aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* ar71xx: move boards to tiny subtargetMathias Kresin2018-07-125-35/+36
| | | | | | | Move boards to the tiny subtarget which break the build if the kernel is set to "Optimize for performance". Signed-off-by: Mathias Kresin <dev@kresin.me>
* verbose.mk: quote SUBMAKE options李国2018-07-121-1/+1
| | | | | | | | | | | | | | | | | | | | | | build openwrt on centos 6 I should use devtoolset-3 to get gcc 4.9, but it fail when make menuconfig. so I have to give option HOSTCC='gcc -Wl,--copy-dt-needed-entries' to make. But it passed to sub make to HOSTCC=gcc as micro SUBMAKE expand to HOSTCC=gcc -Wl,--copy-dt-needed-entries. This patch fix this issue. make -C build menuconfig HOSTCC='gcc -Wl,--copy-dt-needed-entries' V='1' make: Entering directory `/work/openwrt/openwrt/build' /opt/rh/devtoolset-3/root/usr/libexec/gcc/x86_64-redhat-linux/4.9.2/ld: lxdialog/checklist.o: undefined reference to symbol 'acs_map' //lib64/libtinfo.so.5: error adding symbols: DSO missing from command line collect2: error: ld returned 1 exit status make[1]: *** [mconf] Error 1 make -s -C scripts/config all CC=gcc -Wl,--copy-dt-needed-entries: build failed. Please re-run make with -j1 V=s to see what's going on make: *** [scripts/config/mconf] Error 1 make: Leaving directory `/work/openwrt/openwrt/build' Signed-off-by: 李国 <uxgood.org@gmail.com>
* arc: Update variables substitutions in u-boot env filesEvgeniy Didin2018-07-122-6/+6
| | | | | | | | | | | | | In the latest version of u-boot (2018.05) there was a swith to Hush shell for ARC AXS10x boards(arc770/archs38): commit 9249d74781e1 ("ARC: AXS10x: Enable hush shell"). In Hush shell using "$()" to declare envitonment variables is forbidden, instead of this "${}" need to be used. Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com> Cc: Alexey Brodkin <abrodkin@synopsys.com> Cc: Hauke Mehrtens <hauke@hauke-m.de> Cc: John Crispin <john@phrozen.org>
* mediatek: Fix memory node for U7623Kristian Evensen2018-07-121-4/+16
| | | | | | | | | | The changed applied to BananaPi R2 in upstream commit c0b0d540db1a, which was backported to 4.14 in 4.14.53, is also required for the U7623. Without updating the memory node, the board refuses to boot. Fixes: d0839e020d0a ("kernel: bump 4.14 to 4.14.53") Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
* kernel: gpio-nct5104d remove boardname checkLukáš Mrtvý2018-07-121-5/+0
| | | | | | | 'In different versions of coreboot are different names of apu boardname. No need to check boardname to load module.' Signed-off-by: Lukáš Mrtvý <lukas.mrtvy@gmail.com>
* netifd: update to latest git HEADHans Dedecker2018-07-111-3/+3
| | | | | | | 5cf7975 iprule: rework interface based rules to handle dynamic interfaces 57f87ad Introduce new interface event "create" (IFEV_CREATE) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ramips: clean up and fix MT7621 NAND driver issuesFelix Fietkau2018-07-111-74/+25
| | | | | | | | | | | | - remove misaligned custom buffer allocation in the NAND driver - remove broken bounce buffer implementation for 16-byte align Let the MTD core take care of both Fixes messages like these: [ 102.820541] Data buffer not 16 bytes aligned: 87daf08c Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: replace bridge port isolate hack with upstream patch backport on 4.14Felix Fietkau2018-07-113-80/+148
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netifd: update to the latest versionFelix Fietkau2018-07-111-3/+3
| | | | | | | | | c1f6a82 system-linux: add autoneg and link-partner output e9eff34 system-linux: extend link mode speed definitions d1251e1 system-linux: adjust bridge isolate mode for upstream attribute naming 03785fb system-linux: fix build error on older kernels Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: adjust bridge port isolate patch to match upstream attribute namingFelix Fietkau2018-07-113-24/+9
| | | | | | | | Newer kernels have a patch that implements compatible functionality directly. Adjust the attribute of our own patch in preparation for dropping it later Signed-off-by: Felix Fietkau <nbd@nbd.name>
* procd: update to the latest version, fixes gcc 8 build errorFelix Fietkau2018-07-111-3/+3
