aboutsummaryrefslogtreecommitdiffstats
path: root/package/libs/wolfssl/patches
Commit message (Collapse)AuthorAgeFilesLines
* wolfssl: update to v4.2.0-stableEneas U de Queiroz2019-11-062-138/+0
| | | | | | | | | | | | | | | Many bugs were fixed--2 patches removed here. This release of wolfSSL includes fixes for 5 security vulnerabilities, including two CVEs with high/critical base scores: - potential invalid read with TLS 1.3 PSK, including session tickets - potential hang with ocspstaping2 (always enabled in openwrt) - CVE-2019-15651: 1-byte overread when decoding certificate extensions - CVE-2019-16748: 1-byte overread when checking certificate signatures - DSA attack to recover DSA private keys Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: allow building with hw-crytpo and AES-CCMEneas U de Queiroz2019-09-202-0/+138
| | | | | | | | Hardware acceleration was disabled when AES-CCM was selected as a workaround for a build failure. This applies a couple of upstream patches fixing this. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: bump to 4.1.0-stableEneas U de Queiroz2019-08-173-34/+1
| | | | | | | | | | | | | | | | | Always build AES-GCM support. Unnecessary patches were removed. This includes two vulnerability fixes: CVE-2019-11873: a potential buffer overflow case with the TLSv1.3 PSK extension parsing. CVE-2019-13628 (currently assigned-only): potential leak of nonce sizes when performing ECDSA signing operations. The leak is considered to be difficult to exploit but it could potentially be used maliciously to perform a lattice based timing attack. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: update to 4.0.0-stableEneas U de Queiroz2019-07-073-25/+2
| | | | | | | | | | | | | | | Removed options that can't be turned off because we're building with --enable-stunnel, some of which affect hostapd's Config.in. Adjusted the title of OCSP option, as OCSP itself can't be turned off, only the stapling part is selectable. Mark options turned on when wpad support is selected. Add building options for TLS 1.0, and TLS 1.3. Add hardware crypto support, which due to a bug, only works when CCM support is turned off. Reorganized option conditionals in Makefile. Add Eneas U de Queiroz as maintainer. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: update to 3.15.7, fix MakefileEneas U de Queiroz2019-07-072-3/+3
| | | | | | | | | This includes a fix for a medium-level potential cache attack with a variant of Bleichenbacher’s attack. Patches were refreshed. Increased FP_MAX_BITS to allow 4096-bit RSA keys. Fixed poly1305 build option, and some Makefile updates. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: fix build in busybox environmentsMoritz Warning2019-03-102-2/+25
| | | | | | The configure script broke when used in alpine-3.9 based docker containers. Fixed in wolfSSL >3.15.7. Signed-off-by: Moritz Warning <moritzwarning@web.de>
* wolfssl: disable broken shipped Job server macroJo-Philipp Wich2018-08-231-0/+21
| | | | | | | | | | | | | | | | The AX_AM_JOBSERVER macro shipped with m4/ax_am_jobserver.m4 is broken on plain POSIX shells due to the use of `let`. Shells lacking `let` will fail to run the generated m4sh code and end up invoking "make" with "-jyes" as argument, fialing the build. Since there is no reason in the first place for some random package to muck with the make job server settings and since we do not want it to randomly override "-j" either, simply remove references to this defunct macro to let the build succeed on platforms which not happen to use bash as default shell. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* wolfssl: update to version 3.14.4Daniel Golle2018-05-242-145/+1
| | | | | | | | Use download from github archive corresponding to v3.14.4 tag because the project's website apparently only offers 3.14.0-stable release downloads. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* wolfssl: update to 3.12.2 (1 CVE)Jo-Philipp Wich2017-12-122-3/+145
| | | | | | | | | | Update wolfssl to the latest release v3.12.2 and backport an upstream pending fix for CVE-2017-13099 ("ROBOT vulnerability"). Ref: https://github.com/wolfSSL/wolfssl/pull/1229 Ref: https://robotattack.org/ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* libs/wolfssl: disable hardening check in `settings.h`Alexandru Ardelean2017-09-171-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This seems to cause a false-positive warning/error while building `libwebsockets-cyassl`. ``` make[6]: Leaving directory '/home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1' make[6]: Entering directory '/home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1' [ 2%] Building C object CMakeFiles/websockets.dir/lib/base64-decode.c.o In file included from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/wolfssl/ssl.h:31:0, from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/cyassl/ssl.h:33, from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/cyassl/openssl/ssl.h:30, from /home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1/lib/private-libwebsockets.h:256, from /home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1/lib/base64-decode.c:43: /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/wolfssl/wolfcrypt/settings.h:1642:14: error: #warning "For timing resistance / side-channel attack prevention consider using harden options" [-Werror=cpp] #warning "For timing resistance / side-channel attack prevention consider using harden options" ``` Hardening is enabled by default in libwolfssl at build-time. However, the `settings.h` header is exported (along with other headers) for build (via Build/InstallDev). This looks like a small bug/issue with wolfssl. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* cyassl,curl,libustream-ssl: rename every `cyassl` to `wolfssl`Alexandru Ardelean2017-09-171-0/+12
This is to eliminate any ambiguity about the cyassl/wolfssl lib. The rename happened some time ago (~3+ years). As time goes by, people will start to forget cyassl and start to get confused about the wolfSSL vs cyassl thing. It's a good idea to keep up with the times (moving forward). Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>