| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
Remove LEDE_GIT references in favor to the new name-agnostic
PROJECT_GIT variable.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
|
| |
The previous commit was incorrectly rebased and referred to a not
yet existing PROJECT_GIT variable.
Fixes: d86a269c1f libubox: update to latest git HEAD
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
| |
1c08e80 jshn: properly support JSON "null" type
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of inferring the availability of NEON support from the target
optimization flags, use a preprocessor test to decide whether to enable
ARMv8 NEON optimizations.
Fixes the following build error spotted by the mediatek/32 buildbot:
[ 26%] Building C object CMakeFiles/zlib.dir/contrib/arm/inflate.o
In file included from .../zlib-1.2.11/contrib/arm/chunkcopy.h:10:0,
from .../zlib-1.2.11/contrib/arm/inflate.c:87:
.../arm_neon.h:31:2: error: #error You must enable NEON instructions (e.g. -mfloat-abi=softfp -mfpu=neon) to use arm_neon.h
#error You must enable NEON instructions (e.g. -mfloat-abi=softfp -mfpu=neon) to use arm_neon.h
^
In file included from .../zlib-1.2.11/contrib/arm/inflate.c:87:0:
.../zlib-1.2.11/contrib/arm/chunkcopy.h:18:9: error: unknown type name 'uint8x16_t'
typedef uint8x16_t chunkcopy_chunk_t;
^
[...]
CMakeFiles/zlib.dir/build.make:302: recipe for target 'CMakeFiles/zlib.dir/contrib/arm/inflate.o' failed
Fixes: 3acecba520 "package/libs/zlib: Add ARM and NEON optimizations"
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
| |
Refresh patches to tidy up fuzz. No functional changes
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some packages such as Python/Python3 (host pip/pip3) needs this
to compile.
More detailed explanation provided by Alexandru:
"i need the zlib/host for Python/Python3 ; because, it seems the
host pip/pip3 needs this to work ; i suspect in older versions
this worked, because some of the host's build env would be used
in the build, and then the zlib-dev from the host distro would
be used ; now, the host-build does not seem to have any
-I/usr/include stuff, which is good
and it also seems that Python/Python3 does not like it if the
zlib-dev package is too old, so using this zlib/host would be
good for this as well"
Source:
https://github.com/lede-project/source/pull/1329#issuecomment-351055861
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
|
|
|
|
|
|
|
|
|
|
| |
Add option to use O3 optimization as not all devices have
space constraints. This option is default using GCC in upstream
but isn't in the CMake makefile for some reason.
Source: https://github.com/madler/zlib/blob/master/configure#L170
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds two optimizations for ARM:
NEON optimized Adler(-)32 checksum algorithm (ARMv7 and newer NEON CPUs)
ARM(v7+) specific optimization for inflate
I've also connected inflate optimization to the build using the following
source as template.
https://github.com/mirror/chromium/commit/0397489124ce7e6aced020f8b85f5034c7d5f49b#diff-a62ad2db6c83dbc205d34bb9a8884f16
Additional info:
https://codereview.chromium.org/2676493007/
https://codereview.chromium.org/2722063002/
Sources:
https://github.com/madler/zlib/pull/251 (only the first commit)
https://github.com/madler/zlib/pull/256
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
|
|
|
|
|
|
| |
Use build logic provided by toolchain instead of doing it manually.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
439b9b6c (tag: v1.29.0) Update manual pages
48498452 Bump up version number to v1.29.0, LT revision to 29:1:15
d30f3816 Update manual pages
4d1139f6 Remove SPDY
48f57407 nghttpx: Update doc
c1f14d73 Update manual pages
216f4dad nghttpx: Remove redundant check
a4e27d76 Revert "nghttpx: Use an existing h2 backend connection as much as possible"
2365f12e Fix CMAKE_MODULE_PATH
03f7ec0f nghttpx: Write API request body in temporary file
2056e812 nghttpx: Increase api-max-request-body
1ebb6810 nghttpx: Faster configuration loading with lots of backends
a3ebeeaf nghttpx: Fix crash with --backend-http-proxy-uri option
422ad1be Use NGHTTP2_REFUSED_STREAM for streams which are closed by GOAWAY
97f1735c Bump up version number to 1.29.0
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
LEDE Flyspray Task 1091:
Fix libiconv-full 'undefined reference' compile linker error using GCC7 Musl
Tested with targets x86 (i386 and x86_64)
Addition of CFLAGS "std=gnu89" fixes the linker issues, credit to harrylwc
Issue found with 'minidlna' package, which depends on 'libiconv-full'
Error in compile log:
../lib/.libs/libiconv.so: undefined reference to `aliases_lookup'
../lib/.libs/libiconv.so: undefined reference to `aliases2_lookup'
collect2: error: ld returned 1 exit status
Makefile:64: recipe for target 'iconv_no_i18n' failed
Signed-off-by: Jake Staehle <jacob@staehle.us>
|
|
|
|
|
|
|
|
|
|
| |
Update wolfssl to the latest release v3.12.2 and backport an upstream
pending fix for CVE-2017-13099 ("ROBOT vulnerability").
Ref: https://github.com/wolfSSL/wolfssl/pull/1229
Ref: https://robotattack.org/
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
|
| |
add no-ssl3-method again as 1.0.2n compiles without the ssl3-method(s)
Fixes CVEs: CVE-2017-3737, CVE-2017-3738
Signed-off-by: Peter Wagner <tripolar@gmx.at>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
939ad5dd Update manual pages
24d92b97 Add deprecation warning when spdylay support is enabled
4c92ff18 Bump up version number to 1.28.0, LT revision to 29:0:15
280db5c6 Update neverbleed
7fbcb2d0 Merge pull request #1074 from nghttp2/fix-doc
53aeb2c3 Fix doc
ff200bfc clang-format-5.0
fee3151f Switch to clang-format-5.0
99a85159 Update manual pages
2a981a3f Merge pull request #1066 from nghttp2/nghttpx-add-affinity-cookie-secure
0028275d nghttpx: Add affinity-cookie-secure parameter to backend option
ee8bfddf Merge pull request #1063 from nghttp2/error_callback2
194acb1f src: Use nghttp2_error_callback2
43a2a70a Add nghttp2_error_callback2
73344ae9 nghttpx: Use plain hex string format for client serial
c479f612 Merge pull request #1060 from nghttp2/nghttpx-add-client-serial
eca0a302 nghttpx: Add $tls_client_serial log variable
4720c5cb nghttpx: Make client serial available in mruby script
cd55ab28 nghttpx: Add function to get serial number from certificate
d402cfdf Merge pull request #1057 from nghttp2/nghttpx-add-tls-client-issuer-name
22502182 Add tls_client_issuer_name log variable and expose it to mruby
05e1fd5e Update manual pages
943d7923 Add Session Affinity section to nghttpx howto
568ecbfb doc: Add missing port
f5ddd7f4 nghttpx: Make initial_addr_idx_ unsigned
88abbce7 nghttpx: Fix compile error with gcc
16e90365 nghttpx: Fix affinity retry
fa7945c6 nghttpx: Refactor
daca43f0 nghttpx: Fix stalled backend connection on retry
16bc11e6 nghttpx: Remove duplicated util::make_socket_nodelay
6f7e94cd Merge pull request #1047 from PiotrSikora/go_vet
61efa15a integration: Fix issues reported by the `go vet` tool.
8c0ea56b Merge pull request #1036 from nghttp2/nghttpx-affinity-cookie
54905371 nghttpx: Refactor
6010d393 integration: Add tests
be5c39a1 src: Add tests
b8fda680 nghttpx: Cookie based session affinity
e29b9c12 Merge pull request #1045 from nghttp2/nghttpx-sha1-fingerprint
539e2781 nghttpx: Add tls_client_fingerprint_sha1 to mruby and accesslog
7008afd4 nghttpx: Refactor get_x509_fingerprint to accept hash function
77a41756 Merge pull request #1041 from nghttp2/fix-examples-client-server
b15045d6 Merge pull request #1040 from nghttp2/nghttpx-mruby-add-more-tls-vars
03084f75 examples: Make client and server work with libevent-2.1.8
60baca27 nghttpx: Add more TLS related attributes to mruby Env object
86990db2 Merge pull request #1038 from nghttp2/nghttpx-add-more-logging-vars
cb376bcd nghttpx: Add client fingerprint and subject name to accesslog
f2b8edd1 nghttpx: Fix memory leak
c4f8afcf nghttpx: Get TLS info only when it is necessary when writing accesslog
1a1a216d Merge pull request #1037 from nghttp2/nghttpx-mruby-tls-client-vars
9f80a82c nghttpx: Add client fingerprint and subject name to mruby env
c573c80b nghttpx: Pass a pointer to SSL instead of TLSSessionInfo to LogSpec
3cd6817e Fix typos
d4a69658 Add another warning about mruby
8e06fe49 Fix typo
aaeeec8f Fix typos
66d5e246 Bump up version number to 1.28.0-DEV
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
| |
Compile tested on ramips (mt7621)
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
|
|
|
|
|
|
| |
CPE ids helps to tracks CVE in packages.
https://cpe.mitre.org/specification/
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add option to optimize for speed instead of size
cmd: openssl speed md5 sha1 sha256 sha512 des des-ede3 aes-128-cbc \
aes-192-cbc aes-256-cbc rsa2048 dsa2048
=== Linksys WRT3200ACM ===
Default optimization:
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
md5 14111.49k 47147.75k 123375.02k 206937.09k 258828.97k
sha1 14495.71k 46763.99k 116679.94k 188115.29k 228294.66k
des cbc 22315.63k 23118.98k 23323.14k 23348.22k 23363.58k
des ede3 8085.97k 8217.26k 8255.74k 8266.41k 8273.92k
aes-128 cbc 48740.10k 52606.12k 54224.98k 56263.68k 54774.44k
aes-192 cbc 43410.83k 47325.31k 48994.05k 49377.96k 48532.14k
aes-256 cbc 39132.46k 42512.60k 43692.63k 43997.18k 44070.23k
sha256 19987.80k 47314.69k 86119.08k 109352.28k 119466.67k
sha512 8034.63k 32321.92k 47495.94k 65777.32k 74080.26k
sign verify sign/s verify/s
rsa 2048 bits 0.020387s 0.000528s 49.1 1892.2
sign verify sign/s verify/s
dsa 2048 bits 0.005920s 0.006396s 168.9 156.3
Optimize for speed (-O3 instead of -Os and disable -DOPENSSL_SMALL_FOOTPRINT):
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
md5 14655.49k 48561.79k 126953.56k 210741.93k 262430.72k
sha1 14607.90k 47032.15k 117725.87k 188226.22k 228499.46k
des cbc 28041.11k 29586.84k 29939.80k 30047.91k 30067.37k
des ede3 10697.93k 10899.75k 10956.97k 10972.84k 10980.01k
aes-128 cbc 58852.70k 65956.07k 68675.67k 69388.29k 69607.42k
aes-192 cbc 50299.73k 56501.23k 58491.65k 59008.00k 59159.89k
aes-256 cbc 44684.38k 47944.36k 49098.67k 49573.89k 49463.30k
sha256 19673.53k 47248.58k 86775.04k 110053.72k 119382.02k
sha512 8029.67k 32033.02k 47440.04k 65740.12k 74072.06k
sign verify sign/s verify/s
rsa 2048 bits 0.019666s 0.000529s 50.8 1892.0
sign verify sign/s verify/s
dsa 2048 bits 0.005882s 0.006450s 170.0 155.0
=== D-Link DIR-860L (B1) ===
Default optimization:
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
md5 3376.97k 11654.74k 32966.76k 60016.27k 80729.43k
sha1 2310.95k 6024.87k 11680.32k 15273.93k 16784.07k
des cbc 6787.21k 7014.36k 7072.49k 7088.73k 7092.48k
des ede3 2462.47k 2499.87k 2509.48k 2511.35k 2514.75k
aes-128 cbc 10014.28k 11018.87k 11308.99k 11381.03k 11406.20k
aes-192 cbc 8930.35k 9675.27k 9895.97k 9954.57k 9971.92k
aes-256 cbc 8022.81k 8624.03k 8799.60k 8843.14k 8856.07k
sha256 2546.33k 5542.19k 9326.99k 11249.03k 11969.57k
sha512 877.22k 3503.44k 4856.01k 6554.96k 7299.32k
sign verify sign/s verify/s
rsa 2048 bits 0.109348s 0.003132s 9.1 319.3
sign verify sign/s verify/s
dsa 2048 bits 0.032745s 0.037212s 30.5 26.9
Optimize for speed (-O3 instead of -Os and disable -DOPENSSL_SMALL_FOOTPRINT):
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
md5 3660.39k 12401.37k 34501.23k 62438.83k 81786.64k
sha1 3500.20k 10730.70k 25056.19k 37715.86k 44253.13k
des cbc 7189.75k 7545.88k 7641.90k 7665.71k 7672.18k
des ede3 2690.64k 2734.33k 2745.24k 2748.13k 2748.81k
aes-128 cbc 11325.29k 12731.75k 13151.34k 13259.95k 13289.55k
aes-192 cbc 9932.36k 10997.65k 11309.84k 11389.53k 11408.92k
aes-256 cbc 8845.13k 9677.01k 9920.30k 9980.77k 9996.42k
sha256 3200.50k 7107.76k 12230.85k 14933.73k 15962.15k
