CC: cyassl: update to wolfssl version 3.8.0 to fix security problems

Backport of:
r46167: cyassl: version bump to 3.4.6
r46168: cyassl: update to wolfssl 3.6.0
r46551: cyassl: the upstream package in version 4.6.0 changed
r47791: cyassl: update to wolfSSL version 3.7.0
    This version and version 3.6.8 are fixing the following security problems:
    * CVE-2015-7744
    * CVE-2015-6925
r48616: cyassl: update to wolfssl version 3.8.0

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>


git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@48873 3c298f89-4303-0410-b956-a3cf2f4a3e73

5 files changed, 47 insertions, 39 deletions

diff --git a/package/libs/cyassl/Makefile b/package/libs/cyassl/Makefile
index c3361eb64f..41f996ffc9 100644
--- a/package/libs/cyassl/Makefile
+++ b/package/libs/cyassl/Makefile
@@ -7,13 +7,13 @@
 
 include $(TOPDIR)/rules.mk
 
-PKG_NAME:=cyassl
-PKG_VERSION:=3.3.0
-PKG_RELEASE:=2
+PKG_NAME:=wolfssl
+PKG_VERSION:=3.8.0
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).zip
-PKG_SOURCE_URL:=http://www.yassl.com/
-PKG_MD5SUM:=0303eb0f2f9065a1207d9104ab0eba7c
+PKG_SOURCE_URL:=https://www.wolfssl.com/
+PKG_MD5SUM:=a73d90c5439adea97a5002a73b46ddeb
 
 PKG_FIXUP:=libtool
 PKG_INSTALL:=1
@@ -27,7 +27,7 @@ define Package/libcyassl
   SUBMENU:=SSL
   CATEGORY:=Libraries
   TITLE:=CyaSSL library
-  URL:=http://www.yassl.com/
+  URL:=http://www.wolfssl.com/
 endef
 
 define Package/libcyassl/description
@@ -43,19 +43,30 @@ CONFIGURE_ARGS += \
 	--enable-opensslextra \
 	--enable-sni \
 	--enable-ecc \
+	--enable-sslv3 \
 	--disable-examples
 
+ifneq ($(CONFIG_TARGET_x86),)
+	CONFIGURE_ARGS += --enable-intelasm
+endif
+ifneq ($(CONFIG_TARGET_x86_64),)
+	CONFIGURE_ARGS += --enable-intelasm
+endif
+
 define Build/InstallDev
 	$(INSTALL_DIR) $(1)/usr/include
 	$(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
 
 	$(INSTALL_DIR) $(1)/usr/lib
-	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libcyassl.{so*,la} $(1)/usr/lib/
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libwolfssl.{so*,la} $(1)/usr/lib/
+	ln -s libwolfssl.so $(1)/usr/lib/libcyassl.so
+	ln -s libwolfssl.la $(1)/usr/lib/libcyassl.la
 endef
 
 define Package/libcyassl/install
 	$(INSTALL_DIR) $(1)/usr/lib
-	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libcyassl.so* $(1)/usr/lib/
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libwolfssl.so* $(1)/usr/lib/
+	ln -s libwolfssl.so $(1)/usr/lib/libcyassl.so
 endef
 
 $(eval $(call BuildPackage,libcyassl))
diff --git a/package/libs/cyassl/patches/100-respect_cflags.patch b/package/libs/cyassl/patches/100-respect_cflags.patch
deleted file mode 100644
index 0e03230dcf..0000000000
--- a/package/libs/cyassl/patches/100-respect_cflags.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/configure.ac
-+++ b/configure.ac
-@@ -47,7 +47,7 @@ AC_SUBST([CYASSL_LIBRARY_VERSION])
- 
- # capture user C_EXTRA_FLAGS from ./configure line, CFLAGS may hold -g -O2 even
- # if user doesn't override, no way to tell
--USER_C_EXTRA_FLAGS="$C_EXTRA_FLAGS"
-+USER_C_EXTRA_FLAGS="$CFLAGS"
- 
- LT_PREREQ([2.2])
- LT_INIT([disable-static],[win32-dll])
diff --git a/package/libs/cyassl/patches/200-SSL_accept-handle-hello-garbage.patch b/package/libs/cyassl/patches/200-SSL_accept-handle-hello-garbage.patch
deleted file mode 100644
index 5463cb0cf9..0000000000
--- a/package/libs/cyassl/patches/200-SSL_accept-handle-hello-garbage.patch
+++ /dev/null
@@ -1,13 +0,0 @@
---- a/src/internal.c
-+++ b/src/internal.c
-@@ -6037,6 +6037,10 @@ int ProcessReply(CYASSL* ssl)
-                 b1 =
-                 ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx++];
-                 ssl->curSize = (word16)(((b0 & 0x7f) << 8) | b1);
-+
-+                /* does not appear to a be a SSLv2 client hello */
-+                if ( ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx] != 1 )
-+                    return UNKNOWN_HANDSHAKE_TYPE;
-             }
-             else {
-                 ssl->options.processReply = getRecordLayerHeader;
diff --git a/package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch b/package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch
index d81e416180..a35cdadc8e 100644
--- a/package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch
+++ b/package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch
@@ -1,10 +1,19 @@
---- a/cyassl/openssl/ssl.h
-+++ b/cyassl/openssl/ssl.h
-@@ -372,6 +373,7 @@
- #define SSL_CTX_get_ex_new_index CyaSSL_CTX_get_ex_new_index
+--- a/wolfssl/openssl/ssl.h
++++ b/wolfssl/openssl/ssl.h
+@@ -401,6 +401,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STOR
+ /* yassl had set the default to be 500 */
+ #define SSL_get_default_timeout(ctx) 500
  
++#define SSL_set_tlsext_host_name(x, y) wolfSSL_UseSNI(x, WOLFSSL_SNI_HOST_NAME, y, strlen(y))
++ 
+ /* Lighthttp compatability */
  
-+#define SSL_set_tlsext_host_name(x, y) CyaSSL_UseSNI(x, CYASSL_SNI_HOST_NAME, y, strlen(y))
+ #ifdef HAVE_LIGHTY                       
+@@ -487,7 +489,6 @@ typedef WOLFSSL_ASN1_BIT_STRING    ASN1_
+ #define SSL_TLSEXT_ERR_NOACK                 alert_warning
+ #define TLSEXT_NAMETYPE_host_name            WOLFSSL_SNI_HOST_NAME
  
- #ifdef __cplusplus
-     } /* extern "C" */
+-#define SSL_set_tlsext_host_name wolfSSL_set_tlsext_host_name
+ #define SSL_get_servername wolfSSL_get_servername
+ #define SSL_set_SSL_CTX                  wolfSSL_set_SSL_CTX
+ #define SSL_CTX_get_verify_callback      wolfSSL_CTX_get_verify_callback
diff --git a/package/libs/cyassl/patches/400-additional_compatibility.patch b/package/libs/cyassl/patches/400-additional_compatibility.patch
new file mode 100644
index 0000000000..4d75d98906
--- /dev/null
+++ b/package/libs/cyassl/patches/400-additional_compatibility.patch
@@ -0,0 +1,12 @@
+--- a/cyassl/openssl/ssl.h
++++ b/cyassl/openssl/ssl.h
+@@ -27,6 +27,9 @@
+ #define CYASSL_OPENSSL_H_
+ 
+ #include <cyassl/ssl.h>
++#ifndef HAVE_SNI
++#undef CYASSL_SNI_HOST_NAME
++#endif
+ #include <wolfssl/openssl/ssl.h>
+ 
+ #endif