include $(TOPDIR)/rules.mk
PKG_NAME:=wolfssl
-PKG_VERSION:=5.5.0-stable
+PKG_VERSION:=5.5.4-stable
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
-PKG_HASH:=c34b74b5f689fac7becb05583b044e84d3b10d39f38709f0095dd5d423ded67f
+PKG_HASH:=b7ee150e49def77c765bc02aac92ddeb0bebefd4cb12aa263d8f95e405221fb8
PKG_FIXUP:=libtool
PKG_INSTALL:=1
+++ /dev/null
-Since commit 6467de5a8840 ("Randomize z ordinates in scalar
-mult when timing resistant") wolfssl requires a RNG for an EC
-key when the hardened built option is selected.
-
-wc_ecc_set_rng is only available when built hardened, so there
-is no safe way to install the RNG to the key regardless whether
-or not wolfssl is compiled hardened.
-
-Always export wc_ecc_set_rng so tools such as hostapd can install
-RNG regardless of the built settings for wolfssl.
-
---- a/wolfcrypt/src/ecc.c
-+++ b/wolfcrypt/src/ecc.c
-@@ -12348,21 +12348,21 @@ void wc_ecc_fp_free(void)
-
- #endif /* FP_ECC */
-
--#ifdef ECC_TIMING_RESISTANT
- int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng)
- {
- int err = 0;
-
-+#ifdef ECC_TIMING_RESISTANT
- if (key == NULL) {
- err = BAD_FUNC_ARG;
- }
- else {
- key->rng = rng;
- }
-+#endif
-
- return err;
- }
--#endif
-
- #ifdef HAVE_ECC_ENCRYPT
-
---- a/wolfssl/wolfcrypt/ecc.h
-+++ b/wolfssl/wolfcrypt/ecc.h
-@@ -650,10 +650,8 @@ WOLFSSL_ABI WOLFSSL_API
- void wc_ecc_fp_free(void);
- WOLFSSL_LOCAL
- void wc_ecc_fp_init(void);
--#ifdef ECC_TIMING_RESISTANT
- WOLFSSL_API
- int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng);
--#endif
-
- WOLFSSL_API
- int wc_ecc_set_curve(ecc_key* key, int keysize, int curve_id);