wolfssl: Update to v4.6.0-stable
This version fixes a large number of bugs, although no security vulnerabilities are listed. Full changelog at: https://www.wolfssl.com/docs/wolfssl-changelog/ or, as part of the version's README.md: https://github.com/wolfSSL/wolfssl/blob/v4.6.0-stable/README.md Due a number of API additions, size increases from 374.7K to 408.8K for arm_cortex_a9_vfpv3-d16. The ABI does not change from previous version. Backported patches were removed; remaining patch was refreshed. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This commit is contained in:
Eneas U de Queiroz
committed by
Hauke Mehrtens
Hauke Mehrtens
parent
9dc15e36c8
commit
ba40da9045
@@ -8,12 +8,12 @@
|
|||||||
include $(TOPDIR)/rules.mk
|
include $(TOPDIR)/rules.mk
|
||||||
|
|
||||||
PKG_NAME:=wolfssl
|
PKG_NAME:=wolfssl
|
||||||
PKG_VERSION:=4.5.0-stable
|
PKG_VERSION:=4.6.0-stable
|
||||||
PKG_RELEASE:=5
|
PKG_RELEASE:=1
|
||||||
|
|
||||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
||||||
PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
|
PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
|
||||||
PKG_HASH:=7de62300ce14daa0051bfefc7c4d6302f96cabc768b6ae49eda77523b118250c
|
PKG_HASH:=053aefbb02d0b06b27c5e2df6875b4b587318755b7db9d6aa8d72206b310a848
|
||||||
|
|
||||||
PKG_FIXUP:=libtool
|
PKG_FIXUP:=libtool
|
||||||
PKG_INSTALL:=1
|
PKG_INSTALL:=1
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
--- a/wolfssl/wolfcrypt/settings.h
|
--- a/wolfssl/wolfcrypt/settings.h
|
||||||
+++ b/wolfssl/wolfcrypt/settings.h
|
+++ b/wolfssl/wolfcrypt/settings.h
|
||||||
@@ -2128,7 +2128,7 @@ extern void uITRON4_free(void *p) ;
|
@@ -2248,7 +2248,7 @@ extern void uITRON4_free(void *p) ;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* warning for not using harden build options (default with ./configure) */
|
/* warning for not using harden build options (default with ./configure) */
|
||||||
|
|||||||
@@ -1,27 +0,0 @@
|
|||||||
From b90acc91d0cd276befe7f08f87ba2dc5ee7122ff Mon Sep 17 00:00:00 2001
|
|
||||||
From: Tesfa Mael <tesfa@wolfssl.com>
|
|
||||||
Date: Wed, 26 Aug 2020 10:13:06 -0700
|
|
||||||
Subject: [PATCH] Make ByteReverseWords available for big and little endian
|
|
||||||
|
|
||||||
---
|
|
||||||
wolfcrypt/src/misc.c | 2 --
|
|
||||||
1 file changed, 2 deletions(-)
|
|
||||||
|
|
||||||
--- a/wolfcrypt/src/misc.c
|
|
||||||
+++ b/wolfcrypt/src/misc.c
|
|
||||||
@@ -120,7 +120,6 @@ WC_STATIC WC_INLINE word32 ByteReverseWo
|
|
||||||
return rotlFixed(value, 16U);
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
-#if defined(LITTLE_ENDIAN_ORDER)
|
|
||||||
/* This routine performs a byte swap of words array of a given count. */
|
|
||||||
WC_STATIC WC_INLINE void ByteReverseWords(word32* out, const word32* in,
|
|
||||||
word32 byteCount)
|
|
||||||
@@ -131,7 +130,6 @@ WC_STATIC WC_INLINE void ByteReverseWord
|
|
||||||
out[i] = ByteReverseWord32(in[i]);
|
|
||||||
|
|
||||||
}
|
|
||||||
-#endif /* LITTLE_ENDIAN_ORDER */
|
|
||||||
|
|
||||||
#if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_NO_WORD64_OPS)
|
|
||||||
|
|
||||||
@@ -1,123 +0,0 @@
|
|||||||
From ea5c290d605b2af7b10d6e5ce69aa3534f52385f Mon Sep 17 00:00:00 2001
|
|
||||||
From: Eric Blankenhorn <eric@wolfssl.com>
|
|
||||||
Date: Fri, 17 Jul 2020 08:37:02 -0500
|
|
||||||
Subject: [PATCH] Fix CheckHostName matching
|
|
||||||
|
|
||||||
---
|
|
||||||
src/internal.c | 18 ++++++++++++------
|
|
||||||
src/ssl.c | 5 +++++
|
|
||||||
tests/api.c | 30 ++++++++++++++++++++++++++++++
|
|
||||||
3 files changed, 47 insertions(+), 6 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/internal.c b/src/internal.c
|
|
||||||
index dc57df0242..cda815d875 100644
|
|
||||||
--- a/src/internal.c
|
|
||||||
+++ b/src/internal.c
|
|
||||||
@@ -9346,7 +9346,7 @@ int CheckForAltNames(DecodedCert* dCert, const char* domain, int* checkCN)
|
|
||||||
altName = dCert->altNames;
|