sha512 879.12k 3510.79k 4956.45k 6711.45k 7484.39k
sign verify sign/s verify/s
rsa 2048 bits 0.085641s 0.002365s 11.7 422.9
sign verify sign/s verify/s
dsa 2048 bits 0.023881s 0.026120s 41.9 38.3
-O3 is considered safe for OpenSSL
Ref: https://wiki.openssl.org/index.php/Compilation_and_Installation
Tested hardware: Linksys WRT3200ACM / D-Link DIR-860L (B1)
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
|
|
|
|
|
|
|
|
|
|
|
| |
CPE ids helps to tracks CVE in packages.
https://cpe.mitre.org/specification/
Thanks to swalker for CPE to package mapping and
keep tracking CVEs.
Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
|
|
|
|
|
|
| |
Simplifies the code and reduces size
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
| |
When a library is using fortify-packages GCC will complain about
"error: format not a string literal, argument types not checked".
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
|
|
|
|
|
|
|
|
|
|
| |
don't set no-ssl3-method when CONFIG_OPENSSL_WITH_SSL3 di disabled otherwise the compile breaks with this error:
../libssl.so: undefined reference to `SSLv3_client_method'
Fixes CVE: CVE-2017-3735, CVE-2017-3736
Signed-off-by: Peter Wagner <tripolar@gmx.at>
|
|
|
|
| |
Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
|
|
|
|
|
|
| |
729f47f jshn: read and write 64-bit integers
Signed-off-by: John Crispin <john@phrozen.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If we enable -fstack-protector while building libunwind, function
__stack_chk_fail_local will be referred to for i386 and powerpc32
arches. This will cause link failure because the default gcc build
specs says no link_ssp if -nostdlib is given.
The error message:
OpenWrt-libtool: link: ccache_cc -shared -fPIC -DPIC .libs/os-linux.o mi/.libs/init.o mi/.libs/flush_cache.o mi/.libs/mempool.o mi/.libs/strerror.o x86/.libs/is_fpreg.o x86/.libs/regname.o x86/.libs/Los-linux.o mi/.libs/backtrace.o mi/.libs/dyn-cancel.o mi/.libs/dyn-info-list.o mi/.libs/dyn-register.o mi/.libs/Ldyn-extract.o mi/.libs/Lfind_dynamic_proc_info.o mi/.libs/Lget_accessors.o mi/.libs/Lget_proc_info_by_ip.o mi/.libs/Lget_proc_name.o mi/.libs/Lput_dynamic_unwind_info.o mi/.libs/Ldestroy_addr_space.o mi/.libs/Lget_reg.o mi/.libs/Lset_reg.o mi/.libs/Lget_fpreg.o mi/.libs/Lset_fpreg.o mi/.libs/Lset_caching_policy.o x86/.libs/Lcreate_addr_space.o x86/.libs/Lget_save_loc.o x86/.libs/Lglobal.o x86/.libs/Linit.o x86/.libs/Linit_local.o x86/.libs/Linit_remote.o x86/.libs/Lget_proc_info.o x86/.libs/Lregs.o x86/.libs/Lresume.o x86/.libs/Lstep.o x86/.libs/getcontext-linux.o -Wl,--whole-archive ./.libs/libunwind-dwarf-local.a ./.libs/libunwind-elf32.a -Wl,--no-whole-archive -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/target-i386_i486_musl-1.1.16/usr/lib -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/target-i386_i486_musl-1.1.16/lib -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/toolchain-i386_i486_gcc-5.4.0_musl-1.1.16/usr/lib -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/toolchain-i386_i486_gcc-5.4.0_musl-1.1.16/lib -lc -lgcc -Os -march=i486 -fstack-protector -Wl,-z -Wl,now -Wl,-z -Wl,relro -nostartfiles -nostdlib -Wl,-soname -Wl,libunwind.so.8 -o .libs/libunwind.so.8.0.1
