aboutsummaryrefslogtreecommitdiffstats
path: root/package/libs/cyassl
Commit message (Collapse)AuthorAgeFilesLines
* libs/cyassl: re-enable the stunnel flagFelix Fietkau2016-12-201-1/+3
| | | | | | | | This partially reverts commit 15734b023b7e04d12d258ea28bfb5e6e735f10b7. --enable-stunnel was actually important and properly described in commit 9b118cde898e. Removing it broke ustream-cyassl Signed-off-by: Felix Fietkau <nbd@nbd.name>
* libs/cyassl: Enable multithreading, drop stunnelDaniel Engberg2016-12-201-3/+1
| | | | | | | More and more platforms are multicore SoCs, don't enforce singlethreading. Drop stunnel option as stunnel code isn't available for download from upstream website. Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* treewide: clean up download hashesFelix Fietkau2016-12-161-1/+1
| | | | | | Replace *MD5SUM with *HASH, replace MD5 hashes with SHA256 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* cyassl: update to wolfssl version 3.9.10Hauke Mehrtens2016-12-031-2/+2
| | | | | | | | | | This fixes the following security problems: CVE-2016-7440: Software AES table lookups do not properly consider cache-bank access times CVE-2016-7439: Software RSA does not properly consider cache-bank monitoring CVE-2016-7438: Software ECC does not properly consider cache-bank monitoring SWEET32 Attack Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* cyassl: remove duplicate submenu levelJohn Crispin2016-09-191-3/+2
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* cyassl: make CyaSSL/WolfSSL more configurableAndreas Schultz2016-09-192-4/+5
| | | | | | | | The default configuration might not be suitable for every use case. Add options to enable/disable additional options. Signed-off-by: Andreas Schultz <aschultz@tpip.net>
* cyassl: make CyaSSL/WolfSSL more configurableAndreas Schultz2016-08-222-2/+117
| | | | | | | | The default configuration might not be suitable for every use case. Add options to enable/disable additional options. Signed-off-by: Andreas Schultz <aschultz@tpip.net>
* cyassl: update to wolfssl version 3.9.6Hauke Mehrtens2016-07-241-2/+2
| | | | | | | | | | | | Changelog: https://www.wolfssl.com/wolfSSL/Docs-wolfssl-changelog.html old size: libcyassl_3.9.0-1_mips_34kc_dsp.ipk 147552 new size: libcyassl_3.9.6-1_mips_34kc_dsp.ipk 150087 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* wolfssl: enable openssl 1.0.1 compatibilityKarl Palsson2016-06-072-19/+1
| | | | | | | | | | | >From wolfssl/openssl/opensslv.h, and from skimming the contents of what "--enable-stunnel" actually does, it seems that --enable-opensslextra doesn't give you the "full" openssl compatibility that you may wish for these days. Unfortuantely, while wolfssl writes the build time options into wolfssl/options.h, it doesn't include that file itself. User applications must include that directly. Signed-off-by: Karl Palsson <karlp@etactica.com>
* cyassl/wolfssl: update to 3.9.0Dirk Neukirchen2016-05-213-10/+8
| | | | | | | | | | | | | | | | | | | | | wolfssl has a fine grained feature and compatibility control for compiling stunnel, lighthttp or (partly) openssl dropin ustream-ssl uses features that require normally HAVE_SNI, HAVE_STUNNEL and the openssl compatibility headers ar71xx ipkg sizes of wolfssl 3.9.0: - with stunnel: 144022 - this patch (w.o. stunnel): 131712 - without openssl(extra): 111104 - w.o openssl/sni:108515 - w.o openssl/sni/ecc: 93954 so patch 300 saves around 12k compressed ipkg size v2: keep & rename patch 300 for clarity, fixes ustream-ssl/cyassl that broke with v1 Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
* cyassl: disable Intel ASM for nowJo-Philipp Wich2016-03-021-8/+8
| | | | | | | | With ASM support enabled, CyaSSL fails to build on all x86 subtargets. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 48876
* cyassl: update to wolfssl version 3.8.0Hauke Mehrtens2016-02-012-3/+3
| | | | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 48616
* cyassl: update to wolfSSL version 3.7.0Hauke Mehrtens2015-12-054-26/+21
| | | | | | | | | | | | This version and version 3.6.8 are fixing the following security problems: * CVE-2015-7744 * CVE-2015-6925 The activation of SSLv3 support is needed for curl. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 47791
* cyassl: the upstream package in version 4.6.0 changedHauke Mehrtens2015-08-031-1/+1
| | | | | | | | Update the md5sum to the new version. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 46551
* cyassl: update to wolfssl 3.6.0Hauke Mehrtens2015-07-035-23/+11
| | | | | | | | | Upstream wolfssl already has better checks to detect broken ssl v2 ClientHellos, we can remove our hack. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 46168
* cyassl: version bump to 3.4.6Hauke Mehrtens2015-07-034-12/+37
| | | | | | | | | | | | This patch introduces a new build error into coova-chilli, but coova-chilli already fails to build even without it anyway. CyaSSL is now called wolfSSL, and all the API's have been renamed, and backward-compatibility headers added. Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 46167
* cyassl: add --enable-ecc as its needed when using the CA certificatesJohn Crispin2015-04-011-1/+2
| | | | | | Signed-off-by: John Crispin <blogic@openwrt.org> SVN-Revision: 45217
* cyassl: add support for SSL_set_tlsext_host_nameJohn Crispin2015-04-012-0/+12
| | | | | | Signed-off-by: John Crispin <blogic@openwrt.org> SVN-Revision: 45215
* cyassl: bump to 3.3.0Steven Barth2014-12-161-3/+3
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 43728
* license info - revert r43155John Crispin2014-11-031-3/+0
| | | | | | | | turns out that r43155 adds duplicate info. Signed-off-by: John Crispin <blogic@openwrt.org> SVN-Revision: 43167
* Add more license tags with SPDX identifiersJohn Crispin2014-11-031-0/+3
| | | | | | | | | | | | | | | | | | Note, that licensing stuff is a nightmare: many packages does not clearly state their licenses, and often multiple source files are simply copied together - each with different licensing information in the file headers. I tried hard to ensure, that the license information extracted into the OpenWRT's makefiles fit the "spirit" of the packages, e.g. such small packages which come without a dedicated source archive "inherites" the OpenWRT's own license in my opinion. However, I can not garantee that I always picked the correct information and/or did not miss license information. Signed-off-by: Michael Heimpold <mhei@heimpold.de> SVN-Revision: 43155
* Add a few SPDX tagsSteven Barth2014-11-021-0/+1
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 43151
* cyassl: update to version 3.2.0Hauke Mehrtens2014-09-132-3/+3
| | | | | | | | | This fixes a security problem: Security fix for RSA Padding check vulnerability Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 42526
* cyassl: update to 3.1.0Steven Barth2014-08-082-3/+3
| | | | SVN-Revision: 42063
* cyassl: update to version 3.0.0Hauke Mehrtens2014-05-013-6/+6
| | | | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 40621
* change fixup method and fix CFLAGS handlingImre Kaloz2013-12-203-3/+14
| | | | | | Signed-off-by: Imre Kaloz <kaloz@openwrt.org> SVN-Revision: 39151
* cyassl: drop obsolete patchesJo-Philipp Wich2013-10-303-561/+0
| | | | SVN-Revision: 38610
* cyassl: upgrade to v2.8.0Jo-Philipp Wich2013-10-302-9/+10
| | | | | | | | | Un-reverts the previous update commit and forward-ports the patch to improve legacy SSLv2 handshake handling. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 38609
* Revert "[cyassl]: upgrade to 2.8.0"Jo-Philipp Wich2013-10-295-7/+580
| | | | | | | | | | Reverts the CyaSSL version bump for now since the update completely broke trunk building due to incompatible changes in the IO callback API which in turn breaks the core ustream-ssl package. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 38576
* upgrade to 2.8.0Imre Kaloz2013-10-285-580/+7
| | | | | | Signed-off-by: Imre Kaloz <kaloz@openwrt.org> SVN-Revision: 38558
* cyassl: add a patch to better check legacy SSLv2 client hello recordsJo-Philipp Wich2012-10-092-2/+15
| | | | | | | | | If junk data is received during SSL_accept(), cyassl will treat it as legacy SSLv2 record without performing further plausibility checks. Change the legacy code path to return UNKNOWN_HANDSHAKE_TYPE if the value of the third byte isn't 0x01 the hello message type. SVN-Revision: 33675
* move library packages to package/libs/Felix Fietkau2012-10-084-0/+617
SVN-Revision: 33657