From 77e0e99d3104debc7ce31d6c15ff1e10e19ceb7c Mon Sep 17 00:00:00 2001
From: Eneas U de Queiroz <cotequeiroz@gmail.com>
Date: Mon, 5 Aug 2019 11:47:58 -0300
Subject: wolfssl: bump to 4.1.0-stable

Always build AES-GCM support.
Unnecessary patches were removed.

This includes two vulnerability fixes:

CVE-2019-11873: a potential buffer overflow case with the TLSv1.3 PSK
extension parsing.

CVE-2019-13628 (currently assigned-only): potential leak of nonce sizes
when performing ECDSA signing operations. The leak is considered to be
difficult to exploit but it could potentially be used maliciously to
perform a lattice based timing attack.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
---
 package/libs/wolfssl/Config.in | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

(limited to 'package/libs/wolfssl/Config.in')

diff --git a/package/libs/wolfssl/Config.in b/package/libs/wolfssl/Config.in
index 875ff5e6a3..a729f73a1d 100644
--- a/package/libs/wolfssl/Config.in
+++ b/package/libs/wolfssl/Config.in
@@ -4,10 +4,6 @@ config WOLFSSL_HAS_AES_CCM
 	bool "Include AES-CCM support"
 	default y
 
-config WOLFSSL_HAS_AES_GCM
-	bool "Include AES-GCM support"
-	default y
-
 config WOLFSSL_HAS_CHACHA_POLY
 	bool "Include ChaCha20-Poly1305 cipher suite support"
 	default y
@@ -24,13 +20,8 @@ config WOLFSSL_HAS_TLSV10
 	bool "Include TLS 1.0 support"
 	default y
 
-if !(WOLFSSL_HAS_AES_CCM||WOLFSSL_HAS_AES_GCM||WOLFSSL_HAS_CHACHA_POLY)
-	comment "! TLS 1.3 support needs one of: AES-CCM, AES-GCM, ChaCha20-Poly1305"
-endif
-
 config WOLFSSL_HAS_TLSV13
 	bool "Include TLS 1.3 support"
-	depends on WOLFSSL_HAS_AES_CCM||WOLFSSL_HAS_AES_GCM||WOLFSSL_HAS_CHACHA_POLY
 	default y
 
 config WOLFSSL_HAS_SESSION_TICKET
@@ -56,6 +47,9 @@ config WOLFSSL_HAS_ECC25519
 	bool "Include ECC Curve 22519 support"
 	default n
 
+config WOLFSSL_HAS_DEVCRYPTO
+	bool
+
 if WOLFSSL_HAS_AES_CCM
 	comment "! Hardware Acceleration does not build with AES-CCM enabled"
 endif
@@ -72,9 +66,11 @@ if !WOLFSSL_HAS_AES_CCM
 
 		config WOLFSSL_HAS_DEVCRYPTO_AES
 			bool "/dev/crypto - AES-only"
+			select WOLFSSL_HAS_DEVCRYPTO
 
 		config WOLFSSL_HAS_DEVCRYPTO_FULL
 			bool "/dev/crypto - full"
+			select WOLFSSL_HAS_DEVCRYPTO
 	endchoice
 endif
 
-- 
cgit v1.2.3