From patchwork Sun Jan 29 21:15:11 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?J=C3=B6rg_Krause?= X-Patchwork-Id: 721218 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3vBQKV4C6wz9s3v for ; Mon, 30 Jan 2017 08:15:26 +1100 (AEDT) Authentication-Results: ozlabs.org; dkim=fail reason="key not found in DNS" (0-bit key; unprotected) header.d=embedded.rocks header.i=@embedded.rocks header.b="CPw5cPk0"; dkim-atps=neutral Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 132FB8A198; Sun, 29 Jan 2017 21:15:24 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2iQ7RV5fOJM6; Sun, 29 Jan 2017 21:15:22 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by hemlock.osuosl.org (Postfix) with ESMTP id E1BE88A17A; Sun, 29 Jan 2017 21:15:21 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id 0DFA41BFE54 for ; Sun, 29 Jan 2017 21:15:20 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 0C73487FAD for ; Sun, 29 Jan 2017 21:15:20 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UI5gQJ0o74LH for ; Sun, 29 Jan 2017 21:15:18 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from mout02.posteo.de (mout02.posteo.de [185.67.36.142]) by whitealder.osuosl.org (Postfix) with ESMTPS id 6A0F7875C0 for ; Sun, 29 Jan 2017 21:15:18 +0000 (UTC) Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 3vBQKG6bMPz104r for ; Sun, 29 Jan 2017 22:15:14 +0100 (CET) Authentication-Results: mail.embedded.rocks (amavisd-new); dkim=pass reason="pass (just generated, assumed good)" header.d=embedded.rocks DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=embedded.rocks; h=content-transfer-encoding:content-type:content-type :mime-version:x-mailer:message-id:date:date:subject:subject:from :from:received:received; s=default; t=1485724513; x=1486329314; bh=l3Gr93CHUI1GixMIPBeB3NLp4LBRmDJVCltIbZHwoW4=; b=CPw5cPk09sYv LUBNhh7JxPfVr6wgbednsDY8Xa+TOrvDHRGCVE+MStTaDta28wLInom1e75uKehB lDuNQckDeMeSDm0iPTyJw/dkqdwOwB1CoyZe3AkqaPERIxZ4WOpAbEAvZWE0LDPz onYvoanDcCy1zsFWWSwpMP6QzhC1jEMZynileIQZ+Zs1G4rc2Cmsg6NKkaFMcWYw a1R9CDQkK/K7tL3S/EbDGoZzZVL9YnvaVrYsVix049rupWH0zdBPfrjNAqh5ckWa Ecezyp3NkWbJh6lX3ApXEKouGzD1vjERTqf79Dhwl+hj8+KRdsf8bEcRkyloJ240 oCBSRLmB5Q== Received: from mail.embedded.rocks ([127.0.0.1]) by localhost (mail.embedded.rocks [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id T5FkAxSQWGPJ; Sun, 29 Jan 2017 22:15:13 +0100 (CET) Received: from nzxt.fritz.box (x4d0c9ad6.dyn.telefonica.de [77.12.154.214]) (Authenticated sender: joerg.krause@embedded.rocks) by mail.embedded.rocks (Postfix) with ESMTPSA; Sun, 29 Jan 2017 22:15:13 +0100 (CET) From: =?UTF-8?q?J=C3=B6rg=20Krause?= To: buildroot@buildroot.org Date: Sun, 29 Jan 2017 22:15:11 +0100 Message-Id: <20170129211511.9747-1-joerg.krause@embedded.rocks> X-Mailer: git-send-email 2.11.0 MIME-Version: 1.0 Subject: [Buildroot] [PATCH] package/mbedtls: fix zlib support X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" To enable compression support using zlib it is necessary to uncomment the define for MBEDTLS_ZLIB_SUPPORT in config.h [1]. Note, that enabling TLS compression may make mbedTLS vulnerable to the CRIME attack [1]. It should not be enabled unless is is sure CRIME and similar attacks are not applicable to the particulare situation. As zlib is probably enabled in most systems, maybe it is best to make the compression support a user choice and add the warning from [1]? [1] https://tls.mbed.org/kb/how-to/deflate-compression-in-ssl-tls Signed-off-by: Jörg Krause --- package/mbedtls/mbedtls.mk | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/package/mbedtls/mbedtls.mk b/package/mbedtls/mbedtls.mk index a8bd61f12..7171af9f9 100644 --- a/package/mbedtls/mbedtls.mk +++ b/package/mbedtls/mbedtls.mk @@ -42,6 +42,11 @@ endif ifeq ($(BR2_PACKAGE_ZLIB),y) MBEDTLS_CONF_OPTS += -DENABLE_ZLIB_SUPPORT=ON MBEDTLS_DEPENDENCIES += zlib +define MBEDTLS_ENABLE_ZLIB + $(SED) "s://#define MBEDTLS_ZLIB_SUPPORT:#define MBEDTLS_ZLIB_SUPPORT:" \ + $(@D)/include/mbedtls/config.h +endef +MBEDTLS_POST_PATCH_HOOKS += MBEDTLS_ENABLE_ZLIB else MBEDTLS_CONF_OPTS += -DENABLE_ZLIB_SUPPORT=OFF endif