Commit Graph

44 Commits (6e2e5d1bf8d551f78d4397720433c86109d9b370)

Author SHA1 Message Date
Jo-Philipp Wich 9d401013fc ustream-ssl: backport fix for CVE-2019-5101, CVE-2019-5102
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit c5d5cdb759)
2019-11-05 15:12:18 +01:00
Eneas U de Queiroz cc6da6fa1a ustream-ssl: update to latest git HEAD
23a3f28 openssl, wolfssl: match mbedTLS ciphersuite list
450ada0 ustream-ssl: Revised security on mbedtls
34b0b80 ustream-ssl: add openssl-1.1.0 compatibility

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
(backported from 33fd1d0d91)
2018-12-18 11:01:55 +01:00
Daniel Golle 5435e8023e ustream-ssl: fix build against wolfSSL
commit 39a6ce205d (ustream-ssl: Enable ECDHE with OpenSSL.) broke
build against wolfSSL because wolfSSL doesn't (yet) support
SSL_CTX_set_ecdh_auto() of the OpenSSL API.

Fix this in ustream-ssl:

 189cd38b41 don't use SSL_CTX_set_ecdh_auto with wolfSSL

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(backported from 4f442f5f38)
2018-12-18 08:13:22 +01:00
Hauke Mehrtens 1e4b5c8b1f ustream-ssl: update to version 2018-05-22
5322f9d mbedtls: Fix setting allowed cipher suites
e8a1469 mbedtls: Add support for a session cache

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-08 22:51:41 +02:00
Hauke Mehrtens ea22e3df3e mbedtls: Update to 2.12.0
Multiple security fixes
* CVE-2018-0497 Remote plaintext recovery on use of CBC based ciphersuites through a timing side-channel
* CVE-2018-0498 Plaintext recovery on use of CBC based ciphersuites through a cache based side-channel

Disable OFB block mode and XTS block cipher mode, added in 2.11.0.
Disable Chacha20 and Poly1305 cryptographic primitives, added in 2.12.0
Patch the so version back to the original one, the API changes are
looking no so invasive.

The size of mbedtls increased a little bit:
ipkg for mips_24kc before:
163.967 Bytes
ipkg for mips_24kc after:
164.753 Bytes

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-08 22:49:59 +02:00
John Crispin 52ba5760b7 ustream-ssl: update to latest git HEAD
527e700 ustream-ssl: Remove RC4 from ciphersuite in server mode.
39a6ce2 ustream-ssl: Enable ECDHE with OpenSSL.
45ac930 remove polarssl support

Signed-off-by: John Crispin <john@phrozen.org>
2018-05-01 11:12:15 +02:00
Hauke Mehrtens 7b758f7f4f ustream-ssl: px5g: Rebuild package
mbedtls changed in version 2.7.0 the soversion of the libmbedcrypto.so
library, all applications using this shared library have to be
recompiled to be able to load the new library.

Some binaries got rebuild to for the 2.7.0 release and are now using
libmbedcrypto.so.1, the older ones are still using libmbedcrypto.so.0.

Fixes: 75c5ab4ca ("mbedtls: update to version 2.7.0")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-04-18 23:57:25 +02:00
Jo-Philipp Wich fe920d01bb treewide: replace LEDE_GIT with PROJECT_GIT
Remove LEDE_GIT references in favor to the new name-agnostic
PROJECT_GIT variable.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-10 21:27:32 +01:00
Alexandru Ardelean d03c23c8d4 cyassl,curl,libustream-ssl: rename every `cyassl` to `wolfssl`
This is to eliminate any ambiguity about the cyassl/wolfssl lib.

The rename happened some time ago (~3+ years).
As time goes by, people will start to forget cyassl and
start to get confused about the wolfSSL vs cyassl thing.

It's a good idea to keep up with the times (moving forward).

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-09-17 00:00:12 +02:00
Felix Fietkau 3e7b894ac0 ustream-ssl: remove legacy polarssl support
The old polarssl 1.3 branch is EOL since end of 2016, and the package
for it will be removed soon.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-09 14:35:09 +01:00
Hannu Nyman b7677f05d6 ustream-ssl: remove extra DEFAULT_VARIANT from libustream-polarssl
Currently both libustream-polarssl and libustream-mbedtls
variants define themselves as the DEFAULT_VARIANT

Remove extra DEFAULT_VARIANT from libustream-polarssl.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2016-12-30 17:38:39 +01:00
Felix Fietkau c7c1cf5618 treewide: clean up and unify PKG_VERSION for git based downloads
Also use default defintions for PKG_SOURCE_SUBDIR, PKG_SOURCE

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-22 16:42:21 +01:00
Felix Fietkau 720b99215d treewide: clean up download hashes
Replace *MD5SUM with *HASH, replace MD5 hashes with SHA256

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-16 22:39:22 +01:00
Daniel Engberg 9edfe7dd13 source: Switch to xz for packages and tools where possible
* Change git packages to xz
* Update mirror checksums in packages where they are used
* Change a few source tarballs to xz if available upstream
* Remove unused lines in packages we're touching, requested by jow- and blogic
* We're relying more on xz-utils so add official mirror as primary source, master site as secondary.
* Add SHA256 checksums to multiple git tarball packages

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2016-10-06 12:16:56 +02:00
Felix Fietkau 71753a8286 Revert "ustream-ssl: Fix recursive dependency"
This reverts commit abf0768131.
The description is wrong, there is no recursive dependency here. The
conditions were added intentionally to avoid bogus build dependencies.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-04 16:47:56 +02:00
Daniel Dickinson abf0768131 ustream-ssl: Fix recursive dependency
Two variants incorrectly include themselves in
conditional depends on ssl libraries, which results
in a recursive dependency.

Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
2016-07-04 10:51:41 +02:00
John Crispin 1e9c066595 ustream-ssl: update to latest git HEAD
Signed-off-by: John Crispin <john@phrozen.org>
2016-07-02 10:16:17 +02:00
John Crispin 62dc9831d3 package/*: update git urls for project repos
Signed-off-by: John Crispin <john@phrozen.org>
2016-06-13 22:51:41 +02:00
Felix Fietkau d84bf324ba ustream-ssl: update to the latest version, adds cyassl/wolfssl fixes
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-07 09:22:11 +02:00
Felix Fietkau 7eeb254cc4 treewide: replace nbd@openwrt.org with nbd@nbd.name
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-07 08:58:42 +02:00
Felix Fietkau b77a72ce0c ustream-ssl: update to the latest version, fixes openssl TLS version selection
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48752
2016-02-22 08:54:46 +00:00
Felix Fietkau 487efe2508 ustream-ssl: update to the latest version, fixes hostname validation with openssl
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48503
2016-01-26 00:10:19 +00:00
Felix Fietkau 87456ff286 ustream-ssl: update to the latest version, fixes handling SSL connection close notification
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48462
2016-01-23 18:53:12 +00:00
Felix Fietkau 54baefc480 ustream-ssl: update to the latest version, fixes connection with servers requiring DHE
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48380
2016-01-19 22:41:36 +00:00
Felix Fietkau b075688953 ustream-ssl: fix copy&paste mistake in mbedtls variant title
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48258
2016-01-16 09:14:03 +00:00
Felix Fietkau d9494cdf6d ustream-ssl: update to the latest version, adds mbedtls variant
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48256
2016-01-16 00:20:01 +00:00
Felix Fietkau 04d7cf87e3 ustream-ssl: move to git.openwrt.org
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48126
2016-01-04 15:12:53 +00:00
Jo-Philipp Wich 645635801d ustream-ssl: fix compilation against current PolarSSL/mbedTLS version
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 45934
2015-06-09 16:52:12 +00:00
Felix Fietkau af9672cfde ustream-ssl: correct year in PKG_VERSION string
ustream-ssl: correct the year in the PKG_VERSION string, as both r45157 and
r45441 left the old year 2014 there. For a casual user it may seem that the
current code is from April 2014, although
a4ca61527236e89eb9efb782fd9bfd04796144e3 is from April 2015.

http://nbd.name/gitweb.cgi?p=ustream-ssl.git;a=commit;h=a4ca61527236e89eb9efb782fd9bfd04796144e3
https://dev.openwrt.org/changeset/45441/
https://dev.openwrt.org/changeset/45157/

signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>

SVN-Revision: 45623
2015-05-08 10:43:48 +00:00
John Crispin da2742db3b ustream-ssl: update to latest git HEAD
fixes long writes when using polarssl

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45441
2015-04-14 19:01:24 +00:00
Nicolas Thill b8dccba8f2 ustream-ssl: fix SNI when building against cyassl
Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 45224
2015-04-01 15:11:38 +00:00
John Crispin 97b3237307 ustream-ssl: enable SNI when building for cyassl
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45216
2015-04-01 10:42:33 +00:00
John Crispin 67bf89324d ustream-ssl: properly handle return codes
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45157
2015-03-30 13:17:27 +00:00
Felix Fietkau 0b148a331b ustream-ssl: select polarssl as default variant, skip openssl/cyassl dependencies if unused
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42655
2014-09-23 10:41:24 +00:00
Felix Fietkau e7de56916a ustream-ssl: update to latest version, adds certificate validation support
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 40017
2014-03-25 15:06:24 +00:00
Felix Fietkau 8a17353e75 ustream-ssl: update to the latest version, fixes cyassl build
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 40004
2014-03-21 23:39:47 +00:00
Felix Fietkau 2b64517dff ustream-ssl: update to latest version, fixes writes before ssl handshake completion
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39985
2014-03-21 15:54:26 +00:00
Felix Fietkau 6ae77556dc ustream-ssl: add support for polarssl 1.3
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39929
2014-03-14 15:05:42 +00:00
Felix Fietkau fdfc296aaf ustream-ssl: update to the latest version, adds support for the current cyassl version (#14386)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38608
2013-10-30 12:56:47 +00:00
Felix Fietkau 8ba022ab48 ustream-ssl: update to latest version, add a package for the polarssl build variant
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 37528
2013-07-24 16:59:51 +00:00
Felix Fietkau 33b35a7b53 ustream-ssl: update to latest version, fixes uhttpd infinite loop issues
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 36955
2013-06-18 10:52:33 +00:00
Felix Fietkau 7b845ca9c7 ustream-ssl: remove dependency conditional part to avoid build breakage when no variant is selected
SVN-Revision: 35294
2013-01-22 14:52:52 +00:00
Felix Fietkau aca0690ce5 ustream-ssl: update to latest version, fixes handling large chunks of data (fixes #12866)
SVN-Revision: 35293
2013-01-22 14:29:01 +00:00
Felix Fietkau cec8ed1882 add ustream-ssl, an ustream abstraction library for SSL stream sockets
SVN-Revision: 35131
2013-01-13 15:57:05 +00:00