From patchwork Wed Jun 26 01:49:45 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Eneas U de Queiroz X-Patchwork-Id: 1122469 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="OJcMTDgP"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="UR+x8T2m"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 45YQwh1R21z9s4Y for ; Wed, 26 Jun 2019 11:51:00 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Subject:MIME-Version:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=I3YjkfTaO07t8aUKNZhMjBHCU41peZQyOI/cNFzPaww=; b=OJcMTDgPFAgpWW lGau7o+pez8LNzEm+hl4+BGouwv6182dTq5Fxz1I8mhcxs5E2yDV0pZiIpgVEGLqorG/dtEccR4RT LotCPUuugZEeXNM9vvyKW8fXP4RLRltXDmyTVWtEWEDb+xwGoEG4+SSyVRWUIAILRpxEpx4L++2ku FwcVpy/aAdDNv1BlboPLYcogqhakCn0Wv3akXL4V5Zsl6Rs7hVqVKJGPyAwjQd6kN+YJW97YzcJFz tf4M4DITprVnIBkKsLItMqxDRMt4FZJMVcdX2XusLesqJ+zo8ySiQ0KrVFpFwq8ivXfHcvkJBW6O/ mGZ24WFPjVxm86ifqrkg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92 #3 (Red Hat Linux)) id 1hfx5D-00056o-VW; Wed, 26 Jun 2019 01:50:47 +0000 Received: from mail-qk1-x730.google.com ([2607:f8b0:4864:20::730]) by bombadil.infradead.org with esmtps (Exim 4.92 #3 (Red Hat Linux)) id 1hfx4p-0004uA-Bf for openwrt-devel@lists.openwrt.org; Wed, 26 Jun 2019 01:50:27 +0000 Received: by mail-qk1-x730.google.com with SMTP id d15so371828qkl.4 for ; Tue, 25 Jun 2019 18:50:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=WWbdPA8ylaAwnw4qnoetmv+bte2eFFOj8EL/qC/iCho=; b=UR+x8T2mlbyN4e0R2JckMG+4vhRdzp3FxboAN56m1afFX0IxjU9oqcZABUCUinXItC uCuWp4pRsPm+gDlW4ANoCBXG5MX7PVM4XbO/IL5cYHSrfrD58GqZazo+gvkjuxAtVYb4 tzS3f+dqXPFLSdHlqPVT0TUwPLcpPKOrZ6JupdPX2Fvenswk6DjxVAtFVeCwNYQS6ptH k1/WHysBTFiZxof9cr9sbeO6/Bpdgl5XBh1/8iU3sCNRwHya6ARrYgcqryM2MovA2CTh vDjYvUdqKTLbuhJA8NOMqPKanicMODgNsdz1M/BtkjTg6fbVjk0OJfBG58PO6qA3+o3p 7CBg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=WWbdPA8ylaAwnw4qnoetmv+bte2eFFOj8EL/qC/iCho=; b=iocoMwmmNQNoqmaFVBHF8zfhAR9kmKbLuOUbIDJYZXANsIPvEjaT5jkTUCSLvXecTV RNi7A3y15YOz/FJoN345XgIh4CJwULXJgiGEkBiJnDxznRPNCeR60H/NpcwtmxNK1BOD CmwzgLArfA3kCP6q35qcjj3bB0H0v6X2URjNKd6CojzMXDsqU8917H1nVWQUitWDkd0R 0aIo/y6BC/p5XoSZij9F+lljZqH/ITQ2dRGuqH98Q5ARXdYdrImenpjSkQ4kuSgmUQB+ yW7t5tKt1LFvMEf2vHMkkhPc/WLkkim86LpSGJyNW/cvXf68wP9uJk1poIIUdSgsmgjS L40g== X-Gm-Message-State: APjAAAVHD3gR6HIPpLQm9hhpnbeMibdkcAUUE5Qm21NpP97IbofY0Ka6 h2M3Ra803IWNcgTRhf7DxTyuco95v7E= X-Google-Smtp-Source: APXvYqzokrHHy2417lliq/IKZyVnVUyBsWJMRKwmYMJ3hM6vythMC2FWN+6GAkiFVgN80B/93Jhpuw== X-Received: by 2002:a05:620a:12a2:: with SMTP id x2mr1566729qki.133.1561513822055; Tue, 25 Jun 2019 18:50:22 -0700 (PDT) Received: from gateway.troianet.com.br (ipv6.troianet.com.br. [2804:688:21:4::2]) by smtp.gmail.com with ESMTPSA id a54sm6523437qtk.85.2019.06.25.18.50.20 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Tue, 25 Jun 2019 18:50:21 -0700 (PDT) From: Eneas U de Queiroz To: openwrt-devel@lists.openwrt.org Date: Tue, 25 Jun 2019 22:49:45 -0300 Message-Id: <20190626014947.19818-2-cotequeiroz@gmail.