From d3483fd9a410befdfbad7d448d8d010c3a06d037 Mon Sep 17 00:00:00 2001 From: RISCi_ATOM Date: Thu, 29 Sep 2022 18:43:25 -0400 Subject: [PATCH] wolfssl: Bump to 5.5.0-stable --- package/libs/wolfssl/Config.in | 22 +++++++++++++- package/libs/wolfssl/Makefile | 29 +++++++++++++------ .../patches/100-disable-hardening-check.patch | 2 +- .../libs/wolfssl/patches/200-ecc-rng.patch | 4 +-- ...fix-SSL_get_verify_result-regression.patch | 24 --------------- ...rt-devcrypto-devcrypto_aes.c-remove-.patch | 19 ------------ 6 files changed, 44 insertions(+), 56 deletions(-) delete mode 100644 package/libs/wolfssl/patches/300-fix-SSL_get_verify_result-regression.patch delete mode 100644 package/libs/wolfssl/patches/400-wolfcrypt-src-port-devcrypto-devcrypto_aes.c-remove-.patch diff --git a/package/libs/wolfssl/Config.in b/package/libs/wolfssl/Config.in index 99ceb6c463..025362ff6f 100644 --- a/package/libs/wolfssl/Config.in +++ b/package/libs/wolfssl/Config.in @@ -16,6 +16,10 @@ config WOLFSSL_HAS_ARC4 bool "Include ARC4 support" default y +config WOLFSSL_HAS_CERTGEN + bool "Include certificate generation support" + default y + config WOLFSSL_HAS_TLSV10 bool "Include TLS 1.0 support" default y @@ -39,13 +43,18 @@ config WOLFSSL_HAS_OCSP config WOLFSSL_HAS_WPAS bool "Include wpa_supplicant support" select WOLFSSL_HAS_ARC4 + select WOLFSSL_HAS_DH select WOLFSSL_HAS_OCSP select WOLFSSL_HAS_SESSION_TICKET default y config WOLFSSL_HAS_ECC25519 bool "Include ECC Curve 25519 support" - default n + default y + +config WOLFSSL_HAS_OPENVPN + bool "Include OpenVPN support" + default y config WOLFSSL_ALT_NAMES bool "Include SAN (Subject Alternative Name) support" @@ -54,6 +63,10 @@ config WOLFSSL_ALT_NAMES config WOLFSSL_HAS_DEVCRYPTO bool +config WOLFSSL_ASM_CAPABLE + bool + default x86_64 || (aarch64 && !TARGET_bcm27xx) + choice prompt "Hardware Acceleration" default WOLFSSL_HAS_NO_HW @@ -61,6 +74,13 @@ choice config WOLFSSL_HAS_NO_HW bool "None" + config WOLFSSL_HAS_CPU_CRYPTO + bool "Use CPU crypto instructions" + depends on WOLFSSL_ASM_CAPABLE + help + This will use Intel AESNI insturctions or armv8 Crypto Extensions. + Either of them should easily outperform hardware crypto in WolfSSL. + config WOLFSSL_HAS_AFALG bool "AF_ALG" diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile index 045ece9105..e648b8d767 100644 --- a/package/libs/wolfssl/Makefile +++ b/package/libs/wolfssl/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=wolfssl -PKG_VERSION:=5.2.0-stable +PKG_VERSION:=5.5.0-stable PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION) -PKG_HASH:=409b4646c5f54f642de0e9f3544c3b83de7238134f5b1ff93fb44527bf119d05 +PKG_HASH:=c34b74b5f689fac7becb05583b044e84d3b10d39f38709f0095dd5d423ded67f PKG_FIXUP:=libtool PKG_INSTALL:=1 @@ -25,13 +25,24 @@ PKG_MAINTAINER:=Eneas U de Queiroz PKG_CPE_ID:=cpe:/a:wolfssl:wolfssl PKG_CONFIG_DEPENDS:=\ - CONFIG_WOLFSSL_HAS_AES_CCM CONFIG_WOLFSSL_HAS_AFALG \ - CONFIG_WOLFSSL_HAS_ARC4 CONFIG_WOLFSSL_HAS_CHACHA_POLY \ - CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL \ - CONFIG_WOLFSSL_HAS_DH CONFIG_WOLFSSL_HAS_DTLS \ - CONFIG_WOLFSSL_HAS_ECC25519 CONFIG_WOLFSSL_HAS_OCSP \ - CONFIG_WOLFSSL_HAS_SESSION_TICKET CONFIG_WOLFSSL_HAS_TLSV10 \ - CONFIG_WOLFSSL_HAS_TLSV13 CONFIG_WOLFSSL_HAS_WPAS CONFIG_WOLFSSL_ALT_NAMES + CONFIG_WOLFSSL_HAS_AES_CCM \ + CONFIG_WOLFSSL_HAS_ARC4 \ + CONFIG_WOLFSSL_HAS_CERTGEN \ + CONFIG_WOLFSSL_HAS_CHACHA_POLY \ + CONFIG_WOLFSSL_HAS_DH \ + CONFIG_WOLFSSL_HAS_DTLS \ + CONFIG_WOLFSSL_HAS_ECC25519 \ + CONFIG_WOLFSSL_HAS_OCSP \ + CONFIG_WOLFSSL_HAS_OPENVPN CONFIG_WOLFSSL_ALT_NAMES \ + CONFIG_WOLFSSL_HAS_SESSION_TICKET \ + CONFIG_WOLFSSL_HAS_TLSV10 \ + CONFIG_WOLFSSL_HAS_TLSV13 \ + CONFIG_WOLFSSL_HAS_WPAS \ + CONFIG_WOLFSSL_HAS_AFALG \ + CONFIG_WOLFSSL_HAS_CPU_CRYPTO \ + CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES \ + CONFIG_WOLFSSL_HAS_DEVCRYPTO_CBC \ + CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL include $(INCLUDE_DIR)/package.mk diff --git a/package/libs/wolfssl/patches/100-disable-hardening-check.patch b/package/libs/wolfssl/patches/100-disable-hardening-check.patch index 7e473b390b..01bb5974ba 100644 --- a/package/libs/wolfssl/patches/100-disable-hardening-check.patch +++ b/package/libs/wolfssl/patches/100-disable-hardening-check.patch @@ -1,6 +1,6 @@ --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h -@@ -2338,7 +2338,7 @@ extern void uITRON4_free(void *p) ; +@@ -2445,7 +2445,7 @@ extern void uITRON4_free(void *p) ; #endif /* warning for not using harden build options (default with ./configure) */ diff --git a/package/libs/wolfssl/patches/200-ecc-rng.patch b/package/libs/wolfssl/patches/200-ecc-rng.patch index f1f156a8ae..d68ef7f385 100644 --- a/package/libs/wolfssl/patches/200-ecc-rng.patch +++ b/package/libs/wolfssl/patches/200-ecc-rng.patch @@ -11,7 +11,7 @@ RNG regardless of the built settings for wolfssl. --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c -@@ -11655,21 +11655,21 @@ void wc_ecc_fp_free(void) +@@ -12348,21 +12348,21 @@ void wc_ecc_fp_free(void) #endif /* FP_ECC */ @@ -37,7 +37,7 @@ RNG regardless of the built settings for wolfssl. --- a/wolfssl/wolfcrypt/ecc.h +++ b/wolfssl/wolfcrypt/ecc.h -@@ -650,10 +650,8 @@ WOLFSSL_API +@@ -650,10 +650,8 @@ WOLFSSL_ABI WOLFSSL_API void wc_ecc_fp_free(void); WOLFSSL_LOCAL void wc_ecc_fp_init(void); diff --git a/package/libs/wolfssl/patches/300-fix-SSL_get_verify_result-regression.patch b/package/libs/wolfssl/patches/300-fix-SSL_get_verify_result-regression.patch deleted file mode 100644 index d6e7998744..0000000000 --- a/package/libs/wolfssl/patches/300-fix-SSL_get_verify_result-regression.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 87e43dd63ba429297e439f2dfd1ee8b45981e18b Mon Sep 17 00:00:00 2001 -From: Juliusz Sosinowicz -Date: Sat, 12 Feb 2022 00:34:24 +0100 -Subject: [PATCH] Reported in ZD13631 - -`ssl->peerVerifyRet` wasn't being cleared when retrying with an alternative cert chain - -References: https://github.com/wolfSSL/wolfssl/issues/4879 ---- - src/internal.c | 3 +++ - 1 file changed, 3 insertions(+) - ---- a/src/internal.c -+++ b/src/internal.c -@@ -12342,6 +12342,9 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* - } - - ret = 0; /* clear errors and continue */ -+ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) -+ ssl->peerVerifyRet = 0; -+ #endif - args->verifyErr = 0; - } - diff --git a/package/libs/wolfssl/patches/400-wolfcrypt-src-port-devcrypto-devcrypto_aes.c-remove-.patch b/package/libs/wolfssl/patches/400-wolfcrypt-src-port-devcrypto-devcrypto_aes.c-remove-.patch deleted file mode 100644 index 3c0c0a07af..0000000000 --- a/package/libs/wolfssl/patches/400-wolfcrypt-src-port-devcrypto-devcrypto_aes.c-remove-.patch +++ /dev/null @@ -1,19 +0,0 @@ -From 096889927d9528d4fbeb3aab56d1fe8225d2e7ec Mon Sep 17 00:00:00 2001 -From: Daniel Pouzzner -Date: Thu, 14 Apr 2022 20:23:31 -0500 -Subject: [PATCH] wolfcrypt/src/port/devcrypto/devcrypto_aes.c: remove - redundant "int ret" in wc_AesCtrEncrypt() (supersedes #5052). - - -diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_aes.c b/wolfcrypt/src/port/devcrypto/devcrypto_aes.c -index 3bc1d5bb1..28e145e27 100644 ---- a/wolfcrypt/src/port/devcrypto/devcrypto_aes.c -+++ b/wolfcrypt/src/port/devcrypto/devcrypto_aes.c -@@ -208,7 +208,6 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) - int ret; - struct crypt_op crt; - byte* tmp; -- int ret; - - if (aes == NULL || out == NULL || in == NULL) { - return BAD_FUNC_ARG; -- 2.25.1