From 10554cfcc17b7333f7f91658660adc21ba941ac5 Mon Sep 17 00:00:00 2001 From: Daniel Engberg Date: Thu, 21 Jun 2018 15:30:30 +0200 Subject: [PATCH] mbedtls: Update to 2.11.0 Update mbed TLS to 2.11.0 Disable OFB block mode and XTS block cipher mode, added in 2.11.0. The soVersion of mbedtls changed, bump PKG_RELEASE for packages that use mbedTLS This is to avoid having a mismatch between packages when upgrading. The size of mbedtls increased a little bit: ipkg for mips_24kc before: 163.846 Bytes ipkg for mips_24kc after: 164.382 Bytes Signed-off-by: Daniel Engberg --- package/libs/mbedtls/Makefile | 4 +- package/libs/mbedtls/patches/200-config.patch | 78 ++++++++++++------- package/libs/ustream-ssl/Makefile | 2 +- package/network/services/openvpn/Makefile | 2 +- package/network/utils/curl/Makefile | 2 +- package/utils/px5g/Makefile | 2 +- 6 files changed, 58 insertions(+), 32 deletions(-) diff --git a/package/libs/mbedtls/Makefile b/package/libs/mbedtls/Makefile index 19db4b803b..86df1154b4 100644 --- a/package/libs/mbedtls/Makefile +++ b/package/libs/mbedtls/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=mbedtls -PKG_VERSION:=2.9.0 +PKG_VERSION:=2.11.0 PKG_RELEASE:=1 PKG_USE_MIPS16:=0 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-gpl.tgz PKG_SOURCE_URL:=https://tls.mbed.org/download/ -PKG_HASH:=361837d0d8d4e178ac51ea1a4eacfbc0c57ea3cafb460fd6b46a1f4223a4e151 +PKG_HASH:=47b57d472bb42929c1083eab7073e234fa5e37fca0706de53cd80ac71eb9aac6 PKG_BUILD_PARALLEL:=1 PKG_LICENSE:=GPL-2.0+ diff --git a/package/libs/mbedtls/patches/200-config.patch b/package/libs/mbedtls/patches/200-config.patch index 2d622417bd..de352a66fb 100644 --- a/package/libs/mbedtls/patches/200-config.patch +++ b/package/libs/mbedtls/patches/200-config.patch @@ -1,6 +1,23 @@ --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h -@@ -599,19 +599,19 @@ +@@ -522,14 +522,14 @@ + * + * Enable Output Feedback mode (OFB) for symmetric ciphers. + */ +-#define MBEDTLS_CIPHER_MODE_OFB ++//#define MBEDTLS_CIPHER_MODE_OFB + + /** + * \def MBEDTLS_CIPHER_MODE_XTS + * + * Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES. + */ +-#define MBEDTLS_CIPHER_MODE_XTS ++//#define MBEDTLS_CIPHER_MODE_XTS + + /** + * \def MBEDTLS_CIPHER_NULL_CIPHER +@@ -619,19 +619,19 @@ * * Comment macros to disable the curve and functions for it */ @@ -29,7 +46,7 @@ /** * \def MBEDTLS_ECP_NIST_OPTIM -@@ -636,7 +636,7 @@ +@@ -656,7 +656,7 @@ * * Comment this macro to disable deterministic ECDSA. */ @@ -38,7 +55,7 @@ /** * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -@@ -689,7 +689,7 @@ +@@ -709,7 +709,7 @@ * See dhm.h for more details. * */ @@ -47,7 +64,7 @@ /** * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -@@ -709,7 +709,7 @@ +@@ -729,7 +729,7 @@ * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA */ @@ -56,7 +73,7 @@ /** * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED -@@ -734,7 +734,7 @@ +@@ -754,7 +754,7 @@ * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA */ @@ -65,7 +82,7 @@ /** * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -@@ -868,7 +868,7 @@ +@@ -888,7 +888,7 @@ * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 */ @@ -74,7 +91,7 @@ /** * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED -@@ -892,7 +892,7 @@ +@@ -912,7 +912,7 @@ * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 */ @@ -83,7 +100,7 @@ /** * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -@@ -996,7 +996,7 @@ +@@ -1016,7 +1016,7 @@ * This option is only useful if both MBEDTLS_SHA256_C and * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used. */ @@ -92,7 +109,7 @@ /** * \def MBEDTLS_ENTROPY_NV_SEED -@@ -1091,14 +1091,14 @@ +@@ -1111,14 +1111,14 @@ * Uncomment this macro to disable the use of CRT in RSA. * */ @@ -109,7 +126,7 @@ /** * \def MBEDTLS_SHA256_SMALLER -@@ -1114,7 +1114,7 @@ +@@ -1134,7 +1134,7 @@ * * Uncomment to enable the smaller implementation of SHA256. */ @@ -118,7 +135,7 @@ /** * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES -@@ -1241,7 +1241,7 @@ +@@ -1272,7 +1272,7 @@ * configuration of this extension). * */ @@ -127,7 +144,7 @@ /** * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO -@@ -1416,7 +1416,7 @@ +@@ -1447,7 +1447,7 @@ * * Comment this macro to disable support for SSL session tickets */ @@ -136,7 +153,7 @@ /** * \def MBEDTLS_SSL_EXPORT_KEYS -@@ -1446,7 +1446,7 @@ +@@ -1477,7 +1477,7 @@ * * Comment this macro to disable support for truncated HMAC in SSL */ @@ -145,7 +162,7 @@ /** * \def MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT -@@ -1505,7 +1505,7 @@ +@@ -1536,7 +1536,7 @@ * * Comment this to disable run-time checking and save ROM space */ @@ -154,7 +171,7 @@ /** * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 -@@ -1835,7 +1835,7 @@ +@@ -1866,7 +1866,7 @@ * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ @@ -162,8 +179,8 @@ +//#define MBEDTLS_CAMELLIA_C /** - * \def MBEDTLS_CCM_C -@@ -1849,7 +1849,7 @@ + * \def MBEDTLS_ARIA_C +@@ -1932,7 +1932,7 @@ * This module enables the AES-CCM ciphersuites, if other requisites are * enabled as well. */ @@ -172,7 +189,7 @@ /** * \def MBEDTLS_CERTS_C -@@ -1861,7 +1861,7 @@ +@@ -1944,7 +1944,7 @@ * * This module is used for testing (ssl_client/server). */ @@ -181,7 +198,7 @@ /** * \def MBEDTLS_CIPHER_C -@@ -1914,7 +1914,7 @@ +@@ -1997,7 +1997,7 @@ * * This module provides debugging functions. */ @@ -190,7 +207,7 @@ /** * \def MBEDTLS_DES_C -@@ -1943,7 +1943,7 @@ +@@ -2026,7 +2026,7 @@ * \warning DES is considered a weak cipher and its use constitutes a * security risk. We recommend considering stronger ciphers instead. */ @@ -199,7 +216,16 @@ /** * \def MBEDTLS_DHM_C -@@ -2105,7 +2105,7 @@ +@@ -2189,7 +2189,7 @@ + * This module adds support for the Hashed Message Authentication Code + * (HMAC)-based key derivation function (HKDF). + */ +-#define MBEDTLS_HKDF_C ++//#define MBEDTLS_HKDF_C + + /** + * \def MBEDTLS_HMAC_DRBG_C +@@ -2203,7 +2203,7 @@ * * Uncomment to enable the HMAC_DRBG random number geerator. */ @@ -208,7 +234,7 @@ /** * \def MBEDTLS_MD_C -@@ -2388,7 +2388,7 @@ +@@ -2486,7 +2486,7 @@ * * This module enables abstraction of common (libc) functions. */ @@ -217,7 +243,7 @@ /** * \def MBEDTLS_RIPEMD160_C -@@ -2399,7 +2399,7 @@ +@@ -2497,7 +2497,7 @@ * Caller: library/md.c * */ @@ -226,7 +252,7 @@ /** * \def MBEDTLS_RSA_C -@@ -2506,7 +2506,7 @@ +@@ -2604,7 +2604,7 @@ * * Requires: MBEDTLS_CIPHER_C */ @@ -235,7 +261,7 @@ /** * \def MBEDTLS_SSL_CLI_C -@@ -2606,7 +2606,7 @@ +@@ -2704,7 +2704,7 @@ * * This module provides run-time version information. */ @@ -244,7 +270,7 @@ /** * \def MBEDTLS_X509_USE_C -@@ -2716,7 +2716,7 @@ +@@ -2814,7 +2814,7 @@ * Module: library/xtea.c * Caller: */ diff --git a/package/libs/ustream-ssl/Makefile b/package/libs/ustream-ssl/Makefile index 54b69944fb..6cd08a6cb4 100644 --- a/package/libs/ustream-ssl/Makefile +++ b/package/libs/ustream-ssl/Makefile @@ -1,7 +1,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ustream-ssl -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL=$(PROJECT_GIT)/project/ustream-ssl.git diff --git a/package/network/services/openvpn/Makefile b/package/network/services/openvpn/Makefile index 374e14f7bd..f532a1312d 100644 --- a/package/network/services/openvpn/Makefile +++ b/package/network/services/openvpn/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openvpn PKG_VERSION:=2.4.5 -PKG_RELEASE:=4 +PKG_RELEASE:=5 PKG_SOURCE_URL:=\ https://build.openvpn.net/downloads/releases/ \ diff --git a/package/network/utils/curl/Makefile b/package/network/utils/curl/Makefile index b4e3fd9d99..c7e7829edc 100644 --- a/package/network/utils/curl/Makefile +++ b/package/network/utils/curl/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=curl PKG_VERSION:=7.60.0 -PKG_RELEASE:=3 +PKG_RELEASE:=4 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://dl.uxnr.de/mirror/curl/ \ diff --git a/package/utils/px5g/Makefile b/package/utils/px5g/Makefile index da8d56dcc0..549d4e587e 100644 --- a/package/utils/px5g/Makefile +++ b/package/utils/px5g/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=px5g -PKG_RELEASE:=6 +PKG_RELEASE:=7 PKG_LICENSE:=LGPL-2.1 PKG_BUILD_DIR:=$(BUILD_DIR)/px5g-$(BUILD_VARIANT) -- 2.30.2