This series starts with an update to version 3.15.7, which includes a security fix, and should be cherry-picked to 19.07. I'm not cherry-picking it to 18.06 because it changes ABI, and it would cause package breakage because 18.06 is not ABI version-aware.
I've increased the FP_MAX_BITS parameter to 8192, to allow usage of 4096-bit RSA keys. Otherwise it would fail to verify many CA certificates that use 4096-bit keys, including Microsoft's. Update master to 4.0.0. This version adds support to TLS 1.3, hardware acceleration using /dev/crypto and AF_ALG. The features were added in 3.15.7, but only enabled here in 4.0.0. Many of the current build options were not effective, they were always built into the library because of an unconditional --enable-stunnel parameter to configure, so they can be removed. Since hostapd selected some of these options, they are being removed there as well. The hostapd change includes the removal of the selection of the library itself, allowing libwolfssl to be built as a module when hostapd depends on it, and is built as a module. I've ensured dependent packages are successfully built with this version, opening a couple of PRs in the packages feed. They had been broken for a while now, which makes me wonder how many people are actually using wolfssl today. Nonetheless, a TLS library supporting hw crypto acceleration and TLS 1.3 under 300KB seems interesting. The library was run-tested on WRT-3200ACM using uhttpd, uclient-fetch, and curl with different build options, turning them on one by one cumulatively. The size varied from 227K with all options off, to 312K with all options on, and defaults to 297K. Enabling hardware acelleration and AES-CCM at the same time results in a build failure, which dents my confidence. Nonetheless, uhttpd connects without a problem, and I can confirm /dev/crypto or AF_ALG sockets open. The package currently lacks a maintainer, so I've added myself. -- Changelog: v1->v2: * Increased FP_MAX_BITS to allow 4096-bit RSA keys. * Update master to 4.0.0 Eneas U de Queiroz (3): wolfssl: update to 3.15.7, fix Makefile wolfssl: update to 4.0.0-stable hostapd: adjust removed wolfssl options package/libs/wolfssl/Config.in | 51 ++++--- package/libs/wolfssl/Makefile | 124 +++++------------- .../patches/100-disable-hardening-check.patch | 4 +- .../101-AR-flags-configure-update.patch | 23 ---- .../900-remove-broken-autoconf-macros.patch | 2 +- package/network/services/hostapd/Config.in | 4 - 6 files changed, 70 insertions(+), 138 deletions(-) delete mode 100644 package/libs/wolfssl/patches/101-AR-flags-configure-update.patch _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel