From patchwork Fri May 15 14:02:09 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Erwan Gautron X-Patchwork-Id: 1291162 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=bertin.fr Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=cnimgroup.onmicrosoft.com header.i=@cnimgroup.onmicrosoft.com header.a=rsa-sha256 header.s=selector2-cnimgroup-onmicrosoft-com header.b=cnxuuRrz; dkim-atps=neutral Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49NqqG1qvgz9sTr for ; Sat, 16 May 2020 00:02:33 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 8C47B88DB6; Fri, 15 May 2020 14:02:27 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7d9XqDc6bfL8; Fri, 15 May 2020 14:02:21 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by whitealder.osuosl.org (Postfix) with ESMTP id E117C88DB7; Fri, 15 May 2020 14:02:20 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by ash.osuosl.org (Postfix) with ESMTP id 9E8AD1BF2A1 for ; Fri, 15 May 2020 14:02:19 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 9B3ED89A68 for ; Fri, 15 May 2020 14:02:19 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ShJXbvywsuvB for ; Fri, 15 May 2020 14:02:14 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from FRA01-PR2-obe.outbound.protection.outlook.com (mail-eopbgr120045.outbound.protection.outlook.com [40.107.12.45]) by hemlock.osuosl.org (Postfix) with ESMTPS id C839A89A4E for ; Fri, 15 May 2020 14:02:13 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FcQ3MBdKLesaNp/ysP+FHKyDoS1SZyr3P8H4cEen8DDKxHwranvW4jykK8Wfvr5no5ujC8IuA8YsUH9+Jc3Tr2xqpfw0sTS2514TgrmEv6o4VimTMQMFHgpJCdwNArBY9cS9KRiv9QX90RibkADEuPs7XuroT3oQaBzPvBDSJMmQablQgE1am2j8EankOlmkApglLsUA097sW0jUxhded+RxwDOUqJIgyGRpF0avQnOwVMNllBkzFPu86vhSX57UZ1hsVTfbEPGlHEAKuBnv94SIFUbpQnmgqAomqzViHKVc8YHZn6uh2+BJlAqnlkJvid7Nwf0OFGAOkG+d2dnmlA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+hN6Wz96HvUHqc8ai/hSxQVLs1jR18D5qrzQ/DkLzFw=; b=HSMHxMT2X5TOsAa4WBA6a5gu7qpziYEU6ROJU/VW6pqZ6H7KUoeJcDomlrgaeSmReGVZ5CbflfymgBPBc9svu4L9ZCEwGeRbcDUQlpMYpAj7wmkqiqut/aP47eJ1lLyUBVUWSPx7Z0HZ0C8rpz5i2K0nrID61+oLOk32hcsMdLsYwwFiiogmErmxfgjIN1vDqvFztokZNBS7JYKBJu1084gCQOZ6Dov41SebonzFJOLIsRbR+B9pmLPecfbXDn4vMAA4+Yf91NPNfSwCbVSG0I97y4jBKQ/CpIsrH3zSJ+JhS9HcIza+MpukCMJXQFtqYk3fdBj2slQ2SPitLnbYjA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=bertin.fr; dmarc=pass action=none header.from=bertin.fr; dkim=pass header.d=bertin.fr; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cnimgroup.onmicrosoft.com; s=selector2-cnimgroup-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+hN6Wz96HvUHqc8ai/hSxQVLs1jR18D5qrzQ/DkLzFw=; b=cnxuuRrzg/8/mH/I+ZdoPn26jFIrKodnOd1Hc2QolsLZUBCJ/U8TDDBShXsTiPcJglmdjsN1xgK3oZmjq/dbMjvcZ2U6uIhDY/9iItuzyk1iXyytbyTNyf3VcLWFzCqFxvCcNpYvTKprm/VLg47YImFJJHjNcQUTsOaZTkJ9Rk0= Authentication-Results: buildroot.org; dkim=none (message not signed) header.d=none;buildroot.org; dmarc=none action=none header.from=bertin.fr; Received: from PR0P264MB0009.FRAP264.PROD.OUTLOOK.COM (2603:10a6:100:e::22) by PR0P264MB0668.FRAP264.PROD.OUTLOOK.COM (2603:10a6:100:c::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2979.28; Fri, 15 May 2020 14:02:10 +0000 Received: from PR0P264MB0009.FRAP264.PROD.OUTLOOK.COM ([fe80::c4fb:874:b5fa:aae9]) by PR0P264MB0009.FRAP264.PROD.OUTLOOK.COM ([fe80::c4fb:874:b5fa:aae9%7]) with mapi id 15.20.3000.022; Fri, 15 May 2020 14:02:10 +0000 From: Erwan GAUTRON To: buildroot@buildroot.org Date: Fri, 15 May 2020 16:02:09 +0200 Message-Id: <20200515140209.1355747-1-erwan.gautron@bertin.fr> X-Mailer: git-send-email 2.25.1 X-ClientProxiedBy: PR0P264CA0097.FRAP264.PROD.OUTLOOK.COM (2603:10a6:100:19::13) To PR0P264MB0009.FRAP264.PROD.OUTLOOK.COM (2603:10a6:100:e::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from erwan-r.home (2a01:cb00:8f6:d800:4b69:7a7d:2caf:64d2) by PR0P264CA0097.FRAP264.PROD.OUTLOOK.COM (2603:10a6:100:19::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3000.20 via Frontend Transport; Fri, 15 May 2020 14:02:09 +0000 X-Mailer: git-send-email 2.25.1 X-Originating-IP: [2a01:cb00:8f6:d800:4b69:7a7d:2caf:64d2] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 711a6c6e-9d72-48ed-a359-08d7f8d88f71 X-MS-TrafficTypeDiagnostic: PR0P264MB0668: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7219; X-Forefront-PRVS: 04041A2886 X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: NcOnGApzZiBNweYvlBUjPLuXYxKackd0knW5if30/sW8IE+zmKrW9Bo8MdgwlR42RKiFVnyLx9TqoNK8ieVlzsdYcK/C4BIRRJIwvJ7uml39W4txliwpAi0tlFyqfCIPm0QpMKSNLXS8VPYM2DxdwcIF/AUQwIfwnP/vADVRGRmbLAf/R2t/yh631Gn7kKxOGq37+9qR5votxDx3PXUeM4ZxHAQj9EvpQIuHTReUqJD72F4QopvpUeRW+D6S8iy4mH4TbYWdps8GOiGSmMLvUS8A38jUIvcM2AUL0sFouAgzAaTjY9j69f2VytYx5USw1+cjx7b/11CyNfR5YANKOKiLlhRDOL3rvu+fl6V7f91hMqYiP4TPt1sFBXbtvZ5ZeoKTUEk2+42XYazg1uAvkIgN8maKDEgcyFdkeFcFjJHA/BOWifGYzRoIgFOrS9Ld X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PR0P264MB0009.FRAP264.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFTY:; SFS:(136003)(366004)(376002)(39850400004)(396003)(346002)(66556008)(478600001)(8936002)(5660300002)(6486002)(8886007)(107886003)(4326008)(6506007)(2906002)(316002)(86362001)(186003)(52116002)(66476007)(2616005)(8676002)(16526019)(1076003)(54906003)(6512007)(6916009)(36756003)(66946007); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData: