The OCEDO Raccoon had significant packet-loss with cables longer than 50
meter. Disabling EEE restores normal operation.
Also change the ethernet config to reduce loss on sub-1G links.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 4551bfd91f)
Required to allow sysupgrades from OpenWrt 19.07.
Closes#7071
Fixes: 98fbf2edc0 ("ath79: move TPLINK_HWID/_HWREV to parent for tplink-safeloader")
Tested-by: J. Burfeind <git@aiyionpri.me>
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit 8ba71f1f6f)
When using external targets there is a symlink being created for the
target under target/linux which then becomes dangling under Image
Builder. Fix it by dereferencing the possible symlink.
Tested on IB with external target, ipq40xx and mvebu.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 621f39d1f4)
While it hasn't always been clear whether the "AP" is part of the model
name on the Ubiquiti website, we include it for all other pre-AC
variants (AP Pro and the AP Outdoor+). Add it to the original UniFi AP
as well for consistency.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit dc23df8a8c)
The label has the MAC address of eth0, not the WLAN PHY address.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit 2a02b70499)
uDPU provides a FIT based initramfs, but currently gets stuck after U-boot
starts the kernel at "Starting kernel..".
It is due to the load address being too low, so increase it in order to get
the initramfs booting again.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
(cherry picked from commit 80f21e5336)
uDPU has 2 LM75 compatible temperature sensors, so include the driver for
them by default in order to utilize them.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
(cherry picked from commit a8b2d35903)
Remove "a" character from the first line of patch
738-v5.14-01-net-dsa-qca8k-fix-an-endian-bug-in-qca8k-get-ethtool.patch
Otherwise `git am` fails to apply this patch which is annoying when
trying to do some development / rebasing.
Signed-off-by: Marek Behún <kabel@kernel.org>
(cherry picked from commit f811c33b19)
a20-olinuxino-lime2 is currently having hard time with link detection of
certain 1000Mbit partners due to usage of generic PHY driver, probably
due to following missing workaround introduced in upstream in commit
3aed3e2a143c ("net: phy: micrel: add Asym Pause workaround"):
The Micrel KSZ9031 PHY may fail to establish a link when the Asymmetric
Pause capability is set. This issue is described in a Silicon Errata
(DS80000691D or DS80000692D), which advises to always disable the
capability. This patch implements the workaround by defining a KSZ9031
specific get_feature callback to force the Asymmetric Pause capability
bit to be cleared.
This fixes issues where the link would not come up at boot time, or when
the Asym Pause bit was set later on.
As a20-olinuxino-lime2 has Micrel KSZ9031RNXCC-TR Gigabit PHY since
revision H, so we need to use Micrel PHY driver on those devices.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit ffa1088f63)
Tavis has just reported, that he was recently trying to track down a
reproducible crash in a compressor. Believe it or not, it really was a
bug in zlib-1.2.11 when compressing (not decompressing!) certain inputs.
Tavis has reported it upstream, but it turns out the issue has been
public since 2018, but the patch never made it into a release. As far as
he knows, nobody ever assigned it a CVE.
Suggested-by: Tavis Ormandy <taviso@gmail.com>
References: https://www.openwall.com/lists/oss-security/2022/03/24/1
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit b3aa2909a7)
391a9fbd5ace dns: fix parsing vlan encapsulated protocol
6aeeddbc91ad interface: extend dns filters to cover vlan tagged traffic as well
1ab53d4ca601 bpf: return TC_ACT_UNSPEC to allow other filters to proceed
ca21e729af23 interface: switch to using clsact for filters
5d158f6b3c15 interface: run ingress bpf filter on main device ingress instead of ifb egress
bdfcb11847ce interface: fix duplicated dns filter line
b97405aa632a Revert "ubus: remove dnsmasq subscriber"
8fbaf39dbc95 interface: rework adding/removing filters, do not delete clsact
d7ba5804eae4 interface: replace open-coded ifb-dns string with QOSIFY_DNS_IFNAME
91cf440db9e2 loader: fix use of deprecated functions
57c7817f91c2 qosify: fix dscp values of ubus-added dns host entries
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit af434e0da2)
Albeit a separate crypto module, lzo-rle uses the same kernel library as lzo.
