mirror of https://github.com/hak5/openwrt.git
wolfssl: Update to version 4.5.0
This fixes the following security problems:
* In earlier versions of wolfSSL there exists a potential man in the
middle attack on TLS 1.3 clients.
* Denial of service attack on TLS 1.3 servers from repetitively sending
ChangeCipherSpecs messages. (CVE-2020-12457)
* Potential cache timing attacks on public key operations in builds that
are not using SP (single precision). (CVE-2020-15309)
* When using SGX with EC scalar multiplication the possibility of side-
channel attacks are present.
* Leak of private key in the case that PEM format private keys are
bundled in with PEM certificates into a single file.
* During the handshake, clear application_data messages in epoch 0 are
processed and returned to the application.
Full changelog:
https://www.wolfssl.com/docs/wolfssl-changelog/
Fix a build error on big endian systems by backporting a pull request:
https://github.com/wolfSSL/wolfssl/pull/3255
The size of the ipk increases on mips BE by 1.4%
old:
libwolfssl24_4.4.0-stable-2_mips_24kc.ipk: 386246
new:
libwolfssl24_4.5.0-stable-1_mips_24kc.ipk: 391528
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 00722a720c
)
openwrt-19.07
parent
dc61110adc
commit
403039c562
|
@ -8,12 +8,12 @@
|
|||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=wolfssl
|
||||
PKG_VERSION:=4.4.0-stable
|
||||
PKG_RELEASE:=2
|
||||
PKG_VERSION:=4.5.0-stable
|
||||
PKG_RELEASE:=1
|
||||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
||||
PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
|
||||
PKG_HASH:=7f854804c8ae0ca49cc77809e38e9a3b5a8c91ba7855ea928e6d6651b0d35f18
|
||||
PKG_HASH:=7de62300ce14daa0051bfefc7c4d6302f96cabc768b6ae49eda77523b118250c
|
||||
|
||||
PKG_FIXUP:=libtool
|
||||
PKG_INSTALL:=1
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
--- a/wolfssl/wolfcrypt/settings.h
|
||||
+++ b/wolfssl/wolfcrypt/settings.h
|
||||
@@ -1930,7 +1930,7 @@ extern void uITRON4_free(void *p) ;
|
||||
@@ -2128,7 +2128,7 @@ extern void uITRON4_free(void *p) ;
|
||||
#endif
|
||||
|
||||
/* warning for not using harden build options (default with ./configure) */
|
||||
|
|
|
@ -0,0 +1,27 @@
|
|||
From b90acc91d0cd276befe7f08f87ba2dc5ee7122ff Mon Sep 17 00:00:00 2001
|
||||
From: Tesfa Mael <tesfa@wolfssl.com>
|
||||
Date: Wed, 26 Aug 2020 10:13:06 -0700
|
||||
Subject: [PATCH] Make ByteReverseWords available for big and little endian
|
||||
|
||||
---
|
||||
wolfcrypt/src/misc.c | 2 --
|
||||
1 file changed, 2 deletions(-)
|
||||
|
||||
--- a/wolfcrypt/src/misc.c
|
||||
+++ b/wolfcrypt/src/misc.c
|
||||
@@ -120,7 +120,6 @@ WC_STATIC WC_INLINE word32 ByteReverseWo
|
||||
return rotlFixed(value, 16U);
|
||||
#endif
|
||||
}
|
||||
-#if defined(LITTLE_ENDIAN_ORDER)
|
||||
/* This routine performs a byte swap of words array of a given count. */
|
||||
WC_STATIC WC_INLINE void ByteReverseWords(word32* out, const word32* in,
|
||||
word32 byteCount)
|
||||
@@ -131,7 +130,6 @@ WC_STATIC WC_INLINE void ByteReverseWord
|
||||
out[i] = ByteReverseWord32(in[i]);
|
||||
|
||||
}
|
||||
-#endif /* LITTLE_ENDIAN_ORDER */
|
||||
|
||||
#if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_NO_WORD64_OPS)
|
||||
|
Loading…
Reference in New Issue