wolfssl: update to 3.15.7, fix Makefile

This includes a fix for a medium-level potential cache attack with a
variant of Bleichenbacher’s attack.  Patches were refreshed.
Increased FP_MAX_BITS to allow 4096-bit RSA keys.
Fixed poly1305 build option, and some Makefile updates.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 2792daab5ad26e916619052fc7f581cddc1ea53c)

diff --git a/package/libs/wolfssl/Config.in b/package/libs/wolfssl/Config.in
index 50b0bb9cdf13292eeffd62d3fc54d01ab5adfbc1..4aa163b361aa497e8113cb4969a66f7c33eb378f 100644 (file)
--- a/package/libs/wolfssl/Config.in
+++ b/package/libs/wolfssl/Config.in
@@ -53,7 +53,7 @@ config WOLFSSL_HAS_ECC25519
        depends on WOLFSSL_HAS_ECC
        default n
 
-config WOLFSSL_HAS_POLY_1305
+config WOLFSSL_HAS_POLY1305
        bool "Include Poly-1305 support"
        default n
 

diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile
index 23bb1c52203038b92d17d1e0f319f43e601fe9a7..7aaa5625398e45c7a376e1ff68ef520b456229d0 100644 (file)
--- a/package/libs/wolfssl/Makefile
+++ b/package/libs/wolfssl/Makefile
@@ -8,11 +8,10 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=wolfssl
-PKG_VERSION:=3.15.3-stable
-PKG_RELEASE:=2
+PKG_VERSION:=3.15.7-stable
+PKG_RELEASE:=1
 
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).zip
-# PKG_SOURCE_URL:=https://www.wolfssl.com/
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
 PKG_HASH:=dc97c07a7667b39a890e14f4b4a209f51524a4cabee7adb6c80822ee78c1f62a
 
@@ -20,15 +19,16 @@ PKG_FIXUP:=libtool
 PKG_INSTALL:=1
 PKG_USE_MIPS16:=0
 PKG_BUILD_PARALLEL:=1
-PKG_LICENSE:=GPL-2.0+
-PKG_CPE_ID:=cpe:/a:yassl:cyassl
+PKG_LICENSE:=GPL-2.0-or-later
+PKG_LICENSE_FILES:=LICENSING COPYING
+PKG_CPE_ID:=cpe:/a:wolfssl:wolfssl
 
 PKG_CONFIG_DEPENDS:=\
        CONFIG_WOLFSSL_HAS_AES_CCM CONFIG_WOLFSSL_HAS_AES_GCM \
        CONFIG_WOLFSSL_HAS_ARC4 CONFIG_WOLFSSL_HAS_CHACHA \
        CONFIG_WOLFSSL_HAS_DES3 CONFIG_WOLFSSL_HAS_DH CONFIG_WOLFSSL_HAS_DTLS \
        CONFIG_WOLFSSL_HAS_ECC CONFIG_WOLFSSL_HAS_ECC25519 \
-       CONFIG_WOLFSSL_HAS_OCSP CONFIG_WOLFSSL_HAS_POLY_1305 \
+       CONFIG_WOLFSSL_HAS_OCSP CONFIG_WOLFSSL_HAS_POLY1305 \
        CONFIG_WOLFSSL_HAS_PSK CONFIG_WOLFSSL_HAS_SESSION_TICKET \
        CONFIG_WOLFSSL_HAS_WPAS
 
@@ -42,7 +42,7 @@ define Package/libwolfssl
   URL:=http://www.wolfssl.com/
   MENU:=1
   PROVIDES:=libcyassl
-  ABI_VERSION:=18
+  ABI_VERSION:=19
 endef
 
 define Package/libwolfssl/description
@@ -54,7 +54,7 @@ define Package/libwolfssl/config
        source "$(SOURCE)/Config.in"
 endef
 
-TARGET_CFLAGS += $(FPIC)
+TARGET_CFLAGS += $(FPIC) -DFP_MAX_BITS=8192
 
 # --enable-stunnel needed for OpenSSL API compatibility bits
 CONFIGURE_ARGS += \

diff --git a/package/libs/wolfssl/patches/100-disable-hardening-check.patch b/package/libs/wolfssl/patches/100-disable-hardening-check.patch
index d913b5fdea25b4612cdf9ec96635c4729aaaa1b4..8a51434633b31897d45080660933690b56da8254 100644 (file)
--- a/package/libs/wolfssl/patches/100-disable-hardening-check.patch
+++ b/package/libs/wolfssl/patches/100-disable-hardening-check.patch
@@ -1,6 +1,6 @@
 --- a/wolfssl/wolfcrypt/settings.h
 +++ b/wolfssl/wolfcrypt/settings.h
-@@ -1624,7 +1624,7 @@ extern void uITRON4_free(void *p) ;
+@@ -1759,7 +1759,7 @@ extern void uITRON4_free(void *p) ;
  #endif
  
  /* warning for not using harden build options (default with ./configure) */
@@ -8,4 +8,4 @@
 +#if 0
      #if (defined(USE_FAST_MATH) && !defined(TFM_TIMING_RESISTANT)) || \
          (defined(HAVE_ECC) && !defined(ECC_TIMING_RESISTANT)) || \
-         (!defined(NO_RSA) && !defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS))
+         (!defined(NO_RSA) && !defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS) && \

diff --git a/package/libs/wolfssl/patches/900-remove-broken-autoconf-macros.patch b/package/libs/wolfssl/patches/900-remove-broken-autoconf-macros.patch
index 66582cfc469c2fd96119a27fab71fa5062e911ca..6b0861288f8d61153f19f8ec24b367a53460752c 100644 (file)
--- a/package/libs/wolfssl/patches/900-remove-broken-autoconf-macros.patch
+++ b/package/libs/wolfssl/patches/900-remove-broken-autoconf-macros.patch
@@ -1,6 +1,6 @@
 --- a/configure.ac
 +++ b/configure.ac
-@@ -4198,7 +4198,6 @@ AC_CONFIG_FILES([stamp-h], [echo timesta
+@@ -4614,7 +4614,6 @@ AC_CONFIG_FILES([stamp-h], [echo timesta
  AC_CONFIG_FILES([Makefile wolfssl/version.h wolfssl/options.h cyassl/options.h support/wolfssl.pc rpm/spec])
  
  AX_CREATE_GENERIC_CONFIG