nrXABuXjNimtZCZUHCmr4TgEZMZw8M2TuJcgOuhX+zWFhFtH/b5Fo/0GOrnoC35RLwC5AkVN98/lPxaXjKub40oh7pjDz9MK5S64i5fgIH5k4sjXN/rk3cqn6xauSpiM7F0c6g2G5wiDaqnX6IAXvZA7ETK+YyCzZQSJ5GEysEk0TsvFtHj+tWfiH/HGmuw/thnw5F4MknmkrZWl6HwD1d0xQ1EApDKxzR1P0cBYcnEbUopV1GKOEf2jvFv4DHy/93bZQyI5/JmdssBVWJHCT4t+o38k/sX7Ds0vVrzgwWdpf51AiR9/vYTbODsAIIkkKjvyQ04afNsBCxqi7GzFcYcloJHy4+7ULRXfMjvFiHl7PGjM4AjPcQ+HwgvMCAJx+VpxopblnRSTcVM1qC5TZqgxqFOm4s7lopiAEHStX0tENbXNPfVeCaPQ5I7ygDyguZTv7vrg2QFpw/SfhgW3m8o/ndW7+MTEC+Uiwyd3416oKbHcxjqqdR45jlpMN0Qb2jpUQTPLCYXnIteiqRnA2y7EsSqpCKwdKRwhIw2eu5mOsDIWEv4znsAQFORr+fmR X-OriginatorOrg: bertin.fr X-MS-Exchange-CrossTenant-Network-Message-Id: 711a6c6e-9d72-48ed-a359-08d7f8d88f71 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 May 2020 14:02:10.2706 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 82fabbca-be5f-4097-bac2-2eb7f60a4316 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: K2c9lM02uFVWcvdrwy8qoHjZhAlEDKkoflJURtQKAE48F+XcLMwgRikFYM9Ha+8a2y00/oBteQIs1yKVsV9lfQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR0P264MB0668 Subject: [Buildroot] [PATCH 1/1] package/gnutls: add options to enable features X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Matt Weber , Erwan GAUTRON Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" GnuTls implements old, unsafe or unused protocols and cyphers Secure embedded systems shall disable them in order to be certified. This patch allows to select/unselect SSLv2 protocol and gost cypher To ensure backward compatibility, all items are selected by default Signed-off-by: Erwan GAUTRON --- package/gnutls/Config.in | 12 ++++++++++++ package/gnutls/gnutls.mk | 4 +++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/package/gnutls/Config.in b/package/gnutls/Config.in index 15b930b6bd..56ea558969 100644 --- a/package/gnutls/Config.in +++ b/package/gnutls/Config.in @@ -29,6 +29,18 @@ config BR2_PACKAGE_GNUTLS_TOOLS Install GnuTLS command line tools for various cryptographic tasks. +config BR2_PACKAGE_GNUTLS_ENABLE_SSL2 + bool "enable SSLv2" + default y + help + Enable SSLv2 protocol. + +config BR2_PACKAGE_GNUTLS_ENABLE_GOST + bool "enable GOST" + default y + help + Enable GOST cypher. + endif comment "gnutls needs a toolchain w/ wchar, dynamic library" diff --git a/package/gnutls/gnutls.mk b/package/gnutls/gnutls.mk index a1dfce62a2..59c9a0a7d9 100644 --- a/package/gnutls/gnutls.mk +++ b/package/gnutls/gnutls.mk @@ -36,7 +36,9 @@ GNUTLS_CONF_ENV = gl_cv_socket_ipv6=yes \ GNUTLS_INSTALL_STAGING = YES # libpthread autodetection poison the linkpath -GNUTLS_CONF_OPTS += $(if $(BR2_TOOLCHAIN_HAS_THREADS),--with-libpthread-prefix=$(STAGING_DIR)/usr) +GNUTLS_CONF_OPTS += $(if $(BR2_TOOLCHAIN_HAS_THREADS),--with-libpthread-prefix=$(STAGING_DIR)/usr) \ + $(if $(BR2_PACKAGE_GNUTLS_ENABLE_SSL2),,--disable-ssl2-support) \ + $(if $(BR2_PACKAGE_GNUTLS_ENABLE_GOST),,--disable-gost) # gnutls needs libregex, but pcre can be used too # The check isn't cross-compile friendly