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190626014947.19818-1-cotequeiroz@gmail.com> References: <20190626014947.19818-1-cotequeiroz@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190625_185023_396550_56ECC866 X-CRM114-Status: UNSURE ( 5.98 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:730 listed in] [list.dnswl.org] 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (cotequeiroz[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid Subject: [OpenWrt-Devel] [PATCH 1/3] wolfssl: update to 3.15.7, fix Makefile X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eneas U de Queiroz Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org This includes a fix for a medium-level potential cache attack with a variant of Bleichenbacher’s attack. Patches were refreshed. Fixed poly1305 build option, and made some Makefile updates. Signed-off-by: Eneas U de Queiroz diff --git a/package/libs/wolfssl/Config.in b/package/libs/wolfssl/Config.in index 50b0bb9cdf..4aa163b361 100644 --- a/package/libs/wolfssl/Config.in +++ b/package/libs/wolfssl/Config.in @@ -53,7 +53,7 @@ config WOLFSSL_HAS_ECC25519 depends on WOLFSSL_HAS_ECC default n -config WOLFSSL_HAS_POLY_1305 +config WOLFSSL_HAS_POLY1305 bool "Include Poly-1305 support" default n diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile index 23bb1c5220..d96dbea323 100644 --- a/package/libs/wolfssl/Makefile +++ b/package/libs/wolfssl/Makefile @@ -8,11 +8,10 @@ include $(TOPDIR)/rules.mk PKG_NAME:=wolfssl -PKG_VERSION:=3.15.3-stable -PKG_RELEASE:=2 +PKG_VERSION:=3.15.7-stable +PKG_RELEASE:=1 -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).zip -# PKG_SOURCE_URL:=https://www.wolfssl.com/ +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION) PKG_HASH:=dc97c07a7667b39a890e14f4b4a209f51524a4cabee7adb6c80822ee78c1f62a @@ -20,15 +19,16 @@ PKG_FIXUP:=libtool PKG_INSTALL:=1 PKG_USE_MIPS16:=0 PKG_BUILD_PARALLEL:=1 -PKG_LICENSE:=GPL-2.0+ -PKG_CPE_ID:=cpe:/a:yassl:cyassl +PKG_LICENSE:=GPL-2.0-or-later +PKG_LICENSE_FILES:=LICENSING COPYING +PKG_CPE_ID:=cpe:/a:wolfssl:wolfssl PKG_CONFIG_DEPENDS:=\ CONFIG_WOLFSSL_HAS_AES_CCM CONFIG_WOLFSSL_HAS_AES_GCM \ CONFIG_WOLFSSL_HAS_ARC4 CONFIG_WOLFSSL_HAS_CHACHA \ CONFIG_WOLFSSL_HAS_DES3 CONFIG_WOLFSSL_HAS_DH CONFIG_WOLFSSL_HAS_DTLS \ CONFIG_WOLFSSL_HAS_ECC CONFIG_WOLFSSL_HAS_ECC25519 \ - CONFIG_WOLFSSL_HAS_OCSP CONFIG_WOLFSSL_HAS_POLY_1305 \ + CONFIG_WOLFSSL_HAS_OCSP CONFIG_WOLFSSL_HAS_POLY1305 \ CONFIG_WOLFSSL_HAS_PSK CONFIG_WOLFSSL_HAS_SESSION_TICKET \ CONFIG_WOLFSSL_HAS_WPAS @@ -42,7 +42,7 @@ define Package/libwolfssl URL:=http://www.wolfssl.com/ MENU:=1 PROVIDES:=libcyassl - ABI_VERSION:=18 + ABI_VERSION:=19 endef define