This enables armv8 crypto extensions version of AES, GHASH, SHA1,
SHA256, and SHA512 algorithms in the kernel.
The choice of algorithms match the 32-bit versions that are enabled in
the target config-5.10 file, but were only used by the cortexa9
subtarget.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit f5167e11bf)
This enables armv8 crypto extensions version of AES, GHASH, SHA256 and
CRC T10 algorithms in the kernel.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit eb33232420)
This enables armv8 crypto extensions version of AES and GHASH algorithms
in the kernel.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit b2cb87bc98)
This enables arm64/neon version of AES, SHA256 and SHA512 algorithms in
the kernel. bcm2711 does not support armv8 crypto extensions, so they
are not included.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 7b6beb7489)
This enables arm64/neon version of AES, SHA256 and SHA512 algorithms in
the kernel. bcm2710 does not support armv8 crypto extensions, so they
are not included.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 38ebb210a9)
This enables AES & SHA CPU instructions for compatible armv8, and x86_64
architectures. Add this to the hardware acceleration choice, since they
can't be enabled at the same time.
The package was marked non-shared, since the arm CPUs may or may not
have crypto extensions enabled based on licensing; bcm27xx does not
enable them. There is no run-time detection of this for arm.
NOTE:
Should this be backported to a release branch, it must be done shortly
before a new minor release, because the change to nonshared will remove
libwolfssl from the shared packages, but the nonshared are only built in
a subsequent release!
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 0a2edc2714)
Enabling different hardware crypto acceleration should not change the
library ABI. Add them to PKG_CONFIG_DEPENDS after the ABI version hash
has been computed.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 677774d445)
Do not include the dnsmasq and odhcpd-ipv6only package by default any
more. These services are not needed on a switch. If someone needs this
it is still possible to use opkg or image builder to add them.
This decreases the compressed image size by about 165KBytes.
Tested-by: Stijn Segers <foss@volatilesystems.org>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 2acebbdcaa)
Flow offload dst can become invalid after the route cache is created.
dst_check() in packet path is necessary to prevent packet drop.
Signed-off-by: Ritaro Takenaka <ritarot634@gmail.com>
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Makes sure that Ninja from staging_dir is used and nowhere else.
Reported by reproducible builds project. Builds have been failing ever
since tools/cmake started using Ninja.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 0d25db7f17)
Compile with Ninja. Ninja compiles faster and is more stable with
parallel builds. Routines copied from cmake.mk.
Speed improves from:
Executed in 127.47 secs fish external
usr time 17.02 mins 446.00 micros 17.02 mins
sys time 1.18 mins 40.00 micros 1.18 mins
to:
Executed in 118.91 secs fish external
usr time 17.28 mins 499.00 micros 17.28 mins
sys time 1.13 mins 45.00 micros 1.13 mins
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 5cff6c1abb)
Changes:
Duncan Roe (5):
nlmsg: Fix a missing doxygen section trailer
build: doc: "make" builds & installs a full set of man pages
build: doc: get rid of the need for manual updating of Makefile
build: If doxygen is not available, be sure to report "doxygen: no" to ./configure
src: doc: Fix messed-up Netlink message batch diagram
Fernando Fernandez Mancera (1):
src: fix doxygen function documentation
Florian Westphal (1):
libmnl: zero attribute padding
Guillaume Nault (1):
callback: mark cb_ctl_array 'const' in mnl_cb_run2()
Kylie McClain (1):
examples: nfct-daemon: Fix test building on musl libc
Laura Garcia Liebana (4):
examples: add arp cache dump example
examples: fix neigh max attributes
examples: fix print line format
examples: reduce LOCs during neigh attributes validation
Pablo Neira Ayuso (3):
doxygen: remove EXPORT_SYMBOL from the output
include: add MNL_SOCKET_DUMP_SIZE definition
build: libmnl 1.0.5 release
Petr Vorel (1):
examples: Add rtnl-addr-add.c
Stephen Hemminger (1):
examples: rtnl-addr-dump: fix typo
igo95862 (1):
doxygen: Fixed link to the git source tree on the website.
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit c3b7389339)
Changes:
c63f193 bump version to 1.0.2
3cffa84 libnfnetlink: Check getsockname() return code
90ba679 include: Silence gcc warning in linux_list.h
bb4f6c8 Make it clear that this library is deprecated
e46569c Minimally resurrect doxygen documentation
5087de4 libnfnetlink: hide private symbols
62ca426 autogen: don't convert __u16 to u_int16_t
efa1d8e src: Use stdint types everywhere
7a1a07c include: Sync with kernel headers
7633f0c libnfnetlink: initialize attribute padding to resolve valgrind warnings
94b68f3 configure: uclinux is also linux
617fe82 src: get source code license header in sync with current licensing terms
97a3960 build: resolve automake-1.12 warnings
Removed the patch 100-missing_include.patch, libnfnetlink compiles fine
with musl without this patch.
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit aecf088b37)
Make cmake depend on ninja, so that other cmake based tools also depend on it
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit d45baa860f)
Speed goes from:
Executed in 178.08 secs fish external
usr time 20.16 mins 509.00 micros 20.16 mins
sys time 2.88 mins 39.00 micros 2.88 mins
To:
Executed in 175.90 secs fish external
usr time 20.19 mins 0.00 micros 20.19 mins
sys time 2.85 mins 497.00 micros 2.85 mins
Tested with "time make -j 12" on AMD Ryzen 3600
When building individual packages, the build time difference is often
significantly bigger than that.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 0c7c24d40a)
+= is needed for CMAKE_OPTIONS.
mt76 needs Ninja disabled as the kernel stuff uses normal make.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 09de28090c)
ninja is faster at building cmake packages than make, and according to reports
also more reliable at handling parallel builds
This commit includes a patch that adds GNU make jobserver support, in order to
allow more precise control over the number of parallel tasks
Enable parallel build by default for packages using ninja
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 97258f5363)
This doesn't make sense at all. For more details see comments in the
original commit.
This reverts commit 4a22f9ad8a.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
This enables armv8 crypto extensions version of AES, GHASH, and CRC T10
algorithms in the kernel.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit eef8fbec8f)
This is mostly a bug fix release, including two that were already
patched here:
- 300-fix-SSL_get_verify_result-regression.patch
- 400-wolfcrypt-src-port-devcrypto-devcrypto_aes.c-remove-.patch
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 73c1fe2890)
This release comes with a security fix related to c_rehash. OpenWrt
does not ship or use it, so it was not affected by the bug.
There is a fix for a possible crash in ERR_load_strings() when
configured with no-err, which OpenWrt does by default.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 7a5ddc0d06)
Remove restrictions on source and destination addresses, which aren't
specified on RFC8415, and for some reason in openwrt are configured
to allow both link-local and ULA addresses.
As cleared out in issue #5066 there are some ISPs that use Gloabal
Unicast addresses, so fix this rule to allow them.
Fixes: #5066
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
[rebase onto firewall3, clarify subject, bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit 65258f5d60)