Crypto API users (zram, for example) expect both lzo and lzo-rle to be
available, so let's include lzo-rle (about 5.5 kiB) in the lib-lzo package.
Based on e9hack's original patch: https://patchwork.ozlabs.org/project/openwrt/patch/541cbfbd-76f2-59b3-a867-47b6f0fc7da9@gmail.com/
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit aaa0c09785)
As the upcoming release will be based on Linux 5.10 only, remove all
kernel configuration as well as patches for Linux 5.4.
There were no targets still actively using Linux 5.4.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 3a14580411)
Also known as the "Xiaomi Router AX3200" in western markets,
but only the AX6S is widely installation-capable at this time.
SoC: MediaTek MT7622B
RAM: DDR3 256 MiB (ESMT M15T2G16128A)
Flash: SPI-NAND 128 MiB (ESMT F50L1G41LB or Gigadevice GD5F1GQ5xExxG)
WLAN: 2.4/5 GHz 4T4R
2.4 GHz: MediaTek MT7622B
5 GHz: MediaTek MT7915E
Ethernet: 4x 10/100/1000 Mbps
Switch: MediaTek MT7531B
LEDs/Keys: 2/2 (Internet + System LED, Mesh button + Reset pin)
UART: Marked J1 on board VCC RX GND TX, beginning from "1". 3.3v, 115200n8
Power: 12 VDC, 1.5 A
Notes:
U-Boot passes through the ethaddr from uboot-env partition,
but also has been known to reset it to a generic mac address
hardcoded in the bootloader.
However, bdata is also populated with the ethernet mac addresses,
but is also typically never written to. Thus this is used instead.
Installation:
1. Flash stock Xiaomi "closed beta" image labelled
'miwifi_rb03_firmware_stable_1.2.7_closedbeta.bin'.
(MD5: 5eedf1632ac97bb5a6bb072c08603ed7)
2. Calculate telnet password from serial number and login
3. Execute commands to prepare device
nvram set ssh_en=1
nvram set uart_en=1
nvram set boot_wait=on
nvram set flag_boot_success=1
nvram set flag_try_sys1_failed=0
nvram set flag_try_sys2_failed=0
nvram commit
4. Download and flash image
On computer:
python -m http.server
On router:
cd /tmp
wget http://<IP>:8000/factory.bin
mtd -r write factory.bin firmware
Device should reboot at this point.
Reverting to stock:
Stock Xiaomi recovery tftp that accepts their signed images,
with default ips of 192.168.31.1 + 192.168.31.100.
Stock image should be renamed to tftp server ip in hex (Eg. C0A81F64.img)
Triggered by holding reset pin on powerup.
A simple implementation of this would be via dnsmasq's
dhcp-boot option or using the vendor's (Windows only)
recovery tool available on their website.
Signed-off-by: Richard Huynh <voxlympha@gmail.com>
(cherry picked from commit 9f9477b275)
Some units of the Xiaomi Redmi Router AX6S/Xiaomi Router AX3200 contain this part.
Signed-off-by: Richard Huynh <voxlympha@gmail.com>
(cherry picked from commit 4177de10df)
The maintainer-tools.git script still defaults to `http` while
eveyrthing moved over to `https`. This commit switches VERSION_REPO
again back to encrypted connections.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Telco X1 Pro is a Cat12 LTE-A Pro modem router.
Vendor firmware is based on a recent version of OpenWrt.
