[openwrt/openwrt] wolfssl: update to v5.5.3
LEDE Commits
lede-commits at lists.infradead.org
Sun Nov 27 08:22:37 PST 2022
hauke pushed a commit to openwrt/openwrt.git, branch openwrt-21.02:
https://git.openwrt.org/b33090a0faf73d5d03e96c132c413776d6ed8b87
commit b33090a0faf73d5d03e96c132c413776d6ed8b87
Author: Nick Hainke <vincent at systemli.org>
AuthorDate: Wed Nov 16 08:48:02 2022 +0100
wolfssl: update to v5.5.3
Remove "200-ecc-rng.patch" because it was upstramed by:
https://github.com/wolfSSL/wolfssl/commit/e2566bab2122949a6a0bb2276d0a52598794d7d0
Refreshed "100-disable-hardening-check.patch".
Fixes CVE 2022-42905.
Release Notes:
- https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable
- https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.3-stable
Signed-off-by: Nick Hainke <vincent at systemli.org>
(cherry picked from commit 745f1ca9767716c43864a2b7a43ed60b16c25560)
---
package/libs/wolfssl/Makefile | 4 +-
.../patches/100-disable-hardening-check.patch | 2 +-
.../patches/110-build-with-libtool-2.4.patch | 4 +-
package/libs/wolfssl/patches/200-ecc-rng.patch | 50 ----------------------
4 files changed, 4 insertions(+), 56 deletions(-)
diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile
index a1c968b81f..8c59872393 100644
--- a/package/libs/wolfssl/Makefile
+++ b/package/libs/wolfssl/Makefile
@@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=wolfssl
-PKG_VERSION:=5.5.1-stable
+PKG_VERSION:=5.5.3-stable
PKG_RELEASE:=$(AUTORELEASE)
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
-PKG_HASH:=97339e6956c90e7c881ba5c748dd04f7c30e5dbe0c06da765418c51375a6dee3
+PKG_HASH:=fd3135b8657d09fb96a8aad16585da850b96ea420ae8ce5ac4d5fdfc614c2683
PKG_FIXUP:=libtool libtool-abiver
PKG_INSTALL:=1
diff --git a/package/libs/wolfssl/patches/100-disable-hardening-check.patch b/package/libs/wolfssl/patches/100-disable-hardening-check.patch
index 01bb5974ba..904b424fa0 100644
--- a/package/libs/wolfssl/patches/100-disable-hardening-check.patch
+++ b/package/libs/wolfssl/patches/100-disable-hardening-check.patch
@@ -1,6 +1,6 @@
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
-@@ -2445,7 +2445,7 @@ extern void uITRON4_free(void *p) ;
+@@ -2455,7 +2455,7 @@ extern void uITRON4_free(void *p) ;
#endif
/* warning for not using harden build options (default with ./configure) */
diff --git a/package/libs/wolfssl/patches/110-build-with-libtool-2.4.patch b/package/libs/wolfssl/patches/110-build-with-libtool-2.4.patch
index 206c6dac6a..f773df7a89 100644
--- a/package/libs/wolfssl/patches/110-build-with-libtool-2.4.patch
+++ b/package/libs/wolfssl/patches/110-build-with-libtool-2.4.patch
@@ -1,5 +1,3 @@
-diff --git a/configure.ac b/configure.ac
-index 144c857e4..de7f6b45a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -32,7 +32,7 @@ AC_ARG_PROGRAM
@@ -10,4 +8,4 @@ index 144c857e4..de7f6b45a 100644
+LT_PREREQ([2.4])
LT_INIT([disable-static win32-dll])
- #shared library versioning
+ AC_ARG_VAR(EXTRA_CFLAGS, [Extra CFLAGS to add to autoconf-computed arg list. Can also supply directly to make.])
diff --git a/package/libs/wolfssl/patches/200-ecc-rng.patch b/package/libs/wolfssl/patches/200-ecc-rng.patch
deleted file mode 100644
index d68ef7f385..0000000000
--- a/package/libs/wolfssl/patches/200-ecc-rng.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-Since commit 6467de5a8840 ("Randomize z ordinates in scalar
-mult when timing resistant") wolfssl requires a RNG for an EC
-key when the hardened built option is selected.
-
-wc_ecc_set_rng is only available when built hardened, so there
-is no safe way to install the RNG to the key regardless whether
-or not wolfssl is compiled hardened.
-
-Always export wc_ecc_set_rng so tools such as hostapd can install
-RNG regardless of the built settings for wolfssl.
-
---- a/wolfcrypt/src/ecc.c
-+++ b/wolfcrypt/src/ecc.c
-@@ -12348,21 +12348,21 @@ void wc_ecc_fp_free(void)
-
- #endif /* FP_ECC */
-
--#ifdef ECC_TIMING_RESISTANT
- int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng)
- {
- int err = 0;
-
-+#ifdef ECC_TIMING_RESISTANT
- if (key == NULL) {
- err = BAD_FUNC_ARG;
- }
- else {
- key->rng = rng;
- }
-+#endif
-
- return err;
- }
--#endif
-
- #ifdef HAVE_ECC_ENCRYPT
-
---- a/wolfssl/wolfcrypt/ecc.h
-+++ b/wolfssl/wolfcrypt/ecc.h
-@@ -650,10 +650,8 @@ WOLFSSL_ABI WOLFSSL_API
- void wc_ecc_fp_free(void);
- WOLFSSL_LOCAL
- void wc_ecc_fp_init(void);
--#ifdef ECC_TIMING_RESISTANT
- WOLFSSL_API
- int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng);
--#endif
-
- WOLFSSL_API
- int wc_ecc_set_curve(ecc_key* key, int keysize, int curve_id);
More information about the lede-commits
mailing list