diff options
author | Alexandru Ardelean <ardeleanalex@gmail.com> | 2017-08-25 14:15:15 +0300 |
---|---|---|
committer | Hauke Mehrtens <hauke@hauke-m.de> | 2017-09-17 00:00:12 +0200 |
commit | 8334a23679204963f052f5704dd7541f7cf407b8 (patch) | |
tree | b09b657326a52d6babbf265a3c79a076749400fc /package/libs/wolfssl/patches/100-disable-hardening-check.patch | |
parent | d03c23c8d4d022288106979e7ce2839c9ec9c7fb (diff) | |
download | upstream-8334a23679204963f052f5704dd7541f7cf407b8.tar.gz upstream-8334a23679204963f052f5704dd7541f7cf407b8.tar.bz2 upstream-8334a23679204963f052f5704dd7541f7cf407b8.zip |
libs/wolfssl: disable hardening check in `settings.h`
This seems to cause a false-positive warning/error
while building `libwebsockets-cyassl`.
```
make[6]: Leaving directory '/home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1'
make[6]: Entering directory '/home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1'
[ 2%] Building C object CMakeFiles/websockets.dir/lib/base64-decode.c.o
In file included from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/wolfssl/ssl.h:31:0,
from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/cyassl/ssl.h:33,
from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/cyassl/openssl/ssl.h:30,
from /home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1/lib/private-libwebsockets.h:256,
from /home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1/lib/base64-decode.c:43:
/home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/wolfssl/wolfcrypt/settings.h:1642:14: error: #warning "For timing resistance / side-channel attack prevention consider using harden options" [-Werror=cpp]
#warning "For timing resistance / side-channel attack prevention consider using harden options"
```
Hardening is enabled by default in libwolfssl at build-time.
However, the `settings.h` header is exported (along with other headers)
for build (via Build/InstallDev).
This looks like a small bug/issue with wolfssl.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Diffstat (limited to 'package/libs/wolfssl/patches/100-disable-hardening-check.patch')
-rw-r--r-- | package/libs/wolfssl/patches/100-disable-hardening-check.patch | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/package/libs/wolfssl/patches/100-disable-hardening-check.patch b/package/libs/wolfssl/patches/100-disable-hardening-check.patch new file mode 100644 index 0000000000..4acce8a399 --- /dev/null +++ b/package/libs/wolfssl/patches/100-disable-hardening-check.patch @@ -0,0 +1,13 @@ +diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h +index 039c238..73537e0 100644 +--- a/wolfssl/wolfcrypt/settings.h ++++ b/wolfssl/wolfcrypt/settings.h +@@ -1633,7 +1633,7 @@ extern void uITRON4_free(void *p) ; + #endif + + /* warning for not using harden build options (default with ./configure) */ +-#ifndef WC_NO_HARDEN ++#if 0 + #if (defined(USE_FAST_MATH) && !defined(TFM_TIMING_RESISTANT)) || \ + (defined(HAVE_ECC) && !defined(ECC_TIMING_RESISTANT)) || \ + (!defined(NO_RSA) && !defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS)) |