ExternalVendorCode/openwrt
1
0
Fork 0
mirror of https://github.com/openwrt/openwrt.git synced 2025-02-20 01:16:23 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

wolfssl: update to v5.5.3

Browse Source 
Remove "200-ecc-rng.patch" because it was upstramed by:
e2566bab21
Refreshed "100-disable-hardening-check.patch".

Fixes CVE 2022-42905.

Release Notes:
- https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable
- https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.3-stable

Signed-off-by: Nick Hainke <vincent@systemli.org>
This commit is contained in:
Nick Hainke 2022-11-16 08:48:02 +01:00 committed by Hauke Mehrtens
parent 68714f2135
commit 745f1ca976
3 changed files with 3 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
package/libs/wolfssl/Makefile
View File

@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=wolfssl
PKG_VERSION:=5.5.1-stable
PKG_VERSION:=5.5.3-stable
PKG_RELEASE:=$(AUTORELEASE)
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
PKG_HASH:=97339e6956c90e7c881ba5c748dd04f7c30e5dbe0c06da765418c51375a6dee3
PKG_HASH:=fd3135b8657d09fb96a8aad16585da850b96ea420ae8ce5ac4d5fdfc614c2683
PKG_FIXUP:=libtool libtool-abiver
PKG_INSTALL:=1

2
package/libs/wolfssl/patches/100-disable-hardening-check.patch
View File

@ -1,6 +1,6 @@
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -2454,7 +2454,7 @@ extern void uITRON4_free(void *p) ;
@@ -2455,7 +2455,7 @@ extern void uITRON4_free(void *p) ;
#endif
/* warning for not using harden build options (default with ./configure) */

50
package/libs/wolfssl/patches/200-ecc-rng.patch
View File

@ -1,50 +0,0 @@
Since commit 6467de5a8840 ("Randomize z ordinates in scalar
mult when timing resistant") wolfssl requires a RNG for an EC
key when the hardened built option is selected.
wc_ecc_set_rng is only available when built hardened, so there
is no safe way to install the RNG to the key regardless whether
or not wolfssl is compiled hardened.
Always export wc_ecc_set_rng so tools such as hostapd can install
RNG regardless of the built settings for wolfssl.
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -12505,21 +12505,21 @@ void wc_ecc_fp_free(void)
#endif /* FP_ECC */
-#ifdef ECC_TIMING_RESISTANT
int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng)
{
int err = 0;
+#ifdef ECC_TIMING_RESISTANT
if (key == NULL) {
err = BAD_FUNC_ARG;
}
else {
key->rng = rng;
}
+#endif
return err;
}
-#endif
#ifdef HAVE_ECC_ENCRYPT
--- a/wolfssl/wolfcrypt/ecc.h
+++ b/wolfssl/wolfcrypt/ecc.h
@@ -656,10 +656,8 @@ WOLFSSL_ABI WOLFSSL_API
void wc_ecc_fp_free(void);
WOLFSSL_LOCAL
void wc_ecc_fp_init(void);
-#ifdef ECC_TIMING_RESISTANT
WOLFSSL_API
int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng);
-#endif
WOLFSSL_API
int wc_ecc_set_curve(ecc_key* key, int keysize, int curve_id);