diff --git a/package/libopenssl/0004-riscv-Fix-mispelling-of-extension-test-macro.patch b/package/libopenssl/0004-riscv-Fix-mispelling-of-extension-test-macro.patch deleted file mode 100644 index 93b191a61c..0000000000 --- a/package/libopenssl/0004-riscv-Fix-mispelling-of-extension-test-macro.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 68c549df05892c16b99603b9a831c79c540f268c Mon Sep 17 00:00:00 2001 -From: Grant Nichol -Date: Fri, 22 Dec 2023 23:46:39 -0600 -Subject: [PATCH] riscv: Fix mispelling of extension test macro - -When refactoring the riscv extension test macros, -RISCV_HAS_ZKND_AND_ZKNE was mispelled. - -Upstream: https://github.com/openssl/openssl/pull/23139 -Signed-off-by: Grant Nichol ---- - providers/implementations/ciphers/cipher_aes_xts_hw.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/providers/implementations/ciphers/cipher_aes_xts_hw.c b/providers/implementations/ciphers/cipher_aes_xts_hw.c -index b35b71020e..65adc47d1f 100644 ---- a/providers/implementations/ciphers/cipher_aes_xts_hw.c -+++ b/providers/implementations/ciphers/cipher_aes_xts_hw.c -@@ -285,7 +285,7 @@ static const PROV_CIPHER_HW aes_xts_rv32i_zbkb_zknd_zkne = { \ - # define PROV_CIPHER_HW_select_xts() \ - if (RISCV_HAS_ZBKB_AND_ZKND_AND_ZKNE()) \ - return &aes_xts_rv32i_zbkb_zknd_zkne; \ --if (RISCV_HAS_ZKND_ZKNE()) \ -+if (RISCV_HAS_ZKND_AND_ZKNE()) \ - return &aes_xts_rv32i_zknd_zkne; - # else - /* The generic case */ --- -2.43.0 - diff --git a/package/libopenssl/0005-Fix-genstr-genconf-option-in-asn1parse.patch b/package/libopenssl/0005-Fix-genstr-genconf-option-in-asn1parse.patch deleted file mode 100644 index 9fa36d83be..0000000000 --- a/package/libopenssl/0005-Fix-genstr-genconf-option-in-asn1parse.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 749fcc0e3ce796474a15d6fac221e57daeacff1e Mon Sep 17 00:00:00 2001 -From: Neil Horman -Date: Tue, 5 Dec 2023 14:50:01 -0500 -Subject: [PATCH] Fix genstr/genconf option in asn1parse - -At some point the asn1parse applet was changed to default the inform to -PEM, and defalt input file to stdin. Doing so broke the -genstr|conf options, -in that, before we attempt to generate an ASN1 block from the provided -genstr string, we attempt to read a PEM input from stdin. As a result, -this command: -openssl asn1parse -genstr OID:1.2.3.4 -hangs because we are attempting a blocking read on stdin, waiting for -data that never arrives - -Fix it by giving priority to genstr|genconf, such that, if set, will just run -do_generate on that string and exit - -Reviewed-by: Hugo Landau -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/22957) -Upstream: https://github.com/openssl/openssl/commit/749fcc0e3ce796474a15d6fac221e57daeacff1e -Signed-off-by: Martin Kurbanov ---- - apps/asn1parse.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/apps/asn1parse.c b/apps/asn1parse.c -index 097b0cc1ed..6597a6180b 100644 ---- a/apps/asn1parse.c -+++ b/apps/asn1parse.c -@@ -178,7 +178,7 @@ int asn1parse_main(int argc, char **argv) - - if ((buf = BUF_MEM_new()) == NULL) - goto end; -- if (informat == FORMAT_PEM) { -+ if (genstr == NULL && informat == FORMAT_PEM) { - if (PEM_read_bio(in, &name, &header, &str, &num) != 1) { - BIO_printf(bio_err, "Error reading PEM file\n"); - ERR_print_errors(bio_err); --- -2.40.0 - diff --git a/package/libopenssl/0006-Harden-asn1-oid-loader-to-invalid-inputs.patch b/package/libopenssl/0006-Harden-asn1-oid-loader-to-invalid-inputs.patch deleted file mode 100644 index 299ecbc2ed..0000000000 --- a/package/libopenssl/0006-Harden-asn1-oid-loader-to-invalid-inputs.patch +++ /dev/null @@ -1,122 +0,0 @@ -From a552c23c6502592c1b3c67d93dd7e5ffbe958aa4 Mon Sep 17 00:00:00 2001 -From: Neil Horman -Date: Tue, 5 Dec 2023 15:24:20 -0500 -Subject: [PATCH] Harden asn1 oid loader to invalid inputs - -In the event that a config file contains this sequence: -======= -openssl_conf = openssl_init - -config_diagnostics = 1 - -[openssl_init] -oid_section = oids - -[oids] -testoid1 = 1.2.3.4.1 -testoid2 = A Very Long OID Name, 1.2.3.4.2 -testoid3 = ,1.2.3.4.3 -====== - -The leading comma in testoid3 can cause a heap buffer overflow, as the -parsing code will move the string pointer back 1 character, thereby -pointing to