From 7ba38935163a4fb4ed8d3f65fa501e3a54d83b6d Mon Sep 17 00:00:00 2001 From: RISCi_ATOM Date: Mon, 1 Oct 2018 15:32:47 -0400 Subject: [PATCH] Bump mbedtls to 2.12.0 --- package/libs/mbedtls/Makefile | 32 +++- package/libs/mbedtls/patches/200-config.patch | 161 ++++++++---------- 2 files changed, 100 insertions(+), 93 deletions(-) diff --git a/package/libs/mbedtls/Makefile b/package/libs/mbedtls/Makefile index 042aa897e8..659bf59d88 100644 --- a/package/libs/mbedtls/Makefile +++ b/package/libs/mbedtls/Makefile @@ -8,22 +8,22 @@ include $(TOPDIR)/rules.mk PKG_NAME:=mbedtls -PKG_VERSION:=2.9.0 +PKG_VERSION:=2.12.0 PKG_RELEASE:=1 PKG_USE_MIPS16:=0 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-gpl.tgz PKG_SOURCE_URL:=https://tls.mbed.org/download/ -PKG_HASH:=361837d0d8d4e178ac51ea1a4eacfbc0c57ea3cafb460fd6b46a1f4223a4e151 +PKG_HASH:=8661d19a896a5a7a232ed01ac7f05cf0ec3514798f18076c2c9ef965fbeb5a28 PKG_BUILD_PARALLEL:=1 PKG_LICENSE:=GPL-2.0+ +PKG_CPE_ID:=cpe:/a:arm:mbed_tls include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/cmake.mk define Package/mbedtls/Default - SUBMENU:=SSL TITLE:=Embedded SSL URL:=https://tls.mbed.org endef @@ -37,24 +37,39 @@ define Package/libmbedtls $(call Package/mbedtls/Default) SECTION:=libs CATEGORY:=Libraries + SUBMENU:=SSL TITLE+= (library) ABI_VERSION:=$(PKG_VERSION)-$(PKG_RELEASE) endef +define Package/mbedtls-util +$(call Package/mbedtls/Default) + SECTION:=utils + CATEGORY:=Utilities + TITLE+= (utilities) + DEPENDS:=+libmbedtls +endef + define Package/libmbedtls/description $(call Package/mbedtls/Default/description) This package contains the mbedtls library. endef +define Package/mbedtls-util/description +$(call Package/mbedtls/Default/description) +This package contains mbedtls helper programs for private key and +CSR generation (gen_key, cert_req) +endef + PKG_INSTALL:=1 TARGET_CFLAGS += -ffunction-sections -fdata-sections +TARGET_CFLAGS := $(filter-out -O%,$(TARGET_CFLAGS)) CMAKE_OPTIONS += \ - -DCMAKE_BUILD_TYPE:String="Release" \ -DUSE_SHARED_MBEDTLS_LIBRARY:Bool=ON \ -DENABLE_TESTING:Bool=OFF \ - -DENABLE_PROGRAMS:Bool=OFF \ + -DENABLE_PROGRAMS:Bool=ON define Build/InstallDev $(INSTALL_DIR) $(1)/usr/include @@ -69,4 +84,11 @@ define Package/libmbedtls/install $(CP) $(PKG_INSTALL_DIR)/usr/lib/lib*.so* $(1)/usr/lib/ endef +define Package/mbedtls-util/install + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/gen_key $(1)/usr/bin/ + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/cert_req $(1)/usr/bin/ +endef + $(eval $(call BuildPackage,libmbedtls)) +$(eval $(call BuildPackage,mbedtls-util)) diff --git a/package/libs/mbedtls/patches/200-config.patch b/package/libs/mbedtls/patches/200-config.patch index 3dfa9e7a22..bfadb8d3d2 100644 --- a/package/libs/mbedtls/patches/200-config.patch +++ b/package/libs/mbedtls/patches/200-config.patch @@ -1,6 +1,23 @@ --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h -@@ -566,17 +566,17 @@ +@@ -548,14 +548,14 @@ + * + * Enable Output Feedback mode (OFB) for symmetric ciphers. + */ +-#define MBEDTLS_CIPHER_MODE_OFB ++//#define MBEDTLS_CIPHER_MODE_OFB + + /** + * \def MBEDTLS_CIPHER_MODE_XTS + * + * Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES. + */ +-#define MBEDTLS_CIPHER_MODE_XTS ++//#define MBEDTLS_CIPHER_MODE_XTS + + /** + * \def MBEDTLS_CIPHER_NULL_CIPHER +@@ -645,19 +645,19 @@ * * Comment macros to disable the curve and functions for it */ @@ -24,19 +41,12 @@ +//#define MBEDTLS_ECP_DP_BP384R1_ENABLED +//#define MBEDTLS_ECP_DP_BP512R1_ENABLED #define MBEDTLS_ECP_DP_CURVE25519_ENABLED +-#define MBEDTLS_ECP_DP_CURVE448_ENABLED ++//#define MBEDTLS_ECP_DP_CURVE448_ENABLED /** -@@ -601,8 +601,8 @@ - * Requires: MBEDTLS_HMAC_DRBG_C - * - * Comment this macro to disable deterministic ECDSA. -- */ - #define MBEDTLS_ECDSA_DETERMINISTIC -+ */ - - /** - * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -@@ -655,7 +655,7 @@ + * \def MBEDTLS_ECP_NIST_OPTIM +@@ -735,7 +735,7 @@ * See dhm.h for more details. * */ @@ -45,17 +55,16 @@ /** * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -@@ -674,8 +674,8 @@ - * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 +@@ -755,7 +755,7 @@ * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA -- */ - #define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -+ */ + */ +-#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ++//#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED -@@ -700,7 +700,7 @@ +@@ -780,7 +780,7 @@ * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA */ @@ -64,7 +73,7 @@ /** * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -@@ -834,7 +834,7 @@ +@@ -914,7 +914,7 @@ * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 */ @@ -73,7 +82,7 @@ /** * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED -@@ -858,7 +858,7 @@ +@@ -938,7 +938,7 @@ * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 */ @@ -82,7 +91,7 @@ /** * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -@@ -962,7 +962,7 @@ +@@ -1042,7 +1042,7 @@ * This option is only useful if both MBEDTLS_SHA256_C and * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used. */ @@ -91,7 +100,7 @@ /** * \def MBEDTLS_ENTROPY_NV_SEED -@@ -1057,14 +1057,14 @@ +@@ -1137,14 +1137,14 @@ * Uncomment this macro to disable the use of CRT in RSA. * */ @@ -108,16 +117,7 @@ /** * \def MBEDTLS_SHA256_SMALLER -@@ -1080,7 +1080,7 @@ - * - * Uncomment to enable the smaller implementation of SHA256. - */ --//#define MBEDTLS_SHA256_SMALLER -+#define MBEDTLS_SHA256_SMALLER - - /** - * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES -@@ -1207,7 +1207,7 @@ +@@ -1298,7 +1298,7 @@ * configuration of this extension). * */ @@ -126,17 +126,16 @@ /** * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO -@@ -1381,8 +1381,8 @@ - * callbacks are provided by MBEDTLS_SSL_TICKET_C. +@@ -1473,7 +1473,7 @@ * * Comment this macro to disable support for SSL session tickets -- */ - #define MBEDTLS_SSL_SESSION_TICKETS -+ */ + */ +-#define MBEDTLS_SSL_SESSION_TICKETS ++//#define MBEDTLS_SSL_SESSION_TICKETS /** * \def MBEDTLS_SSL_EXPORT_KEYS -@@ -1412,7 +1412,7 @@ +@@ -1503,7 +1503,7 @@ * * Comment this macro to disable support for truncated HMAC in SSL */ @@ -145,17 +144,16 @@ /** * \def MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT -@@ -1470,8 +1470,8 @@ - * Requires: MBEDTLS_VERSION_C +@@ -1562,7 +1562,7 @@ * * Comment this to disable run-time checking and save ROM space -- */ - #define MBEDTLS_VERSION_FEATURES -+ */ + */ +-#define MBEDTLS_VERSION_FEATURES ++//#define MBEDTLS_VERSION_FEATURES /** * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 -@@ -1801,7 +1801,7 @@ +@@ -1892,7 +1892,7 @@ * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ @@ -163,8 +161,8 @@ +//#define MBEDTLS_CAMELLIA_C /** - * \def MBEDTLS_CCM_C -@@ -1815,7 +1815,7 @@ + * \def MBEDTLS_ARIA_C +@@ -1958,7 +1958,7 @@ * This module enables the AES-CCM ciphersuites, if other requisites are * enabled as well. */ @@ -173,7 +171,7 @@ /** * \def MBEDTLS_CERTS_C -@@ -1827,7 +1827,7 @@ +@@ -1970,7 +1970,7 @@ * * This module is used for testing (ssl_client/server). */ @@ -181,8 +179,8 @@ +//#define MBEDTLS_CERTS_C /** - * \def MBEDTLS_CIPHER_C -@@ -1880,7 +1880,7 @@ + * \def MBEDTLS_CHACHA20_C +@@ -2043,7 +2043,7 @@ * * This module provides debugging functions. */ @@ -191,7 +189,7 @@ /** * \def MBEDTLS_DES_C -@@ -1909,7 +1909,7 @@ +@@ -2072,7 +2072,7 @@ * \warning DES is considered a weak cipher and its use constitutes a * security risk. We recommend considering stronger ciphers instead. */ @@ -200,17 +198,25 @@ /** * \def MBEDTLS_DHM_C -@@ -2070,8 +2070,8 @@ - * Requires: MBEDTLS_MD_C +@@ -2235,7 +2235,7 @@ + * This module adds support for the Hashed Message Authentication Code + * (HMAC)-based key derivation function (HKDF). + */ +-#define MBEDTLS_HKDF_C ++//#define MBEDTLS_HKDF_C + + /** + * \def MBEDTLS_HMAC_DRBG_C +@@ -2545,7 +2545,7 @@ * - * Uncomment to enable the HMAC_DRBG random number geerator. -- */ - #define MBEDTLS_HMAC_DRBG_C -+ */ + * This module enables abstraction of common (libc) functions. + */ +-#define MBEDTLS_PLATFORM_C ++//#define MBEDTLS_PLATFORM_C /** - * \def MBEDTLS_MD_C -@@ -2365,7 +2365,7 @@ + * \def MBEDTLS_POLY1305_C +@@ -2566,7 +2566,7 @@ * Caller: library/md.c * */ @@ -219,37 +225,25 @@ /** * \def MBEDTLS_RSA_C -@@ -2449,8 +2449,8 @@ - * Caller: - * - * Requires: MBEDTLS_SSL_CACHE_C -- */ - #define MBEDTLS_SSL_CACHE_C -+ */ - - /** - * \def MBEDTLS_SSL_COOKIE_C -@@ -2471,8 +2471,8 @@ - * Caller: +@@ -2673,7 +2673,7 @@ * * Requires: MBEDTLS_CIPHER_C -- */ - #define MBEDTLS_SSL_TICKET_C -+ */ + */ +-#define MBEDTLS_SSL_TICKET_C ++//#define MBEDTLS_SSL_TICKET_C /** * \def MBEDTLS_SSL_CLI_C -@@ -2571,8 +2571,8 @@ - * Module: library/version.c +@@ -2773,7 +2773,7 @@ * * This module provides run-time version information. -- */ - #define MBEDTLS_VERSION_C -+ */ + */ +-#define MBEDTLS_VERSION_C ++//#define MBEDTLS_VERSION_C /** * \def MBEDTLS_X509_USE_C -@@ -2682,7 +2682,7 @@ +@@ -2883,7 +2883,7 @@ * Module: library/xtea.c * Caller: */ @@ -258,12 +252,3 @@ /* \} name SECTION: mbed TLS modules */ -@@ -2681,7 +2681,7 @@ - * recommended because of it is possible to generte SHA-1 collisions, however - * this may be safe for legacy infrastructure where additional controls apply. - */ --// #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES -+#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES - - /** - * Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake -- 2.25.1