wolfssl: Update to 5.7.0
authorHauke Mehrtens <hauke@hauke-m.de>
Sun, 21 Apr 2024 15:46:55 +0000 (17:46 +0200)
committerHauke Mehrtens <hauke@hauke-m.de>
Sat, 6 Jul 2024 16:27:20 +0000 (18:27 +0200)
This fixes multiple security problems:
 * [High] CVE-2024-0901 Potential denial of service and out of bounds
   read. Affects TLS 1.3 on the server side when accepting a connection
   from a malicious TLS 1.3 client. If using TLS 1.3 on the server side
   it is recommended to update the version of wolfSSL used.

 * [Med] CVE-2024-1545 Fault Injection vulnerability in
   RsaPrivateDecryption function that potentially allows an attacker
   that has access to the same system with a victims process to perform
   a Rowhammer fault injection. Thanks to Junkai Liang, Zhi Zhang, Xin
   Zhang, Qingni Shen for the report (Peking University, The University
   of Western Australia)."

 * [Med] Fault injection attack with EdDSA signature operations. This
   affects ed25519 sign operations where the system could be susceptible
   to Rowhammer attacks. Thanks to Junkai Liang, Zhi Zhang, Xin Zhang,
   Qingni Shen for the report (Peking University, The University of
   Western Australia).

Size increased a little:
wolfssl 5.6.6:
516880 bin/packages/mips_24kc/base/libwolfssl5.6.6.e624513f_5.6.6-stable-r1_mips_24kc.ipk
wolfssl: 5.7.0:
519429 bin/packages/mips_24kc/base/libwolfssl5.7.0.e624513f_5.7.0-stable-r1_mips_24kc.ipk

(cherry picked from commit f475a44c03a303851959930030ab9e6acebb81a7)
Link: https://github.com/openwrt/openwrt/pull/15872
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
package/libs/wolfssl/Makefile
package/libs/wolfssl/patches/100-disable-hardening-check.patch

index 8477fb85c51d4c5f7151d9f61b164a9495b4b6c1..60ba85e15f443575ce2bf83345098adf2a386333 100644 (file)
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=wolfssl
-PKG_VERSION:=5.6.6-stable
+PKG_VERSION:=5.7.0-stable
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
-PKG_HASH:=3d2ca672d41c2c2fa667885a80d6fa03c3e91f0f4f72f87aef2bc947e8c87237
+PKG_HASH:=2de93e8af588ee856fe67a6d7fce23fc1b226b74d710b0e3946bc8061f6aa18f
 
 PKG_FIXUP:=libtool libtool-abiver
 PKG_INSTALL:=1
index 019645d79676c8469c7b860562c2b4bfbdc5d5c2..680d3588a6462c779e91fb9b622d9d8f372773a9 100644 (file)
@@ -1,6 +1,6 @@
 --- a/wolfssl/wolfcrypt/settings.h
 +++ b/wolfssl/wolfcrypt/settings.h
-@@ -2774,7 +2774,7 @@ extern void uITRON4_free(void *p) ;
+@@ -2945,7 +2945,7 @@ extern void uITRON4_free(void *p) ;
  
  /* warning for not using harden build options (default with ./configure) */
  /* do not warn if big integer support is disabled */