bb94d3d0fb
Vulnerabilities
- [High] CVE-2024-0901 Potential denial of service and out of bounds
read. Affects TLS 1.3 on the server side when accepting a connection
from a malicious TLS 1.3 client. If using TLS 1.3 on the server side
it is recommended to update the version of wolfSSL used.
- [Med] CVE-2024-1545 Fault Injection vulnerability in
RsaPrivateDecryption function that potentially allows an attacker
that has access to the same system with a victims process to perform
a Rowhammer fault injection.
- [Med] Fault injection attack with EdDSA signature operations. This
affects ed25519 sign operations where the system could be susceptible
to Rowhammer attacks.
No official tarball provided so switch to github and set autoreconf
https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 3a2891621c
)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
55 lines
1.4 KiB
Makefile
55 lines
1.4 KiB
Makefile
################################################################################
|
|
#
|
|
# wolfssl
|
|
#
|
|
################################################################################
|
|
|
|
WOLFSSL_VERSION = 5.7.0
|
|
WOLFSSL_SITE = $(call github,wolfSSL,wolfssl,v$(WOLFSSL_VERSION)-stable)
|
|
WOLFSSL_INSTALL_STAGING = YES
|
|
|
|
WOLFSSL_LICENSE = GPL-2.0+
|
|
WOLFSSL_LICENSE_FILES = COPYING LICENSING
|
|
WOLFSSL_CPE_ID_VENDOR = wolfssl
|
|
WOLFSSL_CONFIG_SCRIPTS = wolfssl-config
|
|
# From git
|
|
WOLFSSL_AUTORECONF = YES
|
|
WOLFSSL_DEPENDENCIES = host-pkgconf
|
|
|
|
WOLFSSL_CONF_OPTS = --disable-examples --disable-crypttests
|
|
|
|
ifeq ($(BR2_PACKAGE_WOLFSSL_ALL),y)
|
|
WOLFSSL_CONF_OPTS += --enable-all
|
|
else
|
|
WOLFSSL_CONF_OPTS += --disable-all
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_WOLFSSL_SSLV3),y)
|
|
WOLFSSL_CONF_OPTS += --enable-sslv3
|
|
else
|
|
WOLFSSL_CONF_OPTS += --disable-sslv3
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_WOLFSSL_ASM_SUPPORTS),y)
|
|
WOLFSSL_CONF_OPTS += --enable-asm
|
|
else
|
|
WOLFSSL_CONF_OPTS += --disable-asm
|
|
endif
|
|
|
|
# enable ARMv8 hardware acceleration
|
|
ifeq ($(BR2_aarch64),y)
|
|
WOLFSSL_CONF_OPTS += --enable-armasm
|
|
# the flag -mstrict-align is needed to prevent build errors caused by
|
|
# some inline assembly in parts of the AES structure using the "m"
|
|
# constraint
|
|
WOLFSSL_CONF_ENV += CPPFLAGS="$(TARGET_CPPFLAGS) -mstrict-align"
|
|
else
|
|
WOLFSSL_CONF_OPTS += --disable-armasm
|
|
endif
|
|
|
|
ifeq ($(BR2_ARM_INSTRUCTIONS_THUMB),y)
|
|
WOLFSSL_CONF_OPTS += --with-arm-target=thumb
|
|
endif
|
|
|
|
$(eval $(autotools-package))
|