bool "AF_ALG"
config WOLFSSL_HAS_DEVCRYPTO_CBC
- bool "/dev/crytpo - AES-CBC-only"
+ bool "/dev/crypto - AES-CBC-only"
select WOLFSSL_HAS_DEVCRYPTO
config WOLFSSL_HAS_DEVCRYPTO_AES
include $(TOPDIR)/rules.mk
PKG_NAME:=wolfssl
-PKG_VERSION:=5.5.4-stable
+PKG_VERSION:=5.6.3-stable
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
-PKG_HASH:=b7ee150e49def77c765bc02aac92ddeb0bebefd4cb12aa263d8f95e405221fb8
+PKG_HASH:=2e74a397fa797c2902d7467d500de904907666afb4ff80f6464f6efd5afb114a
PKG_FIXUP:=libtool
PKG_INSTALL:=1
# --enable-stunnel needed for OpenSSL API compatibility bits
CONFIGURE_ARGS += \
--enable-reproducible-build \
+ --enable-lighty \
--enable-opensslall \
--enable-opensslextra \
--enable-sni \
--$(if $(CONFIG_WOLFSSL_HAS_DTLS),enable,disable)-dtls \
--$(if $(CONFIG_WOLFSSL_HAS_ECC25519),enable,disable)-curve25519 \
--$(if $(CONFIG_WOLFSSL_HAS_AFALG),enable,disable)-afalg \
+ --$(if $(CONFIG_WOLFSSL_HAS_OPENVPN),enable,disable)-openvpn \
--enable-devcrypto=$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_CBC),cbc\
,$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES),aes\
,$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL),yes,no)))
--- /dev/null
+From 41d248461bd9ad44193a4806ecb5361513e8944e Mon Sep 17 00:00:00 2001
+From: jordan <jordan@wolfssl.com>
+Date: Tue, 27 Jun 2023 13:18:25 -0500
+Subject: [PATCH] fix detection of cut tool in configure.ac
+
+---
+ configure.ac | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -8723,10 +8723,11 @@ echo "extern \"C\" {" >> $OPTION_FILE
+ echo "#endif" >> $OPTION_FILE
+ echo "" >> $OPTION_FILE
+
+-# check for supported command to trim option with
++# Check for supported command to trim option with.
++# note: cut requires an argument to exit with success.
+ if colrm >/dev/null 2>&1 </dev/null; then
+ TRIM="colrm 3"
+-elif cut >/dev/null 2>&1 </dev/null; then
++elif cut --version >/dev/null 2>&1 </dev/null; then
+ TRIM="cut -c1-2"
+ else
+ AC_MSG_ERROR([Could not find colrm or cut to make options file])
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
-@@ -2445,7 +2445,7 @@ extern void uITRON4_free(void *p) ;
- #endif
+@@ -2630,7 +2630,7 @@ extern void uITRON4_free(void *p) ;
/* warning for not using harden build options (default with ./configure) */
--#ifndef WC_NO_HARDEN
+ /* do not warn if big integer support is disabled */
+-#if !defined(WC_NO_HARDEN) && !defined(NO_BIG_INT)
+#if 0
#if (defined(USE_FAST_MATH) && !defined(TFM_TIMING_RESISTANT)) || \
(defined(HAVE_ECC) && !defined(ECC_TIMING_RESISTANT)) || \
+++ /dev/null
-#
-# Copyright (C) 2008-2020 The LuCI Team
-#
-# This is free software, licensed under the Apache License, Version 2.0 .
-#
-
-include $(TOPDIR)/rules.mk
-
-LUCI_TYPE:=col
-LUCI_BASENAME:=ssl-wolfssl
-
-LUCI_TITLE:=LuCI with HTTPS support (WolfSSL as SSL backend)
-LUCI_DEPENDS:=+luci +libustream-wolfssl +px5g-wolfssl
-
-PKG_LICENSE:=Apache-2.0
-
-include ../../luci.mk
-
-# call BuildPackage - OpenWrt buildroot signature
LUCI_TYPE:=col
LUCI_BASENAME:=ssl
-LUCI_TITLE:=LuCI with HTTPS support (mbedTLS as SSL backend)
-LUCI_DEPENDS:=+luci +libustream-mbedtls +px5g
+LUCI_TITLE:=LuCI with HTTPS support (WolfSSL as SSL backend)
+LUCI_DEPENDS:=+luci +libustream-wolfssl +px5g-wolfssl
PKG_LICENSE:=Apache-2.0
strncpy(newCert.subject.org, val, CTC_NAME_SIZE);
else if (!strcmp(key, "OU"))
strncpy(newCert.subject.unit, val, CTC_NAME_SIZE);
- else if (!strcmp(key, "CN"))
+ else if (!strcmp(key, "CN")) {
strncpy(newCert.subject.commonName, val, CTC_NAME_SIZE);
+
+#ifdef WOLFSSL_ALT_NAMES
+ if(strlen(val) + 2 > 256) {
+ fprintf(stderr, "error: CN is too long: %s\n", val);
+ return 1;
+ }
+
+ newCert.altNames[0] = 0x30; //Sequence with one element
+ newCert.altNames[1] = strlen(val) + 2; // Length of entire sequence
+ newCert.altNames[2] = 0x82; //8 - String, 2 - DNS Name
+ newCert.altNames[3] = strlen(val); //DNS Name length
+ memcpy(newCert.altNames + 4, val, strlen(val)); //DNS Name
+ newCert.altNamesSz = strlen(val) + 4;
+#endif
+ }
else if (!strcmp(key, "EMAIL"))
strncpy(newCert.subject.email, val, CTC_NAME_SIZE);
else
}
newCert.daysValid = days;
+ newCert.keyUsage = KEYUSE_DIGITAL_SIG | KEYUSE_CONTENT_COMMIT | KEYUSE_KEY_ENCIPHER;
+ newCert.extKeyUsage = EXTKEYUSE_SERVER_AUTH;
+
gen_key(rng, &ecKey, &rsaKey, type, keySz, exp, curve);
write_key(&ecKey, &rsaKey, type, keySz, keypath, pem);
subject, fstr, tstr);
if (type == EC_KEY_TYPE) {
+ newCert.sigType = CTC_SHA256wECDSA;
ret = wc_MakeCert(&newCert, derBuf, sizeof(derBuf), NULL, &ecKey, rng);
} else {
+ newCert.sigType = CTC_SHA256wRSA;
ret = wc_MakeCert(&newCert, derBuf, sizeof(derBuf), &rsaKey, NULL, rng);
}
if (ret <= 0) {
}
if (type == EC_KEY_TYPE) {
- newCert.sigType = CTC_SHA256wECDSA;
ret = wc_SignCert(newCert.bodySz, newCert.sigType, derBuf, sizeof(derBuf),
NULL, &ecKey, rng);
} else {
- newCert.sigType = CTC_SHA256wRSA;
ret = wc_SignCert(newCert.bodySz, newCert.sigType, derBuf, sizeof(derBuf),
&rsaKey, NULL, rng);
}
projects / librecmc / librecmc.git / commitdiff