| Message ID | 20180524163437.GA16880@makrotopia.org |
|---|---|
| State | Accepted |
| Delegated to: | John Crispin |
| Headers | show |
| Series | [OpenWrt-Devel] wolfssl: update to version 3.14.4 | expand |
On Thu, May 24, 2018 at 7:34 PM, Daniel Golle <daniel@makrotopia.org> wrote: > Use download from github archive corresponding to v3.14.4 tag because > the project's website apparently only offers 3.14.0-stable release > downloads. > Drop local patch for CVE-2017-13099 as it was merged upstream. > Looks good. On a related note, would you like to take over the package ? I don't seem to find time for it at the moment. > Signed-off-by: Daniel Golle <daniel@makrotopia.org> > --- > package/libs/wolfssl/Makefile | 9 +- > .../wolfssl/patches/001-CVE-2017-13099.patch | 144 ------------------ > .../patches/100-disable-hardening-check.patch | 2 +- > 3 files changed, 6 insertions(+), 149 deletions(-) > delete mode 100644 package/libs/wolfssl/patches/001-CVE-2017-13099.patch > > diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile > index d0bd3b5a35..41296dd0f2 100644 > --- a/package/libs/wolfssl/Makefile > +++ b/package/libs/wolfssl/Makefile > @@ -8,12 +8,13 @@ > include $(TOPDIR)/rules.mk > > PKG_NAME:=wolfssl > -PKG_VERSION:=3.12.2 > -PKG_RELEASE:=2 > +PKG_VERSION:=3.14.4 > +PKG_RELEASE:=1 > > PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).zip > -PKG_SOURCE_URL:=https://www.wolfssl.com/ > -PKG_HASH:=4993844c4b7919007c4511ec3f987fb06543536c3fc933cb53491bffe9150e49 > +# PKG_SOURCE_URL:=https://www.wolfssl.com/ > +PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION) > +PKG_HASH:=1da1b45dec4a455716c8547074ad883c737865225f69443bb173c0dc21683fd1 > > PKG_FIXUP:=libtool > PKG_INSTALL:=1 > diff --git a/package/libs/wolfssl/patches/001-CVE-2017-13099.patch b/package/libs/wolfssl/patches/001-CVE-2017-13099.patch > deleted file mode 100644 > index e7b63cb8d4..0000000000 > --- a/package/libs/wolfssl/patches/001-CVE-2017-13099.patch > +++ /dev/null > @@ -1,144 +0,0 @@ > -From fd455d5a5e9fef24c208e7ac7d3a4bc58834cbf1 Mon Sep 17 00:00:00 2001 > -From: David Garske <david@wolfssl.com> > -Date: Tue, 14 Nov 2017 14:05:50 -0800 > -Subject: [PATCH] Fix for handling of static RSA PKCS formatting failures so > - they are indistinguishable from from correctly formatted RSA blocks (per > - RFC5246 section 7.4.7.1). Adjusted the static RSA preMasterSecret RNG > - creation for consistency in client case. Removed obsolete > - `PMS_VERSION_ERROR`. > - > ---- > - src/internal.c | 70 +++++++++++++++++++++++++++++++++++++++++++++-------- > - wolfssl/error-ssl.h | 2 +- > - 2 files changed, 61 insertions(+), 11 deletions(-) > - > ---- a/src/internal.c > -+++ b/src/internal.c > -@@ -14190,9 +14190,6 @@ const char* wolfSSL_ERR_reason_error_str > - case NOT_READY_ERROR : > - return "handshake layer not ready yet, complete first"; > - > -- case PMS_VERSION_ERROR : > -- return "premaster secret version mismatch error"; > -- > - case VERSION_ERROR : > - return "record layer version error"; > - > -@@ -18758,8 +18755,10 @@ int SendClientKeyExchange(WOLFSSL* ssl) > - #ifndef NO_RSA > - case rsa_kea: > - { > -+ /* build PreMasterSecret with RNG data */ > - ret = wc_RNG_GenerateBlock(ssl->rng, > -- ssl->arrays->preMasterSecret, SECRET_LEN); > -+ &ssl->arrays->preMasterSecret[VERSION_SZ], > -+ SECRET_LEN - VERSION_SZ); > - if (ret != 0) { > - goto exit_scke; > - } > -@@ -23545,6 +23544,9 @@ static int DoSessionTicket(WOLFSSL* ssl, > - word32 idx; > - word32 begin; > - word32 sigSz; > -+ #ifndef NO_RSA > -+ int lastErr; > -+ #endif > - } DckeArgs; > - > - static void FreeDckeArgs(WOLFSSL* ssl, void* pArgs) > -@@ -23770,6 +23772,14 @@ static int DoSessionTicket(WOLFSSL* ssl, > - ERROR_OUT(BUFFER_ERROR, exit_dcke); > - } > - > -+ /* pre-load PreMasterSecret with RNG data */ > -+ ret = wc_RNG_GenerateBlock(ssl->rng, > -+ &ssl->arrays->preMasterSecret[VERSION_SZ], > -+ SECRET_LEN - VERSION_SZ); > -+ if (ret != 0) { > -+ goto exit_dcke; > -+ } > -+ > - args->output = NULL; > - break; > - } /* rsa_kea */ > -@@ -24234,6 +24244,20 @@ static int DoSessionTicket(WOLFSSL* ssl, > - NULL, 0, NULL > - #endif > - ); > -+ > -+ /* Errors that can occur here that should be > -+ * indistinguishable: > -+ * RSA_BUFFER_E, RSA_PAD_E and RSA_PRIVATE_ERROR > -+ */ > -+ if (ret < 0 && ret != BAD_FUNC_ARG) { > -+ #ifdef WOLFSSL_ASYNC_CRYPT > -+ if (ret == WC_PENDING_E) > -+ goto exit_dcke; > -+ #endif > -+ /* store error code for handling below */ > -+ args->lastErr = ret; > -+ ret = 0; > -+ } > - break; > - } /* rsa_kea */ > - #endif /* !NO_RSA */ > -@@ -24380,16 +24404,42 @@ static int DoSessionTicket(WOLFSSL* ssl, > - /* Add the signature length to idx */ > - args->idx += args->length; > - > -- if (args->sigSz == SECRET_LEN && args->output != NULL) { > -- XMEMCPY(ssl->arrays->preMasterSecret, args->output, SECRET_LEN); > -- if (ssl->arrays->preMasterSecret[0] != ssl->chVersion.major || > -- ssl->arrays->preMasterSecret[1] != ssl->chVersion.minor) { > -- ERROR_OUT(PMS_VERSION_ERROR, exit_dcke); > -+ #ifdef DEBUG_WOLFSSL > -+ /* check version (debug warning message only) */ > -+ if (args->output != NULL) { > -+ if (args->output[0] != ssl->chVersion.major || > -+ args->output[1] != ssl->chVersion.minor) { > -+ WOLFSSL_MSG("preMasterSecret version mismatch"); > - } > - } > -+ #endif > -+ > -+ /* RFC5246 7.4.7.1: > -+ * Treat incorrectly formatted message blocks and/or > -+ * mismatched version numbers in a manner > -+ * indistinguishable from correctly formatted RSA blocks > -+ */ > -+ > -+ ret = args->lastErr; > -+ args->lastErr = 0; /* reset */ > -+ > -+ /* build PreMasterSecret */ > -+ ssl->arrays->preMasterSecret[0] = ssl->chVersion.major; > -+ ssl->arrays->preMasterSecret[1] = ssl->chVersion.minor; > -+ if (ret == 0 && args->sigSz == SECRET_LEN && > -+ args->output != NULL) { > -+ XMEMCPY(&ssl->arrays->preMasterSecret[VERSION_SZ], > -+ &args->output[VERSION_SZ], > -+ SECRET_LEN - VERSION_SZ); > -+ } > - else { > -- ERROR_OUT(RSA_PRIVATE_ERROR, exit_dcke); > -+ /* preMasterSecret has RNG and version set */ > -+ /* return proper length and ignore error */ > -+ /* error will be caught as decryption error */ > -+ args->sigSz = SECRET_LEN; > -+ ret = 0; > - } > -+ > - break; > - } /* rsa_kea */ > - #endif /* !NO_RSA */ > ---- a/wolfssl/error-ssl.h > -+++ b/wolfssl/error-ssl.h > -@@ -57,7 +57,7 @@ enum