aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEneas U de Queiroz <cotequeiroz@gmail.com>2022-07-15 16:09:58 -0300
committerChristian Marangi <ansuelsmth@gmail.com>2022-07-16 22:26:51 +0200
commitade7c6db1e6c2c0c8d2338948c37cfa7429ebccc (patch)
tree7a592b91a6c559e66032b32452dea0324f1fcaab
parent409534860fd55be8c90ffc4b377ecbb3adb94784 (diff)
downloadupstream-ade7c6db1e6c2c0c8d2338948c37cfa7429ebccc.tar.gz
upstream-ade7c6db1e6c2c0c8d2338948c37cfa7429ebccc.tar.bz2
upstream-ade7c6db1e6c2c0c8d2338948c37cfa7429ebccc.zip
wolfssl: bump to 5.4.0
This version fixes two vulnerabilities: -CVE-2022-34293[high]: Potential for DTLS DoS attack -[medium]: Ciphertext side channel attack on ECC and DH operations. The patch fixing x86 aesni build has been merged upstream. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit 9710fe70a68e0a004b1906db192d7a6c8f810ac5) Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
-rw-r--r--package/libs/wolfssl/Makefile4
-rw-r--r--package/libs/wolfssl/patches/100-disable-hardening-check.patch2
-rw-r--r--package/libs/wolfssl/patches/200-ecc-rng.patch2
-rw-r--r--package/libs/wolfssl/patches/300-AESNI-fix-configure-to-use-minimal-compiler-flags.patch44
4 files changed, 4 insertions, 48 deletions
diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile
index 3edd526364..486eaf70ae 100644
--- a/package/libs/wolfssl/Makefile
+++ b/package/libs/wolfssl/Makefile
@@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=wolfssl
-PKG_VERSION:=5.3.0-stable
+PKG_VERSION:=5.4.0-stable
PKG_RELEASE:=$(AUTORELEASE)
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
-PKG_HASH:=1a3bb310dc01d3e73d9ad91b6ea8249d081016f8eef4ae8f21d3421f91ef1de9
+PKG_HASH:=dc36cc19dad197253e5c2ecaa490c7eef579ad448706e55d73d79396e814098b
PKG_FIXUP:=libtool libtool-abiver
PKG_INSTALL:=1
diff --git a/package/libs/wolfssl/patches/100-disable-hardening-check.patch b/package/libs/wolfssl/patches/100-disable-hardening-check.patch
index 7e473b390b..d3ad2e27bc 100644
--- a/package/libs/wolfssl/patches/100-disable-hardening-check.patch
+++ b/package/libs/wolfssl/patches/100-disable-hardening-check.patch
@@ -1,6 +1,6 @@
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
-@@ -2338,7 +2338,7 @@ extern void uITRON4_free(void *p) ;
+@@ -2442,7 +2442,7 @@ extern void uITRON4_free(void *p) ;
#endif
/* warning for not using harden build options (default with ./configure) */
diff --git a/package/libs/wolfssl/patches/200-ecc-rng.patch b/package/libs/wolfssl/patches/200-ecc-rng.patch
index f1f156a8ae..2e09e6d273 100644
--- a/package/libs/wolfssl/patches/200-ecc-rng.patch
+++ b/package/libs/wolfssl/patches/200-ecc-rng.patch
@@ -11,7 +11,7 @@ RNG regardless of the built settings for wolfssl.
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
-@@ -11655,21 +11655,21 @@ void wc_ecc_fp_free(void)
+@@ -12288,21 +12288,21 @@ void wc_ecc_fp_free(void)
#endif /* FP_ECC */
diff --git a/package/libs/wolfssl/patches/300-AESNI-fix-configure-to-use-minimal-compiler-flags.patch b/package/libs/wolfssl/patches/300-AESNI-fix-configure-to-use-minimal-compiler-flags.patch
deleted file mode 100644
index d65a117d1e..0000000000
--- a/package/libs/wolfssl/patches/300-AESNI-fix-configure-to-use-minimal-compiler-flags.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 9ba77300f9f5dea9f53aed00bf6c33d10b7b2fce Mon Sep 17 00:00:00 2001
-From: Sean Parkinson <sean@wolfssl.com>
-Date: Thu, 7 Jul 2022 09:30:48 +1000
-Subject: [PATCH] AESNI: fix configure to use minimal compiler flags
-
-
-diff --git a/configure.ac b/configure.ac
-index df97ac75c..6abb0c744 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -2142,21 +2142,19 @@ then
- if test "$ENABLED_AESNI" = "yes" || test "$ENABLED_INTELASM" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESNI"
-- if test "$GCC" = "yes"
-+ if test "$CC" != "icc"
- then
-- # clang needs these flags
-- if test "$CC" = "clang"
-- then
-- AM_CFLAGS="$AM_CFLAGS -maes -mpclmul"
-- else
-- # GCC needs these flags, icc doesn't
-- # opt levels greater than 2 may cause problems on systems w/o
-- # aesni
-- if test "$CC" != "icc"
-- then
-- AM_CFLAGS="$AM_CFLAGS -maes -msse4 -mpclmul"
-- fi
-- fi
-+ case $host_os in
-+ mingw*)
-+ # Windows uses intrinsics for GCM which uses SSE4 instructions.
-+ # MSVC has own build files.
-+ AM_CFLAGS="$AM_CFLAGS -maes -msse4 -mpclmul"
-+ ;;
-+ *)
-+ # Intrinsics used in AES_set_decrypt_key (TODO: rework)
-+ AM_CFLAGS="$AM_CFLAGS -maes"
-+ ;;
-+ esac
- fi
- AS_IF([test "x$ENABLED_AESGCM" != "xno"],[AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_AESGCM"])
- fi