CC: cyassl: update to wolfssl version 3.8.0 to fix security problems

author Hauke Mehrtens <hauke@hauke-m.de>

Tue, 1 Mar 2016 22:50:29 +0000 (22:50 +0000)

committer Hauke Mehrtens <hauke@hauke-m.de>

Tue, 1 Mar 2016 22:50:29 +0000 (22:50 +0000)
author Hauke Mehrtens <hauke@hauke-m.de>
Tue, 1 Mar 2016 22:50:29 +0000 (22:50 +0000)
committer Hauke Mehrtens <hauke@hauke-m.de>
Tue, 1 Mar 2016 22:50:29 +0000 (22:50 +0000)
diff --git a/package/libs/cyassl/Makefile b/package/libs/cyassl/Makefile

index c3361eb64f571d4de3b16e933ff7683e9c2d3e6c..41f996ffc9ea899a919553a0d071fd4a4f6e8382 100644 (file)
--- a/package/libs/cyassl/Makefile
+++ b/package/libs/cyassl/Makefile
@@ -7,13 +7,13 @@
  
  include $(TOPDIR)/rules.mk
  
-PKG_NAME:=cyassl
-PKG_VERSION:=3.3.0
-PKG_RELEASE:=2
+PKG_NAME:=wolfssl
+PKG_VERSION:=3.8.0
+PKG_RELEASE:=1
  
  PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).zip
-PKG_SOURCE_URL:=http://www.yassl.com/
-PKG_MD5SUM:=0303eb0f2f9065a1207d9104ab0eba7c
+PKG_SOURCE_URL:=https://www.wolfssl.com/
+PKG_MD5SUM:=a73d90c5439adea97a5002a73b46ddeb
  
  PKG_FIXUP:=libtool
  PKG_INSTALL:=1
@@ -27,7 +27,7 @@ define Package/libcyassl
    SUBMENU:=SSL
    CATEGORY:=Libraries
    TITLE:=CyaSSL library
-  URL:=http://www.yassl.com/
+  URL:=http://www.wolfssl.com/
  endef
  
  define Package/libcyassl/description
@@ -43,19 +43,30 @@ CONFIGURE_ARGS += \
         --enable-opensslextra \
         --enable-sni \
         --enable-ecc \
+       --enable-sslv3 \
         --disable-examples
  
+ifneq ($(CONFIG_TARGET_x86),)
+       CONFIGURE_ARGS += --enable-intelasm
+endif
+ifneq ($(CONFIG_TARGET_x86_64),)
+       CONFIGURE_ARGS += --enable-intelasm
+endif
+
  define Build/InstallDev
         $(INSTALL_DIR) $(1)/usr/include
         $(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
  
         $(INSTALL_DIR) $(1)/usr/lib
-       $(CP) $(PKG_INSTALL_DIR)/usr/lib/libcyassl.{so*,la} $(1)/usr/lib/
+       $(CP) $(PKG_INSTALL_DIR)/usr/lib/libwolfssl.{so*,la} $(1)/usr/lib/
+       ln -s libwolfssl.so $(1)/usr/lib/libcyassl.so
+       ln -s libwolfssl.la $(1)/usr/lib/libcyassl.la
  endef
  
  define Package/libcyassl/install
         $(INSTALL_DIR) $(1)/usr/lib
-       $(CP) $(PKG_INSTALL_DIR)/usr/lib/libcyassl.so* $(1)/usr/lib/
+       $(CP) $(PKG_INSTALL_DIR)/usr/lib/libwolfssl.so* $(1)/usr/lib/
+       ln -s libwolfssl.so $(1)/usr/lib/libcyassl.so
  endef
  
  $(eval $(call BuildPackage,libcyassl))
diff --git a/package/libs/cyassl/patches/100-respect_cflags.patch b/package/libs/cyassl/patches/100-respect_cflags.patch

deleted file mode 100644 (file)

index 0e03230..0000000
--- a/package/libs/cyassl/patches/100-respect_cflags.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/configure.ac
-+++ b/configure.ac
-@@ -47,7 +47,7 @@ AC_SUBST([CYASSL_LIBRARY_VERSION])
- 
- # capture user C_EXTRA_FLAGS from ./configure line, CFLAGS may hold -g -O2 even
- # if user doesn't override, no way to tell
--USER_C_EXTRA_FLAGS="$C_EXTRA_FLAGS"
-+USER_C_EXTRA_FLAGS="$CFLAGS"
- 
- LT_PREREQ([2.2])
- LT_INIT([disable-static],[win32-dll])
diff --git a/package/libs/cyassl/patches/200-SSL_accept-handle-hello-garbage.patch b/package/libs/cyassl/patches/200-SSL_accept-handle-hello-garbage.patch

