| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
| |
This is to eliminate any ambiguity about the cyassl/wolfssl lib.
The rename happened some time ago (~3+ years).
As time goes by, people will start to forget cyassl and
start to get confused about the wolfSSL vs cyassl thing.
It's a good idea to keep up with the times (moving forward).
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
|
|
|
|
|
|
|
| |
Until other packages from feeds decide to rename the
dependency of `+libcyassl` to `+libwolfssl`, this allows
for a bit of backwards compatibility with those packages.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
|
|
|
|
|
|
| |
This fixes a low level security vulnerability.
Deactivate MIPS16 support, crypto code gets much slower with MIPS16.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
| |
This partially reverts commit 15734b023b7e04d12d258ea28bfb5e6e735f10b7.
--enable-stunnel was actually important and properly described in
commit 9b118cde898e. Removing it broke ustream-cyassl
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
| |
More and more platforms are multicore SoCs, don't enforce singlethreading.
Drop stunnel option as stunnel code isn't available for download from upstream website.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
|
|
|
|
|
|
| |
Replace *MD5SUM with *HASH, replace MD5 hashes with SHA256
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
|
| |
This fixes the following security problems:
CVE-2016-7440: Software AES table lookups do not properly consider cache-bank access times
CVE-2016-7439: Software RSA does not properly consider cache-bank monitoring
CVE-2016-7438: Software ECC does not properly consider cache-bank monitoring
SWEET32 Attack
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
| |
The default configuration might not be suitable for
every use case. Add options to enable/disable additional
options.
Signed-off-by: Andreas Schultz <aschultz@tpip.net>
|
|
|
|
|
|
|
|
| |
The default configuration might not be suitable for
every use case. Add options to enable/disable additional
options.
Signed-off-by: Andreas Schultz <aschultz@tpip.net>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog: https://www.wolfssl.com/wolfSSL/Docs-wolfssl-changelog.html
old size:
libcyassl_3.9.0-1_mips_34kc_dsp.ipk 147552
new size:
libcyassl_3.9.6-1_mips_34kc_dsp.ipk 150087
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
|
| |
>From wolfssl/openssl/opensslv.h, and from skimming the contents of what
"--enable-stunnel" actually does, it seems that --enable-opensslextra
doesn't give you the "full" openssl compatibility that you may wish for
these days. Unfortuantely, while wolfssl writes the build time options
into wolfssl/options.h, it doesn't include that file itself. User
applications must include that directly.
Signed-off-by: Karl Palsson <karlp@etactica.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
wolfssl has a fine grained feature and compatibility control
for compiling stunnel, lighthttp or (partly) openssl dropin
ustream-ssl uses features that require normally
HAVE_SNI, HAVE_STUNNEL and the openssl compatibility headers
ar71xx ipkg sizes of wolfssl 3.9.0:
- with stunnel: 144022
- this patch (w.o. stunnel): 131712
- without openssl(extra): 111104
- w.o openssl/sni:108515
- w.o openssl/sni/ecc: 93954
so patch 300 saves around 12k compressed ipkg size
v2: keep & rename patch 300 for clarity, fixes ustream-ssl/cyassl
that broke with v1
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
|
|
|
|
|
|
|
|
| |
With ASM support enabled, CyaSSL fails to build on all x86 subtargets.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 48876
|
|
|
|
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 48616
|
|
|
|
|
|
|
|
|
|
|
|
| |
This version and version 3.6.8 are fixing the following security problems:
* CVE-2015-7744
* CVE-2015-6925
The activation of SSLv3 support is needed for curl.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 47791
|
|
|
|
|
|
|
|
| |
Update the md5sum to the new version.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 46551
|
|
|
|
|
|
|
|
|
| |
Upstream wolfssl already has better checks to detect broken ssl v2
ClientHellos, we can remove our hack.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 46168
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch introduces a new build error into coova-chilli, but
coova-chilli already fails to build even without it anyway. CyaSSL is
now called wolfSSL, and all the API's have been renamed, and
backward-compatibility headers added.
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 46167
|
|
|
|
|
|
| |
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 45217
|
|
|
|
|
|
| |
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 45215
|
|
|
|
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 43728
|
|
|
|
|
|
|
|
| |
turns out that r43155 adds duplicate info.
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 43167
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Note, that licensing stuff is a nightmare: many packages does not clearly
state their licenses, and often multiple source files are simply copied
together - each with different licensing information in the file headers.
I tried hard to ensure, that the license information extracted into the OpenWRT's
makefiles fit the "spirit" of the packages, e.g. such small packages which
come without a dedicated source archive "inherites" the OpenWRT's own license
in my opinion.
However, I can not garantee that I always picked the correct information
and/or did not miss license information.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
SVN-Revision: 43155
|
|
|
|
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 43151
|
|
|
|
|
|
|
|
|
| |
This fixes a security problem:
Security fix for RSA Padding check vulnerability
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 42526
|
|
|
|
| |
SVN-Revision: 42063
|
|
|
|
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 40621
|
|
|
|
|
|
| |
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>
SVN-Revision: 39151
|
|
|
|
|
|
|
|
|
| |
Un-reverts the previous update commit and forward-ports the patch
to improve legacy SSLv2 handshake handling.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 38609
|
|
|
|
|
|
|
|
|
|
| |
Reverts the CyaSSL version bump for now since the update completely broke
trunk building due to incompatible changes in the IO callback API which in
turn breaks the core ustream-ssl package.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 38576
|
|
|
|
|
|
| |
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>
SVN-Revision: 38558
|
|
|
|
|
|
|
|
|
| |
If junk data is received during SSL_accept(), cyassl will treat it as legacy SSLv2
record without performing further plausibility checks. Change the legacy code path
to return UNKNOWN_HANDSHAKE_TYPE if the value of the third byte isn't 0x01 the
hello message type.
SVN-Revision: 33675
|
|
SVN-Revision: 33657
|