[PATCH ustream-ssl] add compatibility for wolfssl >= 5.0

Eneas U de Queiroz cotequeiroz at gmail.com
Mon Jan 10 10:53:56 PST 2022


Can someone please take a look at this.
The patch is rather trivial.  The affected function,
handle_wolfssl_asn_error is static, and its only caller is passing the
return value of SSL_get_error(), from libwolfssl; so there should be
no ordinary way to pass r=-159, which would be required to trigger a
possible regression.

It's a blocker to update wolfssl to 5.1.1, which fixes a handful of
security vulnerabilities.

Cheers,

Eneas

On Sat, Jan 1, 2022 at 5:09 PM Sergey V. Lobanov <sergey at lobanov.in> wrote:
> Related PR: https://github.com/openwrt/openwrt/pull/4910
> >
> > NTRU support has been removed in wolfssl 5.0 so it is required to
> > mask NTRU specific code if wolfssl >= 5.0
> >
> > Signed-off-by: Sergey V. Lobanov <sergey at lobanov.in>
> > ---
> > ustream-openssl.c | 2 ++
> > 1 file changed, 2 insertions(+)
> >
> > diff --git a/ustream-openssl.c b/ustream-openssl.c
> > index 1ce796a..894dddb 100644
> > --- a/ustream-openssl.c
> > +++ b/ustream-openssl.c
> > @@ -308,7 +308,9 @@ static bool handle_wolfssl_asn_error(struct ustream_ssl *us, int r)
> >       case ASN_SIG_HASH_E:
> >       case ASN_SIG_KEY_E:
> >       case ASN_DH_KEY_E:
> > +#if LIBWOLFSSL_VERSION_HEX < 0x05000000
> >       case ASN_NTRU_KEY_E:
> > +#endif
> >       case ASN_CRIT_EXT_E:
> >       case ASN_ALT_NAME_E:
> >       case ASN_NO_PEM_HEADER:
> > --
> > 2.30.1 (Apple Git-130)



More information about the openwrt-devel mailing list