On Sun, Apr 23, 2023 at 6:56 PM e9hack wrote:
> in the past, it was possible to build packages, which are using crypto
> libraries like openssl, wolfssl or mbedtls, in parallel. One was build for
> the image, selected as , the others were build as module selected as .
>
> This doesn't work any
On Fri, Feb 3, 2023 at 5:02 PM Paul Spooren wrote:
>
> Hey all,
>
> We’re still using OpenSSL 1.1.x within OpenWrt and during the last developer
> meeting we were wondering if anyone is working on porting it over to v3.x? If
> so please share your status, thanks!
It's been on my to-do list for
On aarch64, libwolfsslcpu-crypto preinst script needs base-files to get
the target architecture to check for CPU crypto support during offline
instalation.
While at it, fix indentation in Makefile.
Signed-off-by: Eneas U de Queiroz
---
package/libs/wolfssl/Makefile | 4 ++--
1 file changed, 2
e stripped of ABI matches one in the cli: score += 2
=== DEVELOPER CRITERIA
- package whose full name matches the dependency name: score += 1
- in case of a tie, the last package that was looked at is chosen
Signed-off-by: Eneas U de Queiroz
---
libopkg/pkg_hash.c | 24 +-
be chosen, which is not ideal.
Since packages in the command line are going to be installed anyway,
they should have a higher priority over new ones.
Signed-off-by: Eneas U de Queiroz
---
libopkg/pkg_hash.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git opkglibopkg/pkg_hash.c
rio
where this would be useful.
This was tested with the Image Builder, and by running opkg from command
line on Linksys E8450 (mediatek/mt7622, aarch64_cortex-a53).
Signed-off-by: Eneas U de Queiroz
Eneas U de Queiroz (3):
libopkg: pkg_hash: restore picked by hand priority
libopkg: pkg_hash:
, and only then go through the score
system. Add a logging message to show the reason.
Signed-off-by: Eneas U de Queiroz
---
libopkg/pkg_hash.c | 11 ---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git opkglibopkg/pkg_hash.c b/libopkg/pkg_hash.c
index 11b1a06..482efb8 100644
--- o
d.
Signed-off-by: Dirk Mueller
Signed-off-by: David Gibson
[robh: cherry-pick from upstream]
Cc: sta...@vger.kernel.org
Signed-off-by: Rob Herring
[Cherry-picked from linux e33a814e772cdc36436c8c188d8c42d019fda639]
Signed-off-by: Eneas U de Queiroz
---
I'm not sure I got the subject
list is generated by an init script which is set to run after
'log' because it informs the engines being enabled or skipped. It
should run before any service using OpenSSL as the crypto library,
otherwise the service will not use any engine.
Signed-off-by: Eneas U de Queiroz
---
package/libs
with --zero-commit.
Signed-off-by: Eneas U de Queiroz
---
package/libs/openssl/Makefile | 28 +++--
package/libs/openssl/files/afalg.cnf | 3 +
package/libs/openssl/files/devcrypto.cnf | 31 ++
package/libs/openssl/files/engines.cnf| 7 ++
package/libs
engines as well.
Signed-off-by: Eneas U de Queiroz
---
package/libs/openssl/Makefile | 58 +
package/libs/openssl/engine.mk| 82 +++
package/libs/openssl/files/engines.cnf| 12 +--
.../150-openssl.cnf-add-engines-conf.patch| 2
ver from previous development versions
v2->v3:
- actually removed the extra files that I had promised in v2
v3->v4:
- rebased onto current head
- removed non-applicable options from original afalg engine conf file
Eneas U de Queiroz (3):
openssl: config engines in /etc/ssl/engines.cnf
umption issue (fixed in 5.1.0)
> * Potential for DoS attack on a wolfSSL client CVE-2021-44718 (fixed in
> 5.1.0)
> * Non-random IV values in certain situations CVE-2022-23408 (fixed in 5.1.1)
>
> Cc: Hauke Mehrtens
> Cc: Eneas U de Queiroz
> Signed-off-by: Petr
Hi David
Thanks for looking into this.
