wolfssl: update to 5.1.1-stable (#8817)

* libs/wolfssl: add SAN (Subject Alternative Name) support x509v3 SAN extension is required to generate a certificate compatible with chromium-based web browsers (version >58) It can be disabled via unsetting CONFIG_WOLFSSL_ALT_NAMES Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in> * wolfssl: update to 5.1.1-stable Bump from 4.8.1-stable to 5.1.1-stable Detailed release notes: https://github.com/wolfSSL/wolfssl/releases Upstreamed patches: 001-Maths-x86-asm-change-asm-snippets-to-get-compiling.patch - fa8f23284d 002-Update-macro-guard-on-SHA256-transform-call.patch - f447e4c1fa Refreshed patches: 100-disable-hardening-check.patch 200-ecc-rng.patch CFLAG -DWOLFSSL_ALT_CERT_CHAINS replaced to --enable-altcertchains configure option The size of the ipk changed on aarch64 like this: 491341 libwolfssl4.8.1.31258522_4.8.1-stable-7_aarch64_cortex-a53.ipk 520322 libwolfssl5.1.1.31258522_5.1.1-stable-1_aarch64_cortex-a53.ipk Tested-by: Alozxy <alozxy@users.noreply.github.com> Acked-by: Eneas U de Queiroz <cotequeiroz@gmail.com> Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in> Co-authored-by: Sergey V. Lobanov <sergey@lobanov.in>
2025-04-16 04:13:31 +00:00 · 2022-02-04 10:52:39 +08:00 · 2022-02-04 10:52:39 +08:00 · b69728f07d
commit b69728f07d
parent 2f173fb366
5 changed files with 12 additions and 29 deletions
--- a/package/libs/wolfssl/Config.in
+++ b/package/libs/wolfssl/Config.in
@ -55,6 +55,10 @@ config WOLFSSL_HAS_OPENVPN
 	bool "Include OpenVPN support"
 	default n

+config WOLFSSL_ALT_NAMES
+	bool "Include SAN (Subject Alternative Name) support"
+	default y
+
 config WOLFSSL_HAS_DEVCRYPTO
 	bool

--- a/package/libs/wolfssl/Makefile
+++ b/package/libs/wolfssl/Makefile
@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=wolfssl
-PKG_VERSION:=4.8.1-stable
+PKG_VERSION:=5.1.1-stable
 PKG_RELEASE:=$(AUTORELEASE)

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
-PKG_HASH:=50db45f348f47e00c93dd244c24108220120cb3cc9d01434789229c32937c444
+PKG_HASH:=d3e0544dbe7e9587c0f6538cdc671b6492663bb7a4281819538abe6c99cdbd92

 PKG_FIXUP:=libtool libtool-abiver
 PKG_INSTALL:=1
@ -32,7 +32,7 @@ PKG_CONFIG_DEPENDS:=\
 	CONFIG_WOLFSSL_HAS_ECC25519 CONFIG_WOLFSSL_HAS_OCSP \
 	CONFIG_WOLFSSL_HAS_SESSION_TICKET CONFIG_WOLFSSL_HAS_TLSV10 \
 	CONFIG_WOLFSSL_HAS_TLSV13 CONFIG_WOLFSSL_HAS_WPAS CONFIG_WOLFSSL_HAS_CERTGEN \
-	CONFIG_WOLFSSL_HAS_OPENVPN
+	CONFIG_WOLFSSL_HAS_OPENVPN CONFIG_WOLFSSL_ALT_NAMES

 PKG_ABI_VERSION=$(patsubst %-stable,%,$(PKG_VERSION)).$(call version_abbrev,$(call confvar,$(PKG_CONFIG_DEPENDS)))

@ -64,7 +64,7 @@ TARGET_CFLAGS += \
 	-fomit-frame-pointer \
 	-flto \
 	-DFP_MAX_BITS=8192 \
-	-DWOLFSSL_ALT_CERT_CHAINS
+	$(if $(CONFIG_WOLFSSL_ALT_NAMES),-DWOLFSSL_ALT_NAMES)

 TARGET_LDFLAGS += -flto

@ -76,6 +76,7 @@ CONFIGURE_ARGS += \
 	--enable-opensslextra \
 	--enable-sni \
 	--enable-stunnel \
+	--enable-altcertchains \
 	--disable-crypttests \
 	--disable-examples \
 	--disable-jobserver \
--- a/package/libs/wolfssl/patches/002-Update-macro-guard-on-SHA256-transform-call.patch
+++ b/package/libs/wolfssl/patches/002-Update-macro-guard-on-SHA256-transform-call.patch
@ -1,22 +0,0 @@
-From f447e4c1fa4c932c0286fa0331966756e243db81 Mon Sep 17 00:00:00 2001
-From: JacobBarthelmeh <jacob@wolfssl.com>
-Date: Fri, 17 Sep 2021 15:06:13 -0700
-Subject: [PATCH] update macro guard on SHA256 transform call
-
---
- src/ssl.c   | 3 ++-
- tests/api.c | 3 ++-
- 2 files changed, 4 insertions(+), 2 deletions(-)
-
--- a/src/ssl.c
-+++ b/src/ssl.c
-@@ -17639,7 +17639,8 @@ size_t wolfSSL_get_client_random(const W
-     
-     #if defined(OPENSSL_EXTRA)
-     #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
-        (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
-+        (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) && \
-+        !defined(WOLFSSL_DEVCRYPTO_HASH) && !defined(WOLFSSL_AFALG_HASH)
-     /* Apply SHA256 transformation to the data */
-     int wolfSSL_SHA256_Transform(WOLFSSL_SHA256_CTX* sha256, 
-                                                 const unsigned char* data)
--- a/package/libs/wolfssl/patches/100-disable-hardening-check.patch
+++ b/package/libs/wolfssl/patches/100-disable-hardening-check.patch
@ -1,6 +1,6 @@
 --- a/wolfssl/wolfcrypt/settings.h
 +++ b/wolfssl/wolfcrypt/settings.h
-@@ -2274,7 +2274,7 @@ extern void uITRON4_free(void *p) ;
+@@ -2346,7 +2346,7 @@ extern void uITRON4_free(void *p) ;
 #endif
 
 /* warning for not using harden build options (default with ./configure) */
--- a/package/libs/wolfssl/patches/200-ecc-rng.patch
+++ b/package/libs/wolfssl/patches/200-ecc-rng.patch
@ -11,7 +11,7 @@ RNG regardless of the built settings for wolfssl.

 --- a/wolfcrypt/src/ecc.c
 +++ b/wolfcrypt/src/ecc.c
-@@ -10938,21 +10938,21 @@ void wc_ecc_fp_free(void)
+@@ -11647,21 +11647,21 @@ void wc_ecc_fp_free(void)
 
 #endif /* FP_ECC */
 
@ -37,7 +37,7 @@ RNG regardless of the built settings for wolfssl.
 
 --- a/wolfssl/wolfcrypt/ecc.h
 +++ b/wolfssl/wolfcrypt/ecc.h
-@@ -616,10 +616,8 @@ WOLFSSL_API
+@@ -647,10 +647,8 @@ WOLFSSL_API
 void wc_ecc_fp_free(void);
 WOLFSSL_LOCAL
 void wc_ecc_fp_init(void);