Package/libwolfssl/description diff --git a/package/libs/wolfssl/patches/100-disable-hardening-check.patch b/package/libs/wolfssl/patches/100-disable-hardening-check.patch index d913b5fdea..8a51434633 100644 --- a/package/libs/wolfssl/patches/100-disable-hardening-check.patch +++ b/package/libs/wolfssl/patches/100-disable-hardening-check.patch @@ -1,6 +1,6 @@ --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h -@@ -1624,7 +1624,7 @@ extern void uITRON4_free(void *p) ; +@@ -1759,7 +1759,7 @@ extern void uITRON4_free(void *p) ; #endif /* warning for not using harden build options (default with ./configure) */ @@ -8,4 +8,4 @@ +#if 0 #if (defined(USE_FAST_MATH) && !defined(TFM_TIMING_RESISTANT)) || \ (defined(HAVE_ECC) && !defined(ECC_TIMING_RESISTANT)) || \ - (!defined(NO_RSA) && !defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS)) + (!defined(NO_RSA) && !defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS) && \ diff --git a/package/libs/wolfssl/patches/900-remove-broken-autoconf-macros.patch b/package/libs/wolfssl/patches/900-remove-broken-autoconf-macros.patch index 66582cfc46..6b0861288f 100644 --- a/package/libs/wolfssl/patches/900-remove-broken-autoconf-macros.patch +++ b/package/libs/wolfssl/patches/900-remove-broken-autoconf-macros.patch @@ -1,6 +1,6 @@ --- a/configure.ac +++ b/configure.ac -@@ -4198,7 +4198,6 @@ AC_CONFIG_FILES([stamp-h], [echo timesta +@@ -4614,7 +4614,6 @@ AC_CONFIG_FILES([stamp-h], [echo timesta AC_CONFIG_FILES([Makefile wolfssl/version.h wolfssl/options.h cyassl/options.h support/wolfssl.pc rpm/spec]) AX_CREATE_GENERIC_CONFIG From patchwork Wed Jun 26 01:49:46 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eneas U de Queiroz X-Patchwork-Id: 1122470 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="gYF8ncZ/"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="RUMGbXgx"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 45YQx63skBz9s4Y for ; Wed, 26 Jun 2019 11:51:22 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Subject:MIME-Version:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=wpbFxs0dwdWXkxtwXTW3ajpnvhsb7vlZ50VKcJr+M2g=; b=gYF8ncZ/fCswvV UrDbFmpFD0gd2NSGbO5UjTvVajV8GWLI7P/JQnyZB9m+6gY8Hw1a41EnaDRrE0oYq/SEdXlTNMJvN scw6C/I9NOyyffVVa89OHOphUiMPEPDBq+vxRsjOw3bCMzxLqNm8Pf4ZQ+zyGZp55klezlaZsR9po 425XAjgPVtacnZUUBOpK9gh2ePRUG4uW+a1BO3TggciKE60RHdqvyXYMNhX7Fw2rm8iFGV650jVl+ yjKcyKZ21aZUoLl9CUxQWX0loTPNVSpNx4kAY2L2k23zn65/1f5+YQ1kUEUk7MZTOgDC32K71jhw2 PJz3DklPLFFtWDb1rACw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92 #3 (Red Hat Linux)) id 1hfx5Y-0005Nk-5T; Wed, 26 Jun 2019 01:51:08 +0000 Received: from mail-qk1-x744.google.com ([2607:f8b0:4864:20::744]) by bombadil.infradead.org with esmtps (Exim 4.92 #3 (Red Hat Linux)) id 1hfx4r-0004uY-0T for openwrt-devel@lists.openwrt.org; Wed, 26 Jun 2019 01:50:27 +0000 Received: by mail-qk1-x744.google.com with SMTP id a27so369732qkk.5 for ; Tue, 25 Jun 2019 18:50:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=emRk4wMXn4ql6DHl459EUbzDINmnf0S28X2BfPicAto=; b=RUMGbXgxg7mMUhK2walvU85s/SxWJ0twK4A1BXgwLZnKh/kjrC9VduzWHa0TqR8MuL g21Cy9Yuzp9wJ9FF5a2g+FhYcy8vMEneaJOAnbH4S7/eKDEXfWpkpdJbVrjqg072AJ0P LVdDq9ARhXTmYY+JYHgiReG8NQFWJ2i4IGnzhWczxNtiwaHYicNuubDvjUqJV4k3r2FF MlNJglWSF0MCJyOJL69sAVkKIQfeE54tCkF/8GwxycDBoQmz0hMfdwDcTlS1z3jXQcwm yOo06oBimGGRpnPPKIYBiCZ3EDKLVtSEBKb1cVfMxgWWrQ7EUP6/XPMFoTwqZ2BZUPsi +RTg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=emRk4wMXn4ql6DHl459EUbzDINmnf0S28X2BfPicAto=; b=gRrf3OMkQCVaBvxSrei7XUto26gPiibOFqN6iL4umzU7erHDjcHvdxCISaubIQP5l1 YMQUZztL5MfU4WhePXLSt6aFlXx3jb3YcR/fEQiBRQEcVEoI9wjn67ES4rtTDzN5pzqr 3czRFbNwNIVUfOLLmKhvur1rrehtPm1wdbJzy9nCkha2Co4Xkyea4cCfbXdttwW4Jxvt bj+PcH1Nb30sjp+kAN5FMUA8DaR6RkJwLxN0HGd5KzxkWC2oaSpOR7Sc8JWkjzaBjMva jHfDDyJfPfL3jcprJ2IlD6ieeh2QBq6hqz6GYJD0aUvHnEcZJB/xxFf2NGEKFO0+5A22 QGyw== X-Gm-Message-State: APjAAAXjBmZ3oxvessSKcJEbtXrcGcq0YiBXcdkO0w8xncLthh/NRMyb EpsJUwfV1jEQAVKYydEksGHpyTpryl4= X-Google-Smtp-Source: APXvYqyjYIbM/W7iPDuwFoVBu7tUdz+5O59oOJRvRnAAwzKXLvH90STNzV9mLuCYLNScLIHOznQiDg== X-Received: by 2002:a37:4e51:: with SMTP id c78mr1517521qkb.19.1561513823665; Tue, 25 Jun 2019 18:50:23 -0700 (PDT) Received: from gateway.troianet.com.br (ipv6.troianet.com.br. [2804:688:21:4::2]) by smtp.gmail.com with ESMTPSA id a54sm6523437qtk.85.2019.06.25.18.50.22 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Tue, 25 Jun 2019 18:50:23 -0700 (PDT) From: Eneas U de Queiroz To: openwrt-devel@lists.openwrt.org Date: Tue, 25 Jun 2019 22:49:46 -0300 Message-Id: <20190626014947.19818-3-cotequeiroz@gmail.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190626014947.19818-1-cotequeiroz@gmail.com> References: <20190626014947.19818-1-cotequeiroz@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190625_185025_533305_CF99B9CE X-CRM114-Status: UNSURE ( 7.01 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:744 listed in] [list.dnswl.org] 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (cotequeiroz[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid Subject: [OpenWrt-Devel] [PATCH 2/3] wolfssl: reorganize, add build options X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eneas U de Queiroz Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Removed options that can't be turned off because we're building with --enable-stunnel, some of which affect hostapd's Config.in. Adjusted the title of OCSP option, as OCSP itself can't be turned off, only the stapling part is selectable. Mark options turned on when wpad support is selected. Add building options for TLS 1.0 and TLS 1.3. Add hardware crypto support, which due to a bug, only works when CCM support is turned off. Reorganized option