On Fri, Feb 18, 2022 at 3:15 PM David Bauer wrote:
> Just so i get this right - This means the same configuration is
> incompatible between firmware containing this commit and firmware that
> does not? In this case i would not pick it it 21.02.
TLDR: For
I have sent this a while ago. Can anyone review this (Felix, as the
author of r0kh/r1kh generator?).
On Fri, Jan 7, 2022 at 5:19 PM Eneas U de Queiroz wrote:
>
> The 80211r r0kh and r1kh defaults are generated from the md5sum of
> "$mobility_domain/$auth_secret". auth_secr
On Mon, Feb 14, 2022 at 10:16 PM Luiz Angelo Daros de Luca
wrote:
> Sure. And I do have interest in getting it fixed.
I've done most of the work here:
https://github.com/cotequeiroz/openwrt/tree/wolfssl-4.7.0-backport
However, I got stuck with this issue, about MitM attack when the
client-side
suecomment-934926793
Signed-off-by: Andre Heider
[bump PKG_RELEASE]
Signed-off-by: David Bauer
(cherry picked from commit 28d8e6a8711ba78f1684a205e11b0dbd4ff2b2f3)
[adjust to v4.7.0 Makefile]
Signed-off-by: Eneas U de Queiroz
---
package/libs/wolfssl/Makefile | 8 ++--
1 file changed, 6 insert
In the case that the serial number in the OCSP request differs from the
serial number in the OCSP response the error from the comparison was not
resulting in a failed verification.
Signed-off-by: Eneas U de Queiroz
---
package/libs/wolfssl/Makefile | 2 +-
.../patches/200-Fix
OCSP verification issue when response is for a certificate with no
relation to the chain in question BUT that response contains the NoCheck
extension which effectively disables ALL verification of that one cert.
Signed-off-by: Eneas U de Queiroz
---
package/libs/wolfssl/Makefile
ecide what to do next.
Cheers,
Eneas
---
v2:
- Apply two security patches instead of bumping to 4.8.1
- Added patch to build with alternate certificate validation
[1] https://www.wolfssl.com/docs/security-vulnerabilities/
Andre Heider (1):
wolfssl: build with WOLFSSL_ALT_CERT_CHAINS
Eneas U
This is a bugfix release. Changelog:
*) Avoid loading of a dynamic engine twice.
*) Fixed building on Debian with kfreebsd kernels
*) Prioritise DANE TLSA issuer certs over peer certs
*) Fixed random API for MacOS prior to 10.12
Patches were refreshed.
Signed-off-by: Eneas U de Queiroz
Can someone please take a look at this.
The patch is rather trivial. The affected function,
handle_wolfssl_asn_error is static, and its only caller is passing the
return value of SSL_get_error(), from libwolfssl; so there should be
no ordinary way to pass r=-159, which would be required to
puted from the SSID alone.
Fallback to using $key when auth_secret is empty. While at it, rename
the variable holding the generated key from 'key' to 'ft_key', to avoid
clobbering the PSK.
Signed-off-by: Eneas U de Queiroz
---
This should be cherry-picked to 21.02 as well.
package/networ
This is a bugfix release. Changelog:
*) Avoid loading of a dynamic engine twice.
*) Fixed building on Debian with kfreebsd kernels
*) Prioritise DANE TLSA issuer certs over peer certs
*) Fixed random API for MacOS prior to 10.12
Patches were refreshed.
Signed-off-by: Eneas U de Queiroz
This is a bugfix release. Changelog:
*) Avoid loading of a dynamic engine twice.
*) Fixed building on Debian with kfreebsd kernels
*) Prioritise DANE TLSA issuer certs over peer certs
*) Fixed random API for MacOS prior to 10.12
Patches were refreshed.
