Can someone please take a look at this. The patch is rather trivial. The affected function, handle_wolfssl_asn_error is static, and its only caller is passing the return value of SSL_get_error(), from libwolfssl; so there should be no ordinary way to pass r=-159, which would be required to trigger a possible regression.
It's a blocker to update wolfssl to 5.1.1, which fixes a handful of security vulnerabilities. Cheers, Eneas On Sat, Jan 1, 2022 at 5:09 PM Sergey V. Lobanov <[email protected]> wrote: > Related PR: https://github.com/openwrt/openwrt/pull/4910 > > > > NTRU support has been removed in wolfssl 5.0 so it is required to > > mask NTRU specific code if wolfssl >= 5.0 > > > > Signed-off-by: Sergey V. Lobanov <[email protected]> > > --- > > ustream-openssl.c | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/ustream-openssl.c b/ustream-openssl.c > > index 1ce796a..894dddb 100644 > > --- a/ustream-openssl.c > > +++ b/ustream-openssl.c > > @@ -308,7 +308,9 @@ static bool handle_wolfssl_asn_error(struct ustream_ssl > > *us, int r) > > case ASN_SIG_HASH_E: > > case ASN_SIG_KEY_E: > > case ASN_DH_KEY_E: > > +#if LIBWOLFSSL_VERSION_HEX < 0x05000000 > > case ASN_NTRU_KEY_E: > > +#endif > > case ASN_CRIT_EXT_E: > > case ASN_ALT_NAME_E: > > case ASN_NO_PEM_HEADER: > > -- > > 2.30.1 (Apple Git-130) _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
