wolfssl: update to v5.5.3
authorNick Hainke <vincent@systemli.org>
Wed, 16 Nov 2022 07:48:02 +0000 (08:48 +0100)
committerHauke Mehrtens <hauke@hauke-m.de>
Sun, 27 Nov 2022 11:58:33 +0000 (12:58 +0100)
Remove "200-ecc-rng.patch" because it was upstramed by:
https://github.com/wolfSSL/wolfssl/commit/e2566bab2122949a6a0bb2276d0a52598794d7d0
Refreshed "100-disable-hardening-check.patch".

Fixes CVE 2022-42905.

Release Notes:
- https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable
- https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.3-stable

Signed-off-by: Nick Hainke <vincent@systemli.org>
package/libs/wolfssl/Makefile
package/libs/wolfssl/patches/100-disable-hardening-check.patch
package/libs/wolfssl/patches/200-ecc-rng.patch [deleted file]

index 08a1ca7401ed364e47f68c55e9245a06cdad437c..869c8a3d5d36badd4d4d414d69d4f57f2e2af7b9 100644 (file)
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=wolfssl
-PKG_VERSION:=5.5.1-stable
+PKG_VERSION:=5.5.3-stable
 PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
-PKG_HASH:=97339e6956c90e7c881ba5c748dd04f7c30e5dbe0c06da765418c51375a6dee3
+PKG_HASH:=fd3135b8657d09fb96a8aad16585da850b96ea420ae8ce5ac4d5fdfc614c2683
 
 PKG_FIXUP:=libtool libtool-abiver
 PKG_INSTALL:=1
index bc5b27626f6d048678df4884ad94b85531ca1e3c..904b424fa01eb7b7b0c5d722bc4ac403f46cac98 100644 (file)
@@ -1,6 +1,6 @@
 --- a/wolfssl/wolfcrypt/settings.h
 +++ b/wolfssl/wolfcrypt/settings.h
-@@ -2454,7 +2454,7 @@ extern void uITRON4_free(void *p) ;
+@@ -2455,7 +2455,7 @@ extern void uITRON4_free(void *p) ;
  #endif
  
  /* warning for not using harden build options (default with ./configure) */
diff --git a/package/libs/wolfssl/patches/200-ecc-rng.patch b/package/libs/wolfssl/patches/200-ecc-rng.patch
deleted file mode 100644 (file)
index bef2e60..0000000
+++ /dev/null
@@ -1,50 +0,0 @@
-Since commit 6467de5a8840 ("Randomize z ordinates in scalar
-mult when timing resistant") wolfssl requires a RNG for an EC
-key when the hardened built option is selected.
-
-wc_ecc_set_rng is only available when built hardened, so there
-is no safe way to install the RNG to the key regardless whether
-or not wolfssl is compiled hardened.
-
-Always export wc_ecc_set_rng so tools such as hostapd can install
-RNG regardless of the built settings for wolfssl.
-
---- a/wolfcrypt/src/ecc.c
-+++ b/wolfcrypt/src/ecc.c
-@@ -12505,21 +12505,21 @@ void wc_ecc_fp_free(void)
- #endif /* FP_ECC */
--#ifdef ECC_TIMING_RESISTANT
- int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng)
- {
-     int err = 0;
-+#ifdef ECC_TIMING_RESISTANT
-     if (key == NULL) {
-         err = BAD_FUNC_ARG;
-     }
-     else {
-         key->rng = rng;
-     }
-+#endif
-     return err;
- }
--#endif
- #ifdef HAVE_ECC_ENCRYPT
---- a/wolfssl/wolfcrypt/ecc.h
-+++ b/wolfssl/wolfcrypt/ecc.h
-@@ -656,10 +656,8 @@ WOLFSSL_ABI WOLFSSL_API
- void wc_ecc_fp_free(void);
- WOLFSSL_LOCAL
- void wc_ecc_fp_init(void);
--#ifdef ECC_TIMING_RESISTANT
- WOLFSSL_API
- int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng);
--#endif
- WOLFSSL_API
- int wc_ecc_set_curve(ecc_key* key, int keysize, int curve_id);