| | | | | | a0372ac procd: increase watchdog fd_buf storage size to fix gcc8 build error Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: Expose support for ath9k DynackKoen Vandeputte2018-07-111-1/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Enables support for Dynack feature. When a remote station is far away, we need to compensate for the distance by allowing more time for an ACK to arrive back before issueing a retransmission. Currently, it needs to be set fixed to indicate the maximum distance the remote station will ever be. While this mostly works for static antennae, it introduces 2 issues: - If the actual distance is less, speed is reduced due to a lot of wates wait-time - If the distance becomes greater, retries start to occur and comms can get lost. Allowing to set it dynamically using dynack ensures the best possible tradeoff between speed vs distance. This feature is currently only supported in ath9k. it is also disabled by default. Enabling it can be done in 2 ways: - issue cmd: iw phy0 set distance auto - sending the NL80211_ATTR_WIPHY_DYN_ACK flag to mac80211 driver using netlink Disabling it can be done by providing a valid fixed value. To give an idea of a practical example: In my usecase, we have mesh wifi device installed on ships/platforms. Currently, the coverage class is set at 12000m fixed. When a vessel moved closer (ex. 1500m), the measured link capacity was a lot lower compared to setting the coverage class fixed to 1500m Dynack completely solved this, nearly providing double the bandwidth at closer range compared to the fixed setting of 12000m being used. Also when a vessel sailed to a distance greater than the fixed setting, communication was lost as the ACK's never arrived within the max allowed timeframe. Actual distance: 6010m iperf 60s run avg Fixed 12150m: 31 Mbit/s Dynack: 58 Mbit/s Fixed 6300m: 51 Mbit/s Dynack: 59 Mbit/s Fixed 3000m: 13 Mbit/s (lots of retries) Dynack: 58 Mbit/s Actual distance: 1504m iperf 60s run avg Fixed 12150m: 31 Mbit/s Dynack: 86 Mbit/s Fixed 6300m: 55 Mbit/s Dynack: 87 Mbit/s Fixed 3000m: 67 Mbit/s Dynack: 87 Mbit/s Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.54Koen Vandeputte2018-07-1126-276/+276
| | | | | | | | | | | | Rereshed all patches Reworked patches to match upstream: 335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch Compile-tested on: cns3xxx, imx6, x86_64 Runtime-tested on: cns3xxx, imx6, x86_64 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* qos-scripts: fix indentationMoritz Warning2018-07-113-15/+16
| | | | Signed-off-by: Moritz Warning <moritzwarning@web.de>
* wireguard: bump to 0.0.20180708Jason A. Donenfeld2018-07-111-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | * device: print daddr not saddr in missing peer error * receive: style Debug messages now make sense again. * wg-quick: android: support excluding applications Android now supports excluding certain apps (uids) from the tunnel. * selftest: ratelimiter: improve chance of success via retry * qemu: bump default kernel version * qemu: decide debug kernel based on KERNEL_VERSION Some improvements to our testing infrastructure. * receive: use NAPI on the receive path This is a big change that should both improve preemption latency (by not disabling it unconditionally) and vastly improve rx performance on most systems by using NAPI. The main purpose of this snapshot is to test out this technique. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* iproute2: update to 4.17.0Hans Dedecker2018-07-1014-310/+48
| | | | | | | | | | | | Update to the latest version of iproute2; see https://lwn.net/Articles/756991/ for a full overview of the changes in 4.17. Remove upstream patch 002-json_print-fix-hidden-64-bit-type-promotion. Backport upstream patch 001-rdma-sync-some-IP-headers-with-glibc fixing rdma compile issue. At the same time re-organize patch numbering so the OpenWRT specific patches start at 100. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* hostapd: build with LTO enabled (using jobserver for parallel build)Felix Fietkau2018-07-102-3/+54
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* binutils: remove version 2.27Felix Fietkau2018-07-108-147/+0
