Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make ByteReverseWords available for big and little endian #3255

Merged
merged 1 commit into from Aug 31, 2020
Merged

Make ByteReverseWords available for big and little endian #3255

merged 1 commit into from Aug 31, 2020

Conversation

tmael
Copy link
Contributor

@tmael tmael commented Aug 26, 2020

This PR fixes a build error by removing the ifdef endianess check around ByteReverseWords().
It turned out some libraries (e.g. md4.c) default to checking BIG_ENDIAN_ORDER before calling ByteReverseWords() while other modules such as sha256.c check LITTLE_ENDIAN_ORDER before calling ByteReverseWords(). So ByteReverseWords() needs to be available for both big and little-endian systems.

Steps to reproduce error:
./configure CFLAGS="-DBIG_ENDIAN_ORDER" --enable-md4
make

wolfcrypt/src/md4.c: In function ‘wc_Md4Update’:
wolfcrypt/src/md4.c:156:17: error: implicit declaration of function ‘ByteReverseWords’; did you mean ‘ByteReverseWords64’? [-Werror=implicit-function-declaration]
                 ByteReverseWords(md4->buffer, md4->buffer, MD4_BLOCK_SIZE);
                 ^~~~~~~~~~~~~~~~
                 ByteReverseWords64
wolfcrypt/src/md4.c:156:17: error: nested extern declaration of ‘ByteReverseWords’ [-Werror=nested-externs]
  CC       wolfcrypt/src/src_libwolfssl_la-chacha20_poly1305.lo
cc1: all warnings being treated as errors
Makefile:4667: recipe for target 'wolfcrypt/src/src_libwolfssl_la-md4.lo' failed
make[1]: *** [wolfcrypt/src/src_libwolfssl_la-md4.lo] Error 1
make[1]: *** Waiting for unfinished jobs....
wolfcrypt/src/md5.c: In function ‘wc_Md5Update’:
wolfcrypt/src/md5.c:378:13: error: implicit declaration of function ‘ByteReverseWords’; did you mean ‘ByteReverseWords64’? [-Werror=implicit-function-declaration]
             ByteReverseWords(md5->buffer, md5->buffer, WC_MD5_BLOCK_SIZE);
             ^~~~~~~~~~~~~~~~
             ByteReverseWords64
wolfcrypt/src/md5.c:378:13: error: nested extern declaration of ‘ByteReverseWords’ [-Werror=nested-externs]
cc1: all warnings being treated as errors
Makefile:4674: recipe for target 'wolfcrypt/src/src_libwolfssl_la-md5.lo' failed
make[1]: *** [wolfcrypt/src/src_libwolfssl_la-md5.lo] Error 1
make[1]: Leaving directory '/home/tesfa/wolfssl'
Makefile:3141: recipe for target 'all' failed
make: *** [all] Error 2

@tmael tmael requested a review from dgarske August 26, 2020 17:40
@tmael tmael mentioned this pull request Aug 26, 2020
Closed
dgarske
dgarske approved these changes Aug 26, 2020
View reviewed changes
Copy link
Contributor

@dgarske dgarske left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Change is approved. Jenkins... contend with you will.

jow- pushed a commit to lede-project/source that referenced this pull request Aug 26, 2020
@hauke
wolfssl: Update to version 4.5.0
00722a7 
This fixes the following security problems:
* In earlier versions of wolfSSL there exists a potential man in the
  middle attack on TLS 1.3 clients.
* Denial of service attack on TLS 1.3 servers from repetitively sending
  ChangeCipherSpecs messages. (CVE-2020-12457)
* Potential cache timing attacks on public key operations in builds that
  are not using SP (single precision). (CVE-2020-15309)
* When using SGX with EC scalar multiplication the possibility of side-
  channel attacks are present.
* Leak of private key in the case that PEM format private keys are
  bundled in with PEM certificates into a single file.
* During the handshake, clear application_data messages in epoch 0 are
  processed and returned to the application.

Full changelog:
https://www.wolfssl.com/docs/wolfssl-changelog/

Fix a build error on big endian systems by backporting a pull request:
wolfSSL/wolfssl#3255

The size of the ipk increases on mips BE by 1.4%
old:
libwolfssl24_4.4.0-stable-2_mips_24kc.ipk:	386246
new:
libwolfssl24_4.5.0-stable-1_mips_24kc.ipk:	391528

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
@dgarske
Copy link
Contributor

dgarske commented Aug 29, 2020

Retest this please

@dgarske dgarske merged commit e9b1cea into wolfSSL:master Aug 31, 2020
jow- pushed a commit to openwrt/openwrt that referenced this pull request Sep 3, 2020
@hauke
wolfssl: Update to version 4.5.0
403039c 
This fixes the following security problems:
* In earlier versions of wolfSSL there exists a potential man in the
  middle attack on TLS 1.3 clients.
* Denial of service attack on TLS 1.3 servers from repetitively sending
  ChangeCipherSpecs messages. (CVE-2020-12457)
* Potential cache timing attacks on public key operations in builds that
  are not using SP (single precision). (CVE-2020-15309)
* When using SGX with EC scalar multiplication the possibility of side-
  channel attacks are present.
* Leak of private key in the case that PEM format private keys are
  bundled in with PEM certificates into a single file.
* During the handshake, clear application_data messages in epoch 0 are
  processed and returned to the application.

