wolfssl: bump to 4.1.0-stable

Always build AES-GCM support. Unnecessary patches were removed. This includes two vulnerability fixes: CVE-2019-11873: a potential buffer overflow case with the TLSv1.3 PSK extension parsing. CVE-2019-13628 (currently assigned-only): potential leak of nonce sizes when performing ECDSA signing operations. The leak is considered to be difficult to exploit but it could potentially be used maliciously to perform a lattice based timing attack. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
author: Eneas U de Queiroz <cotequeiroz@gmail.com> 2019-08-05 11:47:58 -0300
committer: Hauke Mehrtens <hauke@hauke-m.de> 2019-08-17 16:43:23 +0200
commit: 77e0e99d3104debc7ce31d6c15ff1e10e19ceb7c (patch)
tree: 67e9cf8898201ab77d30f91a4f6b844e0c83c55e /package/libs/wolfssl
parent: 16730410136f1512203da9d21bb6a42f1cb43b4e (diff)
download: upstream-77e0e99d3104debc7ce31d6c15ff1e10e19ceb7c.tar.gz
upstream-77e0e99d3104debc7ce31d6c15ff1e10e19ceb7c.tar.bz2
upstream-77e0e99d3104debc7ce31d6c15ff1e10e19ceb7c.zip
5 files changed, 16 insertions, 56 deletions
diff --git a/package/libs/wolfssl/Config.in b/package/libs/wolfssl/Config.in
index 875ff5e6a3..a729f73a1d 100644
--- a/package/libs/wolfssl/Config.in
+++ b/package/libs/wolfssl/Config.in
@@ -4,10 +4,6 @@ config WOLFSSL_HAS_AES_CCM
 	bool "Include AES-CCM support"
 	default y
 
-config WOLFSSL_HAS_AES_GCM
-	bool "Include AES-GCM support"
-	default y
-
 config WOLFSSL_HAS_CHACHA_POLY
 	bool "Include ChaCha20-Poly1305 cipher suite support"
 	default y
@@ -24,13 +20,8 @@ config WOLFSSL_HAS_TLSV10
 	bool "Include TLS 1.0 support"
 	default y
 
-if !(WOLFSSL_HAS_AES_CCM||WOLFSSL_HAS_AES_GCM||WOLFSSL_HAS_CHACHA_POLY)
-	comment "! TLS 1.3 support needs one of: AES-CCM, AES-GCM, ChaCha20-Poly1305"
-endif
-
 config WOLFSSL_HAS_TLSV13
 	bool "Include TLS 1.3 support"
-	depends on WOLFSSL_HAS_AES_CCM||WOLFSSL_HAS_AES_GCM||WOLFSSL_HAS_CHACHA_POLY
 	default y
 
 config WOLFSSL_HAS_SESSION_TICKET
@@ -56,6 +47,9 @@ config WOLFSSL_HAS_ECC25519
 	bool "Include ECC Curve 22519 support"
 	default n
 
+config WOLFSSL_HAS_DEVCRYPTO
+	bool
+
 if WOLFSSL_HAS_AES_CCM
 	comment "! Hardware Acceleration does not build with AES-CCM enabled"
 endif
@@ -72,9 +66,11 @@ if !WOLFSSL_HAS_AES_CCM
 
 		config WOLFSSL_HAS_DEVCRYPTO_AES
 			bool "/dev/crypto - AES-only"
+			select WOLFSSL_HAS_DEVCRYPTO
 
 		config WOLFSSL_HAS_DEVCRYPTO_FULL
 			bool "/dev/crypto - full"
+			select WOLFSSL_HAS_DEVCRYPTO
 	endchoice
 endif
 
diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile
index 678eb4936b..2ad03a5aca 100644
--- a/package/libs/wolfssl/Makefile
+++ b/package/libs/wolfssl/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=wolfssl
-PKG_VERSION:=4.0.0-stable
+PKG_VERSION:=4.1.0-stable
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
-PKG_HASH:=6cf678c72b485d1904047c40c20f85104c96b5f39778822783a2c407ccb23657
+PKG_HASH:=f0d630c3ddfeb692b8ae38cc739f47d5e9f0fb708662aa241ede0c42a5eb3dd8
 
 PKG_FIXUP:=libtool
 PKG_INSTALL:=1
@@ -25,14 +25,13 @@ PKG_MAINTAINER:=Eneas U de Queiroz <cotequeiroz@gmail.com>
 PKG_CPE_ID:=cpe:/a:wolfssl:wolfssl
 
