                        emptycontext,
-                                                        0, 1), 1)
-             || !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat3,
-                                                        sizeof(skeymat3), label,
--                                                       sizeof(label) - 1,
-+                                                       labellen,
-                                                        NULL, 0, 0), 1)
-                /*
-                 * Check that both sides created the same key material with the
-@@ -4131,10 +4155,10 @@ static int test_export_key_mat(int tst)
-      * Check that an empty context and no context produce different results in
-      * protocols less than TLSv1.3. In TLSv1.3 they should be the same.
-      */
--    if ((tst != 3 && !TEST_mem_ne(ckeymat2, sizeof(ckeymat2), ckeymat3,
-+    if ((tst < 3 && !TEST_mem_ne(ckeymat2, sizeof(ckeymat2), ckeymat3,
-                                   sizeof(ckeymat3)))
--            || (tst ==3 && !TEST_mem_eq(ckeymat2, sizeof(ckeymat2), ckeymat3,
--                                        sizeof(ckeymat3))))
-+            || (tst >= 3 && !TEST_mem_eq(ckeymat2, sizeof(ckeymat2), ckeymat3,
-+                                         sizeof(ckeymat3))))
-         goto end;
- 
-     testresult = 1;
-@@ -5909,7 +5933,7 @@ int setup_tests(void)
-     ADD_ALL_TESTS(test_custom_exts, 3);
- #endif
-     ADD_ALL_TESTS(test_serverinfo, 8);
--    ADD_ALL_TESTS(test_export_key_mat, 4);
-+    ADD_ALL_TESTS(test_export_key_mat, 6);
- #ifndef OPENSSL_NO_TLS1_3
-     ADD_ALL_TESTS(test_export_key_mat_early, 3);
- #endif
-diff --git a/test/tls13secretstest.c b/test/tls13secretstest.c
-index 724c170c56..66a0582887 100644
---- a/test/tls13secretstest.c
-+++ b/test/tls13secretstest.c
-@@ -236,7 +236,7 @@ static int test_secret(SSL *s, unsigned char *prk,
-     }
- 
-     if (!tls13_hkdf_expand(s, md, prk, label, labellen, hash, hashsize,
--                           gensecret, hashsize)) {
-+                           gensecret, hashsize, 1)) {
-         TEST_error("Secret generation failed");
-         return 0;
-     }
--- 
-2.20.1
-
diff --git a/package/libopenssl/libopenssl.hash b/package/libopenssl/libopenssl.hash
index 568d7e8b52..3a8192c46c 100644
--- a/package/libopenssl/libopenssl.hash
+++ b/package/libopenssl/libopenssl.hash
@@ -1,5 +1,5 @@
-# From https://www.openssl.org/source/openssl-1.1.1a.tar.gz.sha256
-sha256	fc20130f8b7cbd2fb918b2f14e2f429e109c31ddd0fb38fc5d71d9ffed3f9f41	openssl-1.1.1a.tar.gz
+# From https://www.openssl.org/source/openssl-1.1.1b.tar.gz.sha256
+sha256	5c557b023230413dfb0756f3137a13e6d726838ccd1430888ad15bfb2b43ea4b	openssl-1.1.1b.tar.gz
 
 # License files
-sha256	350c7817af2ef980d3f3922bc5e0bb6a9d9f6cc21e784a699bcd2a31c74a84b1	LICENSE
+sha256	c32913b33252e71190af2066f08115c69bc9fddadf3bf29296e20c835389841c	LICENSE
diff --git a/package/libopenssl/libopenssl.mk b/package/libopenssl/libopenssl.mk
index a845f1da53..36623fa85f 100644
--- a/package/libopenssl/libopenssl.mk
+++ b/package/libopenssl/libopenssl.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBOPENSSL_VERSION = 1.1.1a
+LIBOPENSSL_VERSION = 1.1.1b
 LIBOPENSSL_SITE = https://www.openssl.org/source
 LIBOPENSSL_SOURCE = openssl-$(LIBOPENSSL_VERSION).tar.gz
 LIBOPENSSL_LICENSE = OpenSSL or SSLeay