aboutsummaryrefslogtreecommitdiffstats
path: root/package/libs/wolfssl/Makefile
Commit message (Collapse)AuthorAgeFilesLines
* wolfssl: use libtool patch for PKG_ABI_VERSIONFelix Fietkau2021-02-151-1/+1
| | | | | | Makes it unnecessary to patch .so files after build Signed-off-by: Felix Fietkau <nbd@nbd.name>
* wolfssl: use dynamic ABI_VERSION depending on the configuration and package ↵Felix Fietkau2021-02-151-1/+3
| | | | | | version Signed-off-by: Felix Fietkau <nbd@nbd.name>
* Revert "wolfssl: use dynamic ABI_VERSION depending on the configuration and ↵Hauke Mehrtens2021-02-151-3/+1
| | | | | | | | | | | | | | | | package version" This fixes the build on MIPS BE like ath25 and ath79 target. We get this error message when linking libwolfssl: mips-openwrt-linux-musl/bin/ld: /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libwolfssl.so: unknown type [0x7000002a] section `.MIPS.abiflags' mips-openwrt-linux-musl/bin/ld: /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libwolfssl.so: unknown type [0x7000002a] section `.MIPS.abiflags' mips-openwrt-linux-musl/bin/ld: skipping incompatible /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libwolfssl.so when searching for -lwolfssl mips-openwrt-linux-musl/bin/ld: cannot find -lwolfssl collect2: error: ld returned 1 exit status This reverts commit 2591c83b3406c16d3c1cd2dc7fa59c3c1b901d3c. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* wolfssl: use dynamic ABI_VERSION depending on the configuration and package ↵Felix Fietkau2021-02-141-1/+3
| | | | | | version Signed-off-by: Felix Fietkau <nbd@nbd.name>
* wolfssl: Backport fix for CVE-2021-3336Hauke Mehrtens2021-02-091-1/+1
| | | | | | | | | | | | This should fix CVE-2021-3336: DoTls13CertificateVerify in tls13.c in wolfSSL through 4.6.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). The patch is backported from the upstream wolfssl development branch. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* wolfssl: Update to v4.6.0-stableEneas U de Queiroz2021-01-011-3/+3
| | | | | | | | | | | | | | | | | This version fixes a large number of bugs, although no security vulnerabilities are listed. Full changelog at: https://www.wolfssl.com/docs/wolfssl-changelog/ or, as part of the version's README.md: https://github.com/wolfSSL/wolfssl/blob/v4.6.0-stable/README.md Due a number of API additions, size increases from 374.7K to 408.8K for arm_cortex_a9_vfpv3-d16. The ABI does not change from previous version. Backported patches were removed; remaining patch was refreshed. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: fix broken wolfSSL_X509_check_hostPetr Štetiar2020-12-111-1/+1
| | | | | | | Backport upstream post 4.5.0 fix for broken wolfSSL_X509_check_host(). References: https://github.com/wolfSSL/wolfssl/issues/3329 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* wolfssl: compile with --enable-opensslallEneas U de Queiroz2020-12-111-1/+2
| | | | | | | | | | This enables all OpenSSL API available. It is required to avoid some silent failures, such as when performing client certificate validation. Package size increases from 356.6K to 374.7K for arm_cortex-a9_vfpv3-d16. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: add lighty support, skip crypttestsEneas U de Queiroz2020-12-111-1/+3
| | | | | | | | | | Tnis adds the --enable-lighty option to configure, enabling the minimum API needed to run lighttpd, in the packages feed. Size increase is about 120 bytes for arm_cortex-a9_vfpv3-d16. While at it, speed up build by disabling crypt bench/test. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: Activate link time optimization (LTO)Hauke Mehrtens2020-09-061-2/+3
| | | | | | | | | | | The ipk sizes for mips_24Kc change like this: old: libwolfssl24_4.5.0-stable-1_mips_24kc.ipk 391.545 new: libwolfssl24_4.5.0-stable-2_mips_24kc.ipk 387.439 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* wolfssl: add certgen config optionPaul Spooren2020-08-311-1/+2
| | | | | | The option allows to generate certificates. Signed-off-by: Paul Spooren <mail@aparcar.org>