 PKG_CONFIG_DEPENDS:=\
-	CONFIG_WOLFSSL_HAS_AES_CCM CONFIG_WOLFSSL_HAS_AES_GCM \
-	CONFIG_WOLFSSL_HAS_AFALG CONFIG_WOLFSSL_HAS_ARC4 \
-	CONFIG_WOLFSSL_HAS_CHACHA_POLY CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES \
-	CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL, CONFIG_WOLFSSL_HAS_DH \
-	CONFIG_WOLFSSL_HAS_DTLS CONFIG_WOLFSSL_HAS_ECC25519 \
-	CONFIG_WOLFSSL_HAS_OCSP CONFIG_WOLFSSL_HAS_SESSION_TICKET \
-	CONFIG_WOLFSSL_HAS_TLSV10 CONFIG_WOLFSSL_HAS_TLSV13 \
-	CONFIG_WOLFSSL_HAS_WPAS
+	CONFIG_WOLFSSL_HAS_AES_CCM CONFIG_WOLFSSL_HAS_AFALG \
+	CONFIG_WOLFSSL_HAS_ARC4 CONFIG_WOLFSSL_HAS_CHACHA_POLY \
+	CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL \
+	CONFIG_WOLFSSL_HAS_DH CONFIG_WOLFSSL_HAS_DTLS \
+	CONFIG_WOLFSSL_HAS_ECC25519 CONFIG_WOLFSSL_HAS_OCSP \
+	CONFIG_WOLFSSL_HAS_SESSION_TICKET CONFIG_WOLFSSL_HAS_TLSV10 \
+	CONFIG_WOLFSSL_HAS_TLSV13 CONFIG_WOLFSSL_HAS_WPAS
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -65,11 +64,9 @@ CONFIGURE_ARGS += \
 	--enable-sni \
 	--enable-stunnel \
 	--disable-examples \
-	--disable-leanpsk \
-	--disable-leantls \
+	--disable-jobserver \
 	--$(if $(CONFIG_IPV6),enable,disable)-ipv6 \
 	--$(if $(CONFIG_WOLFSSL_HAS_AES_CCM),enable,disable)-aesccm \
-	--$(if $(CONFIG_WOLFSSL_HAS_AES_GCM),enable,disable)-aesgcm \
 	--$(if $(CONFIG_WOLFSSL_HAS_CHACHA_POLY),enable,disable)-chacha \
 	--$(if $(CONFIG_WOLFSSL_HAS_CHACHA_POLY),enable,disable)-poly1305 \
 	--$(if $(CONFIG_WOLFSSL_HAS_DH),enable,disable)-dh \
diff --git a/package/libs/wolfssl/patches/100-disable-hardening-check.patch b/package/libs/wolfssl/patches/100-disable-hardening-check.patch
index 6cecb6b7d6..5d83eca770 100644
--- a/package/libs/wolfssl/patches/100-disable-hardening-check.patch
+++ b/package/libs/wolfssl/patches/100-disable-hardening-check.patch
@@ -1,6 +1,6 @@
 --- a/wolfssl/wolfcrypt/settings.h
 +++ b/wolfssl/wolfcrypt/settings.h
-@@ -1880,7 +1880,7 @@ extern void uITRON4_free(void *p) ;
+@@ -1930,7 +1930,7 @@ extern void uITRON4_free(void *p) ;
  #endif
  
  /* warning for not using harden build options (default with ./configure) */
diff --git a/package/libs/wolfssl/patches/400-additional_compatibility.patch b/package/libs/wolfssl/patches/400-additional_compatibility.patch
deleted file mode 100644
index 1464e9d2a8..0000000000
--- a/package/libs/wolfssl/patches/400-additional_compatibility.patch
+++ /dev/null
@@ -1,12 +0,0 @@
---- a/cyassl/openssl/ssl.h
-+++ b/cyassl/openssl/ssl.h
-@@ -28,6 +28,9 @@
- #define CYASSL_OPENSSL_H_
- 
- #include <cyassl/ssl.h>
-+#ifndef HAVE_SNI
-+#undef CYASSL_SNI_HOST_NAME
-+#endif
- #include <wolfssl/openssl/ssl.h>
- 
- #endif
diff --git a/package/libs/wolfssl/patches/900-remove-broken-autoconf-macros.patch b/package/libs/wolfssl/patches/900-remove-broken-autoconf-macros.patch
deleted file mode 100644
index 34d3e62361..0000000000
--- a/package/libs/wolfssl/patches/900-remove-broken-autoconf-macros.patch
+++ /dev/null
@@ -1,21 +0,0 @@
---- a/configure.ac
-+++ b/configure.ac
-@@ -4740,7 +4740,6 @@ AC_CONFIG_FILES([stamp-h], [echo timesta
- AC_CONFIG_FILES([Makefile wolfssl/version.h wolfssl/options.h cyassl/options.h support/wolfssl.pc rpm/spec])
- 
- AX_CREATE_GENERIC_CONFIG
--AX_AM_JOBSERVER([yes])
- 
- AC_OUTPUT
- 
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -20,8 +20,6 @@ dist_noinst_SCRIPTS =
- noinst_SCRIPTS =
- check_SCRIPTS =
- 
--#includes additional rules from aminclude.am
--@INC_AMINCLUDE@
- DISTCLEANFILES+= aminclude.am
- 
- CLEANFILES+= cert.der \
author	Eneas U de Queiroz <cotequeiroz@gmail.com>	2019-08-05 11:47:58 -0300
committer	Hauke Mehrtens <hauke@hauke-m.de>	2019-08-17 16:43:23 +0200
commit	77e0e99d3104debc7ce31d6c15ff1e10e19ceb7c (patch)
tree	67e9cf8898201ab77d30f91a4f6b844e0c83c55e /package/libs/wolfssl
parent	16730410136f1512203da9d21bb6a42f1cb43b4e (diff)
download	upstream-77e0e99d3104debc7ce31d6c15ff1e10e19ceb7c.tar.gz upstream-77e0e99d3104debc7ce31d6c15ff1e10e19ceb7c.tar.bz2 upstream-77e0e99d3104debc7ce31d6c15ff1e10e19ceb7c.zip