[openwrt/openwrt] wolfssl: Update to 5.7.0

Sat Jul 6 09:29:01 PDT 2024

hauke pushed a commit to openwrt/openwrt.git, branch openwrt-23.05:
https://git.openwrt.org/2410b4c07b95e12f1559283fb05fdaa563628d44

commit 2410b4c07b95e12f1559283fb05fdaa563628d44
Author: Hauke Mehrtens <hauke at hauke-m.de>
AuthorDate: Sun Apr 21 17:46:55 2024 +0200

    wolfssl: Update to 5.7.0
    
    This fixes multiple security problems:
     * [High] CVE-2024-0901 Potential denial of service and out of bounds
       read. Affects TLS 1.3 on the server side when accepting a connection
       from a malicious TLS 1.3 client. If using TLS 1.3 on the server side
       it is recommended to update the version of wolfSSL used.
    
     * [Med] CVE-2024-1545 Fault Injection vulnerability in
       RsaPrivateDecryption function that potentially allows an attacker
       that has access to the same system with a victims process to perform
       a Rowhammer fault injection. Thanks to Junkai Liang, Zhi Zhang, Xin
       Zhang, Qingni Shen for the report (Peking University, The University
       of Western Australia)."
    
     * [Med] Fault injection attack with EdDSA signature operations. This
       affects ed25519 sign operations where the system could be susceptible
       to Rowhammer attacks. Thanks to Junkai Liang, Zhi Zhang, Xin Zhang,
       Qingni Shen for the report (Peking University, The University of
       Western Australia).
    
    Size increased a little:
    wolfssl 5.6.6:
    516880 bin/packages/mips_24kc/base/libwolfssl5.6.6.e624513f_5.6.6-stable-r1_mips_24kc.ipk
    wolfssl: 5.7.0:
    519429 bin/packages/mips_24kc/base/libwolfssl5.7.0.e624513f_5.7.0-stable-r1_mips_24kc.ipk
    
    (cherry picked from commit f475a44c03a303851959930030ab9e6acebb81a7)
    Link: https://github.com/openwrt/openwrt/pull/15872
    Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
---
 package/libs/wolfssl/Makefile                                  | 4 ++--
 package/libs/wolfssl/patches/100-disable-hardening-check.patch | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile
index 8477fb85c5..60ba85e15f 100644
--- a/package/libs/wolfssl/Makefile
+++ b/package/libs/wolfssl/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=wolfssl
-PKG_VERSION:=5.6.6-stable
+PKG_VERSION:=5.7.0-stable
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
-PKG_HASH:=3d2ca672d41c2c2fa667885a80d6fa03c3e91f0f4f72f87aef2bc947e8c87237
+PKG_HASH:=2de93e8af588ee856fe67a6d7fce23fc1b226b74d710b0e3946bc8061f6aa18f
 
 PKG_FIXUP:=libtool libtool-abiver
 PKG_INSTALL:=1
diff --git a/package/libs/wolfssl/patches/100-disable-hardening-check.patch b/package/libs/wolfssl/patches/100-disable-hardening-check.patch
index 019645d796..680d3588a6 100644
--- a/package/libs/wolfssl/patches/100-disable-hardening-check.patch
+++ b/package/libs/wolfssl/patches/100-disable-hardening-check.patch
@@ -1,6 +1,6 @@
 --- a/wolfssl/wolfcrypt/settings.h
 +++ b/wolfssl/wolfcrypt/settings.h
-@@ -2774,7 +2774,7 @@ extern void uITRON4_free(void *p) ;
+@@ -2945,7 +2945,7 @@ extern void uITRON4_free(void *p) ;
  
  /* warning for not using harden build options (default with ./configure) */
  /* do not warn if big integer support is disabled */


