wolfssl: update to 3.15.7, fix Makefile
authorEneas U de Queiroz <cotequeiroz@gmail.com>
Mon, 1 Jul 2019 16:39:59 +0000 (13:39 -0300)
committerKevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Mon, 8 Jul 2019 11:41:20 +0000 (12:41 +0100)
This includes a fix for a medium-level potential cache attack with a
variant of Bleichenbacher’s attack.  Patches were refreshed.
Increased FP_MAX_BITS to allow 4096-bit RSA keys.
Fixed poly1305 build option, and some Makefile updates.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 2792daab5ad26e916619052fc7f581cddc1ea53c)

package/libs/wolfssl/Config.in
package/libs/wolfssl/Makefile
package/libs/wolfssl/patches/100-disable-hardening-check.patch
package/libs/wolfssl/patches/900-remove-broken-autoconf-macros.patch

index 50b0bb9..4aa163b 100644 (file)
@@ -53,7 +53,7 @@ config WOLFSSL_HAS_ECC25519
        depends on WOLFSSL_HAS_ECC
        default n
 
-config WOLFSSL_HAS_POLY_1305
+config WOLFSSL_HAS_POLY1305
        bool "Include Poly-1305 support"
        default n
 
index 23bb1c5..7aaa562 100644 (file)
@@ -8,11 +8,10 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=wolfssl
-PKG_VERSION:=3.15.3-stable
-PKG_RELEASE:=2
+PKG_VERSION:=3.15.7-stable
+PKG_RELEASE:=1
 
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).zip
-# PKG_SOURCE_URL:=https://www.wolfssl.com/
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
 PKG_HASH:=dc97c07a7667b39a890e14f4b4a209f51524a4cabee7adb6c80822ee78c1f62a
 
@@ -20,15 +19,16 @@ PKG_FIXUP:=libtool
 PKG_INSTALL:=1
 PKG_USE_MIPS16:=0
 PKG_BUILD_PARALLEL:=1
-PKG_LICENSE:=GPL-2.0+
-PKG_CPE_ID:=cpe:/a:yassl:cyassl
+PKG_LICENSE:=GPL-2.0-or-later
+PKG_LICENSE_FILES:=LICENSING COPYING
+PKG_CPE_ID:=cpe:/a:wolfssl:wolfssl
 
 PKG_CONFIG_DEPENDS:=\
        CONFIG_WOLFSSL_HAS_AES_CCM CONFIG_WOLFSSL_HAS_AES_GCM \
        CONFIG_WOLFSSL_HAS_ARC4 CONFIG_WOLFSSL_HAS_CHACHA \
        CONFIG_WOLFSSL_HAS_DES3 CONFIG_WOLFSSL_HAS_DH CONFIG_WOLFSSL_HAS_DTLS \
        CONFIG_WOLFSSL_HAS_ECC CONFIG_WOLFSSL_HAS_ECC25519 \
-       CONFIG_WOLFSSL_HAS_OCSP CONFIG_WOLFSSL_HAS_POLY_1305 \
+       CONFIG_WOLFSSL_HAS_OCSP CONFIG_WOLFSSL_HAS_POLY1305 \
        CONFIG_WOLFSSL_HAS_PSK CONFIG_WOLFSSL_HAS_SESSION_TICKET \
        CONFIG_WOLFSSL_HAS_WPAS
 
@@ -42,7 +42,7 @@ define Package/libwolfssl
   URL:=http://www.wolfssl.com/
   MENU:=1
   PROVIDES:=libcyassl
-  ABI_VERSION:=18
+  ABI_VERSION:=19
 endef
 
 define Package/libwolfssl/description
@@ -54,7 +54,7 @@ define Package/libwolfssl/config
        source "$(SOURCE)/Config.in"
 endef
 
-TARGET_CFLAGS += $(FPIC)
+TARGET_CFLAGS += $(FPIC) -DFP_MAX_BITS=8192
 
 # --enable-stunnel needed for OpenSSL API compatibility bits
 CONFIGURE_ARGS += \
index d913b5f..8a51434 100644 (file)
@@ -1,6 +1,6 @@
 --- a/wolfssl/wolfcrypt/settings.h
 +++ b/wolfssl/wolfcrypt/settings.h
-@@ -1624,7 +1624,7 @@ extern void uITRON4_free(void *p) ;
+@@ -1759,7 +1759,7 @@ extern void uITRON4_free(void *p) ;
  #endif
  
  /* warning for not using harden build options (default with ./configure) */
@@ -8,4 +8,4 @@
 +#if 0
      #if (defined(USE_FAST_MATH) && !defined(TFM_TIMING_RESISTANT)) || \
          (defined(HAVE_ECC) && !defined(ECC_TIMING_RESISTANT)) || \
-         (!defined(NO_RSA) && !defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS))
+         (!defined(NO_RSA) && !defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS) && \
index 66582cf..6b08612 100644 (file)
@@ -1,6 +1,6 @@
 --- a/configure.ac
 +++ b/configure.ac
-@@ -4198,7 +4198,6 @@ AC_CONFIG_FILES([stamp-h], [echo timesta
+@@ -4614,7 +4614,6 @@ AC_CONFIG_FILES([stamp-h], [echo timesta
  AC_CONFIG_FILES([Makefile wolfssl/version.h wolfssl/options.h cyassl/options.h support/wolfssl.pc rpm/spec])
  
  AX_CREATE_GENERIC_CONFIG