Signed-off-by: Eneas U de Queiroz
On Sun, Dec 12, 2021 at 12:11 PM Petr Štetiar wrote:
>
> I'm wondering if we can do such an upgrade as the binary compatibility report
> for
> wolfSSL 4.7.0 vs 4.8.0 looks quite scary to me. Would it be possible to just
> backport those patches which fixes those security related issues?
>
Most
On Thu, Nov 25, 2021 at 4:54 AM Florian Eckert wrote:
>
> Hello Eneas,
>
>
> I've been looking at this too and wanted to update.
> Since I wasn't there from the beginning, I don't know what all OpenWrt
> changes.
> Hence my suggestion:
> Can't we put the changes OpenWrt makes to the source code
been deprecated in favor of plain 'help'.
This has been menuconfig-tested with different targets for almost a
month without problems.
The changed I made to the upstream kconfig to this version can be seen
at https://github.com/cotequeiroz/linux/commits/openwrt-5.14/scripts/kconfig
Eneas U de
On Thu, Sep 9, 2021 at 5:49 AM Rui Salvaterra wrote:
>
> Tested on mt7621 (Redmi AC2100) and running stable for several months.
>
> Signed-off-by: Rui Salvaterra
> ---
Tested on rt3883: Asus RT-N56U
Tested-by: Eneas U de Queiroz
__
Correct ralink_i2s_debugfs_remove declaration in ralink patches when
CONFIG_DEBUG_FS is not selected.
Signed-off-by: Eneas U de Queiroz
---
Fixes the following error, when compiling without DEBUG_FS:
sound/soc/ralink/ralink-i2s.c:678:53: warning: 'struct fsl_ssi_dbg' declared
inside parameter
commit 7d92bb0509615550b98e2dc71091073c8258d564)
[Added patch to allow compilation with libtool 2.4]
Signed-off-by: Eneas U de Queiroz
---
package/libs/wolfssl/Makefile | 4 ++--
.../patches/100-disable-hardening-check.patch | 2 +-
.../patches/110-build-with-libtool-2.4
commit 7d92bb0509615550b98e2dc71091073c8258d564)
[Added patch to allow compilation with libtool 2.4]
Signed-off-by: Eneas U de Queiroz
---
package/libs/wolfssl/Makefile | 6 +++---
...m-change-asm-snippets-to-get-compiling.patch | 17 +
.../patches/100-disable
From: Stijn Tintel
Backport upstream patch to fix build with GCC 10 on 32 x86 targets.
Signed-off-by: Stijn Tintel
(cherry picked from commit 718a4f47806da8f68cb8f1fe2ebecf403e14ae96)
---
...change-asm-snippets-to-get-compiling.patch | 123 ++
1 file changed, 123 insertions(+)
I've added a trivial patch to allow compilation with libtool 2.4,
currently used in 21.02. I have not used a separate commit for that, to
not introduce a commit that does not build. Let me know if I should
rather split this.
I'm cherry-picking a commit to allow compilation with gcc 10, to keep
;}
-+ : ${SED="$STAGING_DIR/../host/bin/sed"}
-+else
-+ : ${EGREP="@EGREP@"}
-+ : ${FGREP="@FGREP@"}
-+ : ${GREP="@GREP@"}
-+ : ${SED="@SED@"}
-+fi
- : ${SHELL="${CONFIG_SHELL-/bin/sh}"}
- : ${Xsed="$SED -e 1s/^X//&quo
This version fixes two vulnerabilities:
- SM2 Decryption Buffer Overflow (CVE-2021-3711)
Severity: High
- Read buffer overruns processing ASN.1 strings (CVE-2021-3712)
Severity: Medium
Signed-off-by: Eneas U de Queiroz
---
package/libs/openssl/Makefile
'-Qunused-arguments'
Signed-off-by: Eneas U de Queiroz
Tested-by: Rosen Penev
(cherry picked from commit 2f75348923e564f1b73fbc32f7cabc355cd6e2b9)
