openwrt/upstream - upstream openwrt

	Commit message (Collapse)	Author	Age	Files	Lines
*	wolfssl: bump to 5.4.0	Eneas U de Queiroz	2022-10-05	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \|	This version fixes two vulnerabilities: -CVE-2022-34293[high]: Potential for DTLS DoS attack -[medium]: Ciphertext side channel attack on ECC and DH operations. The patch fixing x86 aesni build has been merged upstream. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit 9710fe70a68e0a004b1906db192d7a6c8f810ac5) Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit ade7c6db1e6c2c0c8d2338948c37cfa7429ebccc)
*	wolfssl: bump to 5.2.0	Eneas U de Queiroz	2022-04-11	1	-2/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Fixes two high-severity vulnerabilities: - CVE-2022-25640: A TLS v1.3 server who requires mutual authentication can be bypassed. If a malicious client does not send the certificate_verify message a client can connect without presenting a certificate even if the server requires one. - CVE-2022-25638: A TLS v1.3 client attempting to authenticate a TLS v1.3 server can have its certificate heck bypassed. If the sig_algo in the certificate_verify message is different than the certificate message checking may be bypassed. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit e89f3e85eb1c1d81294e5d430a91b0ba625e2ec0)
*	wolfssl: update to 5.1.1-stable	Sergey V. Lobanov	2022-02-13	1	-2/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Bump from 4.8.1-stable to 5.1.1-stable Detailed release notes: https://github.com/wolfSSL/wolfssl/releases Upstreamed patches: 001-Maths-x86-asm-change-asm-snippets-to-get-compiling.patch - https://github.com/wolfSSL/wolfssl/commit/fa8f23284d4689c2a737204b337b58d966dcbd8c 002-Update-macro-guard-on-SHA256-transform-call.patch - https://github.com/wolfSSL/wolfssl/commit/f447e4c1fa4c932c0286fa0331966756e243db81 Refreshed patches: 100-disable-hardening-check.patch 200-ecc-rng.patch CFLAG -DWOLFSSL_ALT_CERT_CHAINS replaced to --enable-altcertchains configure option The size of the ipk changed on aarch64 like this: 491341 libwolfssl4.8.1.31258522_4.8.1-stable-7_aarch64_cortex-a53.ipk 520322 libwolfssl5.1.1.31258522_5.1.1-stable-1_aarch64_cortex-a53.ipk Tested-by: Alozxy <alozxy@users.noreply.github.com> Acked-by: Eneas U de Queiroz <cotequeiroz@gmail.com> Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in> (cherry picked from commit 93d91197b98463277b601ec2653351666a4ca4bd)
*	wolfssl: update to 4.8.1-stable	Ivan Pavlov	2021-10-22	1	-2/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	Changes from 4.7.0: Fix one high (OCSP verification issue) and two low vulnerabilities Improve compatibility layer Other improvements and fixes For detailed changes refer to https://github.com/wolfSSL/wolfssl/releases Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com> (cherry picked from commit 7d92bb0509615550b98e2dc71091073c8258d564) [Added patch to allow compilation with libtool 2.4] Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
*	wolfssl: always export wc_ecc_set_rng	David Bauer	2021-06-21	1	-0/+50
	Since commit 6467de5a8840 ("Randomize z ordinates in scalar mult when timing resistant") wolfssl requires a RNG for an EC key when the hardened built option is selected. wc_ecc_set_rng is only available when built hardened, so there is no safe way to install the RNG to the key regardless whether or not wolfssl is compiled hardened. Always export wc_ecc_set_rng so tools such as hostapd can install RNG regardless of the built settings for wolfssl. Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit ef9b103107aebd1a54f4360af3d9cf28d0544f13)