Re: [PATCH] wolfssl: Update to v4.6.0-stable
On Tue, Dec 29, 2020 at 9:53 AM Eneas U de Queiroz
wrote:
>
> This version fixes a large number of bugs, although no security
> vulnerabilities are listed.
>
> Full changelog at:
> https://www.wolfssl.com/docs/wolfssl-changelog/
> or, as part of the version's README.md:
> https://github.com/wolfSSL/wolfssl/blob/v4.6.0-stable/README.md
>
> Due a number of API additions, size increases from 374.7K to 408.8K for
> arm_cortex_a9_vfpv3-d16. The ABI does not change from previous version.
>
> Backported patches were removed; remaining patch was refreshed.
>
> Signed-off-by: Eneas U de Queiroz
https://github.com/transmission/transmission/issues/1537 is still an
issue. I was hoping an update would fix it but it did not.
I tried fixing it here: https://github.com/openwrt/packages/pull/14342
but no dice.
> ---
>
> Run-tested on a Linksys WRT3200ACM (arm) with uhttpd, uclient-fetch, and
> wpad-wolfssl.
>
> diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile
> index 6758f7dd08..dcc6aca40c 100644
> --- a/package/libs/wolfssl/Makefile
> +++ b/package/libs/wolfssl/Makefile
> @@ -8,12 +8,12 @@
> include $(TOPDIR)/rules.mk
>
> PKG_NAME:=wolfssl
> -PKG_VERSION:=4.5.0-stable
> -PKG_RELEASE:=5
> +PKG_VERSION:=4.6.0-stable
> +PKG_RELEASE:=1
>
> PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
> PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
> -PKG_HASH:=7de62300ce14daa0051bfefc7c4d6302f96cabc768b6ae49eda77523b118250c
> +PKG_HASH:=053aefbb02d0b06b27c5e2df6875b4b587318755b7db9d6aa8d72206b310a848
>
> PKG_FIXUP:=libtool
> PKG_INSTALL:=1
> diff --git a/package/libs/wolfssl/patches/100-disable-hardening-check.patch
> b/package/libs/wolfssl/patches/100-disable-hardening-check.patch
> index 43337ba970..c2793285e7 100644
> --- a/package/libs/wolfssl/patches/100-disable-hardening-check.patch
> +++ b/package/libs/wolfssl/patches/100-disable-hardening-check.patch
> @@ -1,6 +1,6 @@
> --- a/wolfssl/wolfcrypt/settings.h
> +++ b/wolfssl/wolfcrypt/settings.h
> -@@ -2128,7 +2128,7 @@ extern void uITRON4_free(void *p) ;
> +@@ -2248,7 +2248,7 @@ extern void uITRON4_free(void *p) ;
> #endif
>
> /* warning for not using harden build options (default with ./configure) */
> diff --git a/package/libs/wolfssl/patches/110-fix-build-on-big-endian.patch
> b/package/libs/wolfssl/patches/110-fix-build-on-big-endian.patch
> deleted file mode 100644
> index 3838865559..00
> --- a/package/libs/wolfssl/patches/110-fix-build-on-big-endian.patch
> +++ /dev/null
> @@ -1,27 +0,0 @@
> -From b90acc91d0cd276befe7f08f87ba2dc5ee7122ff Mon Sep 17 00:00:00 2001
> -From: Tesfa Mael
> -Date: Wed, 26 Aug 2020 10:13:06 -0700
> -Subject: [PATCH] Make ByteReverseWords available for big and little endian