an invalid memory space - -correct the parser to detect this condition and handle it by treating it -as if the comma doesn't exist (i.e. an empty long oid name) - -Reviewed-by: Hugo Landau -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/22957) -Upstream: https://github.com/openssl/openssl/commit/a552c23c6502592c1b3c67d93dd7e5ffbe958aa4 -Signed-off-by: Martin Kurbanov ---- - apps/asn1parse.c | 2 +- - crypto/asn1/asn_moid.c | 4 ++++ - test/recipes/04-test_asn1_parse.t | 26 ++++++++++++++++++++++++++ - test/test_asn1_parse.cnf | 12 ++++++++++++ - 4 files changed, 43 insertions(+), 1 deletion(-) - create mode 100644 test/recipes/04-test_asn1_parse.t - create mode 100644 test/test_asn1_parse.cnf - -diff --git a/apps/asn1parse.c b/apps/asn1parse.c -index 6597a6180b..bf62f85947 100644 ---- a/apps/asn1parse.c -+++ b/apps/asn1parse.c -@@ -178,7 +178,7 @@ int asn1parse_main(int argc, char **argv) - - if ((buf = BUF_MEM_new()) == NULL) - goto end; -- if (genstr == NULL && informat == FORMAT_PEM) { -+ if (genconf == NULL && genstr == NULL && informat == FORMAT_PEM) { - if (PEM_read_bio(in, &name, &header, &str, &num) != 1) { - BIO_printf(bio_err, "Error reading PEM file\n"); - ERR_print_errors(bio_err); -diff --git a/crypto/asn1/asn_moid.c b/crypto/asn1/asn_moid.c -index 6f816307af..1e183f4f18 100644 ---- a/crypto/asn1/asn_moid.c -+++ b/crypto/asn1/asn_moid.c -@@ -67,6 +67,10 @@ static int do_create(const char *value, const char *name) - if (p == NULL) { - ln = name; - ostr = value; -+ } else if (p == value) { -+ /* we started with a leading comma */ -+ ln = name; -+ ostr = p + 1; - } else { - ln = value; - ostr = p + 1; -diff --git a/test/recipes/04-test_asn1_parse.t b/test/recipes/04-test_asn1_parse.t -new file mode 100644 -index 0000000000..f3af436592 ---- /dev/null -+++ b/test/recipes/04-test_asn1_parse.t -@@ -0,0 +1,26 @@ -+#! /usr/bin/env perl -+# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. -+# -+# Licensed under the Apache License 2.0 (the "License"). You may not use -+# this file except in compliance with the License. You can obtain a copy -+# in the file LICENSE in the source distribution or at -+# https://www.openssl.org/source/license.html -+ -+use strict; -+use OpenSSL::Test qw(:DEFAULT srctop_file); -+use OpenSSL::Test::Utils; -+ -+setup("test_asn1_parse"); -+ -+plan tests => 3; -+ -+$ENV{OPENSSL_CONF} = srctop_file("test", "test_asn1_parse.cnf"); -+ -+ok(run(app(([ 'openssl', 'asn1parse', -+ '-genstr', 'OID:1.2.3.4.1'])))); -+ -+ok(run(app(([ 'openssl', 'asn1parse', -+ '-genstr', 'OID:1.2.3.4.2'])))); -+ -+ok(run(app(([ 'openssl', 'asn1parse', -+ '-genstr', 'OID:1.2.3.4.3'])))); -diff --git a/test/test_asn1_parse.cnf b/test/test_asn1_parse.cnf -new file mode 100644 -index 0000000000..5f0305657e ---- /dev/null -+++ b/test/test_asn1_parse.cnf -@@ -0,0 +1,12 @@ -+openssl_conf = openssl_init -+ -+# Comment out the next line to ignore configuration errors -+config_diagnostics = 1 -+ -+[openssl_init] -+oid_section = oids -+ -+[oids] -+testoid1 = 1.2.3.4.1 -+testoid2 = A Very Long OID Name, 1.2.3.4.2 -+testoid3 = ,1.2.3.4.3 --- -2.40.0 - diff --git a/package/libopenssl/libopenssl.hash b/package/libopenssl/libopenssl.hash index 9e09e12461..841d4b4cfd 100644 --- a/package/libopenssl/libopenssl.hash +++ b/package/libopenssl/libopenssl.hash @@ -1,5 +1,5 @@ -# From https://www.openssl.org/source/openssl-3.2.0.tar.gz.sha256 -sha256 14c826f07c7e433706fb5c69fa9e25dab95684844b4c962a2cf1bf183eb4690e openssl-3.2.0.tar.gz +# From https://www.openssl.org/source/openssl-3.2.1.tar.gz.sha256 +sha256 83c7329fe52c850677d75e5d0b0ca245309b97e8ecbcfdc1dfdc4ab9fac35b39 openssl-3.2.1.tar.gz # License files sha256 7d5450cb2d142651b8afa315b5f238efc805dad827d91ba367d8516bc9d49e7a LICENSE.txt diff --git a/package/libopenssl/libopenssl.mk b/package/libopenssl/libopenssl.mk index 7dc6d93256..feb5026c02 100644 --- a/package/libopenssl/libopenssl.mk +++ b/package/libopenssl/libopenssl.mk @@ -4,7 +4,7 @@ # ################################################################################ -LIBOPENSSL_VERSION = 3.2.0 +LIBOPENSSL_VERSION = 3.2.1 LIBOPENSSL_SITE = https://www.openssl.org/source LIBOPENSSL_SOURCE = openssl-$(LIBOPENSSL_VERSION).tar.gz LIBOPENSSL_LICENSE = Apache-2.0