.libs/os-linux.o: In function `_Ux86_get_elf_image':
os-linux.c:(.text+0x588): undefined reference to `__stack_chk_fail_local'
x86/.libs/Lregs.o: In function `_ULx86_access_fpreg':
Lregs.c:(.text+0x25b): undefined reference to `__stack_chk_fail_local'
x86/.libs/Lresume.o: In function `_ULx86_resume':
Lresume.c:(.text+0xdc): undefined reference to `__stack_chk_fail_local'
collect2: error: ld returned 1 exit status
Makefile:2249: recipe for target 'libunwind.la' failed
The snippet from gcc -dumpspecs
%{!nostdlib:%{!nodefaultlibs:%(link_ssp) %(link_gcc_c_sequence)}}
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
|
|
|
|
|
| |
4b87d83 uclient-fetch: fix overloading of output_file variable
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
| |
Switch from git to xz release tarball as there's no good reason to keep
using git when release tarballs are provided.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSL is built with the generic linux settings for most targets,
including aarch64. These generic settings are designed for 32-bit CPU and
provide no assembler optmization: this is widely suboptimal for aarch64.
This patch simply switches to the aarch64 settings that are already
available in OpenSSL.
Here is the output of "openssl speed" before the optimization, with
"(...)" representing build flags that didn't change:
OpenSSL 1.0.2l 25 May 2017
options:bn(64,32) rc4(ptr,char) des(idx,cisc,2,int) aes(partial) blowfish(ptr)
compiler: aarch64-openwrt-linux-musl-gcc (...)
And after this patch, OpenSSL uses 64 bit mode and assembler optimizations:
OpenSSL 1.0.2l 25 May 2017
options:bn(64,64) rc4(ptr,char) des(idx,cisc,2,int) aes(partial) blowfish(ptr)
compiler: aarch64-openwrt-linux-musl-gcc (...) -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
Here are some benchmarks on a pine64+ running latest LEDE master r5142-20d363aed3:
before# openssl speed sha aes blowfish
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
sha1 3918.89k 9982.43k 19148.03k 24933.03k 27325.78k
sha256 4604.51k 10240.64k 17472.51k 21355.18k 22801.07k
sha512 3662.19k 14539.41k 21443.16k 29544.11k 33177.60k
blowfish cbc 16266.63k 16940.86k 17176.92k 17237.33k 17252.35k
aes-128 cbc 19712.95k 21447.40k 22091.09k 22258.35k 22304.09k
aes-192 cbc 17680.12k 19064.47k 19572.14k 19703.13k 19737.26k
aes-256 cbc 15986.67k 17132.48k 17537.28k 17657.17k 17689.26k
after# openssl speed sha aes blowfish
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
sha1 6770.87k 26172.80k 86878.38k 205649.58k 345978.20k
sha256 20913.93k 74663.85k 184658.18k 290891.09k 351032.66k
sha512 7633.10k 30110.14k 50083.24k 71883.43k 82485.25k
blowfish cbc 16224.93k 16933.55k 17173.76k 17234.94k 17252.35k
aes-128 cbc 19425.74k 21193.31k 22065.74k 22304.77k 22380.54k
aes-192 cbc 17452.29k 18883.84k 19536.90k 19741.70k 19800.06k
aes-256 cbc 15815.89k 17003.01k 17530.03k 17695.40k 17746.60k
For some reason AES and blowfish do not benefit, but SHA performance
improves between 1.7x and 15x. SHA256 clearly benefits the most from the
optimization (4.5x on small blocks, 15x on large blocks!).
