Re: [PATCH] wolfssl: Update to v4.6.0-stable
On Tue, Dec 29, 2020 at 9:53 AM Eneas U de Queiroz wrote: > > This version fixes a large number of bugs, although no security > vulnerabilities are listed. > > Full changelog at: > https://www.wolfssl.com/docs/wolfssl-changelog/ > or, as part of the version's README.md: > https://github.com/wolfSSL/wolfssl/blob/v4.6.0-stable/README.md > > Due a number of API additions, size increases from 374.7K to 408.8K for > arm_cortex_a9_vfpv3-d16. The ABI does not change from previous version. > > Backported patches were removed; remaining patch was refreshed. > > Signed-off-by: Eneas U de Queiroz https://github.com/transmission/transmission/issues/1537 is still an issue. I was hoping an update would fix it but it did not. I tried fixing it here: https://github.com/openwrt/packages/pull/14342 but no dice. > --- > > Run-tested on a Linksys WRT3200ACM (arm) with uhttpd, uclient-fetch, and > wpad-wolfssl. > > diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile > index 6758f7dd08..dcc6aca40c 100644 > --- a/package/libs/wolfssl/Makefile > +++ b/package/libs/wolfssl/Makefile > @@ -8,12 +8,12 @@ > include $(TOPDIR)/rules.mk > > PKG_NAME:=wolfssl > -PKG_VERSION:=4.5.0-stable > -PKG_RELEASE:=5 > +PKG_VERSION:=4.6.0-stable > +PKG_RELEASE:=1 > > PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz > PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION) > -PKG_HASH:=7de62300ce14daa0051bfefc7c4d6302f96cabc768b6ae49eda77523b118250c > +PKG_HASH:=053aefbb02d0b06b27c5e2df6875b4b587318755b7db9d6aa8d72206b310a848 > > PKG_FIXUP:=libtool > PKG_INSTALL:=1 > diff --git a/package/libs/wolfssl/patches/100-disable-hardening-check.patch > b/package/libs/wolfssl/patches/100-disable-hardening-check.patch > index 43337ba970..c2793285e7 100644 > --- a/package/libs/wolfssl/patches/100-disable-hardening-check.patch > +++ b/package/libs/wolfssl/patches/100-disable-hardening-check.patch > @@ -1,6 +1,6 @@ > --- a/wolfssl/wolfcrypt/settings.h > +++ b/wolfssl/wolfcrypt/settings.h > -@@ -2128,7 +2128,7 @@ extern void uITRON4_free(void *p) ; > +@@ -2248,7 +2248,7 @@ extern void uITRON4_free(void *p) ; > #endif > > /* warning for not using harden build options (default with ./configure) */ > diff --git a/package/libs/wolfssl/patches/110-fix-build-on-big-endian.patch > b/package/libs/wolfssl/patches/110-fix-build-on-big-endian.patch > deleted file mode 100644 > index 3838865559..00 > --- a/package/libs/wolfssl/patches/110-fix-build-on-big-endian.patch > +++ /dev/null > @@ -1,27 +0,0 @@ > -From b90acc91d0cd276befe7f08f87ba2dc5ee7122ff Mon Sep 17 00:00:00 2001 > -From: Tesfa Mael > -Date: Wed, 26 Aug 2020 10:13:06 -0700 > -Subject: [PATCH] Make ByteReverseWords available for big and little endian > - > > - wolfcrypt/src/misc.c | 2 -- > - 1 file changed, 2 deletions(-) > - > a/wolfcrypt/src/misc.c > -+++ b/wolfcrypt/src/misc.c > -@@ -120,7 +120,6 @@ WC_STATIC WC_INLINE word32 ByteReverseWo > - return rotlFixed(value, 16U); > - #endif > - } > --#if defined(LITTLE_ENDIAN_ORDER) > - /* This routine performs a byte swap of words array of a given count. */ > - WC_STATIC