wolfssl: bump to v4.7.0-stable
Biggest fix for this version is CVE-2021-3336, which has already been applied here. There are a couple of low severity security bug fixes as well. Three patches are no longer needed, and were removed; the one remaining was refreshed. This tool shows no ABI changes: https://abi-laboratory.pro/index.php?view=objects_report&l=wolfssl&v1=4.6.0&v2=4.7.0 Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This commit is contained in:
Eneas U de Queiroz
committed by
Hauke Mehrtens
Hauke Mehrtens
parent
920eaab1d8
commit
d1dfb577f1
@@ -8,12 +8,12 @@
|
|||||||
include $(TOPDIR)/rules.mk
|
include $(TOPDIR)/rules.mk
|
||||||
|
|
||||||
PKG_NAME:=wolfssl
|
PKG_NAME:=wolfssl
|
||||||
PKG_VERSION:=4.6.0-stable
|
PKG_VERSION:=4.7.0-stable
|
||||||
PKG_RELEASE:=2
|
PKG_RELEASE:=1
|
||||||
|
|
||||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
||||||
PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
|
PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
|
||||||
PKG_HASH:=053aefbb02d0b06b27c5e2df6875b4b587318755b7db9d6aa8d72206b310a848
|
PKG_HASH:=b0e740b31d4d877d540ad50cc539a8873fc41af02bd3091c4357b403f7106e31
|
||||||
|
|
||||||
PKG_FIXUP:=libtool libtool-abiver
|
PKG_FIXUP:=libtool libtool-abiver
|
||||||
PKG_INSTALL:=1
|
PKG_INSTALL:=1
|
||||||
|
|||||||
@@ -1,53 +0,0 @@
|
|||||||
From fad1e67677bf7797b6bd6e1f21a513c289d963a7 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Sean Parkinson <sean@wolfssl.com>
|
|
||||||
Date: Thu, 21 Jan 2021 08:24:38 +1000
|
|
||||||
Subject: [PATCH] TLS 1.3: ensure key for signature in CertificateVerify
|
|
||||||
|
|
||||||
---
|
|
||||||
src/tls13.c | 18 +++++++++++++-----
|
|
||||||
1 file changed, 13 insertions(+), 5 deletions(-)
|
|
||||||
|
|
||||||
--- a/src/tls13.c
|
|
||||||
+++ b/src/tls13.c
|
|
||||||
@@ -5624,28 +5624,36 @@ static int DoTls13CertificateVerify(WOLF
|
|
||||||
#ifdef HAVE_ED25519
|
|
||||||
if (args->sigAlgo == ed25519_sa_algo &&
|
|
||||||
!ssl->peerEd25519KeyPresent) {
|
|
||||||
- WOLFSSL_MSG("Oops, peer sent ED25519 key but not in verify");
|
|
||||||
+ WOLFSSL_MSG("Peer sent ED22519 sig but not ED22519 cert");
|
|
||||||
+ ret = SIG_VERIFY_E;
|
|
||||||
+ goto exit_dcv;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
#ifdef HAVE_ED448
|
|
||||||
if (args->sigAlgo == ed448_sa_algo && !ssl->peerEd448KeyPresent) {
|
|
||||||
- WOLFSSL_MSG("Oops, peer sent ED448 key but not in verify");
|
|
||||||
+ WOLFSSL_MSG("Peer sent ED448 sig but not ED448 cert");
|
|
||||||
+ ret = SIG_VERIFY_E;
|
|
||||||
+ goto exit_dcv;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
#ifdef HAVE_ECC
|
|
||||||
if (args->sigAlgo == ecc_dsa_sa_algo &&
|
|
||||||
!ssl->peerEccDsaKeyPresent) {
|
|
||||||
- WOLFSSL_MSG("Oops, peer sent ECC key but not in verify");
|
|
||||||
+ WOLFSSL_MSG("Peer sent ECC sig but not ECC cert");
|
|
||||||
+ ret = SIG_VERIFY_E;
|
|
||||||
+ goto exit_dcv;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
#ifndef NO_RSA
|
|
||||||
if (args->sigAlgo == rsa_sa_algo) {
|
|
||||||
- WOLFSSL_MSG("Oops, peer sent PKCS#1.5 signature");
|
|
||||||
+ WOLFSSL_MSG("Peer sent PKCS#1.5 algo but not in certificate");
|
|
||||||
ERROR_OUT(INVALID_PARAMETER, exit_dcv);
|
|
||||||
}
|
|
||||||
if (args->sigAlgo == rsa_pss_sa_algo &&
|
|
||||||
(ssl->peerRsaKey == NULL || !ssl->peerRsaKeyPresent)) {
|
|
||||||
- WOLFSSL_MSG("Oops, peer sent RSA key but not in verify");
|
|
||||||
+ WOLFSSL_MSG("Peer sent RSA sig but not RSA cert");
|
|
||||||
+ ret = SIG_VERIFY_E;
|
|
||||||
+ goto exit_dcv;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
@@ -1,6 +1,6 @@
|
|||||||
--- a/wolfssl/wolfcrypt/settings.h
|
--- a/wolfssl/wolfcrypt/settings.h
|
||||||
+++ b/wolfssl/wolfcrypt/settings.h
|
+++ b/wolfssl/wolfcrypt/settings.h
|
||||||
@@ -2248,7 +2248,7 @@ extern void uITRON4_free(void *p) ;
|
@@ -2255,7 +2255,7 @@ extern void uITRON4_free(void *p) ;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* warning for not using harden build options (default with ./configure) */
|
/* warning for not using harden build options (default with ./configure) */
|
||||||
|
|||||||
@@ -1,25 +0,0 @@
|
|||||||
From 391ecbd647c121300dc7dcf209e412ccb7b8d432 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Hauke Mehrtens <hauke@hauke-m.de>
|
|
||||||
Date: Fri, 1 Jan 2021 21:57:56 +0100
|
|
||||||
Subject: [PATCH] Fix linking against hostapd with LTO
|
|
||||||
|
|
||||||
When running LTO on wolfssl the ecc_map() function is removed from the
|
|
||||||
binary by GCC 8.4.0. This function is used by multiple functions from
|
|
||||||
the crypto_wolfssl.c implementation of hostapd master.
|
|
||||||
|
|
||||||
Fixes: 780e8a4619b6 ("Fixes for building `--enable-wpas=small` with WPA Supplicant v2.7.")
|
|
||||||
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
||||||
---
|
|
||||||
configure.ac | 1 +
|
|
||||||
1 file changed, 1 insertion(+)
|
|
||||||
|
|
||||||
--- a/configure.ac
|
|
||||||
+++ b/configure.ac
|
|
||||||
@@ -947,6 +947,7 @@ then
|
|
||||||
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA_X509_SMALL"
|
|
||||||
|
|
||||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_MP"
|
|
||||||
+ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_ECC_ADD_DBL"
|
|
||||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DER_LOAD"
|
|
||||||
AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER"
|
|
||||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
|
|
||||||
@@ -1,10 +0,0 @@
|
|||||||
--- a/configure.ac
|
|
||||||
+++ b/configure.ac
|
|
||||||
@@ -943,6 +943,7 @@ then
|
|
||||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI"
|
|
||||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA"
|
|
||||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE"
|
|
||||||
+ AM_CFLAGS="$AM_CFLAGS -DHAVE_SECRET_CALLBACK"
|
|
||||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EITHER_SIDE"
|
|
||||||
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA_X509_SMALL"
|
|
||||||
|
|
||||||
Reference in New Issue
Block a user