Always build AES-GCM support.
Unnecessary patches were removed.
This includes two vulnerability fixes:
CVE-2019-11873: a potential buffer overflow case with the TLSv1.3 PSK
extension parsing.
CVE-2019-13628 (currently assigned-only): potential leak of nonce sizes
when performing ECDSA signing operations. The leak is considered to be
difficult to exploit but it could potentially be used maliciously to
perform a lattice based timing attack.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
bool "Include AES-CCM support"
default y
-config WOLFSSL_HAS_AES_GCM
- bool "Include AES-GCM support"
- default y
-
config WOLFSSL_HAS_CHACHA_POLY
bool "Include ChaCha20-Poly1305 cipher suite support"
default y
bool "Include TLS 1.0 support"
default y
-if !(WOLFSSL_HAS_AES_CCM||WOLFSSL_HAS_AES_GCM||WOLFSSL_HAS_CHACHA_POLY)
- comment "! TLS 1.3 support needs one of: AES-CCM, AES-GCM, ChaCha20-Poly1305"
-endif
-
config WOLFSSL_HAS_TLSV13
bool "Include TLS 1.3 support"
- depends on WOLFSSL_HAS_AES_CCM||WOLFSSL_HAS_AES_GCM||WOLFSSL_HAS_CHACHA_POLY
default y
config WOLFSSL_HAS_SESSION_TICKET
bool "Include ECC Curve 22519 support"
default n
+config WOLFSSL_HAS_DEVCRYPTO
+ bool
+
if WOLFSSL_HAS_AES_CCM
comment "! Hardware Acceleration does not build with AES-CCM enabled"
endif
config WOLFSSL_HAS_DEVCRYPTO_AES
bool "/dev/crypto - AES-only"
+ select WOLFSSL_HAS_DEVCRYPTO
config WOLFSSL_HAS_DEVCRYPTO_FULL
bool "/dev/crypto - full"
+ select WOLFSSL_HAS_DEVCRYPTO
endchoice
endif
include $(TOPDIR)/rules.mk
PKG_NAME:=wolfssl
-PKG_VERSION:=4.0.0-stable
+PKG_VERSION:=4.1.0-stable
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
-PKG_HASH:=6cf678c72b485d1904047c40c20f85104c96b5f39778822783a2c407ccb23657
+PKG_HASH:=f0d630c3ddfeb692b8ae38cc739f47d5e9f0fb708662aa241ede0c42a5eb3dd8
PKG_FIXUP:=libtool
PKG_INSTALL:=1
PKG_CPE_ID:=cpe:/a:wolfssl:wolfssl
PKG_CONFIG_DEPENDS:=\
- CONFIG_WOLFSSL_HAS_AES_CCM CONFIG_WOLFSSL_HAS_AES_GCM \
- CONFIG_WOLFSSL_HAS_AFALG CONFIG_WOLFSSL_HAS_ARC4 \
- CONFIG_WOLFSSL_HAS_CHACHA_POLY CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES \
- CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL, CONFIG_WOLFSSL_HAS_DH \
- CONFIG_WOLFSSL_HAS_DTLS CONFIG_WOLFSSL_HAS_ECC25519 \
- CONFIG_WOLFSSL_HAS_OCSP CONFIG_WOLFSSL_HAS_SESSION_TICKET \
- CONFIG_WOLFSSL_HAS_TLSV10 CONFIG_WOLFSSL_HAS_TLSV13 \
- CONFIG_WOLFSSL_HAS_WPAS
+ CONFIG_WOLFSSL_HAS_AES_CCM CONFIG_WOLFSSL_HAS_AFALG \
+ CONFIG_WOLFSSL_HAS_ARC4 CONFIG_WOLFSSL_HAS_CHACHA_POLY \
+ CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL \
+ CONFIG_WOLFSSL_HAS_DH CONFIG_WOLFSSL_HAS_DTLS \
+ CONFIG_WOLFSSL_HAS_ECC25519 CONFIG_WOLFSSL_HAS_OCSP \
+ CONFIG_WOLFSSL_HAS_SESSION_TICKET CONFIG_WOLFSSL_HAS_TLSV10 \
+ CONFIG_WOLFSSL_HAS_TLSV13 CONFIG_WOLFSSL_HAS_WPAS
include $(INCLUDE_DIR)/package.mk
--enable-sni \
--enable-stunnel \
--disable-examples \
- --disable-leanpsk \
- --disable-leantls \
+ --disable-jobserver \
--$(if $(CONFIG_IPV6),enable,disable)-ipv6 \
--$(if $(CONFIG_WOLFSSL_HAS_AES_CCM),enable,disable)-aesccm \
- --$(if $(CONFIG_WOLFSSL_HAS_AES_GCM),enable,disable)-aesgcm \
--$(if $(CONFIG_WOLFSSL_HAS_CHACHA_POLY),enable,disable)-chacha \
--$(if $(CONFIG_WOLFSSL_HAS_CHACHA_POLY),enable,disable)-poly1305 \
--$(if $(CONFIG_WOLFSSL_HAS_DH),enable,disable)-dh \
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
-@@ -1880,7 +1880,7 @@ extern void uITRON4_free(void *p) ;
+@@ -1930,7 +1930,7 @@ extern void uITRON4_free(void *p) ;
#endif
/* warning for not using harden build options (default with ./configure) */
+++ /dev/null
---- a/cyassl/openssl/ssl.h
-+++ b/cyassl/openssl/ssl.h
-@@ -28,6 +28,9 @@
- #define CYASSL_OPENSSL_H_
-
- #include <cyassl/ssl.h>
-+#ifndef HAVE_SNI
-+#undef CYASSL_SNI_HOST_NAME
-+#endif
- #include <wolfssl/openssl/ssl.h>
-
- #endif
+++ /dev/null
---- a/configure.ac
-+++ b/configure.ac
-@@ -4740,7 +4740,6 @@ AC_CONFIG_FILES([stamp-h], [echo timesta
- AC_CONFIG_FILES([Makefile wolfssl/version.h wolfssl/options.h cyassl/options.h support/wolfssl.pc rpm/spec])
-
- AX_CREATE_GENERIC_CONFIG
--AX_AM_JOBSERVER([yes])
-
- AC_OUTPUT
-
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -20,8 +20,6 @@ dist_noinst_SCRIPTS =
- noinst_SCRIPTS =
- check_SCRIPTS =
-
--#includes additional rules from aminclude.am
--@INC_AMINCLUDE@
- DISTCLEANFILES+= aminclude.am
-
- CLEANFILES+= cert.der \
projects / openwrt / staging / lynxis.git / commitdiff