> -
>
> - wolfcrypt/src/misc.c | 2 --
> - 1 file changed, 2 deletions(-)
> -
> a/wolfcrypt/src/misc.c
> -+++ b/wolfcrypt/src/misc.c
> -@@ -120,7 +120,6 @@ WC_STATIC WC_INLINE word32 ByteReverseWo
> - return rotlFixed(value, 16U);
> - #endif
> - }
> --#if defined(LITTLE_ENDIAN_ORDER)
> - /* This routine performs a byte swap of words array of a given count. */
> - WC_STATIC WC_INLINE void ByteReverseWords(word32* out, const word32* in,
> - word32 byteCount)
> -@@ -131,7 +130,6 @@ WC_STATIC WC_INLINE void ByteReverseWord
> - out[i] = ByteReverseWord32(in[i]);
> -
> - }
> --#endif /* LITTLE_ENDIAN_ORDER */
> -
> - #if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_NO_WORD64_OPS)
> -
> diff --git
> a/package/libs/wolfssl/patches/200-fix-checkhostname-matching.patch
> b/package/libs/wolfssl/patches/200-fix-checkhostname-matching.patch
> deleted file mode 100644
> index aaf14e46d9..00
> --- a/package/libs/wolfssl/patches/200-fix-checkhostname-matching.patch
> +++ /dev/null
> @@ -1,123 +0,0 @@
> -From ea5c290d605b2af7b10d6e5ce69aa3534f52385f Mon Sep 17 00:00:00 2001
> -From: Eric Blankenhorn
> -Date: Fri, 17 Jul 2020 08:37:02 -0500
> -Subject: [PATCH] Fix CheckHostName matching
> -
>
> - src/internal.c | 18 --
> - src/ssl.c | 5 +
> - tests/api.c| 30 ++
> - 3 files changed, 47 insertions(+), 6 deletions(-)
> -
> -diff --git a/src/internal.c b/src/internal.c
> -index dc57df0242..cda815d875 100644
> a/src/internal.c
> -+++ b/src/internal.c
> -@@ -9346,7 +9346,7 @@ int CheckForAltNames(DecodedCert* dCert, const char*
> domain, int* checkCN)
> - altName = dCert->altNames;
> -
> - if (checkCN != NULL) {
> --*checkCN = altName == NULL;
> -+*checkCN = (altName == NULL) ? 1 : 0;
> - }
> -
> - while (altName) {
> -@@ -9415,23 +9415,29 @@ int CheckForAltNames(DecodedCert* dCert, const char*
> domain, int* checkCN)
> - int CheckHostName(DecodedCert* dCert, const char *domainName, size_t
> domainNameLen)
> - {
> - int checkCN;
> -+int ret = DOMAIN_NAME_MISMATCH;
> -
> - /* Assume name is NUL terminated. */
> - (void)domainNameLen;
> -
> -
[PATCH] wolfssl: Update to v4.6.0-stable
This version fixes a large number of bugs, although no security
vulnerabilities are listed.
Full changelog at:
https://www.wolfssl.com/docs/wolfssl-changelog/
or, as part of the version's README.md:
https://github.com/wolfSSL/wolfssl/blob/v4.6.0-stable/README.md
Due a number of API additions, size increases from 374.7K to 408.8K for
arm_cortex_a9_vfpv3-d16. The ABI does not change from previous version.
Backported patches were removed; remaining patch was refreshed.
Signed-off-by: Eneas U de Queiroz
---
Run-tested on a Linksys WRT3200ACM (arm) with uhttpd, uclient-fetch, and
wpad-wolfssl.
diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile
index 6758f7dd08..dcc6aca40c 100644
--- a/package/libs/wolfssl/Makefile
+++ b/package/libs/wolfssl/Makefile
@@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=wolfssl
-PKG_VERSION:=4.5.0-stable
-PKG_RELEASE:=5
+PKG_VERSION:=4.6.0-stable
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
-PKG_HASH:=7de62300ce14daa0051bfefc7c4d6302f96cabc768b6ae49eda77523b118250c
+PKG_HASH:=053aefbb02d0b06b27c5e2df6875b4b587318755b7db9d6aa8d72206b310a848
PKG_FIXUP:=libtool
PKG_INSTALL:=1
diff --git a/package/libs/wolfssl/patches/100-disable-hardening-check.patch
b/package/libs/wolfssl/patches/100-disable-hardening-check.patch
index 43337ba970..c2793285e7 100644
--- a/package/libs/wolfssl/patches/100-disable-hardening-check.patch
+++ b/package/libs/wolfssl/patches/100-disable-hardening-check.patch
@@ -1,6 +1,6 @@
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
-@@ -2128,7 +2128,7 @@ extern void uITRON4_free(void *p) ;
+@@ -2248,7 +2248,7 @@ extern void uITRON4_free(void *p) ;
#endif
/* warning for not using harden build options (default with ./configure) */
diff --git a/package/libs/wolfssl/patches/110-fix-build-on-big-endian.patch
b/package/libs/wolfssl/patches/110-fix-build-on-big-endian.patch
deleted file mode 100644
index 3838865559..00
--- a/package/libs/wolfssl/patches/110-fix-build-on-big-endian.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From b90acc91d0cd276befe7f08f87ba2dc5ee7122ff Mon Sep 17 00:00:00 2001
-From: Tesfa Mael
-Date: Wed, 26 Aug 2020 10:13:06 -0700
-Subject: [PATCH] Make ByteReverseWords available for big and little endian
-
- wolfcrypt/src/misc.c | 2 --
- 1 file changed, 2 deletions(-)
-
a/wolfcrypt/src/misc.c
-+++ b/wolfcrypt/src/misc.c
-@@ -120,7 +120,6 @@ WC_STATIC WC_INLINE word32 ByteReverseWo
- return rotlFixed(value, 16U);
- #endif
- }
--#if defined(LITTLE_ENDIAN_ORDER)
- /* This routine performs a byte swap of words array of a given count. */
- WC_STATIC WC_INLINE void ByteReverseWords(word32* out, const word32* in,
- word32 byteCount)
-@@ -131,7 +130,6 @@ WC_STATIC WC_INLINE void ByteReverseWord
- out[i] = ByteReverseWord32(in[i]);
-
- }
--#endif /* LITTLE_ENDIAN_ORDER */
-
- #if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_NO_WORD64_OPS)
-
diff --git a/package/libs/wolfssl/patches/200-fix-checkhostname-matching.patch
b/package/libs/wolfssl/patches/200-fix-checkhostname-matching.patch
deleted file mode 100644
index aaf14e46d9..00
--- a/package/libs/wolfssl/patches/200-fix-checkhostname-matching.patch
+++ /dev/null
@@ -1,123 +0,0 @@
-From ea5c290d605b2af7b10d6e5ce69aa3534f52385f Mon Sep 17 00:00:00 2001
-From: Eric Blankenhorn
-Date: Fri, 17 Jul 2020 08:37:02 -0500
-Subject: [PATCH] Fix CheckHostName matching
-
- src/internal.c | 18 --
- src/ssl.c | 5 +
- tests/api.c| 30 ++
- 3 files changed, 47 insertions(+), 6 deletions(-)
-
-diff --git a/src/internal.c b/src/internal.c
-index dc57df0242..cda815d875 100644
a/src/internal.c
-+++ b/src/internal.c
-@@ -9346,7 +9346,7 @@ int CheckForAltNames(DecodedCert* dCert, const char*
domain, int* checkCN)
- altName = dCert->altNames;
-
- if (checkCN != NULL) {
--*checkCN = altName == NULL;
-+*checkCN = (altName == NULL) ? 1 : 0;
- }
-
- while (altName) {
-@@ -9415,23 +9415,29 @@ int CheckForAltNames(DecodedCert* dCert, const char*
domain, int* checkCN)
- int CheckHostName(DecodedCert* dCert, const char *domainName, size_t
domainNameLen)
- {
- int checkCN;
-+int ret = DOMAIN_NAME_MISMATCH;
-
- /* Assume name is NUL terminated. */
- (void)domainNameLen;
-
- if (CheckForAltNames(dCert, domainName, &checkCN) != 1) {
--WOLFSSL_MSG("DomainName match on alt names failed too");
--return DOMAIN_NAME_MISMATCH;
-+WOLFSSL_MSG("DomainName match on alt names failed");
- }
-+else {
-+ret = 0;
-+}
-+
- if (checkCN == 1) {
- if (MatchDomainName(dCert->subjectCN, dCert->subjectCNLen,
--domainName) == 0) {
-+domainName) == 1) {
-+ret = 0;
-+}
-+