* wolfssl: Update to version 4.5.0Hauke Mehrtens2020-08-261-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes the following security problems: * In earlier versions of wolfSSL there exists a potential man in the middle attack on TLS 1.3 clients. * Denial of service attack on TLS 1.3 servers from repetitively sending ChangeCipherSpecs messages. (CVE-2020-12457) * Potential cache timing attacks on public key operations in builds that are not using SP (single precision). (CVE-2020-15309) * When using SGX with EC scalar multiplication the possibility of side- channel attacks are present. * Leak of private key in the case that PEM format private keys are bundled in with PEM certificates into a single file. * During the handshake, clear application_data messages in epoch 0 are processed and returned to the application. Full changelog: https://www.wolfssl.com/docs/wolfssl-changelog/ Fix a build error on big endian systems by backporting a pull request: https://github.com/wolfSSL/wolfssl/pull/3255 The size of the ipk increases on mips BE by 1.4% old: libwolfssl24_4.4.0-stable-2_mips_24kc.ipk: 386246 new: libwolfssl24_4.5.0-stable-1_mips_24kc.ipk: 391528 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* wolfssl: use -fomit-frame-pointer to fix asm errorEneas U de Queiroz2020-06-031-2/+2
| | | | | | | | | | | 32-bit x86 fail to compile fast-math feature when compiled with frame pointer, which uses a register used in a couple of inline asm functions. Previous versions of wolfssl had this by default. Keeping an extra register available may increase performance, so it's being restored for all architectures. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: update to 4.4.0-stableEneas U de Queiroz2020-05-201-2/+2
| | | | | | | | | | | | This version adds many bugfixes, including a couple of security vulnerabilities: - For fast math (enabled by wpa_supplicant option), use a constant time modular inverse when mapping to affine when operation involves a private key - keygen, calc shared secret, sign. - Change constant time and cache resistant ECC mulmod. Ensure points being operated on change to make constant time. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: bump to 4.3.0-stableEneas U de Queiroz2019-12-261-3/+3
| | | | | | | This update fixes many bugs, and six security vulnerabilities, including CVE-2019-18840. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: update to v4.2.0-stableEneas U de Queiroz2019-11-061-4/+4
| | | | | | | | | | | | | | | Many bugs were fixed--2 patches removed here. This release of wolfSSL includes fixes for 5 security vulnerabilities, including two CVEs with high/critical base scores: - potential invalid read with TLS 1.3 PSK, including session tickets - potential hang with ocspstaping2 (always enabled in openwrt) - CVE-2019-15651: 1-byte overread when decoding certificate extensions - CVE-2019-16748: 1-byte overread when checking certificate signatures - DSA attack to recover DSA private keys Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: allow building with hw-crytpo and AES-CCMEneas U de Queiroz2019-09-201-2/+4
| | | | | | | | Hardware acceleration was disabled when AES-CCM was selected as a workaround for a build failure. This applies a couple of upstream patches fixing this. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: bump to 4.1.0-stableEneas U de Queiroz2019-08-171-13/+10
| | | | | | | | | | | | | | | | | Always build AES-GCM support. Unnecessary patches were removed. This includes two vulnerability fixes: CVE-2019-11873: a potential buffer overflow case with the TLSv1.3 PSK extension parsing. CVE-2019-13628 (currently assigned-only): potential leak of nonce sizes when performing ECDSA signing operations. The leak is considered to be difficult to exploit but it could potentially be used maliciously to perform a lattice based timing attack. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: update to 4.0.0-stableEneas U de Queiroz2019-07-071-86/+24
| | | | | | | | | | | | | | | Removed options that can't be turned off because we're building with --enable-stunnel, some of which affect hostapd's Config.in. Adjusted the title of OCSP option, as OCSP itself can't be turned off, only the stapling part is selectable. Mark options turned on when wpad support is selected. Add building options for TLS 1.0, and TLS 1.3. Add hardware crypto support, which due to a bug, only works when CCM support is turned off. Reorganized option conditionals in Makefile. Add Eneas U de Queiroz as maintainer. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: update to 3.15.7, fix MakefileEneas U de Queiroz2019-07-071-9/+9