When using EVP (with "openssl speed -evp <algo>"):
# Before, EVP mode
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
sha1 3824.46k 10049.66k 19170.56k 24947.03k 27325.78k
sha256 3368.33k 8511.15k 16061.44k 20772.52k 22721.88k
sha512 2845.23k 11381.57k 19467.69k 28512.26k 33008.30k
bf-cbc 15146.74k 16623.83k 17092.01k 17211.39k 17249.62k
aes-128-cbc 17873.03k 20870.61k 21933.65k 22216.36k 22301.35k
aes-192-cbc 16184.18k 18607.15k 19447.13k 19670.02k 19737.26k
aes-256-cbc 14774.06k 16757.25k 17457.58k 17639.42k 17686.53k
# After, EVP mode
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
sha1 7056.97k 27142.10k 89515.86k 209155.41k 347419.99k
sha256 7745.70k 29750.06k 95341.48k 211001.69k 332376.75k
sha512 4550.47k 18086.06k 39997.10k 65880.75k 81431.21k
bf-cbc 15129.20k 16619.03k 17090.56k 17212.76k 17246.89k
aes-128-cbc 99619.74k 269032.34k 450214.23k 567353.00k 613933.06k
aes-192-cbc 93180.74k 231017.79k 361766.66k 433671.51k 461731.16k
aes-256-cbc 89343.23k 209858.58k 310160.04k 362234.88k 380878.85k
Blowfish does not seem to have assembler optimization at all, and SHA
still benefits (between 1.6x and 14.5x) but is generally slower than in
non-EVP mode.
However, AES performance is improved between 5.5x and 27.5x, which is
really impressive! For aes-128-cbc on large blocks, a core i7-6600U
@2.60GHz is only twice as fast...
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes in v1.27.0 :
build: Fixed accidental compiler flags concatenation for MSVC (Patch from LazyHamster) (GH-1029)
build: Reduce libxml2 version requirement to 2.6.26 (Patch from Mike Lothian) (GH-1020)
asio: Support for Windows / MinGW (Patch from Daniel Evers) (GH-1027)
h2load: Print out h2 header fields with --verbose option (GH-1015)
nghttpx: Send non-final response to HTTP/1.1 or HTTP/2 client only (GH-1016)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Due a compiler bug on ARM targets
( https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64516 )
unaligned access was disabled on all targets other than i386 and
x86_64 with commit 061319ec3dfe9b6d14af1286a1d9979db56048d7 .
A fix has been added to lzo-2.09 so it is not necessary to disable
unaligned access within the Makefile anymore.
Signed-off-by: Stefan Oberhumer <stefan@obssys.com>
|
|
|
|
|
|
|
|
|
|
| |
Update libnl to 3.3.0
Import patches to fix compilation
Source: https://git.busybox.net/buildroot/tree/package/libnl
Source: https://gitweb.gentoo.org/proj/musl.git/diff/dev-libs/libnl/files/libnl-3.3.0_rc1-musl.patch?id=48d2a287
Use more automatic toolchain logic
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to build conntrack-tools from git, a newer version of
libnetfilter_conntrack is required. As 1.0.6 is currently the latest
release, switch to git.
b0a7cf7 include: expose a copy of nf_conntrack_common.h
f68f7b3 conntrack: fix missing break in setobjopt_undo_dnat()
79dac5a conntrack: revert getobjopt_is_nat() condition
b266523 libnetfilter_conntrack: bump version to 1.0.7
e870432 labels: don't crash on NULL labelmap
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
b39cac7 src: Correct typo in the location of internal.h in #include
58cb066 src: Declare the define visibility attribute together
e84b559 Revert "src: Declare the define visibility attribute together"
003c2b1 examples: set dummy connmark value to show use of NFQA_CT nested attribute
63973da doc: extend the doxygen section about NFQA_CFG_F_GSO
d7f74c7 build: bump version to 1.0.3
3f9eb57 build: bump library release version too
601abd1 doc: Add information about retrieving UID/GID/SECCTX fields
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
|
|
|
|
|
|
| |
As git.netfilter.org seems to support HTTPS, use that instead of HTTP
which is insecure, or GIT which is blocked on many corporate networks.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
|
|
|
|
|
|
|
| |
The nghttp2 library is an implementation of the Hypertext Transfer
Protocol version 2 in C; it supports RFC7540 and RFC7541.
