From ba40da9045f77feb04abe63eb8a92f13f9efe471 Mon Sep 17 00:00:00 2001
From: Eneas U de Queiroz <cotequeiroz@gmail.com>
Date: Tue, 29 Dec 2020 14:49:20 -0300
Subject: wolfssl: Update to v4.6.0-stable

This version fixes a large number of bugs, although no security
vulnerabilities are listed.

Full changelog at:
https://www.wolfssl.com/docs/wolfssl-changelog/
or, as part of the version's README.md:
https://github.com/wolfSSL/wolfssl/blob/v4.6.0-stable/README.md

Due a number of API additions, size increases from 374.7K to 408.8K for
arm_cortex_a9_vfpv3-d16.  The ABI does not change from previous version.

Backported patches were removed; remaining patch was refreshed.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
---
 .../patches/200-fix-checkhostname-matching.patch   | 123 ---------------------
 1 file changed, 123 deletions(-)
 delete mode 100644 package/libs/wolfssl/patches/200-fix-checkhostname-matching.patch

(limited to 'package/libs/wolfssl/patches/200-fix-checkhostname-matching.patch')

diff --git a/package/libs/wolfssl/patches/200-fix-checkhostname-matching.patch b/package/libs/wolfssl/patches/200-fix-checkhostname-matching.patch
deleted file mode 100644
index aaf14e46d9..0000000000
--- a/package/libs/wolfssl/patches/200-fix-checkhostname-matching.patch
+++ /dev/null
@@ -1,123 +0,0 @@
-From ea5c290d605b2af7b10d6e5ce69aa3534f52385f Mon Sep 17 00:00:00 2001
-From: Eric Blankenhorn <eric@wolfssl.com>
-Date: Fri, 17 Jul 2020 08:37:02 -0500
-Subject: [PATCH] Fix CheckHostName matching
-
----
- src/internal.c | 18 ++++++++++++------
- src/ssl.c      |  5 +++++
- tests/api.c    | 30 ++++++++++++++++++++++++++++++
- 3 files changed, 47 insertions(+), 6 deletions(-)
-
-diff --git a/src/internal.c b/src/internal.c
-index dc57df0242..cda815d875 100644
---- a/src/internal.c
-+++ b/src/internal.c
-@@ -9346,7 +9346,7 @@ int CheckForAltNames(DecodedCert* dCert, const char* domain, int* checkCN)
-         altName = dCert->altNames;
- 
-     if (checkCN != NULL) {
--        *checkCN = altName == NULL;
-+        *checkCN = (altName == NULL) ? 1 : 0;
-     }
- 
-     while (altName) {
-@@ -9415,23 +9415,29 @@ int CheckForAltNames(DecodedCert* dCert, const char* domain, int* checkCN)
- int CheckHostName(DecodedCert* dCert, const char *domainName, size_t domainNameLen)
- {
-     int checkCN;
-+    int ret = DOMAIN_NAME_MISMATCH;
- 
-     /* Assume name is NUL terminated. */
-     (void)domainNameLen;
- 
-     if (CheckForAltNames(dCert, domainName, &checkCN) != 1) {
--        WOLFSSL_MSG("DomainName match on alt names failed too");
--        return DOMAIN_NAME_MISMATCH;
-+        WOLFSSL_MSG("DomainName match on alt names failed");
-     }
-+    else {
-+        ret = 0;
-+    }
-+
-     if (checkCN == 1) {
-         if (MatchDomainName(dCert->subjectCN, dCert->subjectCNLen,
--                            domainName) == 0) {
-+                            domainName) == 1) {
-+            ret = 0;
-+        }
-+        else {
-             WOLFSSL_MSG("DomainName match on common name failed");
--            return DOMAIN_NAME_MISMATCH;
-         }
-     }
- 
--    return 0;
-+    return ret;
- }
- 
- int CheckIPAddr(DecodedCert* dCert, const char* ipasc)
-diff --git a/src/ssl.c b/src/ssl.c
-index 11bc08a3cb..59ad9bae60 100644
---- a/src/ssl.c
-+++ b/src/ssl.c
-@@ -43661,6 +43661,11 @@ int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk, size_t chklen,
-     (void)flags;
-     (void)peername;
- 
-+    if ((x == NULL) || (chk == NULL)) {
-+        WOLFSSL_MSG("Invalid parameter");
-+        return WOLFSSL_FAILURE;
-+    }
-+
-     if (flags == WOLFSSL_NO_WILDCARDS) {
-         WOLFSSL_MSG("X509_CHECK_FLAG_NO_WILDCARDS not yet implemented");
-         return WOLFSSL_FAILURE;
-diff --git a/tests/api.c b/tests/api.c
-index 774a332968..db888952d4 100644
---- a/tests/api.c
-+++ b/tests/api.c
-@@ -23875,6 +23875,35 @@ static void test_wolfSSL_X509_issuer_name_hash(void)
- #endif
- }
- 
-+static void test_wolfSSL_X509_check_host(void)
-+{
-+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
-+    && !defined(NO_SHA) && !defined(NO_RSA)
-+
-+    X509* x509;
-+    const char altName[] = "example.com";
-+
-+    printf(testingFmt, "wolfSSL_X509_check_host()");
-+
-+    AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
-+                SSL_FILETYPE_PEM));
-+
-+    AssertIntEQ(X509_check_host(x509, altName, XSTRLEN(altName), 0, NULL),
-+            WOLFSSL_SUCCESS);
-+
-+    AssertIntEQ(X509_check_host(x509, NULL, 0, 0, NULL),
-+            WOLFSSL_FAILURE);
-+
-+    X509_free(x509);
-+
-+    AssertIntEQ(X509_check_host(NULL, altName, XSTRLEN(altName), 0, NULL),
-+            WOLFSSL_FAILURE);
-+
-+    printf(resultFmt, passed);
-+
-+#endif
-+}
-+
- static void test_wolfSSL_DES(void)
- {
-     #if defined(OPENSSL_EXTRA) && !defined(NO_DES3)
-@@ -36407,6 +36436,7 @@ void ApiTest(void)
-     test_wolfSSL_X509_INFO();
-     test_wolfSSL_X509_subject_name_hash();
-     test_wolfSSL_X509_issuer_name_hash();
-+    test_wolfSSL_X509_check_host();
-     test_wolfSSL_DES();
-     test_wolfSSL_certs();
-     test_wolfSSL_ASN1_TIME_print();
-- 
cgit v1.2.3