| | | | | | | | | This includes a fix for a medium-level potential cache attack with a variant of Bleichenbacher’s attack. Patches were refreshed. Increased FP_MAX_BITS to allow 4096-bit RSA keys. Fixed poly1305 build option, and some Makefile updates. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* treewide: revise library packagingJo-Philipp Wich2019-01-241-3/+3
| | | | | | | | | | | - Annotate versionless libraries (such as libubox, libuci etc.) with a fixed ABI_VERSION resembling the source date of the last incompatible change - Annotate packages shipping versioned library objects with ABI_VERSION - Stop shipping unversioned library symlinks for packages with ABI_VERSION Ref: https://openwrt.org/docs/guide-developer/package-policies#shared_libraries Ref: https://github.com/KanjiMonster/maintainer-tools/blob/master/check-abi-versions.pl Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* wolfssl: update to version 3.15.3-stableDaniel Golle2018-10-151-3/+3
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* wolfssl: remove myself as maintainerAlexandru Ardelean2018-07-301-1/+0
| | | | | | | I no longer have the time, nor the desire to maintain this package. Remove myself as maintainer. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* wolfssl: change defaults to cover wpa_supplicant needsDaniel Golle2018-05-311-1/+1
| | | | | | | | | | | | | Implicetely selecting the required options via Kconfig snippet from hostapd worked fine in local builds when using menuconfig but confused the buildbots which (in phase1) may build wpad-mini and hence already come with CONFIG_WPA_WOLFSSL being defined as unset which then won't trigger changing the defaults of wolfssl. Work around by explicitely reflecting wpa_supplicant's needs in wolfssl's default settings to make buildbots happy. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* wolfssl: add PKG_CONFIG_DEPENDS symbolsDaniel Golle2018-05-251-1/+10
| | | | | | | | This change will trigger rebuild on buildbots in case of changed config symbols, like in the case of hostapd selecting some wolfssl symbols lately. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* wolfssl: update to version 3.14.4Daniel Golle2018-05-241-4/+5
| | | | | | | | Use download from github archive corresponding to v3.14.4 tag because the project's website apparently only offers 3.14.0-stable release downloads. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* wolfssl: fix options and add support for wpa_supplicant featuresDaniel Golle2018-05-021-5/+28
| | | | | | | | Some options' default values have been changed upstream, others were accidentally inverted (CONFIG_WOLFSSL_HAS_DES3). Also add options needed to build hostapd/wpa_supplicant against wolfssl. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* wolfssl: update to 3.12.2 (1 CVE)Jo-Philipp Wich2017-12-121-2/+2
| | | | | | | | | | Update wolfssl to the latest release v3.12.2 and backport an upstream pending fix for CVE-2017-13099 ("ROBOT vulnerability"). Ref: https://github.com/wolfSSL/wolfssl/pull/1229 Ref: https://robotattack.org/ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* wolfssl: add PKG_CPE_ID ids to package and toolsAlexander Couzens2017-11-191-0/+1
| | | | | | | CPE ids helps to tracks CVE in packages. https://cpe.mitre.org/specification/ Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
* libs/wolfssl: bump to version 3.12.0 ; add myself as maintainerAlexandru Ardelean2017-09-171-3/+4
| | | | Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* libs/wolfssl: adjust symbol defaults against libwolfssl defaultsAlexandru Ardelean2017-09-171-7/+7
| | | | | | | | Some symbols have been renamed. Some are default enabled/disabled, so we need to adjust semantics against that. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* cyassl,curl,libustream-ssl: rename every `cyassl` to `wolfssl`Alexandru Ardelean2017-09-171-0/+140
This is to eliminate any ambiguity about the cyassl/wolfssl lib. The rename happened some time ago (~3+ years). As time goes by, people will start to forget cyassl and start to get confused about the wolfSSL vs cyassl thing. It's a good idea to keep up with the times (moving forward). Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-02 14:56:50 +0000