Commit Graph

31 Commits (a11243578ad159cb75c175bf9c2236f3a0af85ea)

Author SHA1 Message Date
Hauke Mehrtens e9f0b75976 cyassl: update to wolfssl version 3.10.0
This fixes a low level security vulnerability.
Deactivate MIPS16 support, crypto code gets much slower with MIPS16.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-01-10 00:10:15 +01:00
Felix Fietkau cbca3ae92e libs/cyassl: re-enable the stunnel flag
This partially reverts commit 15734b023b.
--enable-stunnel was actually important and properly described in
commit 9b118cde89. Removing it broke ustream-cyassl

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-20 10:42:23 +01:00
Daniel Engberg 15734b023b libs/cyassl: Enable multithreading, drop stunnel
More and more platforms are multicore SoCs, don't enforce singlethreading.
Drop stunnel option as stunnel code isn't available for download from upstream website.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2016-12-20 09:35:36 +01:00
Felix Fietkau 720b99215d treewide: clean up download hashes
Replace *MD5SUM with *HASH, replace MD5 hashes with SHA256

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-16 22:39:22 +01:00
Hauke Mehrtens abedd718aa cyassl: update to wolfssl version 3.9.10
This fixes the following security problems:
CVE-2016-7440: Software AES table lookups do not properly consider cache-bank access times
CVE-2016-7439: Software RSA does not properly consider cache-bank monitoring
CVE-2016-7438: Software ECC does not properly consider cache-bank monitoring
SWEET32 Attack

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-12-03 21:35:35 +01:00
Andreas Schultz b9e3e38e79 cyassl: make CyaSSL/WolfSSL more configurable
The default configuration might not be suitable for
every use case. Add options to enable/disable additional
options.

Signed-off-by: Andreas Schultz <aschultz@tpip.net>
2016-09-19 15:30:32 +02:00
Andreas Schultz 277f85c21a cyassl: make CyaSSL/WolfSSL more configurable
The default configuration might not be suitable for
every use case. Add options to enable/disable additional
options.

Signed-off-by: Andreas Schultz <aschultz@tpip.net>
2016-08-22 17:30:35 +02:00
Hauke Mehrtens bdf9243c1b cyassl: update to wolfssl version 3.9.6
Changelog: https://www.wolfssl.com/wolfSSL/Docs-wolfssl-changelog.html

old size:
libcyassl_3.9.0-1_mips_34kc_dsp.ipk     147552

new size:
libcyassl_3.9.6-1_mips_34kc_dsp.ipk     150087

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-07-24 15:05:03 +02:00
Karl Palsson 9b118cde89 wolfssl: enable openssl 1.0.1 compatibility
>From wolfssl/openssl/opensslv.h, and from skimming the contents of what
"--enable-stunnel" actually does, it seems that --enable-opensslextra
doesn't give you the "full" openssl compatibility that you may wish for
these days.  Unfortuantely, while wolfssl writes the build time options
into wolfssl/options.h, it doesn't include that file itself.  User
applications must include that directly.

Signed-off-by: Karl Palsson <karlp@etactica.com>
2016-06-07 09:22:16 +02:00
Dirk Neukirchen de27a1adae cyassl/wolfssl: update to 3.9.0
wolfssl has a fine grained feature and compatibility control
for compiling stunnel, lighthttp or (partly) openssl dropin
ustream-ssl uses features that require normally
HAVE_SNI, HAVE_STUNNEL and the openssl compatibility headers

ar71xx ipkg sizes of wolfssl 3.9.0:
- with stunnel: 144022
- this patch (w.o. stunnel): 131712
- without openssl(extra): 111104
- w.o openssl/sni:108515
- w.o openssl/sni/ecc: 93954

so patch 300 saves around 12k compressed ipkg size

v2: keep & rename patch 300 for clarity, fixes ustream-ssl/cyassl
that broke with v1

Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
2016-05-21 09:57:12 +02:00
Jo-Philipp Wich c042adcf74 cyassl: disable Intel ASM for now
With ASM support enabled, CyaSSL fails to build on all x86 subtargets.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 48876
2016-03-02 10:01:27 +00:00
Hauke Mehrtens 6329349cd0 cyassl: update to wolfssl version 3.8.0
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 48616
2016-02-01 22:38:28 +00:00
Hauke Mehrtens 52df3181c1 cyassl: update to wolfSSL version 3.7.0
This version and version 3.6.8 are fixing the following security problems:
* CVE-2015-7744
* CVE-2015-6925

