Nanako/openwrt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

wolfssl: bump to 5.4.0

Browse Source 
This version fixes two vulnerabilities:
-CVE-2022-34293[high]: Potential for DTLS DoS attack
-[medium]: Ciphertext side channel attack on ECC and DH operations.

The patch fixing x86 aesni build has been merged upstream.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This commit is contained in:
Eneas U de Queiroz 2022-07-15 16:09:58 -03:00 committed by Christian Marangi
parent e37ba80633
commit 9710fe70a6
No known key found for this signature in database
GPG Key ID: AC001D09ADBFEAD7
4 changed files with 4 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
package/libs/wolfssl/Makefile
View File

@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=wolfssl PKG_NAME:=wolfssl
PKG_VERSION:=5.3.0-stable PKG_VERSION:=5.4.0-stable
PKG_RELEASE:=$(AUTORELEASE) PKG_RELEASE:=$(AUTORELEASE)
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION) PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
PKG_HASH:=1a3bb310dc01d3e73d9ad91b6ea8249d081016f8eef4ae8f21d3421f91ef1de9 PKG_HASH:=dc36cc19dad197253e5c2ecaa490c7eef579ad448706e55d73d79396e814098b
PKG_FIXUP:=libtool libtool-abiver PKG_FIXUP:=libtool libtool-abiver
PKG_INSTALL:=1 PKG_INSTALL:=1

2
package/libs/wolfssl/patches/100-disable-hardening-check.patch
View File

@ -1,6 +1,6 @@
--- a/wolfssl/wolfcrypt/settings.h --- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h
@@ -2338,7 +2338,7 @@ extern void uITRON4_free(void *p) ; @@ -2442,7 +2442,7 @@ extern void uITRON4_free(void *p) ;
#endif #endif
/* warning for not using harden build options (default with ./configure) */ /* warning for not using harden build options (default with ./configure) */

2
package/libs/wolfssl/patches/200-ecc-rng.patch
View File

@ -11,7 +11,7 @@ RNG regardless of the built settings for wolfssl.
--- a/wolfcrypt/src/ecc.c --- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c
@@ -11655,21 +11655,21 @@ void wc_ecc_fp_free(void) @@ -12288,21 +12288,21 @@ void wc_ecc_fp_free(void)
#endif /* FP_ECC */ #endif /* FP_ECC */

44
package/libs/wolfssl/patches/300-AESNI-fix-configure-to-use-minimal-compiler-flags.patch
View File

@ -1,44 +0,0 @@
From 9ba77300f9f5dea9f53aed00bf6c33d10b7b2fce Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Thu, 7 Jul 2022 09:30:48 +1000
Subject: [PATCH] AESNI: fix configure to use minimal compiler flags
diff --git a/configure.ac b/configure.ac
index df97ac75c..6abb0c744 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2142,21 +2142,19 @@ then
if test "$ENABLED_AESNI" = "yes" || test "$ENABLED_INTELASM" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESNI"
- if test "$GCC" = "yes"
+ if test "$CC" != "icc"
then
- # clang needs these flags
- if test "$CC" = "clang"
- then
- AM_CFLAGS="$AM_CFLAGS -maes -mpclmul"
- else
- # GCC needs these flags, icc doesn't
- # opt levels greater than 2 may cause problems on systems w/o
- # aesni
- if test "$CC" != "icc"
- then
- AM_CFLAGS="$AM_CFLAGS -maes -msse4 -mpclmul"
- fi
- fi
+ case $host_os in
+ mingw*)
+ # Windows uses intrinsics for GCM which uses SSE4 instructions.
+ # MSVC has own build files.
+ AM_CFLAGS="$AM_CFLAGS -maes -msse4 -mpclmul"
+ ;;
+ *)
+ # Intrinsics used in AES_set_decrypt_key (TODO: rework)
+ AM_CFLAGS="$AM_CFLAGS -maes"
+ ;;
+ esac
fi
AS_IF([test "x$ENABLED_AESGCM" != "xno"],[AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_AESGCM"])
fi