wolfssl: Bump to 5.5.0-stable

package/libs/wolfssl/Config.in

@@ -16,6 +16,10 @@ config WOLFSSL_HAS_ARC4
 	bool "Include ARC4 support"
 	default y
 
+config WOLFSSL_HAS_CERTGEN
+	bool "Include certificate generation support"
+	default y
+
 config WOLFSSL_HAS_TLSV10
 	bool "Include TLS 1.0 support"
 	default y
@@ -39,13 +43,18 @@ config WOLFSSL_HAS_OCSP
 config WOLFSSL_HAS_WPAS
 	bool "Include wpa_supplicant support"
 	select WOLFSSL_HAS_ARC4
+	select WOLFSSL_HAS_DH
 	select WOLFSSL_HAS_OCSP
 	select WOLFSSL_HAS_SESSION_TICKET
 	default y
 
 config WOLFSSL_HAS_ECC25519
 	bool "Include ECC Curve 25519 support"
-	default n
+	default y
+
+config WOLFSSL_HAS_OPENVPN
+	bool "Include OpenVPN support"
+	default y
 
 config WOLFSSL_ALT_NAMES
 	bool "Include SAN (Subject Alternative Name) support"
@@ -54,6 +63,10 @@ config WOLFSSL_ALT_NAMES
 config WOLFSSL_HAS_DEVCRYPTO
 	bool
 
+config WOLFSSL_ASM_CAPABLE
+	bool
+	default x86_64 || (aarch64 && !TARGET_bcm27xx)
+
 choice
 	prompt "Hardware Acceleration"
 	default WOLFSSL_HAS_NO_HW
@@ -61,6 +74,13 @@ choice
 	config WOLFSSL_HAS_NO_HW
 		bool "None"
 
+	config WOLFSSL_HAS_CPU_CRYPTO
+		bool "Use CPU crypto instructions"
+		depends on WOLFSSL_ASM_CAPABLE
+		help
+		This will use Intel AESNI insturctions or armv8 Crypto Extensions.
+		Either of them should easily outperform hardware crypto in WolfSSL.
+
 	config WOLFSSL_HAS_AFALG
 		bool "AF_ALG"
 

package/libs/wolfssl/Makefile

@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=wolfssl
-PKG_VERSION:=5.2.0-stable
+PKG_VERSION:=5.5.0-stable
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
-PKG_HASH:=409b4646c5f54f642de0e9f3544c3b83de7238134f5b1ff93fb44527bf119d05
+PKG_HASH:=c34b74b5f689fac7becb05583b044e84d3b10d39f38709f0095dd5d423ded67f
 
 PKG_FIXUP:=libtool
 PKG_INSTALL:=1
@@ -25,13 +25,24 @@ PKG_MAINTAINER:=Eneas U de Queiroz <cotequeiroz@gmail.com>
 PKG_CPE_ID:=cpe:/a:wolfssl:wolfssl
 
 PKG_CONFIG_DEPENDS:=\
-	CONFIG_WOLFSSL_HAS_AES_CCM CONFIG_WOLFSSL_HAS_AFALG \
-	CONFIG_WOLFSSL_HAS_ARC4 CONFIG_WOLFSSL_HAS_CHACHA_POLY \
-	CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL \
-	CONFIG_WOLFSSL_HAS_DH CONFIG_WOLFSSL_HAS_DTLS \
-	CONFIG_WOLFSSL_HAS_ECC25519 CONFIG_WOLFSSL_HAS_OCSP \
-	CONFIG_WOLFSSL_HAS_SESSION_TICKET CONFIG_WOLFSSL_HAS_TLSV10 \
-	CONFIG_WOLFSSL_HAS_TLSV13 CONFIG_WOLFSSL_HAS_WPAS CONFIG_WOLFSSL_ALT_NAMES
+	CONFIG_WOLFSSL_HAS_AES_CCM \
+	CONFIG_WOLFSSL_HAS_ARC4 \
+	CONFIG_WOLFSSL_HAS_CERTGEN \
+	CONFIG_WOLFSSL_HAS_CHACHA_POLY \
+	CONFIG_WOLFSSL_HAS_DH \
+	CONFIG_WOLFSSL_HAS_DTLS \
+	CONFIG_WOLFSSL_HAS_ECC25519 \
+	CONFIG_WOLFSSL_HAS_OCSP \
+	CONFIG_WOLFSSL_HAS_OPENVPN CONFIG_WOLFSSL_ALT_NAMES \
+	CONFIG_WOLFSSL_HAS_SESSION_TICKET \
+	CONFIG_WOLFSSL_HAS_TLSV10 \
+	CONFIG_WOLFSSL_HAS_TLSV13 \
+	CONFIG_WOLFSSL_HAS_WPAS \
+	CONFIG_WOLFSSL_HAS_AFALG \
+	CONFIG_WOLFSSL_HAS_CPU_CRYPTO \
+	CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES \
+	CONFIG_WOLFSSL_HAS_DEVCRYPTO_CBC \
+	CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL
 
