domenico/openwrt_NSS_ACW
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

wolfssl: bump to 5.2.0

Browse Source 
Fixes two high-severity vulnerabilities:

- CVE-2022-25640: A TLS v1.3 server who requires mutual authentication
  can be bypassed.  If a malicious client does not send the
  certificate_verify message a client can connect without presenting a
  certificate even if the server requires one.

- CVE-2022-25638: A TLS v1.3 client attempting to authenticate a TLS
  v1.3 server can have its certificate heck bypassed. If the sig_algo in
  the certificate_verify message is different than the certificate
  message checking may be bypassed.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This commit is contained in:
Eneas U de Queiroz
2022-04-08 10:27:25 -03:00
committed by Hauke Mehrtens
parent c9c2b01b84
commit e89f3e85eb
4 changed files with 7 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
package/libs/wolfssl/patches/100-disable-hardening-check.patch
View File

@@ -1,6 +1,6 @@
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -2346,7 +2346,7 @@ extern void uITRON4_free(void *p) ;
@@ -2338,7 +2338,7 @@ extern void uITRON4_free(void *p) ;
#endif
/* warning for not using harden build options (default with ./configure) */