git.openwrt.org Git - openwrt/staging/jow.git/commit

author	Hauke Mehrtens <hauke@hauke-m.de>
	Sun, 21 Apr 2024 15:46:55 +0000 (17:46 +0200)
committer	Hauke Mehrtens <hauke@hauke-m.de>
	Sat, 6 Jul 2024 16:27:20 +0000 (18:27 +0200)
commit	2410b4c07b95e12f1559283fb05fdaa563628d44
tree	4d1a0bfa129e211efb97dca5b455da305afc0821	tree \| snapshot
parent	97c588e1bab1569199e1c8b70bb807031c4735a5	commit \| diff

wolfssl: Update to 5.7.0

This fixes multiple security problems:
* [High] CVE-2024-0901 Potential denial of service and out of bounds
   read. Affects TLS 1.3 on the server side when accepting a connection
   from a malicious TLS 1.3 client. If using TLS 1.3 on the server side
   it is recommended to update the version of wolfSSL used.

* [Med] CVE-2024-1545 Fault Injection vulnerability in
   RsaPrivateDecryption function that potentially allows an attacker
   that has access to the same system with a victims process to perform
   a Rowhammer fault injection. Thanks to Junkai Liang, Zhi Zhang, Xin
   Zhang, Qingni Shen for the report (Peking University, The University
   of Western Australia)."

* [Med] Fault injection attack with EdDSA signature operations. This
   affects ed25519 sign operations where the system could be susceptible
   to Rowhammer attacks. Thanks to Junkai Liang, Zhi Zhang, Xin Zhang,
   Qingni Shen for the report (Peking University, The University of
   Western Australia).

Size increased a little:
wolfssl 5.6.6:
516880 bin/packages/mips_24kc/base/libwolfssl5.6.6.e624513f_5.6.6-stable-r1_mips_24kc.ipk
wolfssl: 5.7.0:
519429 bin/packages/mips_24kc/base/libwolfssl5.7.0.e624513f_5.7.0-stable-r1_mips_24kc.ipk

(cherry picked from commit f475a44c03a303851959930030ab9e6acebb81a7)
Link: https://github.com/openwrt/openwrt/pull/15872
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

package/libs/wolfssl/Makefile		diff \| blob \| history
package/libs/wolfssl/patches/100-disable-hardening-check.patch		diff \| blob \| history