---
Besides the fix for clang, I'm cherry-picking this to sync 21.02 and
19.07 Makefiles.
package/libs/openssl/Makefile | 5 ++---
1 file changed, 2
This version fixes two vulnerabilities:
- SM2 Decryption Buffer Overflow (CVE-2021-3711)
Severity: High
- Read buffer overruns processing ASN.1 strings (CVE-2021-3712)
Severity: Medium
Signed-off-by: Eneas U de Queiroz
---
package/libs/openssl/Makefile
This version fixes two vulnerabilities:
- SM2 Decryption Buffer Overflow (CVE-2021-3711)
Severity: High
- Read buffer overruns processing ASN.1 strings (CVE-2021-3712)
Severity: Medium
Signed-off-by: Eneas U de Queiroz
---
package/libs/openssl/Makefile
the download target to be remade,
check its hash first: if it matches, then the FORCE is not added.
Signed-off-by: Eneas U de Queiroz
---
include/download.mk | 17 +++--
include/host-build.mk | 2 +-
include/package.mk| 2 +-
3 files changed, 17 insertions(+), 4 deletions
Change the CONFLICTS definition from the alternative package
(ethtool-full) to the main one.
The CONFLICTS line creates a dependency to the conflicting package.
Right now, the dependency would be created in the PACKAGE_ethtool-full
symbol:
config PACKAGE_ethtool-full
depends on m ||
grep -F"}
-+ : ${GREP="$STAGING_DIR/../host/bin/grep"}
-+ : ${SED="$STAGING_DIR/../host/bin/sed"}
-+else
-+ : ${EGREP="@EGREP@"}
-+ : ${FGREP="@FGREP@"}
-+ : ${GREP="@GREP@"}
-+ : ${SED="@SED@"}
-+fi
- : ${SHELL
-by: Eneas U de Queiroz
---
package/libs/wolfssl/Makefile | 6 +++---
.../libs/wolfssl/patches/100-disable-hardening-check.patch | 2 +-
package/libs/wolfssl/patches/200-ecc-rng.patch | 4 ++--
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git
ait for possible fallout from master. Then,
perhaps try to keep them in sync, at the following point release.
Cheers
Eneas U de Queiroz (2):
libtool: bump to 2.4.6
wolfssl: bump to v4.8.1-stable
package/libs/wolfssl/Makefile | 6 +-
.../patches/100-disable-hardening-check.pa
grep -F"}
-+ : ${GREP="$STAGING_DIR/../host/bin/grep"}
-+ : ${SED="$STAGING_DIR/../host/bin/sed"}
-+else
-+ : ${EGREP="@EGREP@"}
-+ : ${FGREP="@FGREP@"}
-+ : ${GREP="@GREP@"}
-+ : ${SED="@SED@"}
-+fi
- : ${SHELL
was not resulting in
a failed verification.
Signed-off-by: Eneas U de Queiroz
---
package/libs/wolfssl/Makefile | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile
index 0c95288a2a..38c284ec5d 100644
--- a/package/libs
files changed, 17143 insertions(+), 5697 deletions(-), when going
from 2.4 to 2.4.6.
3. Bump both to keep in sync with master.
My vote: do 1 now, and wait for possible fallout from master. Then,
perhaps try to keep them in sync, at the following point release.
Cheers
Eneas U de Queiroz (2
list is generated by an init script which is set to run after
'log' because it informs the engines being enabled or skipped. It
should run before any service using OpenSSL as the crypto library,
otherwise the service will not use any engine.
Signed-off-by: Eneas U de Queiroz
---
Changelog:
v1
engines as well.
Signed-off-by: Eneas U de Queiroz
---
Changelog:
v1->v2: unchanged
v2->v3: unchanged
package/libs/openssl/Makefile | 58 +
package/libs/openssl/engine.mk| 82 +++
package/libs/openssl/files/engines.cnf
.
Signed-off-by: Eneas U de Queiroz
---
Changelog:
v1->v2: unchanged
v2->v3: unchanged
package/libs/openssl/Makefile | 30 --
package/libs/openssl/files/afalg.cnf | 32 ++
package/libs/openssl/files/devcrypto.cnf | 31 ++
package/libs/openssl
ver from previous development versions
v2->v3:
- actually removed the extra files that I had promised in v2
Eneas U de Queiroz (3):
openssl: config engines in /etc/ssl/engines.cnf.d
openssl: configure engine packages during install
openssl: configure engines with uci
package/l
engines as well.
Signed-off-by: Eneas U de Queiroz
---
Changelog:
v1->v2: unchanged
package/libs/openssl/Makefile | 58 +
package/libs/openssl/engine.mk| 82 +++
package/libs/openssl/files/engines.cnf| 12 +--
.../150-openssl.
.
Signed-off-by: Eneas U de Queiroz
---
Changelog:
v1->v2: unchanged
package/libs/openssl/Makefile | 30 --
package/libs/openssl/files/afalg.cnf | 32 ++
package/libs/openssl/files/devcrypto.cnf | 31 ++
package/libs/openssl/files/engines.cnf|
list is generated by an init script which is set to run after
'log' because it informs the engines being enabled or skipped. It
should run before any service using OpenSSL as the crypto library,
otherwise the service will not use any engine.
Signed-off-by: Eneas U de Queiroz
---
Changelog:
v1
les leftover from previous development versions
Eneas U de Queiroz (3):
openssl: config engines in /etc/ssl/engines.cnf.d
openssl: configure engine packages during install
openssl: configure engines with uci
package/libs/openssl/Makefile | 55 +-
package/libs/
Hi Florian
On Thu, Apr 29, 2021 at 3:44 AM Florian Eckert wrote:
> > $(if
> > CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO,/etc/ssl/engines.cnf.d/devcrypto.cnf)
> > $(if
> > CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK,/etc/ssl/engines.cnf.d/padlock.cnf)
>
> I think AFALG is missing there?
>
As I
list is generated by an init script which is set to run after
'log' because it informs the engines being enabled or skipped. It
should run before any service using OpenSSL as the crypto library,
otherwise the service will not use any engine.
Signed-off-by: Eneas U de Queiroz
---
package/libs
engines as well.
Signed-off-by: Eneas U de Queiroz
---
package/libs/openssl/Makefile | 58 +
package/libs/openssl/engine.mk| 82 +++
package/libs/openssl/files/engines.cnf| 12 +--
.../150-openssl.cnf-add-engines-conf.patch| 2
.
Signed-off-by: Eneas U de Queiroz
---
package/libs/openssl/Makefile | 30 --
package/libs/openssl/files/afalg.cnf | 32 ++
package/libs/openssl/files/devcrypto.cnf | 31 ++
package/libs/openssl/files/engines.cnf| 7 ++
package/libs/openssl/files
supported parameters is defined.
After this is merged, I will adapt the two engines in the packages feed.
Eneas U de Queiroz (3):
openssl: config engines in /etc/ssl/engines.cnf.d
openssl: configure engine packages during install
openssl: configure engines with uci
package/libs/openss
> >> How about if we create a uci default script and check on the running
> >> system what is installed?
> >> And then we could generate a file and add or remove an include line
> >> form
> >> the openssl.cnf [1]?
> >
> > I think we can manage something like that. The .include option can
> > load
On Fri, Apr 23, 2021 at 3:11 AM Florian Eckert wrote:
> How about if we create a uci default script and check on the running
> system what is installed?
> And then we could generate a file and add or remove an include line form
> the openssl.cnf [1]?
Hi Florian, Daniel
I think we can manage
On Thu, Apr 22, 2021 at 3:55 AM Daniel Danzberger wrote:
>
> Automatically enable an engine in the openssl.cnf if it has been build.
> Before this change, /etc/openssl.cnf had to be edited manually on the
> system to enable the engine.
>
> +define Package/libopenssl-conf/enable
> + $(if
On Tue, Apr 6, 2021 at 7:30 PM Hauke Mehrtens wrote:
>
> Hi,
>
> How do we want to go forward with OpenWrt 21.02-rc1?
>
> * I think the base system is ok.
> * The http (original wolfssl) problem reported by jow is fixed
> * LuCI in the 21.02 branch still misses DSA support, this was merged
> into
On Fri, Mar 26, 2021 at 7:35 PM Kevin 'ldir' Darbyshire-Bryant
wrote:
>
> ... I was also frustrated that there was patch fuzz in the tree on a fairly
> core package - that really shouldn’t be the case.
My apologies. I work in a clone of the openssl git repo, rebasing the
changes on top of the
On Fri, Mar 26, 2021 at 6:57 PM Felix Fietkau wrote:
> I fully agree with Eneas here (though I don't like his patch for this
> issue either).
This is the first time I wrote a patch I do NOT want to be applied. I
just want to keep the status quo.
> Here's a way to fix this:
>
>
On Fri, Mar 26, 2021 at 4:28 PM Rosen Penev wrote:
>
> On Fri, Mar 26, 2021 at 5:55 AM Eneas U de Queiroz
> wrote:
> >
> > On Fri, Mar 26, 2021 at 6:26 AM Rosen Penev wrote:
> > > +ifeq ($(QUILT),)
> > > + mv $(PKG_BUILD_DIR)/crypto/engine/eng_devc
-the-dev-crypto-engine-dynamic.patch.
So, I've generated a new patch with 'git format-patch --no-renames', and
then 'make package/openssl/{refresh,update}'.
Signed-off-by: Eneas U de Queiroz
---
While I really prefer to leave the git-formatted patches as they are, I
know quilt is the preferred way
a client.
Signed-off-by: Eneas U de Queiroz
---
This was run-tested on WRT3200ACM (mvebu, armv7), using nginx, and
openssl util to encrypt & decrypt some files using software and the
devcrypto engine, since there have been some changes in the engine,
related to BSD compatibility, when ope
Hi Rosen
This patch does not apply as is, but don't write a v2 yet.
I'm testing the bump to 1.1.1k, and I'll handle it from there, by
using --no-renames with git format-patch. I'm maintaining the patches
at https://github.com/cotequeiroz/openssl, and refreshing backports
with git is much easier
On Fri, Mar 19, 2021 at 5:08 PM Philip Prindeville
wrote:
>
>
> Maybe I'm missing something, but why not just fix rules.mk:
>
>
> ifneq (,$(findstring $(ARCH) , aarch64 aarch64_be powerpc ))
> FPIC:=-fPIC
> else
> FPIC:=-fpic
> endif
>
> HOST_FPIC:=-fPIC
>
>
> To have the FPIC and HOST_FPIC
with -fPIC
Cc: Stijn Tintel
Signed-off-by: Eneas U de Queiroz
---
There's an error on one architecture, and all others work fine without
this, so I'm uneasy changing this and then breaking stuff that was
working fine otherwise. However, it feels wrong to me to generate PIC
code from C files
Biggest fix for this version is CVE-2021-3336, which has already been
applied here. There are a couple of low severity security bug fixes as
well.
Three patches are no longer needed, and were removed; the one remaining
was refreshed.
Signed-off-by: Eneas U de Queiroz
---
This was run-tested
.
This commit also includes a commented-out example engine configuration
in openssl.cnf, as it is done for other available engines.
Signed-off-by: Eneas U de Queiroz
---
Run tested in WRT3200ACM (mvebu), with and without gost-engine 1.1.0.3.
GOST engine PR: https://github.com/openwrt/packages/pull/14765
are currently awaiting analysis.
Signed-off-by: Eneas U de Queiroz
---
This was run-tested on a WRT3200ACM (mvebu), using nginx, and wpad, and
openssl-util.
diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
index 714ce2059a..4fb4cb2784 100644
--- a/package/libs/openssl
waldekranz.com/
> Link: https://lore.kernel.org/netdev/20210130134334.10243-1-dqf...@gmail.com/
> Ref: https://gitlab.nic.cz/turris/turris-build/-/issues/165
> Signed-off-by: DENG Qingfang
Tested-by: Eneas U de Queiroz
I have tested this using WRT3200ACM, and it solves the problem of
client
On Sun, Jan 31, 2021 at 3:45 PM W. Michael Petullo wrote:
>
> OpenWrt provides two snort packages: snort and snort3. Now that snort3 is
> out of beta, I would like to consider deprecating the snort package. One
> difficulty of maintaining both packages is that a different version of
> the libdaq
+1
I agree 100% with Adrian on this one. Enable by default, add option
to disable. Disabled services are, intuitively, part of the
configuration being saved. So, it should not be saved when '-n' is
given. I may be stretching things a bit, but I would consider this a
fix, not a feature change
, size increases from 374.7K to 408.8K for
arm_cortex_a9_vfpv3-d16. The ABI does not change from previous version.
Backported patches were removed; remaining patch was refreshed.
Signed-off-by: Eneas U de Queiroz
---
Run-tested on a Linksys WRT3200ACM (arm) with uhttpd, uclient-fetch, and
wpad
Fixes: CVE-2020-1971, defined as high severity, summarized as:
NULL pointer deref in GENERAL_NAME_cmp function can lead to a DOS
attack.
Signed-off-by: Eneas U de Queiroz
---
This was run-tested in a WRT-3200ACM
diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
index
Hi Petr
On Thu, Dec 10, 2020 at 12:57 PM Petr Štetiar wrote:
> > After tackling BIO_free, my suggestion would be to determine where the
> > method table variable should go, and where to call BIO_meth_new and
> > BIO_meth_free. I would add it to a defined struct
> > ustream_ssl_ctx--which is now
Hi Petr
On Wed, Dec 9, 2020 at 6:59 PM Petr Štetiar wrote:
>
> Eneas U de Queiroz [2020-12-09 14:39:06]:
>
> Hi,
>
> > So the answer to your question is because you only allocate the table if
> > methods_ustream is NULL, and it will point to the created table
On Wed, Dec 9, 2020 at 1:58 PM Daniel Golle wrote:
>
> On Wed, Dec 09, 2020 at 05:44:48PM +0100, Petr Štetiar wrote:
> > Eneas U de Queiroz [2020-12-09 13:06:45]:
> >
> > Hi,
> >
> > > Using the patch by Pan Chen as inspiration, this avoids a memory
On Wed, Dec 9, 2020 at 1:45 PM Petr Štetiar wrote:
>
> Eneas U de Queiroz [2020-12-09 13:06:45]:
>
> Hi,
>
> > Using the patch by Pan Chen as inspiration, this avoids a memory leak by
> > using a global BIO_METHOD pointer that doesn't ordinarily need to be
> >
Using the patch by Pan Chen as inspiration, this avoids a memory leak by
using a global BIO_METHOD pointer that doesn't ordinarily need to be
freed.
CC: Pan Chen
Signed-off-by: Eneas U de Queiroz
---
Run-tested with a WRT-3200ACM, running uclient_fetch and uhttpd.
I have not run
This enables all OpenSSL API available. It is required to avoid some
silent failures, such as when performing client certificate validation.
Package size increases from 356.6K to 374.7K for
arm_cortex-a9_vfpv3-d16.
Signed-off-by: Eneas U de Queiroz
diff --git a/package/libs/wolfssl/Makefile b
.
Eneas
[1] https://github.com/openwrt/packages/issues/14142
Eneas U de Queiroz (2):
wolfssl: add lighty support, skip crypttests
wolfssl: compile with --enable-opensslall
package/libs/wolfssl/Makefile | 5 -
1 file changed, 4 insertions(+), 1 deletion
Tnis adds the --enable-lighty option to configure, enabling the minimum
API needed to run lighttpd, in the packages feed. Size increase is
about 120 bytes for arm_cortex-a9_vfpv3-d16.
While at it, speed up build by disabling crypt bench/test.
Signed-off-by: Eneas U de Queiroz
diff --git
'-Qunused-arguments'
Signed-off-by: Eneas U de Queiroz
---
neheb, or anyone else affected, please test this patch to see if what
I'm claiming is actually true. At least it does not appear to break
compilation in my case ;-)
Compile-tested using a Gentoo host, and mvebu as target.
Changelog
v1 ->
'-Qunused-arguments'
Signed-off-by: Eneas U de Queiroz
---
neheb, or anyone else affected, please test this patch to see if what
I'm claiming is actually true. At least it does not appear to break
compilation in my case ;-)
Compile-tested using a Gentoo host, and mvebu as target.
diff --git
This is a bug-fix release. Patches were refreshed.
Signed-off-by: Eneas U de Queiroz
(cherry picked from commit 475838de1a33d49d1a0b81aad374a8db6dd2b3c8)
diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
index 8fe00d970b..9696748106 100644
--- a/package/libs/openssl
This is a bug-fix release. Patches were refreshed.
Signed-off-by: Eneas U de Queiroz
--
Run-tested on mvebu/WRT3200ACM using nginx and uhttpd.
diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
index 8fe00d970b..9696748106 100644
--- a/package/libs/openssl/Makefile
architectures.
Signed-off-by: Eneas U de Queiroz
---
i386 builds currently fail with:
./wolfcrypt/src/asm.c:700:1: error: 'asm' operand has impossible constraints
This is because wolfssl uses all of the available register for [at
least] a couple of its fast-math inline asm functions. The
frame-pointer
only when PKG_USE_MIPS16 is on, add
it when global USE_MIPS16 is on.
Signed-off-by: Eneas U de Queiroz
---
Tested by compiling all packages in base, packages, routing and
telephony feeds for mips_74kc, with MIPS16 enabled.
This was discovered while working on lxc fixes
(https://github.com
and cache resistant ECC mulmod. Ensure points
being operated on change to make constant time.
Signed-off-by: Eneas U de Queiroz
---
This is a straight update, no change in ABI. Tested with wpad (WPA2),
uhttpd, and curl.
diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl
This is a temporary commit to have 'make config-clean' remove
temporary files from the previous scripts/config version.
The .gitignore file is updated to deal with the old files as well.
Cc: Kevin Darbyshire-Bryant
Signed-off-by: Eneas U de Queiroz
diff --git a/scripts/config/.gitignore b
Running make with RECURSIVE_DEP_IS_ERROR=1 will cause a hard failure
when a recursive dependency is detected. This is useful to apply
stricter Ci tests, for example.
Signed-off-by: Eneas U de Queiroz
diff --git a/include/toplevel.mk b/include/toplevel.mk
index ad8e5b8f20..5cf93ce7ef 100644
-1-cotequei...@gmail.com/
so that the titles of the .config files would match.
I also tested the behavior of menuconfig when selecting multiple
targets, to ensure the selection of a module from a bool was working as
intended.
Eneas U de Queiroz (3):
build: scripts/config - update to kconfig-
n".
Signed-off-by: Eneas U de Queiroz
diff --git a/target/sdk/files/Config.in b/target/sdk/files/Config.in
index 0dab240959..4393daab5b 100644
--- a/target/sdk/files/Config.in
+++ b/target/sdk/files/Config.in
@@ -1,3 +1,5 @@
+mainmenu "OpenWrt Configuration"
+
menu "Global build setti
This should make debugging build errors in scripts/config a bit easier.
Signed-off-by: Eneas U de Queiroz
diff --git a/include/toplevel.mk b/include/toplevel.mk
index 2965f75c7c..ad8e5b8f20 100644
--- a/include/toplevel.mk
+++ b/include/toplevel.mk
@@ -104,7 +104,8 @@ scripts/config/%onf
1 - 100 of 232 matches
Mail list logo