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* binutils: update to version 2.30, resolves issues with LTOFelix Fietkau2018-07-102-2/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* binutils: backport an upstream fix for a linker bug that triggers with LTOFelix Fietkau2018-07-101-0/+112
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: bcm47xxpart: fix getting user-space data partition nameRafał Miłecki2018-07-102-2/+4
| | | | | | | | | | | Partition name is picked by a parser_trx_data_part_name(). It has to get correct partition offset (taking care of bad blocks) to work properly. This fixes UBI support for devices that have kernel flashed on partition with a bad block. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* nasm: disable LTO, remove host specific workaroundsFelix Fietkau2018-07-101-7/+1
| | | | | | | | | | | | The recent build failures on various platforms were apparently caused by the fact that LTO build support in the configure script does not check if it has a suitable version of gcc and simply assumes that gcc-ar is available and can be used for intermediate files. Since we really don't need to build nasm with LTO, simply disable it and keep the whole build more portable Signed-off-by: Felix Fietkau <nbd@nbd.name>
* odhcpd: update to latest git HEADHans Dedecker2018-07-091-4/+4
| | | | | | | 345bba0 dhcpv4: improve error checking in handle_dhcpv4() c0f6390 odhcpd: Check if open the ioctl socket failed Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* toolchain/nasm: force ar and ranlib only on macOSXHauke Mehrtens2018-07-081-3/+5
| | | | | | | | | | On Debian 9 nasm does not build when we force it to use ranlib, for macOSX this is needed. Only force this on macOSX and not on any other OS, this should fix the build of nasm on Linux systems. On my Debian system the nasm configure script selects gcc-ranlib and gcc-ar instead. Fixes: d3a7587eb95 ("toolchain/nasm: fix missing AR/RANLIB variables") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* build: README punctuation pendantryKevin Darbyshire-Bryant2018-07-081-2/+2
| | | | Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* build: Update README & github helpKevin Darbyshire-Bryant2018-07-082-17/+22
| | | | | | | | Update README to include Openwrt branding and improve wording. Point at the Openwrt wiki in .github templates. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* basefiles: Reword sysupgrade messageKevin Darbyshire-Bryant2018-07-081-1/+1
| | | | | | sysupgrade 'upgrade' message more verbose than needs be. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* ath79: add support for OCEDO RaccoonDavid Bauer2018-07-083-0/+186
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit adds support for the OCEDO Raccoon SOC: Atheros AR9344 RAM: 128MB FLASH: 16MiB WLAN1: AR9344 2.4 GHz 802.11bgn 2x2 WLAN2: AR9382 5 GHz 802.11an 2x2 INPUT: RESET button LED: Power, LAN, WiFi 2.4, WiFi 5 Serial: Header Next to Black metal shield Pinout is 3.3V - GND - TX - RX (Arrow Pad is 3.3V) The Serial setting is 115200-8-N-1. NOTE: The U-Boot won't boot with the serial attached. Boot the device without serial attached and attach it after 3 seconds. Tested and working: - Ethernet - 2.4 GHz WiFi - 5 GHz WiFi - TFTP boot from ramdisk image - Installation via ramdisk image - OpenWRT sysupgrade - Buttons - LEDs Installation seems to be possible only through booting an OpenWRT ramdisk image. Hold down the reset button while powering on the device. It will load a ramdisk image named 'raccoon-uImage-initramfs-lzma.bin' from 192.168.100.8. Note: depending on the present software, the device might also try to pull a file called 'raccoon-uimage-factory'. Only the name differs, it is still used as a ramdisk image. Wait for the ramdisk image to boot. OpenWRT can be written to the flash via sysupgrade or mtd. Due to the flip-flop bootloader which we not (yet) support, you need to set the partition the bootloader is selecting. It is possible from the initramfs image with > fw_setenv bootcmd run bootcmd_1 Afterwards you can reboot the device. Signed-off-by: David Bauer <mail@david-bauer.net>
* kernel: move CONFIG_USB_MTU3 to generic configHauke Mehrtens2018-07-072-1/+1
| | | | | | | | | | | CONFIG_USB_MTU3 is not visible for the mediatek target by default, but only when CONFIG_USB_GADGET is set. This will config option will be remove with when running "make kernel_oldconfig", move this option to the generic config to prevent this. This fixes the build of the mt7623 subtarget of the mediatek target. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: disable some DRM_PANEL config optionsHauke Mehrtens2018-07-071-0/+2
| | | | | | | The modules should not be build by default. This fixes the build of the zynq target. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* toolchain/nasm: Backport GCC8 compatibility fix from upstream repoTed Hess2018-07-071-0/+15
| | | | Signed-off-by: Ted Hess <thess@kitschensync.net>
* ath79: disable unused drivers for tiny targetLucian Cristian2018-07-072-8/+8
| | | | | | | | | | | Shrink the tiny kernel by moving all switch and ethernet phy drivers to the generic kernel config instead of the target kernel config. All boards in the tiny and nand target are either ar7240 or ar9331 based, which don't support external xMII and therefore no external ethernet phy can be connected. None of the boards uses a realtek switch either. Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
* ath79: optimize ath79 tiny target for sizeLucian Cristian2018-07-071-0/+2
| | | | | | the speed impact on tiny target is minimal and worth the size gained Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
* ath79: add support for UniFi AC-Mesh ProChristoph Krapp2018-07-076-23/+44
| | | | | | | | | The Unifi AC-Mesh Pro has identical hardware to the Unifi AC-Pro except USB support. Furthermore for setting parameters like antenna gain it is helpful to know the exact device variant. Signed-off-by: Christoph Krapp <achterin@googlemail.com>
* ramips: add support for Blueendless Kimax U35WFAdemar Arvati Filho2018-07-076-3/+123
| | | | | | | | | | | | | | | | | | | | | | | | | | Blueendless Kimax U35WF is a 3,5" HDD Enclosure with Wi-Fi and Ethernet Patch rewritten from: https://forum.openwrt.org/viewtopic.php?id=66908 Based on: https://github.com/lede-project/source/pull/965 Specification: - SoC: MediaTek MT7620N - CPU/Speed: 580 MHz - Flash-Chip: KH25L12835F Spi Flash - Flash size: 16 MiB - RAM: 64 MiB - LAN: 1x 100 Mbps Ethernet - WiFi SoC-integrated: 802.11bgn - 1x USB 2.0 - UART: for serial console Installation: 1. Download sysupgrade.bin 2. Open vendor web interface 3. Choose to upgrade firmware 3. After reboot connect via ethernet at 192.168.1.1 Signed-off-by: Ademar Arvati Filho <arvati@hotmail.com>
* ar71xx: factor out safe loader image build codeMathias Kresin2018-07-073-60/+44
| | | | | | | | | | Add a template for safeloader images and include it instead of overwriting variables defined in the common tp-link build commands. Split the existing tp-link templates to proper implement the safeloader template. Signed-off-by: Mathias Kresin <dev@kresin.me>
* ar71xx: drop unnecessary LOADER_TYPE variablesMathias Kresin2018-07-071-5/+1
| | | | | | | Drop the LOADER_TYPE variables in case no loader is used at all or move the variable to devices which are using a loader. Signed-off-by: Mathias Kresin <dev@kresin.me>
* ar71xx: get rid of copy-fileMathias Kresin2018-07-071-6/+4
| | | | | | | Use the provided image build variables to point the kernel-bin build command to the kernel we are interested in. Signed-off-by: Mathias Kresin <dev@kresin.me>
* ar71xx: mikrotik: cleanup nand image build codeMathias Kresin2018-07-071-14/+20
| | | | | | | | | | | | Use the LOADER_TYPE variable to specify that we need the elf preloader and append the loader via the corresponding build recipe. It allows to enable initramfs images again for mikrotik NAND images, which caused a build error before. Add the minor header only to the kernel of the sysupgrade images, as it is only required for the bootloader to find the kernel on flash. Signed-off-by: Mathias Kresin <dev@kresin.me>
* ramips: add support for I-O DATA WN-AX1167GRINAGAKI Hiroshi2018-07-076-0/+197