Flashing is possible via CLI using sysupgrade -F -n
The serial headers allow bootloader and console access
Serial setting: 115200 8N1
Brief Specifications:
IPQ4019 SoC
32MB flash
512MB RAM
4x gigabit LAN
1x gigabit WAN
Dual-band Wave-2 wifi
2x SMA LTE antenna connectors
2x RP-SMA wifi antennas
1x USB 2.0 port
1x Reset button
Serial headers installed
1x Nano SIM tray
1x Quectel EM-12G LTE-A Pro modem
1x M.2 slot attached to USB 3.0
1x internal micro SD card slot
Signed-off-by: Nicholas Smith <nicholas@nbembedded.com>
Specifications:
- SoC: MediaTek MT7621AT
- RAM: 128 MB (DDR3)
- Flash: 16 MB (SPI NOR)
- WiFi: MT7615N (2.4GHz) and MT7615N (5Ghz)
- Switch: 1 WAN, 4 LAN (Gigabit)
- Buttons: Reset, WiFi Toggle, WPS
- LEDs: Power, Internet, WiFi 2.4G WiFi 5G
The R1 revision is identical to the A1 revision except
- No Config2 Parition, therefore
- factory partition resized to 64k from 128K
- Firmware partition offset is 0x50000 not 0x60000
- Firmware partitions size increased by 64K
- Firmware partition type is "denx,uimage", not "sge,uimage"
- Padding of image creation "uimage-padhdr 96" removed
Installation:
Update to the last D-Link firmware through web-ui before OpenWRT
installation then follow the instructions to patch your device using
D-Link FailsafeUI.
- D-Link FailsafeUI:
Power down the router, press and hold the reset button, then
re-plug it. Keep the reset button pressed until the internet LED stops
flashing, then jack into any lan port and manually assign a static IP
address in 192.168.0.0/24 other than 192.168.0.1 (e.g. 192.168.0.2)
and go to http://192.168.0.1
Flash with the factory image.
Signed-off-by: Igor Nazarov <tigron.dev@gmail.com>
A service managed by procd does have a json object with usefull information.
This information could by dumped with the following command.
ubus call service list "{ 'verbose':true, 'name': '<service-name>)'". }"
This line is long and complicated to enter. This commit adds a wrapper
call to the procd service section tool to simplify the input and get the
output faster.
We could now enter the command /etc/initd/<service> info to get the info
faster.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
The service command belongs to the procd and does not belong in the
shinit. In the course of the move, the script was also checked with
shellcheck and cleaned up.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Add a patch to add some missing init_extensions{a,b}() calls
Package lib{arp,eb}t_*.so
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
This allows to install ip6tables-nft without iptables-nft
This prepare the addition of {arp,eb}tables-nft
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
This prepare the introduction of ebtables-nft.
Add PROVIDES so dependencies are not broken,
use ALTERNATIVES.
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
This prepare the introduction of arptables-nft.
Add PROVIDES so dependencies are not broken,
use ALTERNATIVES.
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
HOST_PATCH_DIR is used for host patches, not PATCH_DIR.
Fixes refreshing patches with a custom HOST_PATCH_DIR.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
- Binary files were renamed to cyfmac from brcmfmac, but the files needs
to be on the router with the previous naming
[ 6.656165] brcmfmac: brcmf_fw_alloc_request: using brcm/brcmfmac43455-sdio for chip BCM4345/6
[ 6.665182] brcmfmac mmc1:0001:1: Direct firmware load for brcm/brcmfmac43455-sdio.bin failed with error -2
[ 6.674928] brcmfmac mmc1:0001:1: Falling back to sysfs fallback for: brcm/brcmfmac43455-sdio.bin
- Cypress were acquired by Infineon Technologies
Thus change the project URL and switch to download files from their
GitHub repository. This is much better than the previous solution, which
requires finding new threads on their community forum about new driver
updates, and it will be necessary to change the URL each time.
Unfortunately, it seems that there is not published changelog, but
according to this forum thread [1], be careful by opening the link from
solution since it contains ending bracket ), it brings fixes for various
security vulnerabilities, which were fixed in 7_45_234.