 include $(INCLUDE_DIR)/package.mk
 

package/libs/wolfssl/patches/100-disable-hardening-check.patch

@@ -1,6 +1,6 @@
 --- a/wolfssl/wolfcrypt/settings.h
 +++ b/wolfssl/wolfcrypt/settings.h
-@@ -2338,7 +2338,7 @@ extern void uITRON4_free(void *p) ;
+@@ -2445,7 +2445,7 @@ extern void uITRON4_free(void *p) ;
  #endif
  
  /* warning for not using harden build options (default with ./configure) */

package/libs/wolfssl/patches/200-ecc-rng.patch

@@ -11,7 +11,7 @@ RNG regardless of the built settings for wolfssl.
 
 --- a/wolfcrypt/src/ecc.c
 +++ b/wolfcrypt/src/ecc.c
-@@ -11655,21 +11655,21 @@ void wc_ecc_fp_free(void)
+@@ -12348,21 +12348,21 @@ void wc_ecc_fp_free(void)
  
  #endif /* FP_ECC */
  
@@ -37,7 +37,7 @@ RNG regardless of the built settings for wolfssl.
  
 --- a/wolfssl/wolfcrypt/ecc.h
 +++ b/wolfssl/wolfcrypt/ecc.h
-@@ -650,10 +650,8 @@ WOLFSSL_API
+@@ -650,10 +650,8 @@ WOLFSSL_ABI WOLFSSL_API
  void wc_ecc_fp_free(void);
  WOLFSSL_LOCAL
  void wc_ecc_fp_init(void);

package/libs/wolfssl/patches/300-fix-SSL_get_verify_result-regression.patch

@@ -1,24 +0,0 @@
-From 87e43dd63ba429297e439f2dfd1ee8b45981e18b Mon Sep 17 00:00:00 2001
-From: Juliusz Sosinowicz <juliusz@wolfssl.com>
-Date: Sat, 12 Feb 2022 00:34:24 +0100
-Subject: [PATCH] Reported in ZD13631
-
-`ssl->peerVerifyRet` wasn't being cleared when retrying with an alternative cert chain
-
-References: https://github.com/wolfSSL/wolfssl/issues/4879
----
- src/internal.c | 3 +++
- 1 file changed, 3 insertions(+)
-
---- a/src/internal.c
-+++ b/src/internal.c
-@@ -12342,6 +12342,9 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte*
-                             }
- 
-                             ret = 0; /* clear errors and continue */
-+                    #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
-+                            ssl->peerVerifyRet = 0;
-+                    #endif
-                             args->verifyErr = 0;
-                         }
- 

package/libs/wolfssl/patches/400-wolfcrypt-src-port-devcrypto-devcrypto_aes.c-remove-.patch

@@ -1,19 +0,0 @@
-From 096889927d9528d4fbeb3aab56d1fe8225d2e7ec Mon Sep 17 00:00:00 2001
-From: Daniel Pouzzner <douzzer@wolfssl.com>
-Date: Thu, 14 Apr 2022 20:23:31 -0500
-Subject: [PATCH] wolfcrypt/src/port/devcrypto/devcrypto_aes.c: remove
- redundant "int ret" in wc_AesCtrEncrypt() (supersedes #5052).
-
-
-diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_aes.c b/wolfcrypt/src/port/devcrypto/devcrypto_aes.c
-index 3bc1d5bb1..28e145e27 100644
---- a/wolfcrypt/src/port/devcrypto/devcrypto_aes.c
-+++ b/wolfcrypt/src/port/devcrypto/devcrypto_aes.c
-@@ -208,7 +208,6 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
-     int ret;
-     struct crypt_op crt;
-     byte* tmp;
--    int ret;
- 
-     if (aes == NULL || out == NULL || in == NULL) {
-         return BAD_FUNC_ARG;