From 3167a57f72626e0d2d3a63a8200384db8b6d132d Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Mon, 1 Jul 2019 13:39:59 -0300 Subject: [PATCH] wolfssl: update to 3.15.7, fix Makefile MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit This includes a fix for a medium-level potential cache attack with a variant of Bleichenbacher’s attack. Patches were refreshed. Increased FP_MAX_BITS to allow 4096-bit RSA keys. Fixed poly1305 build option, and some Makefile updates. Signed-off-by: Eneas U de Queiroz (cherry picked from commit 2792daab5ad26e916619052fc7f581cddc1ea53c) --- package/libs/wolfssl/Config.in | 2 +- package/libs/wolfssl/Makefile | 18 +++++++++--------- .../patches/100-disable-hardening-check.patch | 4 ++-- .../900-remove-broken-autoconf-macros.patch | 2 +- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/package/libs/wolfssl/Config.in b/package/libs/wolfssl/Config.in index 50b0bb9cdf..4aa163b361 100644 --- a/package/libs/wolfssl/Config.in +++ b/package/libs/wolfssl/Config.in @@ -53,7 +53,7 @@ config WOLFSSL_HAS_ECC25519 depends on WOLFSSL_HAS_ECC default n -config WOLFSSL_HAS_POLY_1305 +config WOLFSSL_HAS_POLY1305 bool "Include Poly-1305 support" default n diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile index 23bb1c5220..7aaa562539 100644 --- a/package/libs/wolfssl/Makefile +++ b/package/libs/wolfssl/Makefile @@ -8,11 +8,10 @@ include $(TOPDIR)/rules.mk PKG_NAME:=wolfssl -PKG_VERSION:=3.15.3-stable -PKG_RELEASE:=2 +PKG_VERSION:=3.15.7-stable +PKG_RELEASE:=1 -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).zip -# PKG_SOURCE_URL:=https://www.wolfssl.com/ +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION) PKG_HASH:=dc97c07a7667b39a890e14f4b4a209f51524a4cabee7adb6c80822ee78c1f62a @@ -20,15 +19,16 @@ PKG_FIXUP:=libtool PKG_INSTALL:=1 PKG_USE_MIPS16:=0 PKG_BUILD_PARALLEL:=1 -PKG_LICENSE:=GPL-2.0+ -PKG_CPE_ID:=cpe:/a:yassl:cyassl +PKG_LICENSE:=GPL-2.0-or-later +PKG_LICENSE_FILES:=LICENSING COPYING +PKG_CPE_ID:=cpe:/a:wolfssl:wolfssl PKG_CONFIG_DEPENDS:=\ CONFIG_WOLFSSL_HAS_AES_CCM CONFIG_WOLFSSL_HAS_AES_GCM \ CONFIG_WOLFSSL_HAS_ARC4 CONFIG_WOLFSSL_HAS_CHACHA \ CONFIG_WOLFSSL_HAS_DES3 CONFIG_WOLFSSL_HAS_DH CONFIG_WOLFSSL_HAS_DTLS \ CONFIG_WOLFSSL_HAS_ECC CONFIG_WOLFSSL_HAS_ECC25519 \ - CONFIG_WOLFSSL_HAS_OCSP CONFIG_WOLFSSL_HAS_POLY_1305 \ + CONFIG_WOLFSSL_HAS_OCSP CONFIG_WOLFSSL_HAS_POLY1305 \ CONFIG_WOLFSSL_HAS_PSK CONFIG_WOLFSSL_HAS_SESSION_TICKET \ CONFIG_WOLFSSL_HAS_WPAS @@ -42,7 +42,7 @@ define Package/libwolfssl URL:=http://www.wolfssl.com/ MENU:=1 PROVIDES:=libcyassl - ABI_VERSION:=18 + ABI_VERSION:=19 endef define Package/libwolfssl/description @@ -54,7 +54,7 @@ define Package/libwolfssl/config source "$(SOURCE)/Config.in" endef -TARGET_CFLAGS += $(FPIC) +TARGET_CFLAGS += $(FPIC) -DFP_MAX_BITS=8192 # --enable-stunnel needed for OpenSSL API compatibility bits CONFIGURE_ARGS += \ diff --git a/package/libs/wolfssl/patches/100-disable-hardening-check.patch b/package/libs/wolfssl/patches/100-disable-hardening-check.patch index d913b5fdea..8a51434633 100644 --- a/package/libs/wolfssl/patches/100-disable-hardening-check.patch +++ b/package/libs/wolfssl/patches/100-disable-hardening-check.patch @@ -1,6 +1,6 @@ --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h -@@ -1624,7 +1624,7 @@ extern void uITRON4_free(void *p) ; +@@ -1759,7 +1759,7 @@ extern void uITRON4_free(void *p) ; #endif /* warning for not using harden build options (default with ./configure) */ @@ -8,4 +8,4 @@ +#if 0 #if (defined(USE_FAST_MATH) && !defined(TFM_TIMING_RESISTANT)) || \ (defined(HAVE_ECC) && !defined(ECC_TIMING_RESISTANT)) || \ - (!defined(NO_RSA) && !defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS)) + (!defined(NO_RSA) && !defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS) && \ diff --git a/package/libs/wolfssl/patches/900-remove-broken-autoconf-macros.patch b/package/libs/wolfssl/patches/900-remove-broken-autoconf-macros.patch index 66582cfc46..6b0861288f 100644 --- a/package/libs/wolfssl/patches/900-remove-broken-autoconf-macros.patch +++ b/package/libs/wolfssl/patches/900-remove-broken-autoconf-macros.patch @@ -1,6 +1,6 @@ --- a/configure.ac +++ b/configure.ac -@@ -4198,7 +4198,6 @@ AC_CONFIG_FILES([stamp-h], [echo timesta +@@ -4614,7 +4614,6 @@ AC_CONFIG_FILES([stamp-h], [echo timesta AC_CONFIG_FILES([Makefile wolfssl/version.h wolfssl/options.h cyassl/options.h support/wolfssl.pc rpm/spec]) AX_CREATE_GENERIC_CONFIG -- 2.30.2