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I-O DATA WN-AX1167GR is a 2.4/5 GHz band 11ac router, based on MediaTek MT7621A. Specification: - MT7621A (2-Cores, 4-Threads) - 64 MB of RAM (DDR2) - 16 MB of Flash (SPI) - 2T2R 2.4/5 GHz - 5x 10/100/1000 Mbps Ethernet - 2x LEDs, 4x keys (2x buttons, 1x slide switch) - UART header on PCB - Vcc, GND, TX, RX from ethernet port side - baudrate: 115200 bps (U-Boot, OpenWrt) Stock firmware: In the stock firmware, WN-AX1167GR has two os images each composed of Linux kernel and rootfs. These images are stored in "Kernel" and "app" partition of the following partitions, respectively. (excerpt from dmesg): MX25L12805D(c2 2018c220) (16384 Kbytes) mtd .name = raspi, .size = 0x01000000 (16M) .erasesize = 0x00010000 (64K) .numeraseregions = 0 Creating 10 MTD partitions on "raspi": 0x000000000000-0x000001000000 : "ALL" 0x000000000000-0x000000030000 : "Bootloader" 0x000000030000-0x000000040000 : "Config " 0x000000040000-0x000000050000 : "Factory" 0x000000050000-0x000000060000 : "iNIC_rf" 0x000000060000-0x0000007e0000 : "Kernel" 0x000000800000-0x000000f80000 : "app" 0x000000f90000-0x000000fa0000 : "Key" 0x000000fa0000-0x000000fb0000 : "backup" 0x000000fb0000-0x000001000000 : "storage" The flag for boot partition is stored in "Key" partition, and U-Boot reads this and determines the partition to boot. If the image that U-Boot first reads according to the flag is "Bad Magic Number", U-Boot then tries to boot from the other image. If the second image is correct, change the flag to the number corresponding to that image and boot from that image. (example): ## Booting image at bc800000 ... Bad Magic Number,FFFFFFFF Boot from KERNEL 1 !! ## Booting image at bc060000 ... Image Name: MIPS OpenWrt Linux-4.14.50 Image Type: MIPS Linux kernel Image (lzma compressed) Data Size: 1865917 Bytes = 1.8 MB Load Address: 80001000 Entry Point: 80001000 Verifying Checksum ... OK Uncompressing Kernel Image ... OK raspi_erase_write: offs:f90000, count:34 . . Done! Starting kernel ... Flash instruction using factory image: 1. Connect the computer to the LAN port of WN-AX1167GR 2. Connect power cable to WN-AX1167GR and turn on it 3. Access to "192.168.0.1" on the web browser and open firmware update page ("ファームウェア") 4. Select the OpenWrt factory image and perform firmware update 5. On the initramfs image, execute "mtd erase firmware" to erase stock firmware and execute sysupgrade with sysupgrade image for WN-AX1167GR 6. Wait ~180 seconds to complete flasing Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
* libnl: bump to 3.4.0Konstantin Demin2018-07-074-31/+15
| | | | | | refresh patches Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* uboot-imx: bump to 2018.03 which fixes the build issues with fdt64_t ↵Vladimir Vid2018-07-079-1636/+26
| | | | | | | | | | | redefinitions * change mx6qsabresd to mx6qsabres to match defconfig name * merge wanboard profiles since there is only one defconfig for the target device * move wanboard options from wandboard.h to defconfig * remove legacy patches Signed-off-by: Vladimir Vid <vladimir.vid@sartura.hr>
* mac80211: initialize sinfo in cfg80211_get_stationSven Eckelmann2018-07-071-0/+42
| | | | | | | | | | | | | | | | | | | Most of the implementations behind cfg80211_get_station will not initialize sinfo to zero before manipulating it. For example, the member "filled", which indicates the filled in parts of this struct, is often only modified by enabling certain bits in the bitfield while keeping the remaining bits in their original state. A caller without a preinitialized sinfo.filled can then no longer decide which parts of sinfo were filled in by cfg80211_get_station (or actually the underlying implementations). cfg80211_get_station must therefore take care that sinfo is initialized to zero. Otherwise, the caller may tries to read information which was not filled in and which must therefore also be considered uninitialized. In batadv_v_elp_get_throughput's case, an invalid "random" expected throughput may be stored for this neighbor and thus the B.A.T.M.A.N V algorithm may switch to non-optimal neighbors for certain destinations. Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
* ath10k-ct: search DT for BDF variant infoSven Eckelmann2018-07-073-1/+363
