From: Alexandru Ardelean Date: Fri, 25 Aug 2017 11:15:15 +0000 (+0300) Subject: libs/wolfssl: disable hardening check in `settings.h` X-Git-Url: http://git.cdn.openwrt.org/?a=commitdiff_plain;h=8334a23679204963f052f5704dd7541f7cf407b8;p=openwrt%2Fstaging%2Fblocktrron.git libs/wolfssl: disable hardening check in `settings.h` This seems to cause a false-positive warning/error while building `libwebsockets-cyassl`. ``` make[6]: Leaving directory '/home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1' make[6]: Entering directory '/home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1' [ 2%] Building C object CMakeFiles/websockets.dir/lib/base64-decode.c.o In file included from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/wolfssl/ssl.h:31:0, from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/cyassl/ssl.h:33, from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/cyassl/openssl/ssl.h:30, from /home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1/lib/private-libwebsockets.h:256, from /home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1/lib/base64-decode.c:43: /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/wolfssl/wolfcrypt/settings.h:1642:14: error: #warning "For timing resistance / side-channel attack prevention consider using harden options" [-Werror=cpp] #warning "For timing resistance / side-channel attack prevention consider using harden options" ``` Hardening is enabled by default in libwolfssl at build-time. However, the `settings.h` header is exported (along with other headers) for build (via Build/InstallDev). This looks like a small bug/issue with wolfssl. Signed-off-by: Alexandru Ardelean --- diff --git a/package/libs/wolfssl/patches/100-disable-hardening-check.patch b/package/libs/wolfssl/patches/100-disable-hardening-check.patch new file mode 100644 index 0000000000..4acce8a399 --- /dev/null +++ b/package/libs/wolfssl/patches/100-disable-hardening-check.patch @@ -0,0 +1,13 @@ +diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h +index 039c238..73537e0 100644 +--- a/wolfssl/wolfcrypt/settings.h ++++ b/wolfssl/wolfcrypt/settings.h +@@ -1633,7 +1633,7 @@ extern void uITRON4_free(void *p) ; + #endif + + /* warning for not using harden build options (default with ./configure) */ +-#ifndef WC_NO_HARDEN ++#if 0 + #if (defined(USE_FAST_MATH) && !defined(TFM_TIMING_RESISTANT)) || \ + (defined(HAVE_ECC) && !defined(ECC_TIMING_RESISTANT)) || \ + (!defined(NO_RSA) && !defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS))