wolfssl: bump to 5.2.0
authorEneas U de Queiroz <cotequeiroz@gmail.com>
Fri, 8 Apr 2022 13:27:25 +0000 (10:27 -0300)
committerHauke Mehrtens <hauke@hauke-m.de>
Mon, 11 Apr 2022 19:41:03 +0000 (21:41 +0200)
commite89f3e85eb1c1d81294e5d430a91b0ba625e2ec0
tree27df09977248c3782a86a605119d0f20a2da4127
parentc9c2b01b8441195807e8b492c7d3e385e6c6afdc
wolfssl: bump to 5.2.0

Fixes two high-severity vulnerabilities:

- CVE-2022-25640: A TLS v1.3 server who requires mutual authentication
  can be bypassed.  If a malicious client does not send the
  certificate_verify message a client can connect without presenting a
  certificate even if the server requires one.

- CVE-2022-25638: A TLS v1.3 client attempting to authenticate a TLS
  v1.3 server can have its certificate heck bypassed. If the sig_algo in
  the certificate_verify message is different than the certificate
  message checking may be bypassed.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
package/libs/wolfssl/Makefile
package/libs/wolfssl/patches/100-disable-hardening-check.patch
package/libs/wolfssl/patches/200-ecc-rng.patch
package/libs/wolfssl/patches/300-fix-SSL_get_verify_result-regression.patch