diff options
| author | Eneas U de Queiroz <cotequeiroz@gmail.com> | 2019-08-05 11:52:08 -0300 |
|---|---|---|
| committer | Hauke Mehrtens <hauke@hauke-m.de> | 2019-08-17 17:00:10 +0200 |
| commit | b35e1360cd4f1c9cab9aa219decedec99f948982 (patch) | |
| tree | cd525754423e96995b2613c3ebb425f201d71d20 /package/libs/wolfssl/Config.in | |
| parent | 3809b6662d7a5959c6a8958d7069978db79440d5 (diff) | |
| download | upstream-b35e1360cd4f1c9cab9aa219decedec99f948982.tar.gz upstream-b35e1360cd4f1c9cab9aa219decedec99f948982.tar.bz2 upstream-b35e1360cd4f1c9cab9aa219decedec99f948982.zip | |
wolfssl: bump to 4.1.0-stable
Always build AES-GCM support.
Unnecessary patches were removed.
This includes two vulnerability fixes:
CVE-2019-11873: a potential buffer overflow case with the TLSv1.3 PSK
extension parsing.
CVE-2019-13628 (currently assigned-only): potential leak of nonce sizes
when performing ECDSA signing operations. The leak is considered to be
difficult to exploit but it could potentially be used maliciously to
perform a lattice based timing attack.
This brings the package up-to-date with master, so it incorporates
changes from 4.0.0 in master:
* Removed options that can't be turned off because we're building with
--enable-stunnel, some of which affect hostapd's Config.in.
* Adjusted the title of OCSP option, as OCSP itself can't be turned off,
only the stapling part is selectable.
* Mark options turned on when wpad support is selected.
* Add building options for TLS 1.0, and TLS 1.3.
* Add hardware crypto support, which due to a bug, only works when CCM
support is turned off.
* Reorganized option conditionals in Makefile.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Diffstat (limited to 'package/libs/wolfssl/Config.in')
| -rw-r--r-- | package/libs/wolfssl/Config.in | 55 |
1 files changed, 36 insertions, 19 deletions
diff --git a/package/libs/wolfssl/Config.in b/package/libs/wolfssl/Config.in index 4aa163b361..a729f73a1d 100644 --- a/package/libs/wolfssl/Config.in +++ b/package/libs/wolfssl/Config.in @@ -4,16 +4,8 @@ config WOLFSSL_HAS_AES_CCM bool "Include AES-CCM support" default y -config WOLFSSL_HAS_AES_GCM - bool "Include AES-GCM support" - default y - -config WOLFSSL_HAS_CHACHA - bool "Include ChaCha cipher suite support" - default n - -config WOLFSSL_HAS_ECC - bool "Include ECC (Elliptic Curve Cryptography) support" +config WOLFSSL_HAS_CHACHA_POLY + bool "Include ChaCha20-Poly1305 cipher suite support" default y config WOLFSSL_HAS_DH @@ -24,12 +16,12 @@ config WOLFSSL_HAS_ARC4 bool "Include ARC4 support" default y -config WOLFSSL_HAS_DES3 - bool "Include DES3 (Tripple-DES) support" +config WOLFSSL_HAS_TLSV10 + bool "Include TLS 1.0 support" default y -config WOLFSSL_HAS_PSK - bool "Include PKS (Pre Share Key) support" +config WOLFSSL_HAS_TLSV13 + bool "Include TLS 1.3 support" default y config WOLFSSL_HAS_SESSION_TICKET @@ -41,20 +33,45 @@ config WOLFSSL_HAS_DTLS default n config WOLFSSL_HAS_OCSP - bool "Include OSCP support" + bool "Include OSCP stapling support" default y config WOLFSSL_HAS_WPAS bool "Include wpa_supplicant support" + select WOLFSSL_HAS_ARC4 + select WOLFSSL_HAS_OCSP + select WOLFSSL_HAS_SESSION_TICKET default y config WOLFSSL_HAS_ECC25519 bool "Include ECC Curve 22519 support" - depends on WOLFSSL_HAS_ECC default n -config WOLFSSL_HAS_POLY1305 - bool "Include Poly-1305 support" - default n +config WOLFSSL_HAS_DEVCRYPTO + bool + +if WOLFSSL_HAS_AES_CCM + comment "! Hardware Acceleration does not build with AES-CCM enabled" +endif +if !WOLFSSL_HAS_AES_CCM + choice + prompt "Hardware Acceleration" + default WOLFSSL_HAS_NO_HW + + config WOLFSSL_HAS_NO_HW + bool "None" + + config WOLFSSL_HAS_AFALG + bool "AF_ALG" + + config WOLFSSL_HAS_DEVCRYPTO_AES + bool "/dev/crypto - AES-only" + select WOLFSSL_HAS_DEVCRYPTO + + config WOLFSSL_HAS_DEVCRYPTO_FULL + bool "/dev/crypto - full" + select WOLFSSL_HAS_DEVCRYPTO + endchoice +endif endif |