WC_INLINE void ByteReverseWords(word32* out, const word32* in, > - word32 byteCount) > -@@ -131,7 +130,6 @@ WC_STATIC WC_INLINE void ByteReverseWord > - out[i] = ByteReverseWord32(in[i]); > - > - } > --#endif /* LITTLE_ENDIAN_ORDER */ > - > - #if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_NO_WORD64_OPS) > - > diff --git > a/package/libs/wolfssl/patches/200-fix-checkhostname-matching.patch > b/package/libs/wolfssl/patches/200-fix-checkhostname-matching.patch > deleted file mode 100644 > index aaf14e46d9..00 > --- a/package/libs/wolfssl/patches/200-fix-checkhostname-matching.patch > +++ /dev/null > @@ -1,123 +0,0 @@ > -From ea5c290d605b2af7b10d6e5ce69aa3534f52385f Mon Sep 17 00:00:00 2001 > -From: Eric Blankenhorn > -Date: Fri, 17 Jul 2020 08:37:02 -0500 > -Subject: [PATCH] Fix CheckHostName matching > - > > - src/internal.c | 18 -- > - src/ssl.c | 5 + > - tests/api.c| 30 ++ > - 3 files changed, 47 insertions(+), 6 deletions(-) > - > -diff --git a/src/internal.c b/src/internal.c > -index dc57df0242..cda815d875 100644 > a/src/internal.c > -+++ b/src/internal.c > -@@ -9346,7 +9346,7 @@ int CheckForAltNames(DecodedCert* dCert, const char* > domain, int* checkCN) > - altName = dCert->altNames; > - > - if (checkCN != NULL) { > --*checkCN = altName == NULL; > -+*checkCN = (altName == NULL) ? 1 : 0; > - } > - > - while (altName) { > -@@ -9415,23 +9415,29 @@ int CheckForAltNames(DecodedCert* dCert, const char* > domain, int* checkCN) > - int CheckHostName(DecodedCert* dCert, const char *domainName, size_t > domainNameLen) > - { > - int checkCN; > -+int ret = DOMAIN_NAME_MISMATCH; > - > - /* Assume name is NUL terminated. */ > - (void)domainNameLen; > - > -
[PATCH] wolfssl: Update to v4.6.0-stable
This version fixes a large number of bugs, although no security vulnerabilities are listed. Full changelog at: https://www.wolfssl.com/docs/wolfssl-changelog/ or, as part of the version's README.md: https://github.com/wolfSSL/wolfssl/blob/v4.6.0-stable/README.md Due a number of API additions, size increases from 374.7K to 408.8K for arm_cortex_a9_vfpv3-d16. The ABI does not change from previous version. Backported patches were removed; remaining patch was refreshed. Signed-off-by: Eneas U de Queiroz --- Run-tested on a Linksys WRT3200ACM (arm) with uhttpd, uclient-fetch, and wpad-wolfssl. diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile index 6758f7dd08..dcc6aca40c 100644 --- a/package/libs/wolfssl/Makefile +++ b/package/libs/wolfssl/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=wolfssl -PKG_VERSION:=4.5.0-stable -PKG_RELEASE:=5 +PKG_VERSION:=4.6.0-stable +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION) -PKG_HASH:=7de62300ce14daa0051bfefc7c4d6302f96cabc768b6ae49eda77523b118250c +PKG_HASH:=053aefbb02d0b06b27c5e2df6875b4b587318755b7db9d6aa8d72206b310a848 PKG_FIXUP:=libtool PKG_INSTALL:=1 diff --git a/package/libs/wolfssl/patches/100-disable-hardening-check.patch b/package/libs/wolfssl/patches/100-disable-hardening-check.patch index 43337ba970..c2793285e7 100644 --- a/package/libs/wolfssl/patches/100-disable-hardening-check.patch +++ b/package/libs/wolfssl/patches/100-disable-hardening-check.patch @@ -1,6 +1,6 @@ --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h -@@ -2128,7 +2128,7 @@ extern void uITRON4_free(void *p) ; +@@ -2248,7 +2248,7 @@ extern void uITRON4_free(void *p) ; #endif /* warning for not using harden build options (default with ./configure) */ diff --git a/package/libs/wolfssl/patches/110-fix-build-on-big-endian.patch b/package/libs/wolfssl/patches/110-fix-build-on-big-endian.patch deleted file mode 100644 index 3838865559..00 --- a/package/libs/wolfssl/patches/110-fix-build-on-big-endian.patch +++ /dev/null @@ -1,27 +0,0 @@ -From b90acc91d0cd276befe7f08f87ba2dc5ee7122ff Mon Sep 17 00:00:00 2001 -From: Tesfa Mael -Date: Wed, 26 Aug 2020 10:13:06 -0700 -Subject: [PATCH] Make ByteReverseWords available for big and little endian - - wolfcrypt/src/misc.c | 2 -- - 1 file changed, 2 deletions(-) - a/wolfcrypt/src/misc.c -+++ b/wolfcrypt/src/misc.c -@@ -120,7 +120,6 @@ WC_STATIC WC_INLINE word32 ByteReverseWo - return rotlFixed(value, 16U); - #endif - } --#if defined(LITTLE_ENDIAN_ORDER) - /* This routine performs a byte swap of words array of a given count. */ - WC_STATIC WC_INLINE void ByteReverseWords(word32* out, const word32* in, - word32 byteCount) -@@ -131,7 +130,6 @@ WC_STATIC WC_INLINE void ByteReverseWord - out[i] = ByteReverseWord32(in[i]); - - } --#endif /* LITTLE_ENDIAN_ORDER */ - - #if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_NO_WORD64_OPS) - diff --git a/package/libs/wolfssl/patches/200-fix-checkhostname-matching.patch b/package/libs/wolfssl/patches/200-fix-checkhostname-matching.patch deleted file mode 100644 index aaf14e46d9..00 --- a/package/libs/wolfssl/patches/200-fix-checkhostname-matching.patch +++ /dev/null @@ -1,123 +0,0 @@ -From ea5c290d605b2af7b10d6e5ce69aa3534f52385f Mon Sep 17 00:00:00 2001 -From: Eric Blankenhorn -Date: Fri, 17 Jul 2020 08:37:02 -0500 -Subject: [PATCH] Fix CheckHostName matching - - src/internal.c | 18 -- - src/ssl.c | 5 + - tests/api.c| 30 ++ - 3 files changed, 47 insertions(+), 6 deletions(-) - -diff --git a/src/internal.c b/src/internal.c -index dc57df0242..cda815d875 100644 a/src/internal.c -+++ b/src/internal.c -@@ -9346,7 +9346,7 @@ int CheckForAltNames(DecodedCert* dCert, const char* domain, int* checkCN) - altName = dCert->altNames; - - if (checkCN != NULL) { --*checkCN = altName == NULL; -+*checkCN = (altName == NULL) ? 1 : 0; - } - - while (altName) { -@@ -9415,23 +9415,29 @@ int CheckForAltNames(DecodedCert* dCert, const char* domain, int* checkCN) - int CheckHostName(DecodedCert* dCert, const char *domainName, size_t domainNameLen) - { - int checkCN; -+int ret = DOMAIN_NAME_MISMATCH; - - /* Assume name is NUL terminated. */ - (void)domainNameLen; - - if (CheckForAltNames(dCert, domainName, &checkCN) != 1) { --WOLFSSL_MSG("DomainName match on alt names failed too"); --return DOMAIN_NAME_MISMATCH; -+WOLFSSL_MSG("DomainName match on alt names failed"); - } -+else { -+ret = 0; -+} -+ - if (checkCN == 1) { - if (MatchDomainName(dCert->subjectCN, dCert->subjectCNLen, --domainName) == 0) { -+domainName) == 1) { -+ret = 0; -+} -+