[PATCH v2] wolfssl: Update to version 4.5.0

Hauke Mehrtens hauke at hauke-m.de
Thu Aug 27 06:14:45 EDT 2020


On 8/27/20 9:25 AM, Andre Heider wrote:
> Hi,
> 
> On 26/08/2020 00:19, Hauke Mehrtens wrote:
>> This fixes the following security problems:
>> * In earlier versions of wolfSSL there exists a potential man in the
>>    middle attack on TLS 1.3 clients.
>> * Denial of service attack on TLS 1.3 servers from repetitively sending
>>    ChangeCipherSpecs messages. (CVE-2020-12457)
>> * Potential cache timing attacks on public key operations in builds that
>>    are not using SP (single precision). (CVE-2020-15309)
>> * When using SGX with EC scalar multiplication the possibility of side-
>>    channel attacks are present.
>> * Leak of private key in the case that PEM format private keys are
>>    bundled in with PEM certificates into a single file.
>> * During the handshake, clear application_data messages in epoch 0 are
>>    processed and returned to the application.
>>
>> Full changelog:
>> https://www.wolfssl.com/docs/wolfssl-changelog/
>>
>> Add a patch which fixes a build problem on big endian systems, see
>> https://github.com/wolfSSL/wolfssl/issues/3240 for details.
>>
>> Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
> 
> I think due to this hostapd (CONFIG_PACKAGE_wpad-wolfssl=y) now fails to
> compile:
> ../src/crypto/tls_wolfssl.c: In function 'tls_match_alt_subject':
> ../src/crypto/tls_wolfssl.c:610:11: error: 'GEN_EMAIL' undeclared (first
> use in this function); did you mean 'ENAVAIL'?
>     type = GEN_EMAIL;
>            ^~~~~~~~~
>            ENAVAIL
> ../src/crypto/tls_wolfssl.c:610:11: note: each undeclared identifier is
> reported only once for each function it appears in
> ../src/crypto/tls_wolfssl.c:613:11: error: 'GEN_DNS' undeclared (first
> use in this function)
>     type = GEN_DNS;
>            ^~~~~~~
> ../src/crypto/tls_wolfssl.c:616:11: error: 'GEN_URI' undeclared (first
> use in this function)
>     type = GEN_URI;
>            ^~~~~~~
> ../src/crypto/tls_wolfssl.c: In function 'wolfssl_tls_cert_event':
> ../src/crypto/tls_wolfssl.c:902:20: error: 'GEN_EMAIL' undeclared (first
> use in this function); did you mean 'ENAVAIL'?
>    if (gen->type != GEN_EMAIL &&
>                     ^~~~~~~~~
>                     ENAVAIL
> ../src/crypto/tls_wolfssl.c:903:20: error: 'GEN_DNS' undeclared (first
> use in this function)
>        gen->type != GEN_DNS &&
>                     ^~~~~~~
> ../src/crypto/tls_wolfssl.c:904:20: error: 'GEN_URI' undeclared (first
> use in this function)
>        gen->type != GEN_URI)
>                     ^~~~~~~
> make[3]: *** [Makefile:1302: ../src/crypto/tls_wolfssl.o] Error 1
> 
> The attached patch fixes it me.
> 

Thank you for spotting this, it only happened when we compile one of the
hostapd version with enterprise WPA support.
The build bots also found this.

It is It is fixed in master now.


Hauke


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openwrt.org/pipermail/openwrt-devel/attachments/20200827/0432b02e/attachment.sig>


More information about the openwrt-devel mailing list