diff options
-rw-r--r-- | package/libs/wolfssl/Makefile | 2 | ||||
-rw-r--r-- | package/libs/wolfssl/patches/200-ecc-rng.patch | 50 |
2 files changed, 51 insertions, 1 deletions
diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile index 53cd932d1f..030a0224f5 100644 --- a/package/libs/wolfssl/Makefile +++ b/package/libs/wolfssl/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=wolfssl PKG_VERSION:=4.7.0-stable -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION) diff --git a/package/libs/wolfssl/patches/200-ecc-rng.patch b/package/libs/wolfssl/patches/200-ecc-rng.patch new file mode 100644 index 0000000000..2d33c06209 --- /dev/null +++ b/package/libs/wolfssl/patches/200-ecc-rng.patch @@ -0,0 +1,50 @@ +Since commit 6467de5a8840 ("Randomize z ordinates in scalar +mult when timing resistant") wolfssl requires a RNG for an EC +key when the hardened built option is selected. + +wc_ecc_set_rng is only available when built hardened, so there +is no safe way to install the RNG to the key regardless whether +or not wolfssl is compiled hardened. + +Always export wc_ecc_set_rng so tools such as hostapd can install +RNG regardless of the built settings for wolfssl. + +--- a/wolfcrypt/src/ecc.c ++++ b/wolfcrypt/src/ecc.c +@@ -10293,21 +10293,21 @@ void wc_ecc_fp_free(void) + + #endif /* FP_ECC */ + +-#ifdef ECC_TIMING_RESISTANT + int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng) + { + int err = 0; + ++#ifdef ECC_TIMING_RESISTANT + if (key == NULL) { + err = BAD_FUNC_ARG; + } + else { + key->rng = rng; + } ++#endif + + return err; + } +-#endif + + #ifdef HAVE_ECC_ENCRYPT + +--- a/wolfssl/wolfcrypt/ecc.h ++++ b/wolfssl/wolfcrypt/ecc.h +@@ -584,10 +584,8 @@ WOLFSSL_API + void wc_ecc_fp_free(void); + WOLFSSL_LOCAL + void wc_ecc_fp_init(void); +-#ifdef ECC_TIMING_RESISTANT + WOLFSSL_API + int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng); +-#endif + + WOLFSSL_API + int wc_ecc_set_curve(ecc_key* key, int keysize, int curve_id); |