Fixes:
- FragAttacks
- Kr00k
Also add LICENSE file
Run tested on Seeedstudio router powered by Raspberry Pi 4 CM with
package cypress-firmware-43455-sdio.
Before:
root@OpenWrt:~# dmesg | grep 'Firmware: BCM4345/6'
[ 6.895050] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM4345/6 wl0: Mar 23 2020 02:20:01 version 7.45.206 (r725000 CY) FWID 01-febaba43
After:
root@OpenWrt:~# dmesg | grep 'Firmware: BCM4345/6'
[ 6.829805] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM4345/6 wl0: Apr 15 2021 03:03:20 version 7.45.234 (4ca95bb CY) FWID 01-996384e2
[1] https://community.infineon.com/t5/Wi-Fi-Bluetooth-for-Linux/Outdated-brcmfmac-firmware-for-Raspberry-Pi-4-in-OpenWrt-21-02-1/m-p/331593#M2269
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Some vendors like Seeedstudio in their product [1] with Raspberry Pi
Compute Module 4 uses Microchip LAN7800 (USB 3.0 to Gigabit
Ethernet Bridge) - USB 3.0 extended from PCIe of CM4.
lsusb output:
```
Bus 002 Device 002: ID 0424:7800 Microchip LAN7800
```
Raspberry Pi 4 and even Compute Module 4 has many resources available
and for just one kernel module it is not necessary to add additional specific CM4 profiles.
Let's include it by default, so the both Ethernet ports will be usable
to have better user-experience. Because previous generation of Raspberry
Pi included LAN7800 Gigabit Ethernet by default and it is enabled there
[2] in kernel without additional kernel module, which was added recently [3].
After this commit in dmesg can be found this:
```
root@OpenWrt:~# dmesg | grep lan
[ 7.038889] lan78xx 2-3:1.0 (unnamed net_device) (uninitialized): int urb period 64
[ 7.090484] usbcore: registered new interface driver lan78xx
```
Tested and works with sysupgrade image.
[1] https://www.seeedstudio.com/Dual-GbE-Carrier-Board-with-4GB-RAM-32GB-eMMC-RPi-CM4-Case-p-5029.html
[2] 32c74552b2/target/linux/bcm27xx/bcm2709/config-5.4 (L437)
[3] 31647d8be8
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
drop the use of LIB_SUFFIX
Fixes: 00cbf6f6ab ("bpftools: update to standalone bpftools + libbpf, use the latest version")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Kernel 5.6 introduced a new config symbol SERIAL_8250_16550A_VARIANTS.
In kernel 5.8, this symbol was changed to default to on on !x86, as some
embedded devices still use 16650A variants. Let's play safe here and
enable this symbol in the generic config, to avoid others from running
into this problem and having to spend several hours trying to bisect
this problem. While we could disable the symbol in the x86 target
configs, a 20ms boot time reduction really isn't worth the time wasted
on bisecting this issue.
Matt discovered this problem while working on adding support for the
WatchGuard Firebox M200 to the qoriq target, where it caused some
characters to be missing on the console output.
Reported-by: Matt Fawcett <mattytap@icloud.com>
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Rui Salvaterra <rsalvaterra@gmail.com>
- fix eth0 eth1 sharing same mac so it conforms to the behavior stated
in the original commit and the way it is in vendor firmware :
WAN is label, LAN is label +1 and WLAN is label +2
- add default leds config
- add default network config
Signed-off-by: Pascal Coudurier <coudu@wanadoo.fr>
Buildbot has reported following issue while crunching mpc85xx/p1010
subtarget:
Extreme Networks WS-AP3825i (WS_AP3825I) [N/y/?] (NEW)
Fix it by disabling that config symbol in target kernel config and while
at it fix DTS whitespace issue.
Fixes: 7e614820a8 ("mpc85xx: add support for Extreme Networks WS-AP3825i")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Without a partition subnode ofpart_core still parses direct subnodes as
partitions, but it ignores nodes with a compatible property. Due to
this, the switch to nvmem-cells made the urlader partition inaccessible.
As a result, the wireless network was broken, as the calibration data
is read from that partition by a script.
Fixes: #8983
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
The &spi node has #address-cells = <1> and #size-cells = <0>. Drop the
extra 0 in the reg property from the SPI flash node to ensure it's
number of cells matches the definition in the parent node. This also
makes the reg property for the SPI flash node consistent with all other
VR9 boards.
Fixes: eae6cac6a3 ("lantiq: add support for AVM FRITZ!Box 7362 SL")
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Timo Schroeder reported:
"The TP-Link Archer VR2600v is stuck in a boot loop on written
snapshot image. It's able to boot using the snapshot uimage
though, but there ath10k firmware can't be found.
21.02.2 release version doesn't have either problem."
The VR2600v has a 512 byte header at the beginning of the
firmware that needs to be accounted for.
Fixes: f6a01d7f5c ("ipq806x: convert TP-Link Archer VR2600v to denx,uimage")
Reported-by: Timo Schroeder <der.timosch@gmail.com>
References: <https://github.com/openwrt/openwrt/issues/9467>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Hardware:
- SoC: Freescale P1020
- CPU: 2x e500v2 @ 800MHz
- Flash: 64MiB NOR (1x Intel JS28F512)
- Memory: 256MiB (2x ProMOS DDR3 V73CAG01168RBJ-I9H 1Gb)
- WiFi1: 2.4+5GHz abgn 3x3 (Atheros AR9590)
- Wifi2: 5GHz an+ac 3x3 (Qualcomm Atheros QCA9890)
- ETH: 2x PoE Gigabit Ethernet (2x Atheros AR8035)
- Power: 12V (center-positive barrel) or 48V PoE (active or passive)
- Serial: Cisco-compatible RJ45 next to 12V power socket (115200 baud)
- LED Driver: TI LV164A
- LEDs: (not functioning)
- 2x Power (Green + Orange)
- 4x ETH (ETH1 + ETH2) x (Green + Orange)
- 2x WiFi (WiFi2 + WiFi1)
Installation:
1. Grab the OpenWrt initramfs <openwrt-initramfs-bin>, e.g.
openwrt-mpc85xx-p1020-extreme-networks_ws-ap3825i-initramfs-kernel.bin.
Place it in the root directory of a DHCP+TFTP server, e.g. OpenWrt
`dnsmasq` with configuration `dhcp.server.enable_tftp='1'`.
2. Connect to the serial port and boot the AP with options
e.g. 115200,N,8. Stop autoboot in U-Boot by pressing Enter after
'Scanning JFFS2 FS:' begins, then waiting for the prompt to be
interrupted. Credentials are identical to the one in the APs
interface. By default it is admin / new2day: if these do not work,
follow the OEM's reset procedure using the reset button.
3. Set the bootcmd so the AP can boot OpenWrt by executing:
```uboot
setenv boot_openwrt "cp.b 0xEC000000 0x2000000 0x2000000; interrupts off; bootm start 0x2000000; bootm loados; fdt resize; fdt boardsetup; fdt chosen; bootm prep; bootm go;"
setenv bootcmd "run boot_openwrt"
saveenv
```
If you plan on going back to the vendor firmware - the bootcmd for it
is stored in the boot_flash variable.
4. Load the initramfs image to RAM and boot by executing
```uboot
setenv ipaddr <ipv4 client address>;
setenv serverip <tftp server address>;
tftpboot 0x2000000 <openwrt-initramfs-bin>;
interrupts off;
bootm start 0x2000000;
bootm loados;
fdt resize;
fdt boardsetup;
fdt chosen;
bootm prep;
bootm go;
```
5. Make a backup of the "firmware" partition if you ever wish to go back
to the vendor firmware.
