From: Nick Hainke Date: Wed, 16 Nov 2022 07:48:02 +0000 (+0100) Subject: wolfssl: update to v5.5.3 X-Git-Tag: v21.02.6~129 X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=b33090a0faf73d5d03e96c132c413776d6ed8b87;p=openwrt%2Fstaging%2Fpepe2k.git wolfssl: update to v5.5.3 Remove "200-ecc-rng.patch" because it was upstramed by: https://github.com/wolfSSL/wolfssl/commit/e2566bab2122949a6a0bb2276d0a52598794d7d0 Refreshed "100-disable-hardening-check.patch". Fixes CVE 2022-42905. Release Notes: - https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable - https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.3-stable Signed-off-by: Nick Hainke (cherry picked from commit 745f1ca9767716c43864a2b7a43ed60b16c25560) --- diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile index a1c968b81f..8c59872393 100644 --- a/package/libs/wolfssl/Makefile +++ b/package/libs/wolfssl/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=wolfssl -PKG_VERSION:=5.5.1-stable +PKG_VERSION:=5.5.3-stable PKG_RELEASE:=$(AUTORELEASE) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION) -PKG_HASH:=97339e6956c90e7c881ba5c748dd04f7c30e5dbe0c06da765418c51375a6dee3 +PKG_HASH:=fd3135b8657d09fb96a8aad16585da850b96ea420ae8ce5ac4d5fdfc614c2683 PKG_FIXUP:=libtool libtool-abiver PKG_INSTALL:=1 diff --git a/package/libs/wolfssl/patches/100-disable-hardening-check.patch b/package/libs/wolfssl/patches/100-disable-hardening-check.patch index 01bb5974ba..904b424fa0 100644 --- a/package/libs/wolfssl/patches/100-disable-hardening-check.patch +++ b/package/libs/wolfssl/patches/100-disable-hardening-check.patch @@ -1,6 +1,6 @@ --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h -@@ -2445,7 +2445,7 @@ extern void uITRON4_free(void *p) ; +@@ -2455,7 +2455,7 @@ extern void uITRON4_free(void *p) ; #endif /* warning for not using harden build options (default with ./configure) */ diff --git a/package/libs/wolfssl/patches/110-build-with-libtool-2.4.patch b/package/libs/wolfssl/patches/110-build-with-libtool-2.4.patch index 206c6dac6a..f773df7a89 100644 --- a/package/libs/wolfssl/patches/110-build-with-libtool-2.4.patch +++ b/package/libs/wolfssl/patches/110-build-with-libtool-2.4.patch @@ -1,5 +1,3 @@ -diff --git a/configure.ac b/configure.ac -index 144c857e4..de7f6b45a 100644 --- a/configure.ac +++ b/configure.ac @@ -32,7 +32,7 @@ AC_ARG_PROGRAM @@ -10,4 +8,4 @@ index 144c857e4..de7f6b45a 100644 +LT_PREREQ([2.4]) LT_INIT([disable-static win32-dll]) - #shared library versioning + AC_ARG_VAR(EXTRA_CFLAGS, [Extra CFLAGS to add to autoconf-computed arg list. Can also supply directly to make.]) diff --git a/package/libs/wolfssl/patches/200-ecc-rng.patch b/package/libs/wolfssl/patches/200-ecc-rng.patch deleted file mode 100644 index d68ef7f385..0000000000 --- a/package/libs/wolfssl/patches/200-ecc-rng.patch +++ /dev/null @@ -1,50 +0,0 @@ -Since commit 6467de5a8840 ("Randomize z ordinates in scalar -mult when timing resistant") wolfssl requires a RNG for an EC -key when the hardened built option is selected. - -wc_ecc_set_rng is only available when built hardened, so there -is no safe way to install the RNG to the key regardless whether -or not wolfssl is compiled hardened. - -Always export wc_ecc_set_rng so tools such as hostapd can install -RNG regardless of the built settings for wolfssl. - ---- a/wolfcrypt/src/ecc.c -+++ b/wolfcrypt/src/ecc.c -@@ -12348,21 +12348,21 @@ void wc_ecc_fp_free(void) - - #endif /* FP_ECC */ - --#ifdef ECC_TIMING_RESISTANT - int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng) - { - int err = 0; - -+#ifdef ECC_TIMING_RESISTANT - if (key == NULL) { - err = BAD_FUNC_ARG; - } - else { - key->rng = rng; - } -+#endif - - return err; - } --#endif - - #ifdef HAVE_ECC_ENCRYPT - ---- a/wolfssl/wolfcrypt/ecc.h -+++ b/wolfssl/wolfcrypt/ecc.h -@@ -650,10 +650,8 @@ WOLFSSL_ABI WOLFSSL_API - void wc_ecc_fp_free(void); - WOLFSSL_LOCAL - void wc_ecc_fp_init(void); --#ifdef ECC_TIMING_RESISTANT - WOLFSSL_API - int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng); --#endif - - WOLFSSL_API - int wc_ecc_set_curve(ecc_key* key, int keysize, int curve_id);