The activation of SSLv3 support is needed for curl.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 47791
2015-12-05 15:45:31 +00:00
Hauke Mehrtens 252bcd379a cyassl: the upstream package in version 4.6.0 changed
Update the md5sum to the new version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 46551
2015-08-03 20:34:28 +00:00
Hauke Mehrtens 69a2459c66 cyassl: update to wolfssl 3.6.0
Upstream wolfssl already has better checks to detect broken ssl v2
ClientHellos, we can remove our hack.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 46168
2015-07-03 23:20:36 +00:00
Hauke Mehrtens 9177e16098 cyassl: version bump to 3.4.6
This patch introduces a new build error into coova-chilli, but
coova-chilli already fails to build even without it anyway. CyaSSL is
now called wolfSSL, and all the API's have been renamed, and
backward-compatibility headers added.

Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 46167
2015-07-03 23:20:01 +00:00
John Crispin 426d3abe8f cyassl: add --enable-ecc as its needed when using the CA certificates
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45217
2015-04-01 13:00:45 +00:00
John Crispin b233fdcfa2 cyassl: add support for SSL_set_tlsext_host_name
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45215
2015-04-01 10:42:28 +00:00
Steven Barth 21bf45edd2 cyassl: bump to 3.3.0
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43728
2014-12-16 09:16:00 +00:00
John Crispin 74a3a77bcd license info - revert r43155
turns out that r43155 adds duplicate info.

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 43167
2014-11-03 09:56:44 +00:00
John Crispin c10d97484a Add more license tags with SPDX identifiers
Note, that licensing stuff is a nightmare: many packages does not clearly
state their licenses, and often multiple source files are simply copied
together - each with different licensing information in the file headers.

I tried hard to ensure, that the license information extracted into the OpenWRT's
makefiles fit the "spirit" of the packages, e.g. such small packages which
come without a dedicated source archive "inherites" the OpenWRT's own license
in my opinion.

However, I can not garantee that I always picked the correct information
and/or did not miss license information.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>

SVN-Revision: 43155
2014-11-03 08:01:08 +00:00
Steven Barth bec9d38fa4 Add a few SPDX tags
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43151
2014-11-02 12:20:54 +00:00
Hauke Mehrtens c8bc803189 cyassl: update to version 3.2.0
This fixes a security problem:
Security fix for RSA Padding check vulnerability

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 42526
2014-09-13 20:56:55 +00:00
Steven Barth 415284ca1c cyassl: update to 3.1.0
SVN-Revision: 42063
2014-08-08 05:25:52 +00:00
Hauke Mehrtens 9be00fc256 cyassl: update to version 3.0.0
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 40621
2014-05-01 14:04:15 +00:00
Imre Kaloz 72f00c8de4 change fixup method and fix CFLAGS handling
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>

SVN-Revision: 39151
2013-12-20 20:25:44 +00:00
Jo-Philipp Wich 5e8abac86f cyassl: upgrade to v2.8.0
Un-reverts the previous update commit and forward-ports the patch
to improve legacy SSLv2 handshake handling.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 38609
2013-10-30 13:19:48 +00:00
Jo-Philipp Wich 8e2106488a Revert "[cyassl]: upgrade to 2.8.0"
Reverts the CyaSSL version bump for now since the update completely broke
trunk building due to incompatible changes in the IO callback API which in
turn breaks the core ustream-ssl package.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 38576
2013-10-29 09:53:48 +00:00
Imre Kaloz 688ac024ac upgrade to 2.8.0
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>

SVN-Revision: 38558
2013-10-28 14:34:59 +00:00
Jo-Philipp Wich 6945d722e6 cyassl: add a patch to better check legacy SSLv2 client hello records
If junk data is received during SSL_accept(), cyassl will treat it as legacy SSLv2
record without performing further plausibility checks. Change the legacy code path
to return UNKNOWN_HANDSHAKE_TYPE if the value of the third byte isn't 0x01 the
hello message type.

SVN-Revision: 33675
2012-10-09 16:41:36 +00:00
Felix Fietkau 48db59fab7 move library packages to package/libs/
SVN-Revision: 33657
2012-10-08 11:24:12 +00:00