Skip to content

Commit

Permalink
CC: cyassl: update to wolfssl version 3.8.0 to fix security problems
Browse files Browse the repository at this point in the history 
Backport of:
r46167: cyassl: version bump to 3.4.6
r46168: cyassl: update to wolfssl 3.6.0
r46551: cyassl: the upstream package in version 4.6.0 changed
r47791: cyassl: update to wolfSSL version 3.7.0
    This version and version 3.6.8 are fixing the following security problems:
    * CVE-2015-7744
    * CVE-2015-6925
r48616: cyassl: update to wolfssl version 3.8.0

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>


git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@48873 3c298f89-4303-0410-b956-a3cf2f4a3e73
  • Loading branch information
hauke committed Mar 1, 2016
1 parent 380df1a commit eaa864e
Show file tree
Hide file tree
Showing 5 changed files with 47 additions and 39 deletions.
27 changes: 19 additions & 8 deletions package/libs/cyassl/Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,13 +7,13 @@

include $(TOPDIR)/rules.mk

PKG_NAME:=cyassl
PKG_VERSION:=3.3.0
PKG_RELEASE:=2
PKG_NAME:=wolfssl
PKG_VERSION:=3.8.0
PKG_RELEASE:=1

PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).zip
PKG_SOURCE_URL:=http://www.yassl.com/
PKG_MD5SUM:=0303eb0f2f9065a1207d9104ab0eba7c
PKG_SOURCE_URL:=https://www.wolfssl.com/
PKG_MD5SUM:=a73d90c5439adea97a5002a73b46ddeb

PKG_FIXUP:=libtool
PKG_INSTALL:=1
Expand All @@ -27,7 +27,7 @@ define Package/libcyassl
SUBMENU:=SSL
CATEGORY:=Libraries
TITLE:=CyaSSL library
URL:=http://www.yassl.com/
URL:=http://www.wolfssl.com/
endef

define Package/libcyassl/description
Expand All @@ -43,19 +43,30 @@ CONFIGURE_ARGS += \
--enable-opensslextra \
--enable-sni \
--enable-ecc \
--enable-sslv3 \
--disable-examples

ifneq ($(CONFIG_TARGET_x86),)
CONFIGURE_ARGS += --enable-intelasm
endif
ifneq ($(CONFIG_TARGET_x86_64),)
CONFIGURE_ARGS += --enable-intelasm
endif

define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include
$(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/

$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libcyassl.{so*,la} $(1)/usr/lib/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libwolfssl.{so*,la} $(1)/usr/lib/
ln -s libwolfssl.so $(1)/usr/lib/libcyassl.so
ln -s libwolfssl.la $(1)/usr/lib/libcyassl.la
endef

define Package/libcyassl/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libcyassl.so* $(1)/usr/lib/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libwolfssl.so* $(1)/usr/lib/
ln -s libwolfssl.so $(1)/usr/lib/libcyassl.so
endef

$(eval $(call BuildPackage,libcyassl))
11 changes: 0 additions & 11 deletions package/libs/cyassl/patches/100-respect_cflags.patch
View file

This file was deleted.

13 changes: 0 additions & 13 deletions package/libs/cyassl/patches/200-SSL_accept-handle-hello-garbage.patch
View file

This file was deleted.

23 changes: 16 additions & 7 deletions package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,19 @@
--- a/cyassl/openssl/ssl.h
+++ b/cyassl/openssl/ssl.h
@@ -372,6 +373,7 @@
#define SSL_CTX_get_ex_new_index CyaSSL_CTX_get_ex_new_index
--- a/wolfssl/openssl/ssl.h
+++ b/wolfssl/openssl/ssl.h
@@ -401,6 +401,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STOR
/* yassl had set the default to be 500 */
#define SSL_get_default_timeout(ctx) 500

+#define SSL_set_tlsext_host_name(x, y) wolfSSL_UseSNI(x, WOLFSSL_SNI_HOST_NAME, y, strlen(y))
+
/* Lighthttp compatability */

+#define SSL_set_tlsext_host_name(x, y) CyaSSL_UseSNI(x, CYASSL_SNI_HOST_NAME, y, strlen(y))
#ifdef HAVE_LIGHTY
@@ -487,7 +489,6 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_
#define SSL_TLSEXT_ERR_NOACK alert_warning
#define TLSEXT_NAMETYPE_host_name WOLFSSL_SNI_HOST_NAME

#ifdef __cplusplus
} /* extern "C" */
-#define SSL_set_tlsext_host_name wolfSSL_set_tlsext_host_name
#define SSL_get_servername wolfSSL_get_servername
#define SSL_set_SSL_CTX wolfSSL_set_SSL_CTX
#define SSL_CTX_get_verify_callback wolfSSL_CTX_get_verify_callback
12 changes: 12 additions & 0 deletions package/libs/cyassl/patches/400-additional_compatibility.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
--- a/cyassl/openssl/ssl.h
+++ b/cyassl/openssl/ssl.h
@@ -27,6 +27,9 @@
#define CYASSL_OPENSSL_H_

#include <cyassl/ssl.h>
+#ifndef HAVE_SNI
+#undef CYASSL_SNI_HOST_NAME
+#endif
#include <wolfssl/openssl/ssl.h>

#endif

0 comments on commit eaa864e

Please sign in to comment.