Full changelog:
https://www.wolfssl.com/docs/wolfssl-changelog/

Fix a build error on big endian systems by backporting a pull request:
wolfSSL/wolfssl#3255

The size of the ipk increases on mips BE by 1.4%
old:
libwolfssl24_4.4.0-stable-2_mips_24kc.ipk:	386246
new:
libwolfssl24_4.5.0-stable-1_mips_24kc.ipk:	391528

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 00722a7)
jollaman999 pushed a commit to jollaman999/openwrt that referenced this pull request Oct 1, 2020
@hauke @jollaman999
wolfssl: Update to version 4.5.0
291cd31 
This fixes the following security problems:
* In earlier versions of wolfSSL there exists a potential man in the
  middle attack on TLS 1.3 clients.
* Denial of service attack on TLS 1.3 servers from repetitively sending
  ChangeCipherSpecs messages. (CVE-2020-12457)
* Potential cache timing attacks on public key operations in builds that
  are not using SP (single precision). (CVE-2020-15309)
* When using SGX with EC scalar multiplication the possibility of side-
  channel attacks are present.
* Leak of private key in the case that PEM format private keys are
  bundled in with PEM certificates into a single file.
* During the handshake, clear application_data messages in epoch 0 are
  processed and returned to the application.

Full changelog:
https://www.wolfssl.com/docs/wolfssl-changelog/

Fix a build error on big endian systems by backporting a pull request:
wolfSSL/wolfssl#3255

The size of the ipk increases on mips BE by 1.4%
old:
libwolfssl24_4.4.0-stable-2_mips_24kc.ipk:	386246
new:
libwolfssl24_4.5.0-stable-1_mips_24kc.ipk:	391528

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
phs07 pushed a commit to phs07/openwrt that referenced this pull request Oct 3, 2020
@hauke @phs07
wolfssl: Update to version 4.5.0
f9ebc47 
This fixes the following security problems:
* In earlier versions of wolfSSL there exists a potential man in the
  middle attack on TLS 1.3 clients.
* Denial of service attack on TLS 1.3 servers from repetitively sending
  ChangeCipherSpecs messages. (CVE-2020-12457)
* Potential cache timing attacks on public key operations in builds that
  are not using SP (single precision). (CVE-2020-15309)
* When using SGX with EC scalar multiplication the possibility of side-
  channel attacks are present.
* Leak of private key in the case that PEM format private keys are
  bundled in with PEM certificates into a single file.
* During the handshake, clear application_data messages in epoch 0 are
  processed and returned to the application.

Full changelog:
https://www.wolfssl.com/docs/wolfssl-changelog/

Fix a build error on big endian systems by backporting a pull request:
wolfSSL/wolfssl#3255

The size of the ipk increases on mips BE by 1.4%
old:
libwolfssl24_4.4.0-stable-2_mips_24kc.ipk:	386246
new:
libwolfssl24_4.5.0-stable-1_mips_24kc.ipk:	391528

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 00722a7)
biliwala pushed a commit to biliwala/friendlywrt that referenced this pull request Oct 16, 2020
@hauke @biliwala
wolfssl: Update to version 4.5.0
fd43f54 
This fixes the following security problems:
* In earlier versions of wolfSSL there exists a potential man in the
  middle attack on TLS 1.3 clients.
* Denial of service attack on TLS 1.3 servers from repetitively sending
  ChangeCipherSpecs messages. (CVE-2020-12457)
* Potential cache timing attacks on public key operations in builds that
  are not using SP (single precision). (CVE-2020-15309)
* When using SGX with EC scalar multiplication the possibility of side-
  channel attacks are present.
* Leak of private key in the case that PEM format private keys are
  bundled in with PEM certificates into a single file.
* During the handshake, clear application_data messages in epoch 0 are
  processed and returned to the application.

Full changelog:
https://www.wolfssl.com/docs/wolfssl-changelog/

Fix a build error on big endian systems by backporting a pull request:
wolfSSL/wolfssl#3255

The size of the ipk increases on mips BE by 1.4%
old:
libwolfssl24_4.4.0-stable-2_mips_24kc.ipk:	386246
new:
libwolfssl24_4.5.0-stable-1_mips_24kc.ipk:	391528

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 00722a7)
cstkingkey pushed a commit to cstkingkey/lede that referenced this pull request Mar 6, 2021
@hauke
wolfssl: Update to version 4.5.0
632f2b9 
This fixes the following security problems:
* In earlier versions of wolfSSL there exists a potential man in the
  middle attack on TLS 1.3 clients.
* Denial of service attack on TLS 1.3 servers from repetitively sending
  ChangeCipherSpecs messages. (CVE-2020-12457)
* Potential cache timing attacks on public key operations in builds that
  are not using SP (single precision). (CVE-2020-15309)
* When using SGX with EC scalar multiplication the possibility of side-
  channel attacks are present.
* Leak of private key in the case that PEM format private keys are
  bundled in with PEM certificates into a single file.
* During the handshake, clear application_data messages in epoch 0 are
  processed and returned to the application.

Full changelog:
https://www.wolfssl.com/docs/wolfssl-changelog/

Fix a build error on big endian systems by backporting a pull request:
wolfSSL/wolfssl#3255

The size of the ipk increases on mips BE by 1.4%
old:
libwolfssl24_4.4.0-stable-2_mips_24kc.ipk:	386246
new:
libwolfssl24_4.5.0-stable-1_mips_24kc.ipk:	391528

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dgarske dgarske dgarske approved these changes

Assignees

@dgarske dgarske

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@tmael @dgarske