openwrt/package/libs/wolfssl/patches/100-disable-hardening-check.patch
Eneas U de Queiroz ade7c6db1e
wolfssl: bump to 5.4.0
This version fixes two vulnerabilities:
-CVE-2022-34293[high]: Potential for DTLS DoS attack
-[medium]: Ciphertext side channel attack on ECC and DH operations.

The patch fixing x86 aesni build has been merged upstream.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 9710fe70a6)
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-07-16 22:26:51 +02:00

12 lines
469 B
Diff

--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -2442,7 +2442,7 @@ extern void uITRON4_free(void *p) ;
#endif
/* warning for not using harden build options (default with ./configure) */
-#ifndef WC_NO_HARDEN
+#if 0
#if (defined(USE_FAST_MATH) && !defined(TFM_TIMING_RESISTANT)) || \
(defined(HAVE_ECC) && !defined(ECC_TIMING_RESISTANT)) || \
(!defined(NO_RSA) && !defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS) && \