conditionals in Makefile. Add Eneas U de Queiroz as maintainer. Signed-off-by: Eneas U de Queiroz diff --git a/package/libs/wolfssl/Config.in b/package/libs/wolfssl/Config.in index 4aa163b361..711b789f6e 100644 --- a/package/libs/wolfssl/Config.in +++ b/package/libs/wolfssl/Config.in @@ -8,12 +8,8 @@ config WOLFSSL_HAS_AES_GCM bool "Include AES-GCM support" default y -config WOLFSSL_HAS_CHACHA - bool "Include ChaCha cipher suite support" - default n - -config WOLFSSL_HAS_ECC - bool "Include ECC (Elliptic Curve Cryptography) support" +config WOLFSSL_HAS_CHACHA_POLY + bool "Include ChaCha20-Poly1305 cipher suite support" default y config WOLFSSL_HAS_DH @@ -24,13 +20,18 @@ config WOLFSSL_HAS_ARC4 bool "Include ARC4 support" default y -config WOLFSSL_HAS_DES3 - bool "Include DES3 (Tripple-DES) support" +config WOLFSSL_HAS_TLSV10 + bool "Include TLS 1.0 support" default y -config WOLFSSL_HAS_PSK - bool "Include PKS (Pre Share Key) support" - default y +if !(WOLFSSL_HAS_AES_CCM||WOLFSSL_HAS_AES_GCM||WOLFSSL_HAS_CHACHA_POLY) + comment "! TLS 1.3 support needs one of: AES-CCM, AES-GCM, ChaCha20-Poly1305" +endif + +config WOLFSSL_HAS_TLSV13 + bool "Include TLS 1.3 support" + depends on WOLFSSL_HAS_AES_CCM||WOLFSSL_HAS_AES_GCM||WOLFSSL_HAS_CHACHA_POLY + default n config WOLFSSL_HAS_SESSION_TICKET bool "Include session ticket support" @@ -41,20 +42,40 @@ config WOLFSSL_HAS_DTLS default n config WOLFSSL_HAS_OCSP - bool "Include OSCP support" + bool "Include OSCP stapling support" default y config WOLFSSL_HAS_WPAS bool "Include wpa_supplicant support" + select WOLFSSL_HAS_ARC4 + select WOLFSSL_HAS_OCSP + select WOLFSSL_HAS_SESSION_TICKET default y config WOLFSSL_HAS_ECC25519 bool "Include ECC Curve 22519 support" - depends on WOLFSSL_HAS_ECC default n -config WOLFSSL_HAS_POLY1305 - bool "Include Poly-1305 support" - default n +if WOLFSSL_HAS_AES_CCM + comment "! Hardware Acceleration does not build with AES-CCM enabled" +endif +if !WOLFSSL_HAS_AES_CCM + choice + prompt "Hardware Acceleration" + default WOLFSSL_HAS_NO_HW + + config WOLFSSL_HAS_NO_HW + bool "None" + + config WOLFSSL_HAS_AFALG + bool "AF_ALG" + + config WOLFSSL_HAS_DEVCRYPTO_AES + bool "/dev/crypto - AES-only" + + config WOLFSSL_HAS_DEVCRYPTO_FULL + bool "/dev/crypto - full" + endchoice +endif endif diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile index d96dbea323..77a5f9d8fd 100644 --- a/package/libs/wolfssl/Makefile +++ b/package/libs/wolfssl/Makefile @@ -13,7 +13,7 @@ PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION) -PKG_HASH:=dc97c07a7667b39a890e14f4b4a209f51524a4cabee7adb6c80822ee78c1f62a +PKG_HASH:=70e4fbeb91284a269b25a84fc526755c670475aee4034a6f237b1f754d108af3 PKG_FIXUP:=libtool PKG_INSTALL:=1 @@ -21,15 +21,17 @@ PKG_USE_MIPS16:=0 PKG_BUILD_PARALLEL:=1 PKG_LICENSE:=GPL-2.0-or-later PKG_LICENSE_FILES:=LICENSING