mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-17 04:37:19 +00:00
wolfssl: patch CVE-2026-5446
Backport commits from the PR[1] mentioned in the nvd[2] [1]https://github.com/wolfSSL/wolfssl/pull/10111 [2]https://nvd.nist.gov/vuln/detail/CVE-2026-5446 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
@@ -0,0 +1,62 @@
|
|||||||
|
From 6d6d06c05f84b190c43c9b75c6fa11375d2be424 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Eric Blankenhorn <eric@wolfssl.com>
|
||||||
|
Date: Tue, 31 Mar 2026 08:31:14 -0500
|
||||||
|
Subject: [PATCH] Fix ARIA build issue and FIPS guard
|
||||||
|
|
||||||
|
(cherry picked from commit 6495e8e94115f7f6beb67497e07bac5cba8dca9c)
|
||||||
|
|
||||||
|
CVE: CVE-2026-5446
|
||||||
|
Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/6495e8e94115f7f6beb67497e07bac5cba8dca9c]
|
||||||
|
|
||||||
|
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
|
||||||
|
---
|
||||||
|
src/internal.c | 21 ++++++++++++++++-----
|
||||||
|
1 file changed, 16 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/internal.c b/src/internal.c
|
||||||
|
index 992c10d2c..fbf227a93 100644
|
||||||
|
--- a/src/internal.c
|
||||||
|
+++ b/src/internal.c
|
||||||
|
@@ -19023,7 +19023,9 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
||||||
|
#if (!defined(NO_PUBLIC_GCM_SET_IV) && \
|
||||||
|
((defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) && \
|
||||||
|
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)))) || \
|
||||||
|
- (defined(HAVE_POLY1305) && defined(HAVE_CHACHA))
|
||||||
|
+ (defined(HAVE_POLY1305) && defined(HAVE_CHACHA)) || \
|
||||||
|
+ defined(HAVE_ARIA) || \
|
||||||
|
+ defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM)
|
||||||
|
static WC_INLINE void AeadIncrementExpIV(WOLFSSL* ssl)
|
||||||
|
{
|
||||||
|
int i;
|
||||||
|
@@ -20006,10 +20008,9 @@ static WC_INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input,
|
||||||
|
sizeof(ssl->encrypt.sanityCheck));
|
||||||
|
#endif
|
||||||
|
|
||||||
|
- #if defined(BUILD_AESGCM) || defined(HAVE_AESCCM) || defined(HAVE_ARIA)
|
||||||
|
+ #if defined(BUILD_AESGCM) || defined(HAVE_AESCCM)
|
||||||
|
if (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_ccm ||
|
||||||
|
- ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm ||
|
||||||
|
- ssl->specs.bulk_cipher_algorithm == wolfssl_aria_gcm)
|
||||||
|
+ ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm)
|
||||||
|
{
|
||||||
|
/* finalize authentication cipher */
|
||||||
|
#if !defined(NO_PUBLIC_GCM_SET_IV) && \
|
||||||
|
@@ -20020,7 +20021,17 @@ static WC_INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input,
|
||||||
|
if (ssl->encrypt.nonce)
|
||||||
|
ForceZero(ssl->encrypt.nonce, AESGCM_NONCE_SZ);
|
||||||
|
}
|
||||||
|
- #endif /* BUILD_AESGCM || HAVE_AESCCM || HAVE_ARIA */
|
||||||
|
+ #endif /* BUILD_AESGCM || HAVE_AESCCM */
|
||||||
|
+ #ifdef HAVE_ARIA
|
||||||
|
+ if (ssl->specs.bulk_cipher_algorithm == wolfssl_aria_gcm)
|
||||||
|
+ {
|
||||||
|
+ /* finalize authentication cipher — wc_AriaEncrypt is
|
||||||
|
+ * stateless, so the explicit IV must always advance */
|
||||||
|
+ AeadIncrementExpIV(ssl);
|
||||||
|
+ if (ssl->encrypt.nonce)
|
||||||
|
+ ForceZero(ssl->encrypt.nonce, AESGCM_NONCE_SZ);
|
||||||
|
+ }
|
||||||
|
+ #endif /* HAVE_ARIA */
|
||||||
|
#if defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM)
|
||||||
|
if (ssl->specs.bulk_cipher_algorithm == wolfssl_sm4_ccm ||
|
||||||
|
ssl->specs.bulk_cipher_algorithm == wolfssl_sm4_gcm)
|
||||||
@@ -0,0 +1,27 @@
|
|||||||
|
From 88fc52b8e3bca58389a4a107a77f9dc52e3baa12 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Eric Blankenhorn <eric@wolfssl.com>
|
||||||
|
Date: Tue, 31 Mar 2026 09:35:43 -0500
|
||||||
|
Subject: [PATCH] Fix feedback from review
|
||||||
|
|
||||||
|
(cherry picked from commit a3fad2af91da39e2a4bdaf528bcfb2a94c4dd67c)
|
||||||
|
|
||||||
|
CVE: CVE-2026-5446
|
||||||
|
Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/a3fad2af91da39e2a4bdaf528bcfb2a94c4dd67c]
|
||||||
|
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
|
||||||
|
---
|
||||||
|
src/internal.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/internal.c b/src/internal.c
|
||||||
|
index fbf227a93..ccfecc235 100644
|
||||||
|
--- a/src/internal.c
|
||||||
|
+++ b/src/internal.c
|
||||||
|
@@ -20025,7 +20025,7 @@ static WC_INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input,
|
||||||
|
#ifdef HAVE_ARIA
|
||||||
|
if (ssl->specs.bulk_cipher_algorithm == wolfssl_aria_gcm)
|
||||||
|
{
|
||||||
|
- /* finalize authentication cipher — wc_AriaEncrypt is
|
||||||
|
+ /* finalize authentication cipher -- wc_AriaEncrypt is
|
||||||
|
* stateless, so the explicit IV must always advance */
|
||||||
|
AeadIncrementExpIV(ssl);
|
||||||
|
if (ssl->encrypt.nonce)
|
||||||
@@ -41,6 +41,8 @@ SRC_URI = " \
|
|||||||
file://CVE-2026-3580.patch \
|
file://CVE-2026-3580.patch \
|
||||||
file://CVE-2026-5188.patch \
|
file://CVE-2026-5188.patch \
|
||||||
file://CVE-2026-5392.patch \
|
file://CVE-2026-5392.patch \
|
||||||
|
file://CVE-2026-5446-1.patch \
|
||||||
|
file://CVE-2026-5446-2.patch \
|
||||||
"
|
"
|
||||||
|
|
||||||
SRCREV = "b077c81eb635392e694ccedbab8b644297ec0285"
|
SRCREV = "b077c81eb635392e694ccedbab8b644297ec0285"
|
||||||
|
|||||||
Reference in New Issue
Block a user