Commit ea7fd685 authored by Timo Teräs's avatar Timo Teräs
Browse files

main/openssl: don't use rdrand engine as default

As security measure, do not rely solely on hardware random source.
fixes #2509

(cherry picked from commit 1fd915b8)

Conflicts:
	main/openssl/APKBUILD
parent 8ccfac3c
# Maintainer: Timo Teras <timo.teras@iki.fi>
pkgname=openssl
pkgver=1.0.1e
pkgrel=0
pkgrel=1
pkgdesc="Toolkit for SSL v2/v3 and TLS v1"
url="http://openssl.org"
depends=
......@@ -19,6 +19,7 @@ source="http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz
0003-engines-e_padlock-backport-cvs-head-changes.patch
0004-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
0005-crypto-engine-autoload-padlock-dynamic-engine.patch
openssl-disable-rdrand-default.patch
"
_builddir="$srcdir"/$pkgname-$pkgver
......@@ -74,4 +75,21 @@ c6a9857a5dbd30cead0404aa7dd73977 openssl-bb-basename.patch
1f607b8e11347e56a0906756f3d6928a 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
53fbd01733b488717575e04a5aaf6664 0003-engines-e_padlock-backport-cvs-head-changes.patch
c0dae72e29e8fdfb753906411b1722bc 0004-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
7820941f69acf58f05cccb33faf4ee70 0005-crypto-engine-autoload-padlock-dynamic-engine.patch"
7820941f69acf58f05cccb33faf4ee70 0005-crypto-engine-autoload-padlock-dynamic-engine.patch
8a251d30c977ffe8bfbf9d9b7eae1a8e openssl-disable-rdrand-default.patch"
sha256sums="f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3 openssl-1.0.1e.tar.gz
fe844e21b2c42da2d8e9c89350211d70c0829f45532b89b7e492bfde589ee7ed fix-manpages.patch
82863c2fed659a7186c7f3905a1853b8bd8060350ad101ce159fa7e7d2ba27e8 openssl-bb-basename.patch
7f40edec04115e97ae2c64e77d3324f6083963200add148f9a4dec090c60550b 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
cc5e464d7bf8e181bb454de65772366ed90ee91716ecbadaaf2dfda2e080fdc2 0003-engines-e_padlock-backport-cvs-head-changes.patch
38b84dd0382fdb3d48e27772d40cde866217a5bace8aa1282288a724b5ea1609 0004-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
f2d6bffae2fe5fcf76c7b9f6299893846a7730cadf70ab91bc94ee0578d0ba8d 0005-crypto-engine-autoload-padlock-dynamic-engine.patch
c215b03f9328b8dfb81e3fa90bdf0332d6b649688944ff79fe60be62131ccb60 openssl-disable-rdrand-default.patch"
sha512sums="c76857e439431b2ef6f2aa123997e53f82b9c3c964d4d765d7cc6c0c20b37a21adf578f9b759b2b65ae3925454c432a01b7de0cd320ece7181dc292e00d3244e openssl-1.0.1e.tar.gz
880411d56da49946d24328445728367e0bf13b0fd47954971514bee8cd5613a038ad8aeaf68da2c92f4634deb022febd7b3e37f9bbfc5d2c9c8b3b5ffd971407 fix-manpages.patch
6c4f4b0c1b606b3e5a8175618c4398923392f9c25ad8d3f5b65b0424fe51e104c4f456d2da590d9f572382225ab320278e88db1585790092450cad60a02819a5 openssl-bb-basename.patch
beab0d972037acef0da28cb2729fb7f88d4a1eb816d69a7f7285171a115829c0e371eb2c0f77a608c158ce7a1ee5f3ef42e615450426fa5900913708dac284a3 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
3b1379cee6eef5f524a5763aedcf37561a4cae0c8dcf6822177e981f80215bb98b8849db122dd0cfae15b82c3221ebb50c4d854ee1f475ce1510e031c1e06b6a 0003-engines-e_padlock-backport-cvs-head-changes.patch
87df036263307ee1f84e1e44f9bef432170f793f83b55d68c255f72c99faecdb634bb1b5a4ef751609484f89dd554990fbc48de5eac55caf69009d124b7007c2 0004-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
10527394de1f8c8530c8599261f08e4bc8c670d4f1bb278d107f7c47d9a7d093c79e9e6019629378066d739725688b4e896600b56a62400c401903aa5d666432 0005-crypto-engine-autoload-padlock-dynamic-engine.patch
2af7a40d023e4a09c14712661056a45c572416d5bbee8d90caf5d9d44854ffa86b1d3a0bebf78156ec5da2e71ae91724c007c3d0a8de5f025b3947fd0add287d openssl-disable-rdrand-default.patch"
http://seclists.org/fulldisclosure/2013/Dec/99
From: Dr. Stephen Henson <steve@openssl.org>
Date: Wed, 11 Dec 2013 14:45:12 +0000 (+0000)
Subject: Don't use rdrand engine as default unless explicitly requested.
X-Git-Url: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=8a1956f3eac8b164f8c741ff1a259008bab3bac1
Don't use rdrand engine as default unless explicitly requested.
(cherry picked from commit 16898401bd47a153fbf799127ff57fdcfcbd324f)
---
diff --git a/crypto/engine/eng_rdrand.c b/crypto/engine/eng_rdrand.c
index a9ba5ae..4e9e91d 100644
--- a/crypto/engine/eng_rdrand.c
+++ b/crypto/engine/eng_rdrand.c
@@ -104,6 +104,7 @@ static int bind_helper(ENGINE *e)
{
if (!ENGINE_set_id(e, engine_e_rdrand_id) ||
!ENGINE_set_name(e, engine_e_rdrand_name) ||
+ !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL) ||
!ENGINE_set_init_function(e, rdrand_init) ||
!ENGINE_set_RAND(e, &rdrand_meth) )
return 0;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment