[LEDE-DEV] [PATCH v2] cyassl/wolfssl: update to 3.9.0

Sat May 21 05:39:55 PDT 2016

Hi,

On 05/21/2016 07:35 AM, Dirk Neukirchen wrote:
> wolfssl has a fine grained feature and compatibility control
> for compiling stunnel, lighthttp or (partly) openssl dropin
> ustream-ssl uses features that require normally
> HAVE_SNI, HAVE_STUNNEL and the openssl compatibility headers
> 
> ar71xx ipkg sizes of wolfssl 3.9.0:
> - with stunnel: 144022
> - this patch (w.o. stunnel): 131712
> - without openssl(extra): 111104
> - w.o openssl/sni:108515
> - w.o openssl/sni/ecc: 93954
> 
> so patch 300 saves around 12k compressed ipkg size
> 
> v2: keep & rename patch 300 for clarity, fixes ustream-ssl/cyassl
> that broke with v1
> 
> Signed-off-by: Dirk Neukirchen <dirkneukirchen at web.de>
> ---
>  package/libs/cyassl/Makefile                          |  8 +++-----
>  .../cyassl/patches/300-SSL_set_tlsext_host_name.patch | 19 -------------------
>  ...ove_SSL_set_tlsext_host_name_outside_STUNNEL.patch | 19 +++++++++++++++++++
>  .../cyassl/patches/400-additional_compatibility.patch |  2 +-
>  4 files changed, 23 insertions(+), 25 deletions(-)
>  delete mode 100644 package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch
>  create mode 100644 package/libs/cyassl/patches/300-debloat_move_SSL_set_tlsext_host_name_outside_STUNNEL.patch
> 
> diff --git a/package/libs/cyassl/Makefile b/package/libs/cyassl/Makefile
> index 7384a3d..b6440f3 100644
> --- a/package/libs/cyassl/Makefile
> +++ b/package/libs/cyassl/Makefile
> @@ -8,12 +8,12 @@
>  include $(TOPDIR)/rules.mk
>  
>  PKG_NAME:=wolfssl
> -PKG_VERSION:=3.8.0
> -PKG_RELEASE:=2
> +PKG_VERSION:=3.9.0
> +PKG_RELEASE:=1
>  
>  PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).zip
>  PKG_SOURCE_URL:=https://www.wolfssl.com/
> -PKG_MD5SUM:=a73d90c5439adea97a5002a73b46ddeb
> +PKG_MD5SUM:=f3396726a9befd61443c2cce216e39ba
>  
>  PKG_FIXUP:=libtool
>  PKG_INSTALL:=1
> @@ -38,12 +38,10 @@ endef
>  TARGET_CFLAGS += $(FPIC)
>  
>  CONFIGURE_ARGS += \
> -	--without-zlib \

Was the zlib dependency completely removed from wolfssl? Have you tried
to compile zlib in LEDE so that configure on wolfssl would find it and
made sure that wolfssl does not depend on it.

>  	--enable-singlethreaded \
>  	--enable-opensslextra \
>  	--enable-sni \
>  	--enable-ecc \
> -	--enable-sslv3 \
>  	--disable-examples
>  
>  #ifneq ($(CONFIG_TARGET_x86),)
> diff --git a/package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch b/package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch
> deleted file mode 100644
> index a35cdad..0000000
> --- a/package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch
> +++ /dev/null
> @@ -1,19 +0,0 @@
> ---- a/wolfssl/openssl/ssl.h
> -+++ b/wolfssl/openssl/ssl.h
> -@@ -401,6 +401,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STOR
> - /* yassl had set the default to be 500 */
> - #define SSL_get_default_timeout(ctx) 500
> - 
> -+#define SSL_set_tlsext_host_name(x, y) wolfSSL_UseSNI(x, WOLFSSL_SNI_HOST_NAME, y, strlen(y))
> -+ 
> - /* Lighthttp compatability */
> - 
> - #ifdef HAVE_LIGHTY                       
> -@@ -487,7 +489,6 @@ typedef WOLFSSL_ASN1_BIT_STRING    ASN1_
> - #define SSL_TLSEXT_ERR_NOACK                 alert_warning
> - #define TLSEXT_NAMETYPE_host_name            WOLFSSL_SNI_HOST_NAME
> - 
> --#define SSL_set_tlsext_host_name wolfSSL_set_tlsext_host_name
> - #define SSL_get_servername wolfSSL_get_servername
> - #define SSL_set_SSL_CTX                  wolfSSL_set_SSL_CTX
> - #define SSL_CTX_get_verify_callback      wolfSSL_CTX_get_verify_callback
> diff --git a/package/libs/cyassl/patches/300-debloat_move_SSL_set_tlsext_host_name_outside_STUNNEL.patch b/package/libs/cyassl/patches/300-debloat_move_SSL_set_tlsext_host_name_outside_STUNNEL.patch
> new file mode 100644
> index 0000000..51d89f7
> --- /dev/null
> +++ b/package/libs/cyassl/patches/300-debloat_move_SSL_set_tlsext_host_name_outside_STUNNEL.patch
> @@ -0,0 +1,19 @@
> +--- a/wolfssl/openssl/ssl.h
> ++++ b/wolfssl/openssl/ssl.h
> +@@ -402,6 +402,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STOR
> + /* yassl had set the default to be 500 */
> + #define SSL_get_default_timeout(ctx) 500
> + 
> ++#define SSL_set_tlsext_host_name(x, y) wolfSSL_UseSNI(x, WOLFSSL_SNI_HOST_NAME, y, strlen(y))
> ++
> + /* Lighthttp compatibility */
> + 
> + #ifdef HAVE_LIGHTY                       
> +@@ -488,7 +490,6 @@ typedef WOLFSSL_ASN1_BIT_STRING    ASN1_
> + #define SSL_TLSEXT_ERR_NOACK                 alert_warning
> + #define TLSEXT_NAMETYPE_host_name            WOLFSSL_SNI_HOST_NAME
> + 
> +-#define SSL_set_tlsext_host_name wolfSSL_set_tlsext_host_name
> + #define SSL_get_servername wolfSSL_get_servername
> + #define SSL_set_SSL_CTX                  wolfSSL_set_SSL_CTX
> + #define SSL_CTX_get_verify_callback      wolfSSL_CTX_get_verify_callback
> diff --git a/package/libs/cyassl/patches/400-additional_compatibility.patch b/package/libs/cyassl/patches/400-additional_compatibility.patch
> index 4d75d98..1464e9d 100644
> --- a/package/libs/cyassl/patches/400-additional_compatibility.patch
> +++ b/package/libs/cyassl/patches/400-additional_compatibility.patch
> @@ -1,6 +1,6 @@
>  --- a/cyassl/openssl/ssl.h
>  +++ b/cyassl/openssl/ssl.h
> -@@ -27,6 +27,9 @@
> +@@ -28,6 +28,9 @@
>   #define CYASSL_OPENSSL_H_
>   
>   #include <cyassl/ssl.h>
> 