X-Git-Url: https://git.librecmc.org/?p=librecmc%2Flibrecmc.git;a=blobdiff_plain;f=package%2Flibs%2Fwolfssl%2Fpatches%2F010-CVE-2021-3336.patch;fp=package%2Flibs%2Fwolfssl%2Fpatches%2F010-CVE-2021-3336.patch;h=0000000000000000000000000000000000000000;hp=abb9bfdd9bcb43016296161371fecd25148ff3f3;hb=3e09af24fd4462e62a6e3908f75aa91a7f038e95;hpb=aefa0305680e8d238103128720a35d74618b9f3b

diff --git a/package/libs/wolfssl/patches/010-CVE-2021-3336.patch b/package/libs/wolfssl/patches/010-CVE-2021-3336.patch
deleted file mode 100644
index abb9bfdd9b..0000000000
--- a/package/libs/wolfssl/patches/010-CVE-2021-3336.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From fad1e67677bf7797b6bd6e1f21a513c289d963a7 Mon Sep 17 00:00:00 2001
-From: Sean Parkinson <sean@wolfssl.com>
-Date: Thu, 21 Jan 2021 08:24:38 +1000
-Subject: [PATCH] TLS 1.3: ensure key for signature in CertificateVerify
-
----
- src/tls13.c | 18 +++++++++++++-----
- 1 file changed, 13 insertions(+), 5 deletions(-)
-
---- a/src/tls13.c
-+++ b/src/tls13.c
-@@ -5624,28 +5624,36 @@ static int DoTls13CertificateVerify(WOLF
-         #ifdef HAVE_ED25519
-             if (args->sigAlgo == ed25519_sa_algo &&
-                                                   !ssl->peerEd25519KeyPresent) {
--                WOLFSSL_MSG("Oops, peer sent ED25519 key but not in verify");
-+                WOLFSSL_MSG("Peer sent ED22519 sig but not ED22519 cert");
-+                ret = SIG_VERIFY_E;
-+                goto exit_dcv;
-             }
-         #endif
-         #ifdef HAVE_ED448
-             if (args->sigAlgo == ed448_sa_algo && !ssl->peerEd448KeyPresent) {
--                WOLFSSL_MSG("Oops, peer sent ED448 key but not in verify");
-+                WOLFSSL_MSG("Peer sent ED448 sig but not ED448 cert");
-+                ret = SIG_VERIFY_E;
-+                goto exit_dcv;
-             }
-         #endif
-         #ifdef HAVE_ECC
-             if (args->sigAlgo == ecc_dsa_sa_algo &&
-                                                    !ssl->peerEccDsaKeyPresent) {
--                WOLFSSL_MSG("Oops, peer sent ECC key but not in verify");
-+                WOLFSSL_MSG("Peer sent ECC sig but not ECC cert");
-+                ret = SIG_VERIFY_E;
-+                goto exit_dcv;
-             }
-         #endif
-         #ifndef NO_RSA
-             if (args->sigAlgo == rsa_sa_algo) {
--                WOLFSSL_MSG("Oops, peer sent PKCS#1.5 signature");
-+                WOLFSSL_MSG("Peer sent PKCS#1.5 algo but not in certificate");
-                 ERROR_OUT(INVALID_PARAMETER, exit_dcv);
-             }
-             if (args->sigAlgo == rsa_pss_sa_algo &&
-                          (ssl->peerRsaKey == NULL || !ssl->peerRsaKeyPresent)) {
--                WOLFSSL_MSG("Oops, peer sent RSA key but not in verify");
-+                WOLFSSL_MSG("Peer sent RSA sig but not RSA cert");
-+                ret = SIG_VERIFY_E;
-+                goto exit_dcv;
-             }
-         #endif
-