COPYING +PKG_MAINTAINER:=Eneas U de Queiroz PKG_CPE_ID:=cpe:/a:wolfssl:wolfssl PKG_CONFIG_DEPENDS:=\ CONFIG_WOLFSSL_HAS_AES_CCM CONFIG_WOLFSSL_HAS_AES_GCM \ - CONFIG_WOLFSSL_HAS_ARC4 CONFIG_WOLFSSL_HAS_CHACHA \ - CONFIG_WOLFSSL_HAS_DES3 CONFIG_WOLFSSL_HAS_DH CONFIG_WOLFSSL_HAS_DTLS \ - CONFIG_WOLFSSL_HAS_ECC CONFIG_WOLFSSL_HAS_ECC25519 \ - CONFIG_WOLFSSL_HAS_OCSP CONFIG_WOLFSSL_HAS_POLY1305 \ - CONFIG_WOLFSSL_HAS_PSK CONFIG_WOLFSSL_HAS_SESSION_TICKET \ + CONFIG_WOLFSSL_HAS_AFALG CONFIG_WOLFSSL_HAS_ARC4 \ + CONFIG_WOLFSSL_HAS_CHACHA_POLY CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES \ + CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL, CONFIG_WOLFSSL_HAS_DH \ + CONFIG_WOLFSSL_HAS_DTLS CONFIG_WOLFSSL_HAS_ECC25519 \ + CONFIG_WOLFSSL_HAS_OCSP CONFIG_WOLFSSL_HAS_SESSION_TICKET \ + CONFIG_WOLFSSL_HAS_TLSV10 CONFIG_WOLFSSL_HAS_TLSV13 \ CONFIG_WOLFSSL_HAS_WPAS include $(INCLUDE_DIR)/package.mk @@ -42,6 +44,7 @@ define Package/libwolfssl URL:=http://www.wolfssl.com/ MENU:=1 PROVIDES:=libcyassl + DEPENDS:=+WOLFSSL_HAS_DEVCRYPTO:kmod-cryptodev +WOLFSSL_HAS_AFALG:kmod-crypto-user ABI_VERSION:=19 endef @@ -64,68 +67,20 @@ CONFIGURE_ARGS += \ --disable-examples \ --disable-leanpsk \ --disable-leantls \ - -ifeq ($(CONFIG_IPV6),y) -CONFIGURE_ARGS += \ - --enable-ipv6 -endif - -ifeq ($(CONFIG_WOLFSSL_HAS_AES_CCM),y) -CONFIGURE_ARGS += \ - --enable-aesccm -endif - -ifneq ($(CONFIG_WOLFSSL_HAS_AES_GCM),y) -CONFIGURE_ARGS += \ - --disable-aesgcm -endif - -ifneq ($(CONFIG_WOLFSSL_HAS_CHACHA),y) -CONFIGURE_ARGS += \ - --disable-chacha -endif - -ifeq ($(CONFIG_WOLFSSL_HAS_ECC),y) -CONFIGURE_ARGS += \ - --enable-ecc \ - --enable-supportedcurves -endif - -ifeq ($(CONFIG_WOLFSSL_HAS_DH),y) -CONFIGURE_ARGS += \ - --enable-dh -endif - -ifneq ($(CONFIG_WOLFSSL_HAS_ARC4),y) -CONFIGURE_ARGS += \ - --disable-arc4 -else -CONFIGURE_ARGS += \ - --enable-arc4 -endif - -ifneq ($(CONFIG_WOLFSSL_HAS_DES3),y) -CONFIGURE_ARGS += \ - --disable-des3 -else -CONFIGURE_ARGS += \ - --enable-des3 -endif - -ifeq ($(CONFIG_WOLFSSL_HAS_PSK),y) -CONFIGURE_ARGS += \ - --enable-psk -endif - -ifeq ($(CONFIG_WOLFSSL_HAS_SESSION_TICKET),y) -CONFIGURE_ARGS += \ - --enable-session-ticket -endif - -ifeq ($(CONFIG_WOLFSSL_HAS_DTLS),y) -CONFIGURE_ARGS += \ - --enable-dtls -endif + --$(if $(CONFIG_IPV6),enable,disable)-ipv6 \ + --$(if $(CONFIG_WOLFSSL_HAS_AES_CCM),enable,disable)-aesccm \ + --$(if $(CONFIG_WOLFSSL_HAS_AES_GCM),enable,disable)-aesgcm \ + --$(if $(CONFIG_WOLFSSL_HAS_CHACHA_POLY),enable,disable)-chacha \ + --$(if $(CONFIG_WOLFSSL_HAS_CHACHA_POLY),enable,disable)-poly1305 \ + --$(if $(CONFIG_WOLFSSL_HAS_DH),enable,disable)-dh \ + --$(if $(CONFIG_WOLFSSL_HAS_ARC4),enable,disable)-arc4 \ + --$(if $(CONFIG_WOLFSSL_HAS_TLSV10),enable,disable)-tlsv10 \ + --$(if $(CONFIG_WOLFSSL_HAS_TLSV13),enable,disable)-tls13 \ + --$(if $(CONFIG_WOLFSSL_HAS_SESSION_TICKET),enable,disable)-session-ticket \ + --$(if $(CONFIG_WOLFSSL_HAS_DTLS),enable,disable)-dtls \ + --$(if $(CONFIG_WOLFSSL_HAS_ECC25519),enable,disable)-curve25519 \ + --$(if $(CONFIG_WOLFSSL_HAS_AFALG),enable,disable)-afalg \ + --enable-devcrypto=$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES),aes,$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL),yes,no)) ifeq ($(CONFIG_WOLFSSL_HAS_OCSP),y) CONFIGURE_ARGS += \ @@ -137,23 +92,6 @@ CONFIGURE_ARGS += \ --enable-wpas --enable-sha512 --enable-fortress --enable-fastmath endif -ifeq ($(CONFIG_WOLFSSL_HAS_ECC25519),y) -CONFIGURE_ARGS += \ - --enable-curve25519 -endif - -ifneq ($(CONFIG_WOLFSSL_HAS_POLY1305),y) -CONFIGURE_ARGS += \ - --enable-poly1305 -endif - -#ifneq ($(CONFIG_TARGET_x86),) -# CONFIGURE_ARGS += --enable-intelasm -#endif -#ifneq ($(CONFIG_TARGET_x86_64),) -# CONFIGURE_ARGS += --enable-intelasm -#endif - define Build/InstallDev $(INSTALL_DIR) $(1)/usr/include $(1)/usr/lib/pkgconfig $(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/ From patchwork Wed Jun 26 01:49:47 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eneas U de Queiroz X-Patchwork-Id: 1122471 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="AXKunCje"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="W1DC6Kwa"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 45YQxL4XTSz9s5c for ; Wed, 26 Jun 2019 11:51:34 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Subject:MIME-Version:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=U3YzmZgA4j3jMfFjtXhUfXKdHtVqCJNV/IXDHP3pjNg=; b=AXKunCjeoADki0 bJ5T5H/637SMj4LwqKE0Kr1IHGjgGmWKx1sAUPW2JDzHGVaZdIz0OchNhJnUt8/hItwkO0PGp5yPv 0HjaRzXzkzEb56KQ5FEzPyUbL6WZMa8QglVY9g6yTDiBrAmEQJADksOY1CUpLSvf9pdgigNghCV6B 0x7555otrDK+gWSHATZTfkmzX4X3lVWNFVHilOagqpDMvapay0cW+GsmBtobFn+nAKHI6MQUdcN/2 5Yq53FcgUyzAEQYhhZMJ7+vbWpQAG0eBaWqtUMbMO/daFUDIiPYt8eM92/SL1CxZ8cJNUauEGv/+A QLj1gZEFLqA5chzGFszw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92 #3 (Red Hat Linux)) id 1hfx5q-0005e9-Ai; Wed, 26 Jun 2019 01:51:26 +0000 Received: from mail-qt1-x843.google.com ([2607:f8b0:4864:20::843]) by bombadil.infradead.org with esmtps (Exim 4.92 #3 (Red Hat Linux)) id 1hfx4s-0004vD-Mt for openwrt-devel@lists.openwrt.org; Wed, 26 Jun 2019 01:50:28 +0000 Received: by mail-qt1-x843.google.com with SMTP id n11so694219qtl.5 for ; Tue, 25 Jun 2019 18:50:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Giz/tsPpTyW9yztEoYtJ2Vh87xjSR4TzvGjoDv4dI4o=; b=W1DC6Kwa90EgPY6Bsh3apm8dUDAyb+G0dKn/Rkud8kG1xrDEkEdc0rw1gy1wgRdMed yl0nQMLgrsoduUg4/1eK/L7gkRAb31F2c22/veNpbpH2DQnFPdNwbgzjPCEWrPAsni3I BmwNy2ZjTB4CyZTdYyUTXR7GHDavoQsxzZYjR9p4pModYd66Se4NsVce/zPem+7XVrKs c9EuuSl92LeFE6qS8BkeSTSthyhS/68mHSs6nC/PThEttnkcF4cRm0GV0sYkHZgheEI1 NK3gNWuKHNKnwNkgOpYawlLkVkMLKeygsyeuJtsE4Zn6GlS3MnXp8JVSoyPHOCdUHkrz /kCg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Giz/tsPpTyW9yztEoYtJ2Vh87xjSR4TzvGjoDv4dI4o=; b=UDl8woTVr77kzYtblvshdfXa7JJ5g/gf3aYf6/FDqhgCp2FbyFgjK9o+Ti0cr9D/1n pM64bqP329lWhroNwBpj8bGfsTFFkAGW+aEPc4RUziOEIvDj0CFKXLiLZO9dQ4NJMdUA vzjxyxA3VI2BjzV0gR0HKX/b7UeHl3JxOXPnE+QkAv8TYjXLNhG5bNWduHVQRa8Xt5tN TIj+fwJpBh+7/7/9Eu2Q+uSFP2AcqOdeHtV6QJkvo1C0DjEZIDxRWNg1Hjxd+5VKYL0I imq85C7pa+tBTd4c0F3Uf5kKo+xp4XNyvNy44sYWiccPz58Qyhtgg2JepVgkc3vSx3ox C4ew== X-Gm-Message-State: APjAAAU16IGlkFKjXcYpEb5cGfJLztHtoEq28t3iB5UyZ8qrGTSQrUnv BhlNo7LPvcEta3lbUiJ8AOvRqnsU2ONyfw== X-Google-Smtp-Source: APXvYqxomLRD5Lkrbi3TGCdl8/ytt9NOLMjzEDwCn7jTQUUQzzMPncdAdCdOBf66LCUVOJGPrBx1GQ== X-Received: by 2002:aed:220e:: with SMTP id n14mr1380151qtc.388.1561513825357; Tue, 25 Jun 2019 18:50:25 -0700 (PDT) Received: from gateway.troianet.com.br (ipv6.troianet.com.br. [2804:688:21:4::2]) by smtp.gmail.com with ESMTPSA id a54sm6523437qtk.85.2019.06.25.18.50.23 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Tue, 25 Jun 2019 18:50:24 -0700 (PDT) From: Eneas U de Queiroz To: openwrt-devel@lists.openwrt.org Date: Tue, 25 Jun 2019 22:49:47 -0300 Message-Id: <20190626014947.19818-4-cotequeiroz@gmail.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190626014947.19818-1-cotequeiroz@gmail.com> References: <20190626014947.19818-1-cotequeiroz@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190625_185027_298310_0D78CBEA X-CRM114-Status: UNSURE ( 4.81 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:843 listed in] [list.dnswl.org] 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (cotequeiroz[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid Subject: [OpenWrt-Devel] [PATCH 3/3] hostapd: adjust removed wolfssl options X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eneas U de Queiroz , Eneas U de Queiroz Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org From: Eneas U de Queiroz This adjusts the selection of recently removed wolfssl options which have always been built into the library even in their absence. Also remove the selection of libwolfssl itself, allowing the library to be built as a module. Signed-off-by: Eneas U de Queiroz diff --git a/package/network/services/hostapd/Config.in b/package/network/services/hostapd/Config.in index 1966067219..9ce4b243cc 100644 --- a/package/network/services/hostapd/Config.in +++ b/package/network/services/hostapd/Config.in @@ -51,15 +51,11 @@ config WPA_WOLFSSL PACKAGE_wpad-wolfssl ||\ PACKAGE_wpad-mesh-wolfssl ||\ PACKAGE_eapol-test-wolfssl - select PACKAGE_libwolfssl select WOLFSSL_HAS_AES_CCM select WOLFSSL_HAS_AES_GCM select WOLFSSL_HAS_ARC4 - select WOLFSSL_HAS_DES3 select WOLFSSL_HAS_DH - select WOLFSSL_HAS_ECC select WOLFSSL_HAS_OCSP - select WOLFSSL_HAS_PSK select WOLFSSL_HAS_SESSION_TICKET select WOLFSSL_HAS_WPAS