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Board Data File (BDF) is loaded upon driver boot-up procedure. The right board data file is identified on QCA4019 using bus, bmi-chip-id and bmi-board-id. The problem, however, can occur when the (default) board data file cannot fulfill the vendor requirements and it is necessary to use a different board data file. This problem was solved for SMBIOS by adding a special SMBIOS type 0xF8. Something similar has to be provided for systems without SMBIOS but with device trees. No solution was specified by QCA and therefore a new one has to be found for ath10k. The device tree requires addition strings to define the variant name wifi@a000000 { status = "okay"; qcom,ath10k-calibration-variant = "RT-AC58U"; }; wifi@a800000 { status = "okay"; qcom,ath10k-calibration-variant = "RT-AC58U"; }; This would create the boarddata identifiers for the board-2.bin search * bus=ahb,bmi-chip-id=0,bmi-board-id=16,variant=RT-AC58U * bus=ahb,bmi-chip-id=0,bmi-board-id=17,variant=RT-AC58U Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
* config: add config option for KERNEL_TASKSTATSJeremiah McConnell2018-07-071-0/+21
| | | | | | | | | | In order for monitoring tools such as atop and htop to track and report i/o data, kernel support for task statistics and io accounting is required. Add a config option to enable building this support in the kernel. Signed-off-by: Jeremiah McConnell <miah@miah.com>
* mbedtls: Activate deterministic ECDSAHauke Mehrtens2018-07-071-18/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | With deterministic ECDSA the value k needed for the ECDSA signature is not randomly generated any more, but generated from a hash over the private key and the message to sign. If the value k used in a ECDSA signature or the relationship between the two values k used in two different ECDSA signatures over the same content is know to an attacker he can derive the private key pretty easily. Using deterministic ECDSA as defined in the RFC6979 removes this problem by deriving the value k deterministically from the private key and the content which gets signed. The resulting signature is still compatible to signatures generated not deterministic. This increases the size of the ipk on mips 24Kc by about 2 KByte. old: 166.240 libmbedtls_2.11.0-1_mips_24kc.ipk new: 167.811 libmbedtls_2.11.0-1_mips_24kc.ipk This does not change the ECDSA performance in a measurable way. Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: Disable MBEDTLS_SHA256_SMALLER implementationDaniel Engberg2018-07-071-9/+0
| | | | | | | | | | | | | | | | | | | | | | | | Disable MBEDTLS_SHA256_SMALLER implementation, not enabled by default in upstream and reduces performance by quite a bit. Source: include/mbedtls/config.h Enable an implementation of SHA-256 that has lower ROM footprint but also lower performance. The default implementation is meant to be a reasonnable compromise between performance and size. This version optimizes more aggressively for size at the expense of performance. Eg on Cortex-M4 it reduces the size of mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about 30%. The size of mbedtls increased a little bit: ipkg for mips_24kc before: 164.382 Bytes ipkg for mips_24kc after: 166.240 Bytes Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* mbedtls: Update to 2.11.0Daniel Engberg2018-07-076-32/+58
| | | | | | | | | | | | | | | | Update mbed TLS to 2.11.0 Disable OFB block mode and XTS block cipher mode, added in 2.11.0. The soVersion of mbedtls changed, bump PKG_RELEASE for packages that use mbedTLS This is to avoid having a mismatch between packages when upgrading. The size of mbedtls increased a little bit: ipkg for mips_24kc before: 163.846 Bytes ipkg for mips_24kc after: 164.382 Bytes Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* mbedtls: cleanup config patchDaniel Engberg2018-07-071-35/+28
| | | | | | | Clean up patch, use "//" consistently. Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* sunxi: Enable SD block devicesDaniel Engberg2018-07-071-0/+1
| | | | | | | | USB storage support is however SCSI Disk block device support isn't meaning that connected devices wont enumerate. Enable CONFIG_BLK_DEV_SD by default to fix it. Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>