deleted file mode 100644 (file)

index 5463cb0..0000000
--- a/package/libs/cyassl/patches/200-SSL_accept-handle-hello-garbage.patch
+++ /dev/null
@@ -1,13 +0,0 @@
---- a/src/internal.c
-+++ b/src/internal.c
-@@ -6037,6 +6037,10 @@ int ProcessReply(CYASSL* ssl)
-                 b1 =
-                 ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx++];
-                 ssl->curSize = (word16)(((b0 & 0x7f) << 8) | b1);
-+
-+                /* does not appear to a be a SSLv2 client hello */
-+                if ( ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx] != 1 )
-+                    return UNKNOWN_HANDSHAKE_TYPE;
-             }
-             else {
-                 ssl->options.processReply = getRecordLayerHeader;
diff --git a/package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch b/package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch

index d81e41618081d4855a18c776abd4f65a4fa5e55c..a35cdadc8ed0794158941e3a3e12330e5e1bb01b 100644 (file)
--- a/package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch
+++ b/package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch
@@ -1,10 +1,19 @@
---- a/cyassl/openssl/ssl.h
-+++ b/cyassl/openssl/ssl.h
-@@ -372,6 +373,7 @@
- #define SSL_CTX_get_ex_new_index CyaSSL_CTX_get_ex_new_index
+--- a/wolfssl/openssl/ssl.h
++++ b/wolfssl/openssl/ssl.h
+@@ -401,6 +401,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STOR
+ /* yassl had set the default to be 500 */
+ #define SSL_get_default_timeout(ctx) 500
   
++#define SSL_set_tlsext_host_name(x, y) wolfSSL_UseSNI(x, WOLFSSL_SNI_HOST_NAME, y, strlen(y))
++ 
+ /* Lighthttp compatability */
   
-+#define SSL_set_tlsext_host_name(x, y) CyaSSL_UseSNI(x, CYASSL_SNI_HOST_NAME, y, strlen(y))
+ #ifdef HAVE_LIGHTY                       
+@@ -487,7 +489,6 @@ typedef WOLFSSL_ASN1_BIT_STRING    ASN1_
+ #define SSL_TLSEXT_ERR_NOACK                 alert_warning
+ #define TLSEXT_NAMETYPE_host_name            WOLFSSL_SNI_HOST_NAME
   
- #ifdef __cplusplus
-     } /* extern "C" */
+-#define SSL_set_tlsext_host_name wolfSSL_set_tlsext_host_name
+ #define SSL_get_servername wolfSSL_get_servername
+ #define SSL_set_SSL_CTX                  wolfSSL_set_SSL_CTX
+ #define SSL_CTX_get_verify_callback      wolfSSL_CTX_get_verify_callback
diff --git a/package/libs/cyassl/patches/400-additional_compatibility.patch b/package/libs/cyassl/patches/400-additional_compatibility.patch

new file mode 100644 (file)

index 0000000..4d75d98
--- /dev/null
+++ b/package/libs/cyassl/patches/400-additional_compatibility.patch
@@ -0,0 +1,12 @@
+--- a/cyassl/openssl/ssl.h
++++ b/cyassl/openssl/ssl.h
+@@ -27,6 +27,9 @@
+ #define CYASSL_OPENSSL_H_
+ 
+ #include <cyassl/ssl.h>
++#ifndef HAVE_SNI
++#undef CYASSL_SNI_HOST_NAME
++#endif
+ #include <wolfssl/openssl/ssl.h>
+ 
+ #endif
author	Hauke Mehrtens <hauke@hauke-m.de>
	Tue, 1 Mar 2016 22:50:29 +0000 (22:50 +0000)
committer	Hauke Mehrtens <hauke@hauke-m.de>
	Tue, 1 Mar 2016 22:50:29 +0000 (22:50 +0000)
package/libs/cyassl/Makefile		patch \| blob \| history
package/libs/cyassl/patches/100-respect_cflags.patch	[deleted file]	patch \| blob \| history
package/libs/cyassl/patches/200-SSL_accept-handle-hello-garbage.patch	[deleted file]	patch \| blob \| history
package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch		patch \| blob \| history
package/libs/cyassl/patches/400-additional_compatibility.patch	[new file with mode: 0644]	patch \| blob