6. Upload the OpenWrt sysupgrade image via SCP to the devices /tmp
folder.
7. Flash OpenWrt using sysupgrade.
```ash
sysupgrade /tmp/<openwrt-sysupgrade-bin>
```
Notes:
- We must step through the `bootm` process manually to avoid fdt
relocation. To explain: the stock U-boot (and stock Linux) are configured
with a very large CONFIG_SYS_BOOTMAPSZ (and the device's stock Linux
kernel is configured to be able to handle it). The U-boot version
predates the check for the `fdt_high` variable, meaning that upon fdt
relocation, the fdt can (and will) be moved to a very high address; the
default appears to be 0x9ffa000. This address is so high that when the
Linux kernel starts reading the fdt at the beginning of the boot process,
it encounters a memory access exception and panics[5]. While it is
possible to reduce the highest address the fdt will be relocated to by
setting `bootm_size`, this also has the side effect of limiting the
amount of RAM the kernel can use[3].
- Because it is not relocated, the flattened device tree needs to be
padded in the build process to guarantee that `fdt resize` has
enough space.
- The primary ethernet MAC address is stored (and set) in U-boot; they are
shimmed into the device tree by 'fdt boardsetup' through the
'local-mac-address' property of the respective ethernet node, so OpenWrt
does not need to set this at runtime. Note that U-boot indexes the
ethernet nodes by alias, which is why the device tree explicitly aliases
ethernet1 to enet2.
- LEDs do not function under OpenWrt. Each of 8 LEDs is connected to an
output of a TI LV164A shift register, which is wired to GPIO lines and
operates through bit-banged SPI. Unfortunately, I am unable to get the
spi-gpio driver to recognize the `led_spi` device tree node at all, as
confirmed by patching in printk messages demonstrating
spi-gpio.c::spi_gpio_probe never runs. It is possible to manually
articulate the shift register by exporting the GPIO lines and stepping
their values through the sysfs.
- Though they do not function under OpenWrt, I have left the pinout details
of the LEDs and shift register in the device tree to represent real
hardware.
- An archive of the u-boot and Linux source for the AP3825i (which is one
device of a range of devices code-named 'CHANTRY') be found here[1].
- The device has an identical case to both the Enterasys WS-AP3725i and
Adtran BSAP-2030[2] (and potentially other Adtran BSAPs). Given that
there is no FCC ID for the board itself (only its WLAN modules), it's
likely these are generic boards, and even that the WS-AP3725i is
identical, with only a change in WLAN card. I have ordered one to confirm
this.
- For additional information: the process of porting the board is
documented in an OpenWrt forum thread[4].
[1]: magnet:?xt=urn:btih:f5306a5dfd06d42319e4554565429f84dde96bbc
[2]: https://forum.openwrt.org/t/support-for-adtran-bluesocket-bsap-2030/48538
[3]: https://forum.openwrt.org/t/adding-openwrt-support-for-ws-ap3825i/101168/29
[4]: https://forum.openwrt.org/t/adding-openwrt-support-for-ws-ap3825i/101168
[5]: https://forum.openwrt.org/t/adding-openwrt-support-for-ws-ap3825i/101168/26
Tested-by: Martin Kennedy <hurricos@gmail.com>
Signed-off-by: Martin Kennedy <hurricos@gmail.com>
Rootfs overlays get created at a ROOTDEV_OVERLAY_ALIGN (64KiB)
alignment after the rootfs, but emmc_do_upgrade() is assuming
it comes at the very next 512-byte sector.
Suggested-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
(move spaces around, mention fstools' libtoolfs)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This is a bugfix release. Changelog:
*) Fixed a bug in the BN_mod_sqrt() function that can cause it to loop
forever for non-prime moduli. (CVE-2022-0778)
*) Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK
(RFC 5489) to the list of ciphersuites providing Perfect Forward
Secrecy as required by SECLEVEL >= 3.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>