supported by
the engine and the system.
- Build the devcrypto engine as a dynamic module, like other engines.
The devcrypto engine is built as a separate package by default, but
options were added to allow building the engines into the main library.
Signed-off-by: Eneas U de Queiroz
diff --git
from https://github.com/openssl/openssl/pull/8213
that fixes an error where open /dev/crypto sessions were not closed.
Thanks to Ansuel Smith for reporting it.
Signed-off-by: Eneas U de Queiroz
diff --git
a/package/libs/openssl/patches/300-eng_devcrypto-close-open-session-on-init.patch
b/package/li
ithub.com/openssl/openssl/pull/8213.
Signed-off-by: Eneas U de Queiroz
Eneas U de Queiroz (2):
openssl: patch to fix devcrypto sessions leak
openssl: backport devcrypto changes from master
package/libs/openssl/Config.in| 35 +-
package/libs/openssl/Makefile |
oup within expression allowed only inside a function
static uint32_t ipv4_rtr_alert = cpu_to_be32(0x9404);
^
Patch was submitted upstream at https://github.com/sbyx/omcproxy/pull/2
Eneas U de Queiroz (1):
omcproxy: fix compilation on little-endian CPUs
packa
be32 outside of a function.
Signed-off-by: Eneas U de Queiroz
diff --git a/package/network/services/omcproxy/Makefile
b/package/network/services/omcproxy/Makefile
index 28de833a1c..e121fa0b23 100644
--- a/package/network/services/omcproxy/Makefile
+++ b/package/network/services/omcproxy/Makefi
ly a build dependency for /dev/crypto support in openssl.
Since it is a kernel module, it belongs here anyway.
- Removed Nikos Mavrogiannopoulos as maintainer.
- Streamlined make flags
Signed-off-by: Eneas U de Queiroz
diff --git a/package/kernel/cryptodev-linux/Makefile
b/package/kernel/cryptodev-linu
ly a build dependency for /dev/crypto support in openssl.
Since it is a kernel module, it belongs here anyway.
Acked-by: Ansuel Smith
Signed-off-by: Eneas U de Queiroz
diff --git a/package/kernel/cryptodev-linux/Makefile
b/package/kernel/cryptodev-linux/Makefile
new file mode 100644
index 00..
o packages needing changes before we can merge
https://github.com/openwrt/openwrt/pull/965 (openssl: Upgrade to 1.1.0h)
ustream-ssl here, and openssh in the packages feed.
Eneas U de Queiroz (1):
ustream-ssl: update to latest git HEAD
package/libs/ustream-ssl/Makefile | 8
1 file changed, 4
ssl: match mbedTLS ciphersuite list
450ada0 ustream-ssl: Revised security on mbedtls
34b0b80 ustream-ssl: add openssl-1.1.0 compatibility
Signed-off-by: Eneas U de Queiroz
diff --git a/package/libs/ustream-ssl/Makefile
b/package/libs/ustream-ssl/Makefile
index 9bb093d734..2ea5bf0bd5 100644
---
dded
chips).
Signed-off-by: Eneas U de Queiroz
diff --git a/ustream-mbedtls.c b/ustream-mbedtls.c
index 347c600..b7d7629 100644
--- a/ustream-mbedtls.c
+++ b/ustream-mbedtls.c
@@ -94,7 +94,9 @@ static int _urandom(void *ctx, unsigned char *out, size_t len)
static const int default_ciphersui
y1305 6873.30k 10734.22k 12217.75k 12613.07k 12769.39k
12665.00k
aes-128-gcm3759.88k 4280.96k 4415.66k4437.79k 4456.12k
4436.88k
aes-256-gcm3408.83k 3738.10k 3838.52k3841.90k 3864.31k
3882.17k
chach20-poly1305 is almost 3 times faster than AES128
lied patch that fixes 'PATH_MAX' and 'NAME_MAX'
undeclared when compiling on musl with CONFIG_PCAP_HAS_USB.
[aafa351] pcap-usb-linux.c: add missing limits.h for musl systems.
Signed-off-by: Eneas U de Queiroz
diff --git
a/package/libs/libpcap/patches/205-pcap-usb-linux.c
'NAME_MAX' undeclared (first use in
this function); did you mean 'AF_MAX'?
char buf[sizeof("/dev/bus/usb/000/") + NAME_MAX];
^~~~
AF_MAX
make[3]: *** [Makefile:95: pcap-usb-linux.
that fixes compilation errors: 'PATH_MAX' and 'NAME_MAX'
undeclared with musl.
Signed-off-by: Eneas U de Queiroz
---
...205-pcap-usb-linux.c-add-missing-limits.h.patch | 22 ++
1 file changed, 22 insertions(+)
create mode 100644
package/libs/libpcap/patches/20
e added in mbedtls v2.12.0, our current version.
Signed-off-by: Eneas U de Queiroz
diff --git a/ustream-mbedtls.c b/ustream-mbedtls.c
index 347c600..b7d7629 100644
--- a/ustream-mbedtls.c
+++ b/ustream-mbedtls.c
@@ -94,7 +94,9 @@ static int _urandom(void *ctx, unsigned char *out, size_t len)
st
build time significantly.
Signed-off-by: Eneas U de Queiroz
diff --git
a/package/libs/libevent2/patches/0002-Makefile.am-omit-building-sample-and-test.patch
b/package/libs/libevent2/patches/0002-Makefile.am-omit-building-sample-and-test.patch
new file mode 100644
index 00..506137d555
--- /dev/n
build time significantly (times are for brcm47xx):
time: package/libs/libevent2/compile#38.00#2.68#47.53
time: package/libs/libevent2/compile#21.46#1.76#28.24
I left PKG_REVISION unchanged since this does not alter any package
files.
