Re: [PATCH ustream-ssl] add compatibility for wolfssl >= 5.0
Can someone please take a look at this. The patch is rather trivial. The affected function, handle_wolfssl_asn_error is static, and its only caller is passing the return value of SSL_get_error(), from libwolfssl; so there should be no ordinary way to pass r=-159, which would be required to trigger a possible regression. It's a blocker to update wolfssl to 5.1.1, which fixes a handful of security vulnerabilities. Cheers, Eneas On Sat, Jan 1, 2022 at 5:09 PM Sergey V. Lobanov wrote: > Related PR: https://github.com/openwrt/openwrt/pull/4910 > > > > NTRU support has been removed in wolfssl 5.0 so it is required to > > mask NTRU specific code if wolfssl >= 5.0 > > > > Signed-off-by: Sergey V. Lobanov > > --- > > ustream-openssl.c | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/ustream-openssl.c b/ustream-openssl.c > > index 1ce796a..894dddb 100644 > > --- a/ustream-openssl.c > > +++ b/ustream-openssl.c > > @@ -308,7 +308,9 @@ static bool handle_wolfssl_asn_error(struct ustream_ssl > > *us, int r) > > case ASN_SIG_HASH_E: > > case ASN_SIG_KEY_E: > > case ASN_DH_KEY_E: > > +#if LIBWOLFSSL_VERSION_HEX < 0x0500 > > case ASN_NTRU_KEY_E: > > +#endif > > case ASN_CRIT_EXT_E: > > case ASN_ALT_NAME_E: > > case ASN_NO_PEM_HEADER: > > -- > > 2.30.1 (Apple Git-130) ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH ustream-ssl] add compatibility for wolfssl >= 5.0
Hello, Other packages have merged this patch (rtty and libhttpd) Please merge this patch to ustream-ssl and after that we will able to bump wolfssl itself > On 1 Jan 2022, at 22:28, Sergey V. Lobanov wrote: > > NTRU support has been removed in wolfssl 5.0 so it is required to > mask NTRU specific code if wolfssl >= 5.0 > > Signed-off-by: Sergey V. Lobanov > --- > ustream-openssl.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/ustream-openssl.c b/ustream-openssl.c > index 1ce796a..894dddb 100644 > --- a/ustream-openssl.c > +++ b/ustream-openssl.c > @@ -308,7 +308,9 @@ static bool handle_wolfssl_asn_error(struct ustream_ssl > *us, int r) > case ASN_SIG_HASH_E: > case ASN_SIG_KEY_E: > case ASN_DH_KEY_E: > +#if LIBWOLFSSL_VERSION_HEX < 0x0500 > case ASN_NTRU_KEY_E: > +#endif > case ASN_CRIT_EXT_E: > case ASN_ALT_NAME_E: > case ASN_NO_PEM_HEADER: > -- > 2.30.1 (Apple Git-130) > ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH ustream-ssl] add compatibility for wolfssl >= 5.0
Related PR: https://github.com/openwrt/openwrt/pull/4910 > On 1 Jan 2022, at 22:28, Sergey V. Lobanov wrote: > > NTRU support has been removed in wolfssl 5.0 so it is required to > mask NTRU specific code if wolfssl >= 5.0 > > Signed-off-by: Sergey V. Lobanov > --- > ustream-openssl.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/ustream-openssl.c b/ustream-openssl.c > index 1ce796a..894dddb 100644 > --- a/ustream-openssl.c > +++ b/ustream-openssl.c > @@ -308,7 +308,9 @@ static bool handle_wolfssl_asn_error(struct ustream_ssl > *us, int r) > case ASN_SIG_HASH_E: > case ASN_SIG_KEY_E: > case ASN_DH_KEY_E: > +#if LIBWOLFSSL_VERSION_HEX < 0x0500 > case ASN_NTRU_KEY_E: > +#endif > case ASN_CRIT_EXT_E: > case ASN_ALT_NAME_E: > case ASN_NO_PEM_HEADER: > -- > 2.30.1 (Apple Git-130) > ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH ustream-ssl] add compatibility for wolfssl >= 5.0
NTRU support has been removed in wolfssl 5.0 so it is required to mask NTRU specific code if wolfssl >= 5.0 Signed-off-by: Sergey V. Lobanov --- ustream-openssl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ustream-openssl.c b/ustream-openssl.c index 1ce796a..894dddb 100644 --- a/ustream-openssl.c +++ b/ustream-openssl.c @@ -308,7 +308,9 @@ static bool handle_wolfssl_asn_error(struct ustream_ssl *us, int r) case ASN_SIG_HASH_E: case ASN_SIG_KEY_E: case ASN_DH_KEY_E: +#if LIBWOLFSSL_VERSION_HEX < 0x0500 case ASN_NTRU_KEY_E: +#endif case ASN_CRIT_EXT_E: case ASN_ALT_NAME_E: case ASN_NO_PEM_HEADER: -- 2.30.1 (Apple Git-130) ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel