[PATCH ustream-ssl] add compatibility for wolfssl >= 5.0
Eneas U de Queiroz
cotequeiroz at gmail.com
Mon Jan 10 10:53:56 PST 2022
Can someone please take a look at this.
The patch is rather trivial. The affected function,
handle_wolfssl_asn_error is static, and its only caller is passing the
return value of SSL_get_error(), from libwolfssl; so there should be
no ordinary way to pass r=-159, which would be required to trigger a
possible regression.
It's a blocker to update wolfssl to 5.1.1, which fixes a handful of
security vulnerabilities.
Cheers,
Eneas
On Sat, Jan 1, 2022 at 5:09 PM Sergey V. Lobanov <sergey at lobanov.in> wrote:
> Related PR: https://github.com/openwrt/openwrt/pull/4910
> >
> > NTRU support has been removed in wolfssl 5.0 so it is required to
> > mask NTRU specific code if wolfssl >= 5.0
> >
> > Signed-off-by: Sergey V. Lobanov <sergey at lobanov.in>
> > ---
> > ustream-openssl.c | 2 ++
> > 1 file changed, 2 insertions(+)
> >
> > diff --git a/ustream-openssl.c b/ustream-openssl.c
> > index 1ce796a..894dddb 100644
> > --- a/ustream-openssl.c
> > +++ b/ustream-openssl.c
> > @@ -308,7 +308,9 @@ static bool handle_wolfssl_asn_error(struct ustream_ssl *us, int r)
> > case ASN_SIG_HASH_E:
> > case ASN_SIG_KEY_E:
> > case ASN_DH_KEY_E:
> > +#if LIBWOLFSSL_VERSION_HEX < 0x05000000
> > case ASN_NTRU_KEY_E:
> > +#endif
> > case ASN_CRIT_EXT_E:
> > case ASN_ALT_NAME_E:
> > case ASN_NO_PEM_HEADER:
> > --
> > 2.30.1 (Apple Git-130)
More information about the openwrt-devel
mailing list