The package enables only the reusable C library; binary size is 130K (X86)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
| |
632688e utils: nuke bitfield functions and macros
f714be1 uloop: make SIGCHLD signal handling optional
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
| |
7a10576 uloop: Fix race condition in SIGCHLD handling
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
| |
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
|
|
|
|
|
|
|
| |
Some symbols have been renamed.
Some are default enabled/disabled, so we need
to adjust semantics against that.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This seems to cause a false-positive warning/error
while building `libwebsockets-cyassl`.
```
make[6]: Leaving directory '/home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1'
make[6]: Entering directory '/home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1'
[ 2%] Building C object CMakeFiles/websockets.dir/lib/base64-decode.c.o
In file included from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/wolfssl/ssl.h:31:0,
from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/cyassl/ssl.h:33,
from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/cyassl/openssl/ssl.h:30,
from /home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1/lib/private-libwebsockets.h:256,
from /home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1/lib/base64-decode.c:43:
/home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/wolfssl/wolfcrypt/settings.h:1642:14: error: #warning "For timing resistance / side-channel attack prevention consider using harden options" [-Werror=cpp]
#warning "For timing resistance / side-channel attack prevention consider using harden options"
```
Hardening is enabled by default in libwolfssl at build-time.
However, the `settings.h` header is exported (along with other headers)
for build (via Build/InstallDev).
This looks like a small bug/issue with wolfssl.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is to eliminate any ambiguity about the cyassl/wolfssl lib.
The rename happened some time ago (~3+ years).
As time goes by, people will start to forget cyassl and
start to get confused about the wolfSSL vs cyassl thing.
It's a good idea to keep up with the times (moving forward).
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
|
|
|
|
|
|
|
| |
Until other packages from feeds decide to rename the
dependency of `+libcyassl` to `+libwolfssl`, this allows
for a bit of backwards compatibility with those packages.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixed an authentication bypass issue in SSL/TLS. When the TLS
authentication mode was set to 'optional',
mbedtls_ssl_get_verify_result() would incorrectly return 0 when the
peer's X.509 certificate chain had more than
MBEDTLS_X509_MAX_INTERMEDIATE_CA intermediates (default: 8), even when
it was not trusted. This could be triggered remotely on both the client
and server side. (Note, with the authentication mode set by
mbedtls_ssl_conf_authmode()to be 'required' (the default), the handshake
was correctly aborted).
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Tested-by: Magnus Kroken <mkroken@gmail.com>
|
|
|
|
|
|
|
| |
24d6eded73de uclient-http: fix Host: header for literal IPv6 addresses
83ce236dab86 uclient-fetch: read_data_cb: fix a potential buffer overflow
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
|
|
| |
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
|
|
|
|
| |
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
|
|
|
| |
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
|
|
|
|
|
| |
It's needed to use the SDK and IB on an OpenWrt/LEDE host.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes some security issues (no remote exploits), and introduces
some changes. See release notes for details:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.5.1-2.1.8-and-1.3.20-released
* Fixes an unlimited overread of heap-based buffers in mbedtls_ssl_read()
* Adds exponent blinding to RSA private operations
* Wipes stack buffers in RSA private key operations (rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt())
* Removes SHA-1 and RIPEMD-160 from the default hash algorithms for certificate verification.
* Fixes offset in FALLBACK_SCSV parsing that caused TLS server to fail to detect it sometimes.
* Tighten parsing of RSA PKCS#1 v1.5 signatures, to avoid a potential Bleichenbacher/BERserk-style attack.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
|
|
|
|
|
|
| |
Also make sure that the PKG_NAME and folder name are equal.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
|
|
| |
Changes since 1.2
a77b0cd Bump version to v1.2.1
5f354cb mips/tilegx: Add missing unwind_i.h header file
620d1c3 Add aarch64 getcontext functionality.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|