ExternalVendorCode/openwrt
1
0
Fork 0
mirror of https://github.com/openwrt/openwrt.git synced 2025-02-21 01:41:41 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity
openwrt/package/libs/wolfssl/patches/100-disable-hardening-check.patch
Petr Štetiar 31bb27f35b wolfssl: bump to 5.1.1-stable 
This is amalgamation of backported changes since 4.7.0-stable release:

 Sergey V. Lobanov (2):

  5b13b0b02c70 wolfssl: update to 5.1.1-stable
  7d376e6e528f libs/wolfssl: add SAN (Subject Alternative Name) support

 Andre Heider (3):

  3f8adcb215ed wolfssl: remove --enable-sha512 configure switch
  249478ec4850 wolfssl: always build with --enable-reproducible-build
  4b212b1306a9 wolfssl: build with WOLFSSL_ALT_CERT_CHAINS

 Ivan Pavlov (1):

  16414718f9ae wolfssl: update to 4.8.1-stable

 David Bauer (1):

  f6d8c0cf2b47 wolfssl: always export wc_ecc_set_rng

 Christian Lamparter (1):

  86801bd3d806 wolfssl: fix Ed25519 typo in config prompt

The diff of security related changes we would need to backport would be
so huge, that there would be a high probability of introducing new
vulnerabilities, so it was decided, that bumping to latest stable
release is the prefered way for fixing following security issues:

 * OCSP request/response verification issue. (fixed in 4.8.0)
 * Incorrectly skips OCSP verification in certain situations CVE-2021-38597 (fixed in 4.8.1)
 * Issue with incorrectly validating a certificate (fixed in 5.0.0)
 * Hang with DSA signature creation when a specific q value is used (fixed in 5.0.0)
 * Client side session resumption issue (fixed in 5.1.0)
 * Potential for DoS attack on a wolfSSL client CVE-2021-44718 (fixed in 5.1.0)
 * Non-random IV values in certain situations CVE-2022-23408 (fixed in 5.1.1)

Cc: Hauke Mehrtens <hauke@hauke-m.de>
Cc: Eneas U de Queiroz <cotequeiroz@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2022-02-21 07:37:57 +01:00

12 lines
469 B
Diff
Raw Blame History

--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -2346,7 +2346,7 @@ extern void uITRON4_free(void *p) ;
#endif
/* warning for not using harden build options (default with ./configure) */
-#ifndef WC_NO_HARDEN
+#if 0
#if (defined(USE_FAST_MATH) && !defined(TFM_TIMING_RESISTANT)) || \
(defined(HAVE_ECC) && !defined(ECC_TIMING_RESISTANT)) || \
(!defined(NO_RSA) && !defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS) && \
Reference in New Issue View Git Blame Copy Permalink