|
||||||
|
|
||||||
if (checkCN != NULL) {
|
|
||||||
- *checkCN = altName == NULL;
|
|
||||||
+ *checkCN = (altName == NULL) ? 1 : 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
while (altName) {
|
|
||||||
@@ -9415,23 +9415,29 @@ int CheckForAltNames(DecodedCert* dCert, const char* domain, int* checkCN)
|
|
||||||
int CheckHostName(DecodedCert* dCert, const char *domainName, size_t domainNameLen)
|
|
||||||
{
|
|
||||||
int checkCN;
|
|
||||||
+ int ret = DOMAIN_NAME_MISMATCH;
|
|
||||||
|
|
||||||
/* Assume name is NUL terminated. */
|
|
||||||
(void)domainNameLen;
|
|
||||||
|
|
||||||
if (CheckForAltNames(dCert, domainName, &checkCN) != 1) {
|
|
||||||
- WOLFSSL_MSG("DomainName match on alt names failed too");
|
|
||||||
- return DOMAIN_NAME_MISMATCH;
|
|
||||||
+ WOLFSSL_MSG("DomainName match on alt names failed");
|
|
||||||
}
|
|
||||||
+ else {
|
|
||||||
+ ret = 0;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
if (checkCN == 1) {
|
|
||||||
if (MatchDomainName(dCert->subjectCN, dCert->subjectCNLen,
|
|
||||||
- domainName) == 0) {
|
|
||||||
+ domainName) == 1) {
|
|
||||||
+ ret = 0;
|
|
||||||
+ }
|
|
||||||
+ else {
|
|
||||||
WOLFSSL_MSG("DomainName match on common name failed");
|
|
||||||
- return DOMAIN_NAME_MISMATCH;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
- return 0;
|
|
||||||
+ return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
int CheckIPAddr(DecodedCert* dCert, const char* ipasc)
|
|
||||||
diff --git a/src/ssl.c b/src/ssl.c
|
|
||||||
index 11bc08a3cb..59ad9bae60 100644
|
|
||||||
--- a/src/ssl.c
|
|
||||||
+++ b/src/ssl.c
|
|
||||||
@@ -43661,6 +43661,11 @@ int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk, size_t chklen,
|
|
||||||
(void)flags;
|
|
||||||
(void)peername;
|
|
||||||
|
|
||||||
+ if ((x == NULL) || (chk == NULL)) {
|
|
||||||
+ WOLFSSL_MSG("Invalid parameter");
|
|
||||||
+ return WOLFSSL_FAILURE;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
if (flags == WOLFSSL_NO_WILDCARDS) {
|
|
||||||
WOLFSSL_MSG("X509_CHECK_FLAG_NO_WILDCARDS not yet implemented");
|
|
||||||
return WOLFSSL_FAILURE;
|
|
||||||
diff --git a/tests/api.c b/tests/api.c
|
|
||||||
index 774a332968..db888952d4 100644
|
|
||||||
--- a/tests/api.c
|
|
||||||
+++ b/tests/api.c
|
|
||||||
@@ -23875,6 +23875,35 @@ static void test_wolfSSL_X509_issuer_name_hash(void)
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
|
|
||||||
+static void test_wolfSSL_X509_check_host(void)
|
|
||||||
+{
|
|
||||||
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
|
|
||||||
+ && !defined(NO_SHA) && !defined(NO_RSA)
|
|
||||||
+
|
|
||||||
+ X509* x509;
|
|
||||||
+ const char altName[] = "example.com";
|
|
||||||
+
|
|
||||||
+ printf(testingFmt, "wolfSSL_X509_check_host()");
|
|
||||||
+
|
|
||||||
+ AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
|
|
||||||
+ SSL_FILETYPE_PEM));
|
|
||||||
+
|
|
||||||
+ AssertIntEQ(X509_check_host(x509, altName, XSTRLEN(altName), 0, NULL),
|
|
||||||
+ WOLFSSL_SUCCESS);
|
|
||||||
+
|
|
||||||
+ AssertIntEQ(X509_check_host(x509, NULL, 0, 0, NULL),
|
|
||||||
+ WOLFSSL_FAILURE);
|
|
||||||
+
|
|
||||||
+ X509_free(x509);
|
|
||||||
+
|
|
||||||
+ AssertIntEQ(X509_check_host(NULL, altName, XSTRLEN(altName), 0, NULL),
|
|
||||||
+ WOLFSSL_FAILURE);
|
|
||||||
+
|
|
||||||
+ printf(resultFmt, passed);
|
|
||||||
+
|
|
||||||
+#endif
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
static void test_wolfSSL_DES(void)
|
|
||||||
{
|
|
||||||
#if defined(OPENSSL_EXTRA) && !defined(NO_DES3)
|
|
||||||
@@ -36407,6 +36436,7 @@ void ApiTest(void)
|
|
||||||
test_wolfSSL_X509_INFO();
|
|
||||||
test_wolfSSL_X509_subject_name_hash();
|
|
||||||
test_wolfSSL_X509_issuer_name_hash();
|
|
||||||
+ test_wolfSSL_X509_check_host();
|
|
||||||
test_wolfSSL_DES();
|
|
||||||
test_wolfSSL_certs();
|
|
||||||
test_wolfSSL_ASN1_TIME_print();
|
|
||||||
Reference in New Issue
Block a user