Eneas U de Queiroz (1):
libevent2: Don't build tests and sam
te list as mbedTLS.
wolfssl was not honoring setting the minimum protocol with
SSL_CTX_set_options, so we must use TLSv1_2_server_method.
Signed-off-by: Eneas U de Queiroz
---
ustream-openssl.c | 60 +--
1 file changed, 54 insertions(+), 6
her that
is not available).
Note that the wolfssl does not understand some of openssl chiper list
directives that were previously used , such as !RC4 to remove RC4 suites,
or @STRENGTH, to order them by strength.
Eneas U de Queiroz (1):
openssl, wolfssl: match mbedTLS ciphersuite list
ustream
port is selected.
Add building with TLS v1.0 support as an option.
Signed-off-by: Eneas U de Queiroz
PS: Is there any reason to split up chacha and poly1305 options?
I would merge them in to a single option, but haven't done this here.
---
package/libs/wolfssl/Config.in | 17 ++
ecurity options, and made them more uniform across the
ssl libraries.
- use only TLS 1.2 in server mode
- changed the ciphersuite ordering
Signed-off-by: Eneas U de Queiroz
---
ustream-mbedtls.c | 49 +++--
1 file changed, 23 insertions(+), 26 del
m-ssl with openssl-1.1.0, maintaining
compatibility with openssl 1.0.2.
Fixed flag handling in ustream-io-openssl.c.
Signed-off-by: Eneas U de Queiroz
---
openssl_bio_compat.h | 33 +
ustream-io-openssl.c | 46 ++---
ecurity options, and made them more uniform across the
ssl libraries.
- disabled TLS compression, because of CRIME attack
- enabled server-side ordering of cipher suites
- use only TLS 1.2 in server mode for wolfssl
- changed the ciphersuite ordering
Signed-off-by: Eneas U de Queiroz
---
ustream
d an A- with wolfssl--the minus is
due to lack of secure renegotiation. There's an option to enable it, but
wolfssl does not recommend using it.I've made some changes to the
security options used in the library, and made them more uniform across
all supported libraries (mbedtls, wolfssl, op
itten the patch, removing deprecated API.
It is much cleaner now; ustream-io-openssl.c has no #if's, and they're
minimized in ustream-openssl.c.
Signed-off-by: Eneas U de Queiroz
---
openssl_bio_compat.h | 34 ++
or changes to the API, so many packages will need
adjustments or version bumps.
Separated the individual engines in place of the generic "hardware
support" option.
Signed-off-by: Eneas U de Queiroz
---
package/libs/openssl/Config.in | 45 ++---
package/l
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.--- Begin Message ---
Signed-off-by: Eneas U
itten the patch, removing deprecated API.
It is much cleaner now; ustream-io-openssl.c has no #if's, and they're
minimized in ustream-openssl.c.
Signed-off-by: Eneas U de Queiroz
---
openssl_bio_compat.h | 34 ++
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.--- Begin Message ---
I've updated the patches. Here ar
f @kroeckx patch that was merged in
libevent release-2.1.7-rc. Also skip building samples and tests.
Signed-off-by: Eneas U de Queiroz
---
package/libs/libevent2/Makefile| 2 +-
.../0001-Make-it-build-using-OpenSSL-1.1.0.patch | 202 +
...Makefile.am-omi
m-ssl with openssl-1.1.0.
Signed-off-by: Eneas U de Queiroz
---
ustream-io-openssl.c | 37 +
ustream-openssl.c| 12 +++-
2 files changed, 48 insertions(+), 1 deletion(-)
diff --git a/ustream-io-openssl.c b/ustream-io-openssl.c
index 6711055..73a2
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.--- Begin Message ---
Signed-off-by: Eneas U
or changes to the API, so many packages will need
adjustments or version bumps.
Signed-off-by: Eneas U de Queiroz
---
package/libs/openssl/Config.in | 10 --
package/libs/openssl/Makefile | 51 ++
.../libs/openssl/patches/110-openwrt_targets.p
f @kroeckx patch that was merged in
libevent release-2.1.7-rc.
Signed-off-by: Eneas U de Queiroz
---
.../0001-Make-it-build-using-OpenSSL-1.1.0.patch | 202 +
1 file changed, 202 insertions(+)
create mode 100644
package/libs/libevent2/patches/0001-Make-it-build-using-Ope
f @kroeckx patch that was merged in
libevent release-2.1.7-rc.
Signed-off-by: Eneas U de Queiroz
---
.../0001-Make-it-build-using-OpenSSL-1.1.0.patch | 202 +
1 file changed, 202 insertions(+)
create mode 100644
package/libs/libevent2/patches/0001-Make-it-build-using-Ope
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.--- Begin Message ---
Since upgrading to 2.1.8 is a no-g
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.--- Begin Message ---
Signed-off-by: Eneas U
tible with openssl-1.1.0.
Signed-off-by: Eneas U de Queiroz
---
package/libs/libevent2/Makefile | 35 ---
1 file changed, 20 insertions(+), 15 deletions(-)
diff --git a/package/libs/libevent2/Makefile b/package/libs/libevent2/Makefile
index 5d56f37c51..12295f657c 10
or changes to the API, so many packages will need
adjustments or version bumps.
Signed-off-by: Eneas U de Queiroz
---
package/libs/openssl/Config.in | 10 --
package/libs/openssl/Makefile | 51 ++
.../libs/openssl/patches/110-openwrt_targets.p
201 - 239 of 239 matches
Mail list logo