forked from Openwrt/openwrt
f475a44c03
This fixes multiple security problems: * [High] CVE-2024-0901 Potential denial of service and out of bounds read. Affects TLS 1.3 on the server side when accepting a connection from a malicious TLS 1.3 client. If using TLS 1.3 on the server side it is recommended to update the version of wolfSSL used. * [Med] CVE-2024-1545 Fault Injection vulnerability in RsaPrivateDecryption function that potentially allows an attacker that has access to the same system with a victims process to perform a Rowhammer fault injection. Thanks to Junkai Liang, Zhi Zhang, Xin Zhang, Qingni Shen for the report (Peking University, The University of Western Australia)." * [Med] Fault injection attack with EdDSA signature operations. This affects ed25519 sign operations where the system could be susceptible to Rowhammer attacks. Thanks to Junkai Liang, Zhi Zhang, Xin Zhang, Qingni Shen for the report (Peking University, The University of Western Australia). Size increased a little: wolfssl 5.6.6: 516880 bin/packages/mips_24kc/base/libwolfssl5.6.6.e624513f_5.6.6-stable-r1_mips_24kc.ipk wolfssl: 5.7.0: 519429 bin/packages/mips_24kc/base/libwolfssl5.7.0.e624513f_5.7.0-stable-r1_mips_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
12 lines
545 B
Diff
12 lines
545 B
Diff
--- a/wolfssl/wolfcrypt/settings.h
|
|
+++ b/wolfssl/wolfcrypt/settings.h
|
|
@@ -2945,7 +2945,7 @@ extern void uITRON4_free(void *p) ;
|
|
|
|
/* warning for not using harden build options (default with ./configure) */
|
|
/* do not warn if big integer support is disabled */
|
|
-#if !defined(WC_NO_HARDEN) && !defined(NO_BIG_INT)
|
|
+#if 0
|
|
#if (defined(USE_FAST_MATH) && !defined(TFM_TIMING_RESISTANT)) || \
|
|
(defined(HAVE_ECC) && !defined(ECC_TIMING_RESISTANT)) || \
|
|
(!defined(NO_RSA) && !defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS) && \
|