mirror of
https://github.com/openwrt/openwrt.git
synced 2025-01-25 13:49:26 +00:00
5b13b0b02c
Bump from 4.8.1-stable to 5.1.1-stable Detailed release notes: https://github.com/wolfSSL/wolfssl/releases Upstreamed patches: 001-Maths-x86-asm-change-asm-snippets-to-get-compiling.patch -fa8f23284d
002-Update-macro-guard-on-SHA256-transform-call.patch -f447e4c1fa
Refreshed patches: 100-disable-hardening-check.patch 200-ecc-rng.patch CFLAG -DWOLFSSL_ALT_CERT_CHAINS replaced to --enable-altcertchains configure option The size of the ipk changed on aarch64 like this: 491341 libwolfssl4.8.1.31258522_4.8.1-stable-7_aarch64_cortex-a53.ipk 520322 libwolfssl5.1.1.31258522_5.1.1-stable-1_aarch64_cortex-a53.ipk Tested-by: Alozxy <alozxy@users.noreply.github.com> Acked-by: Eneas U de Queiroz <cotequeiroz@gmail.com> Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in> (cherry picked from commit 93d91197b98463277b601ec2653351666a4ca4bd)
51 lines
1.2 KiB
Diff
51 lines
1.2 KiB
Diff
Since commit 6467de5a8840 ("Randomize z ordinates in scalar
|
|
mult when timing resistant") wolfssl requires a RNG for an EC
|
|
key when the hardened built option is selected.
|
|
|
|
wc_ecc_set_rng is only available when built hardened, so there
|
|
is no safe way to install the RNG to the key regardless whether
|
|
or not wolfssl is compiled hardened.
|
|
|
|
Always export wc_ecc_set_rng so tools such as hostapd can install
|
|
RNG regardless of the built settings for wolfssl.
|
|
|
|
--- a/wolfcrypt/src/ecc.c
|
|
+++ b/wolfcrypt/src/ecc.c
|
|
@@ -11647,21 +11647,21 @@ void wc_ecc_fp_free(void)
|
|
|
|
#endif /* FP_ECC */
|
|
|
|
-#ifdef ECC_TIMING_RESISTANT
|
|
int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng)
|
|
{
|
|
int err = 0;
|
|
|
|
+#ifdef ECC_TIMING_RESISTANT
|
|
if (key == NULL) {
|
|
err = BAD_FUNC_ARG;
|
|
}
|
|
else {
|
|
key->rng = rng;
|
|
}
|
|
+#endif
|
|
|
|
return err;
|
|
}
|
|
-#endif
|
|
|
|
#ifdef HAVE_ECC_ENCRYPT
|
|
|
|
--- a/wolfssl/wolfcrypt/ecc.h
|
|
+++ b/wolfssl/wolfcrypt/ecc.h
|
|
@@ -647,10 +647,8 @@ WOLFSSL_API
|
|
void wc_ecc_fp_free(void);
|
|
WOLFSSL_LOCAL
|
|
void wc_ecc_fp_init(void);
|
|
-#ifdef ECC_TIMING_RESISTANT
|
|
WOLFSSL_API
|
|
int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng);
|
|
-#endif
|
|
|
|
WOLFSSL_API
|
|
int wc_ecc_set_curve(ecc_key* key, int keysize, int curve_id);
|