wolfSSL_ErrorCodes { > - DOMAIN_NAME_MISMATCH = -322, /* peer subject name mismatch */ > - WANT_READ = -323, /* want read, call again */ > - NOT_READY_ERROR = -324, /* handshake layer not ready */ > -- PMS_VERSION_ERROR = -325, /* pre m secret version error */ > -+ > - VERSION_ERROR = -326, /* record layer version error */ > - WANT_WRITE = -327, /* want write, call again */ > - BUFFER_ERROR = -328, /* malformed buffer input */ > diff --git a/package/libs/wolfssl/patches/100-disable-hardening-check.patch b/package/libs/wolfssl/patches/100-disable-hardening-check.patch > index 83d51b1d5c..d913b5fdea 100644 > --- a/package/libs/wolfssl/patches/100-disable-hardening-check.patch > +++ b/package/libs/wolfssl/patches/100-disable-hardening-check.patch > @@ -1,6 +1,6 @@ > --- a/wolfssl/wolfcrypt/settings.h > +++ b/wolfssl/wolfcrypt/settings.h > -@@ -1553,7 +1553,7 @@ extern void uITRON4_free(void *p) ; > +@@ -1624,7 +1624,7 @@ extern void uITRON4_free(void *p) ; > #endif > > /* warning for not using harden build options (default with ./configure) */ > -- > 2.17.0 >
Hi! On Thu, May 24, 2018 at 10:38:45PM +0300, Alexandru Ardelean wrote: > On Thu, May 24, 2018 at 7:34 PM, Daniel Golle <daniel@makrotopia.org> wrote: > > Use download from github archive corresponding to v3.14.4 tag because > > the project's website apparently only offers 3.14.0-stable release > > downloads. > > Drop local patch for CVE-2017-13099 as it was merged upstream. > > > > Looks good. > On a related note, would you like to take over the package ? > I don't seem to find time for it at the moment. You had that nice patch to improve the build-time configuration half- ready. It'd really be nice to still incooperate that... I do believe you are doing a good job as a maintainer, however, if you feel burdened by the maintainership I'm also ok to take over. Cheers Daniel
On Fri, May 25, 2018 at 1:18 AM, Daniel Golle <daniel@makrotopia.org> wrote: > Hi! > > On Thu, May 24, 2018 at 10:38:45PM +0300, Alexandru Ardelean wrote: >> On Thu, May 24, 2018 at 7:34 PM, Daniel Golle <daniel@makrotopia.org> wrote: >> > Use download from github archive corresponding to v3.14.4 tag because >> > the project's website apparently only offers 3.14.0-stable release >> > downloads. >> > Drop local patch for CVE-2017-13099 as it was merged upstream. >> > >> >> Looks good. >> On a related note, would you like to take over the package ? >> I don't seem to find time for it at the moment. > > You had that nice patch to improve the build-time configuration half- > ready. It'd really be nice to still incooperate that... > I do believe you are doing a good job as a maintainer, however, if you > feel burdened by the maintainership I'm also ok to take over. > Not so much burdened as much as I don't want to block other people. So, if you don't feel blocked, I can still keep maintaining it. I will make time for that configuration patch. Thanks Alex > > Cheers > > > Daniel
diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile index d0bd3b5a35..41296dd0f2 100644 --- a/package/libs/wolfssl/Makefile +++ b/package/libs/wolfssl/Makefile @@ -8,12 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=wolfssl -PKG_VERSION:=3.12.2 -PKG_RELEASE:=2 +PKG_VERSION:=3.14.4 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).zip -PKG_SOURCE_URL:=https://www.wolfssl.com/ -PKG_HASH:=4993844c4b7919007c4511ec3f987fb06543536c3fc933cb53491bffe9150e49 +# PKG_SOURCE_URL:=https://www.wolfssl.com/ +PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION) +PKG_HASH:=1da1b45dec4a455716c8547074ad883c737865225f69443bb173c0dc21683fd1 PKG_FIXUP:=libtool PKG_INSTALL:=1 diff --git a/package/libs/wolfssl/patches/001-CVE-2017-13099.patch b/package/libs/wolfssl/patches/001-CVE-2017-13099.patch deleted file mode 100644 index e7b63cb8d4..0000000000 --- a/package/libs/wolfssl/patches/001-CVE-2017-13099.patch +++ /dev/null @@ -1,144 +0,0 @@ -From fd455d5a5e9fef24c208e7ac7d3a4bc58834cbf1 Mon Sep 17 00:00:00 2001 -From: David Garske <david@wolfssl.com> -Date: Tue, 14 Nov 2017 14:05:50 -0800 -Subject: [PATCH] Fix for handling of static RSA PKCS formatting failures so - they are indistinguishable from from correctly formatted RSA blocks (per - RFC5246 section 7.4.7.1). Adjusted the static RSA preMasterSecret RNG - creation for consistency in client case. Removed obsolete - `PMS_VERSION_ERROR`. - ---- - src/internal.c | 70 +++++++++++++++++++++++++++++++++++++++++++++-------- - wolfssl/error-ssl.h | 2 +- - 2 files changed, 61 insertions(+), 11 deletions(-) - ---- a/src/internal.c -+++ b/src/internal.c -@@ -14190,9 +14190,6 @@ const char* wolfSSL_ERR_reason_error_str - case NOT_READY_ERROR : - return "handshake layer not ready yet, complete first"; - -- case PMS_VERSION_ERROR : -- return "premaster secret version mismatch error"; -- - case VERSION_ERROR : - return "record layer version error"; - -@@ -18758,8 +18755,10 @@ int SendClientKeyExchange(WOLFSSL* ssl) - #ifndef NO_RSA - case rsa_kea: - { -+ /* build PreMasterSecret with RNG data */ - ret = wc_RNG_GenerateBlock(ssl->rng, -- ssl->arrays->preMasterSecret, SECRET_LEN); -+ &ssl->arrays->preMasterSecret[VERSION_SZ], -+ SECRET_LEN - VERSION_SZ); - if (ret != 0) { - goto exit_scke; - } -@@ -23545,6 +23544,9 @@ static int DoSessionTicket(WOLFSSL* ssl, - word32 idx; - word32 begin; - word32 sigSz; -+ #ifndef NO_RSA -+ int lastErr; -+ #endif - } DckeArgs; - - static void FreeDckeArgs(WOLFSSL* ssl, void* pArgs) -@@ -23770,6 +23772,14 @@ static int DoSessionTicket(WOLFSSL* ssl, - ERROR_OUT(BUFFER_ERROR, exit_dcke); - } - -+ /* pre-load PreMasterSecret with RNG data */ -+ ret = wc_RNG_GenerateBlock(ssl->rng, -+ &ssl->arrays->preMasterSecret[VERSION_SZ], -+ SECRET_LEN - VERSION_SZ); -+ if (ret != 0) { -+ goto exit_dcke; -+ } -+ - args->output = NULL; - break; - } /* rsa_kea */ -@@ -24234,6 +24244,20 @@ static int DoSessionTicket(WOLFSSL* ssl, - NULL, 0, NULL - #endif - ); -+ -+ /* Errors that can occur here that should be -+ * indistinguishable: -+ * RSA_BUFFER_E, RSA_PAD_E and RSA_PRIVATE_ERROR -+ */ -+ if (ret < 0 && ret != BAD_FUNC_ARG) { -+ #ifdef WOLFSSL_ASYNC_CRYPT -+ if (ret == WC_PENDING_E) -+ goto exit_dcke; -+ #endif -+ /* store error code for handling below */ -+ args->lastErr = ret; -+ ret = 0; -+ } - break; - } /* rsa_kea */ - #endif /* !NO_RSA */ -@@ -24380,16 +24404,42 @@ static int DoSessionTicket(WOLFSSL* ssl, - /* Add the signature length to idx */ - args->idx += args->length; - -- if (args->sigSz == SECRET_LEN && args->output != NULL) { -- XMEMCPY(ssl->arrays->preMasterSecret, args->output, SECRET_LEN); -- if (ssl->arrays->preMasterSecret[0] != ssl->chVersion.major || -- ssl->arrays->preMasterSecret[1] != ssl->chVersion.minor) { -- ERROR_OUT(PMS_VERSION_ERROR, exit_dcke); -+ #ifdef DEBUG_WOLFSSL -+ /* check version (debug warning message only) */ -+ if (args->output != NULL) { -+ if (args->output[0] != ssl->chVersion.major || -+ args->output[1] != ssl->chVersion.minor) { -+ WOLFSSL_MSG("preMasterSecret version mismatch"); - } - } -+ #endif -+ -+ /* RFC5246 7.4.7.1: -+ * Treat incorrectly formatted message blocks and/or -+ * mismatched version numbers in a manner -+ * indistinguishable from correctly formatted RSA blocks -+ */ -+ -+ ret = args->lastErr; -+ args->lastErr = 0; /* reset */ -+ -+ /* build PreMasterSecret */ -+ ssl->arrays->preMasterSecret[0] = ssl->chVersion.major; -+ ssl->arrays->preMasterSecret[1] = ssl->chVersion.minor; -+ if (ret == 0 && args->sigSz == SECRET_LEN && -+ args->output != NULL) { -+ XMEMCPY(&ssl->arrays->preMasterSecret[VERSION_SZ], -+ &args->output[VERSION_SZ], -+ SECRET_LEN - VERSION_SZ); -+ } - else { -- ERROR_OUT(RSA_PRIVATE_ERROR, exit_dcke); -+ /* preMasterSecret has RNG and version set */ -+ /* return proper length and ignore error */ -+ /* error will be caught as decryption error */ -+ args->sigSz = SECRET_LEN; -+ ret = 0; - } -+ - break; - } /* rsa_kea */ - #endif /* !NO_RSA */ ---- a/wolfssl/error-ssl.h -+++ b/wolfssl/error-ssl.h -@@ -57,7 +57,7 @@ enum wolfSSL_ErrorCodes { - DOMAIN_NAME_MISMATCH = -322, /* peer subject name mismatch */ - WANT_READ = -323, /* want read, call again */ - NOT_READY_ERROR = -324, /* handshake layer not ready */ -- PMS_VERSION_ERROR = -325, /* pre m secret version error */ -+ - VERSION_ERROR = -326, /* record layer version error */ - WANT_WRITE = -327, /* want write, call again */ - BUFFER_ERROR = -328, /* malformed buffer input */ diff --git a/package/libs/wolfssl/patches/100-disable-hardening-check.patch b/package/libs/wolfssl/patches/100-disable-hardening-check.patch index 83d51b1d5c..d913b5fdea 100644 --- a/package/libs/wolfssl/patches/100-disable-hardening-check.patch +++ b/package/libs/wolfssl/patches/100-disable-hardening-check.patch @@ -1,6 +1,6 @@ --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h -@@ -1553,7 +1553,7 @@ extern void uITRON4_free(void *p) ; +@@ -1624,7 +1624,7 @@ extern void uITRON4_free(void *p) ; #endif /* warning for not using harden build options (default with ./configure) */
Use download from github archive corresponding to v3.14.4 tag because the project's website apparently only offers 3.14.0-stable release downloads. Drop local patch for CVE-2017-13099 as it was merged upstream. Signed-off-by: Daniel Golle <daniel@makrotopia.org> --- package/libs/wolfssl/Makefile | 9 +- .../wolfssl/patches/001-CVE-2017-13099.patch | 144 ------------------ .../patches/100-disable-hardening-check.patch | 2 +- 3 files changed, 6 insertions(+), 149 deletions(-) delete mode 100644 package/libs/wolfssl/patches/001-CVE-2017-13099.patch