wolfssl: Bump to 5.5.0-stable

diff --git a/package/libs/wolfssl/Config.in b/package/libs/wolfssl/Config.in
index 99ceb6c4630edd426a6b6e4c01040cfb0f0abe3e..025362ff6ff43a61293174f08831524f719eff1e 100644 (file)
--- a/package/libs/wolfssl/Config.in
+++ b/package/libs/wolfssl/Config.in
@@ -16,6 +16,10 @@ config WOLFSSL_HAS_ARC4
        bool "Include ARC4 support"
        default y
 
+config WOLFSSL_HAS_CERTGEN
+       bool "Include certificate generation support"
+       default y
+
 config WOLFSSL_HAS_TLSV10
        bool "Include TLS 1.0 support"
        default y
@@ -39,13 +43,18 @@ config WOLFSSL_HAS_OCSP
 config WOLFSSL_HAS_WPAS
        bool "Include wpa_supplicant support"
        select WOLFSSL_HAS_ARC4
+       select WOLFSSL_HAS_DH
        select WOLFSSL_HAS_OCSP
        select WOLFSSL_HAS_SESSION_TICKET
        default y
 
 config WOLFSSL_HAS_ECC25519
        bool "Include ECC Curve 25519 support"
-       default n
+       default y
+
+config WOLFSSL_HAS_OPENVPN
+       bool "Include OpenVPN support"
+       default y
 
 config WOLFSSL_ALT_NAMES
        bool "Include SAN (Subject Alternative Name) support"
@@ -54,6 +63,10 @@ config WOLFSSL_ALT_NAMES
 config WOLFSSL_HAS_DEVCRYPTO
        bool
 
+config WOLFSSL_ASM_CAPABLE
+       bool
+       default x86_64 || (aarch64 && !TARGET_bcm27xx)
+
 choice
        prompt "Hardware Acceleration"
        default WOLFSSL_HAS_NO_HW
@@ -61,6 +74,13 @@ choice
        config WOLFSSL_HAS_NO_HW
                bool "None"
 
+       config WOLFSSL_HAS_CPU_CRYPTO
+               bool "Use CPU crypto instructions"
+               depends on WOLFSSL_ASM_CAPABLE
+               help
+               This will use Intel AESNI insturctions or armv8 Crypto Extensions.
+               Either of them should easily outperform hardware crypto in WolfSSL.
+
        config WOLFSSL_HAS_AFALG
                bool "AF_ALG"
 

diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile
index 045ece910567b1c3914180dc7b593cd6deb539f3..e648b8d76720a1b60d18c4dceca165e23934e2fe 100644 (file)
--- a/package/libs/wolfssl/Makefile
+++ b/package/libs/wolfssl/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=wolfssl
-PKG_VERSION:=5.2.0-stable
+PKG_VERSION:=5.5.0-stable
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
-PKG_HASH:=409b4646c5f54f642de0e9f3544c3b83de7238134f5b1ff93fb44527bf119d05
+PKG_HASH:=c34b74b5f689fac7becb05583b044e84d3b10d39f38709f0095dd5d423ded67f
 
 PKG_FIXUP:=libtool
 PKG_INSTALL:=1
@@ -25,13 +25,24 @@ PKG_MAINTAINER:=Eneas U de Queiroz <cotequeiroz@gmail.com>
 PKG_CPE_ID:=cpe:/a:wolfssl:wolfssl
 
 PKG_CONFIG_DEPENDS:=\
-       CONFIG_WOLFSSL_HAS_AES_CCM CONFIG_WOLFSSL_HAS_AFALG \
-       CONFIG_WOLFSSL_HAS_ARC4 CONFIG_WOLFSSL_HAS_CHACHA_POLY \
-       CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL \
-       CONFIG_WOLFSSL_HAS_DH CONFIG_WOLFSSL_HAS_DTLS \
-       CONFIG_WOLFSSL_HAS_ECC25519 CONFIG_WOLFSSL_HAS_OCSP \
-       CONFIG_WOLFSSL_HAS_SESSION_TICKET CONFIG_WOLFSSL_HAS_TLSV10 \
-       CONFIG_WOLFSSL_HAS_TLSV13 CONFIG_WOLFSSL_HAS_WPAS CONFIG_WOLFSSL_ALT_NAMES
+       CONFIG_WOLFSSL_HAS_AES_CCM \
+       CONFIG_WOLFSSL_HAS_ARC4 \
+       CONFIG_WOLFSSL_HAS_CERTGEN \
+       CONFIG_WOLFSSL_HAS_CHACHA_POLY \
+       CONFIG_WOLFSSL_HAS_DH \
+       CONFIG_WOLFSSL_HAS_DTLS \
+       CONFIG_WOLFSSL_HAS_ECC25519 \
+       CONFIG_WOLFSSL_HAS_OCSP \
+       CONFIG_WOLFSSL_HAS_OPENVPN CONFIG_WOLFSSL_ALT_NAMES \
+       CONFIG_WOLFSSL_HAS_SESSION_TICKET \
+       CONFIG_WOLFSSL_HAS_TLSV10 \
+       CONFIG_WOLFSSL_HAS_TLSV13 \
+       CONFIG_WOLFSSL_HAS_WPAS \
+       CONFIG_WOLFSSL_HAS_AFALG \
+       CONFIG_WOLFSSL_HAS_CPU_CRYPTO \
+       CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES \
+       CONFIG_WOLFSSL_HAS_DEVCRYPTO_CBC \
+       CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL
 
 include $(INCLUDE_DIR)/package.mk
 

diff --git a/package/libs/wolfssl/patches/100-disable-hardening-check.patch b/package/libs/wolfssl/patches/100-disable-hardening-check.patch
index 7e473b390bb2c7dadb3f46b84e1fc0bfdcc18d66..01bb5974ba3385b5bbf9cc711424bc1ebc3ade7c 100644 (file)
--- a/package/libs/wolfssl/patches/100-disable-hardening-check.patch
+++ b/package/libs/wolfssl/patches/100-disable-hardening-check.patch
@@ -1,6 +1,6 @@
 --- a/wolfssl/wolfcrypt/settings.h
 +++ b/wolfssl/wolfcrypt/settings.h
-@@ -2338,7 +2338,7 @@ extern void uITRON4_free(void *p) ;
+@@ -2445,7 +2445,7 @@ extern void uITRON4_free(void *p) ;
  #endif
  
  /* warning for not using harden build options (default with ./configure) */

diff --git a/package/libs/wolfssl/patches/200-ecc-rng.patch b/package/libs/wolfssl/patches/200-ecc-rng.patch
index f1f156a8aeace5a93ba54ae6fec800d0678c7bef..d68ef7f3853a44a576f578af954d573f710aaa10 100644 (file)
--- a/package/libs/wolfssl/patches/200-ecc-rng.patch
+++ b/package/libs/wolfssl/patches/200-ecc-rng.patch
@@ -11,7 +11,7 @@ RNG regardless of the built settings for wolfssl.
 
 --- a/wolfcrypt/src/ecc.c
 +++ b/wolfcrypt/src/ecc.c
-@@ -11655,21 +11655,21 @@ void wc_ecc_fp_free(void)
+@@ -12348,21 +12348,21 @@ void wc_ecc_fp_free(void)
  
  #endif /* FP_ECC */
  
@@ -37,7 +37,7 @@ RNG regardless of the built settings for wolfssl.
  
 --- a/wolfssl/wolfcrypt/ecc.h
 +++ b/wolfssl/wolfcrypt/ecc.h
-@@ -650,10 +650,8 @@ WOLFSSL_API
+@@ -650,10 +650,8 @@ WOLFSSL_ABI WOLFSSL_API
  void wc_ecc_fp_free(void);
  WOLFSSL_LOCAL
  void wc_ecc_fp_init(void);

diff --git a/package/libs/wolfssl/patches/300-fix-SSL_get_verify_result-regression.patch b/package/libs/wolfssl/patches/300-fix-SSL_get_verify_result-regression.patch
deleted file mode 100644 (file)
index d6e7998..0000000
--- a/package/libs/wolfssl/patches/300-fix-SSL_get_verify_result-regression.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From 87e43dd63ba429297e439f2dfd1ee8b45981e18b Mon Sep 17 00:00:00 2001
-From: Juliusz Sosinowicz <juliusz@wolfssl.com>
-Date: Sat, 12 Feb 2022 00:34:24 +0100
-Subject: [PATCH] Reported in ZD13631
-
-`ssl->peerVerifyRet` wasn't being cleared when retrying with an alternative cert chain
-
-References: https://github.com/wolfSSL/wolfssl/issues/4879
----
- src/internal.c | 3 +++
- 1 file changed, 3 insertions(+)
-
---- a/src/internal.c
-+++ b/src/internal.c
-@@ -12342,6 +12342,9 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte*
-                             }
- 
-                             ret = 0; /* clear errors and continue */
-+                    #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
-+                            ssl->peerVerifyRet = 0;
-+                    #endif
-                             args->verifyErr = 0;
-                         }
- 

diff --git a/package/libs/wolfssl/patches/400-wolfcrypt-src-port-devcrypto-devcrypto_aes.c-remove-.patch b/package/libs/wolfssl/patches/400-wolfcrypt-src-port-devcrypto-devcrypto_aes.c-remove-.patch
deleted file mode 100644 (file)
index 3c0c0a0..0000000
--- a/package/libs/wolfssl/patches/400-wolfcrypt-src-port-devcrypto-devcrypto_aes.c-remove-.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-From 096889927d9528d4fbeb3aab56d1fe8225d2e7ec Mon Sep 17 00:00:00 2001
-From: Daniel Pouzzner <douzzer@wolfssl.com>
-Date: Thu, 14 Apr 2022 20:23:31 -0500
-Subject: [PATCH] wolfcrypt/src/port/devcrypto/devcrypto_aes.c: remove
- redundant "int ret" in wc_AesCtrEncrypt() (supersedes #5052).
-
-
-diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_aes.c b/wolfcrypt/src/port/devcrypto/devcrypto_aes.c
-index 3bc1d5bb1..28e145e27 100644
---- a/wolfcrypt/src/port/devcrypto/devcrypto_aes.c
-+++ b/wolfcrypt/src/port/devcrypto/devcrypto_aes.c
-@@ -208,7 +208,6 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
-     int ret;
-     struct crypt_op crt;
-     byte* tmp;
--    int ret;
- 
-     if (aes == NULL || out == NULL || in == NULL) {
-         return BAD_FUNC_ARG;