feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

revert changes to match 4.8.1 bundle

Browse Source
This commit is contained in:
Jacob Barthelmeh
2021-07-23 23:01:55 +07:00
parent 49ee2b71d7
commit 723ed009ae
6 changed files with 7 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog.md
View File

@ -2,7 +2,7 @@
Release 4.8.1 of wolfSSL embedded TLS has an OCSP vulnerability fix: Release 4.8.1 of wolfSSL embedded TLS has an OCSP vulnerability fix:
### Vulnerabilities ### Vulnerabilities
* [High] OCSP verification issue when response is for a certificate with no relation to the chain in question BUT that response contains the NoCheck extension which effectively disables ALL verification of that one cert. Users who should upgrade to 4.8.1 are TLS client users doing OCSP, TLS server users doing mutual auth with OCSP, and CertManager users doing OCSP independent of TLS. Thanks to Jan Nauber, Marco Smeets, Werner Rueschenbaum and Alissa Kim of Volkswagen Infotainment for the report. * [High] OCSP verification issue when response is for a certificate with no relation to the chain in question BUT that response contains the NoCheck extension which effectively disables ALL verification of that one cert. Users who should upgrade to 4.8.1 are TLS client users doing OCSP, TLS server users doing mutual auth with OCSP, and CertManager users doing OCSP independent of TLS. Thanks to Jan Nauber, Marco Smeets, Werner Rueschenbaum and Alissa Kim for the report.
# wolfSSL Release 4.8.0 (July 09, 2021) # wolfSSL Release 4.8.0 (July 09, 2021)

2
IDE/QNX/CAAM-DRIVER/Makefile
View File

@ -9,7 +9,7 @@ CC = qcc -Vgcc_nto$(PLATFORM)
CXX = qcc -lang-c++ -Vgcc_nto$(PLATFORM) CXX = qcc -lang-c++ -Vgcc_nto$(PLATFORM)
LD = $(CC) LD = $(CC)
INCLUDES += -I../../../ -I../../../wolfssl/wolfcrypt/port/caam/ INCLUDES += -I../../../wolfssl/wolfcrypt/port/caam/
CCFLAGS += -O2 -Wall CCFLAGS += -O2 -Wall
SRCS = \ SRCS = \

2
README
View File

@ -76,7 +76,7 @@ should be used for the enum name.
Release 4.8.1 of wolfSSL embedded TLS has an OCSP vulnerability fix: Release 4.8.1 of wolfSSL embedded TLS has an OCSP vulnerability fix:
### Vulnerabilities ### Vulnerabilities
* [High] OCSP verification issue when response is for a certificate with no relation to the chain in question BUT that response contains the NoCheck extension which effectively disables ALL verification of that one cert. Users who should upgrade to 4.8.1 are TLS client users doing OCSP, TLS server users doing mutual auth with OCSP, and CertManager users doing OCSP independent of TLS. Thanks to Jan Nauber, Marco Smeets, Werner Rueschenbaum and Alissa Kim of Volkswagen Infotainment for the report. * [High] OCSP verification issue when response is for a certificate with no relation to the chain in question BUT that response contains the NoCheck extension which effectively disables ALL verification of that one cert. Users who should upgrade to 4.8.1 are TLS client users doing OCSP, TLS server users doing mutual auth with OCSP, and CertManager users doing OCSP independent of TLS. Thanks to Jan Nauber, Marco Smeets, Werner Rueschenbaum and Alissa Kim for the report.
# wolfSSL Release 4.8.0 (July 09, 2021) # wolfSSL Release 4.8.0 (July 09, 2021)

2
README.md
View File

@ -80,7 +80,7 @@ WC_SHA512 should be used for the enum name.
Release 4.8.1 of wolfSSL embedded TLS has an OCSP vulnerability fix: Release 4.8.1 of wolfSSL embedded TLS has an OCSP vulnerability fix:
### Vulnerabilities ### Vulnerabilities
* [High] OCSP verification issue when response is for a certificate with no relation to the chain in question BUT that response contains the NoCheck extension which effectively disables ALL verification of that one cert. Users who should upgrade to 4.8.1 are TLS client users doing OCSP, TLS server users doing mutual auth with OCSP, and CertManager users doing OCSP independent of TLS. Thanks to Jan Nauber, Marco Smeets, Werner Rueschenbaum and Alissa Kim of Volkswagen Infotainment for the report. * [High] OCSP verification issue when response is for a certificate with no relation to the chain in question BUT that response contains the NoCheck extension which effectively disables ALL verification of that one cert. Users who should upgrade to 4.8.1 are TLS client users doing OCSP, TLS server users doing mutual auth with OCSP, and CertManager users doing OCSP independent of TLS. Thanks to Jan Nauber, Marco Smeets, Werner Rueschenbaum and Alissa Kim for the report.
# wolfSSL Release 4.8.0 (July 09, 2021) # wolfSSL Release 4.8.0 (July 09, 2021)
Release 4.8.0 of wolfSSL embedded TLS has bug fixes and new features including: Release 4.8.0 of wolfSSL embedded TLS has bug fixes and new features including:

2
rpm/spec.in
View File

@ -74,7 +74,7 @@ mkdir -p $RPM_BUILD_ROOT/
%{_libdir}/libwolfssl.la %{_libdir}/libwolfssl.la
%{_libdir}/libwolfssl.so %{_libdir}/libwolfssl.so
%{_libdir}/libwolfssl.so.24 %{_libdir}/libwolfssl.so.24
%{_libdir}/libwolfssl.so.24.5.0 %{_libdir}/libwolfssl.so.24.5.1
%files devel %files devel
%defattr(-,root,root,-) %defattr(-,root,root,-)

6
wolfcrypt/src/port/caam/caam_qnx.c
View File

@ -20,7 +20,6 @@
*/ */
#include "caam_driver.h" #include "caam_driver.h"
#include "wolfssl/version.h"
#include <errno.h> #include <errno.h>
#include <stdio.h> #include <stdio.h>
@ -1191,9 +1190,8 @@ static int getSupported(char* in)
#endif #endif
char cannedResponse[] = { char cannedResponse[] = {
"wolfCrypt QNX CAAM driver version " "wolfCrypt QNX CAAM driver version 4.8.1\n"
LIBWOLFSSL_VERSION_STRING "Supports:\n"
"\nSupports:\n"
"\tAES-CMAC\n" "\tAES-CMAC\n"
"\tECC (sign, verify, ecdh, keygen)\n" "\tECC (sign, verify, ecdh, keygen)\n"
"\tBlobs (black and red)\n" "\tBlobs (black and red)\n"