diff options
| author | Ankur Tyagi <ankur.tyagi85@gmail.com> | 2026-02-25 07:54:09 +1300 |
|---|---|---|
| committer | Anuj Mittal <anuj.mittal@oss.qualcomm.com> | 2026-03-06 10:09:05 +0530 |
| commit | 6781da83ae3e6b73d38df05fb1955ce9608ffe5f (patch) | |
| tree | 8946ff5dfe0cb434b226139e8a8629697e23d88d /meta-networking | |
| parent | 9039381ef0352e71c066e0e7994740deac464db1 (diff) | |
| download | meta-openembedded-6781da83ae3e6b73d38df05fb1955ce9608ffe5f.tar.gz | |
wolfssl: patch CVE-2025-13912
Backport changes from PR[1] mentioned in nvd[2]
[1] https://github.com/wolfSSL/wolfssl/pull/9148
[2] https://nvd.nist.gov/vuln/detail/CVE-2025-13912
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Diffstat (limited to 'meta-networking')
| -rw-r--r-- | meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-13912.patch | 439 | ||||
| -rw-r--r-- | meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb | 1 |
2 files changed, 440 insertions, 0 deletions
diff --git a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-13912.patch b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-13912.patch new file mode 100644 index 0000000000..32252058f7 --- /dev/null +++ b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-13912.patch | |||
| @@ -0,0 +1,439 @@ | |||
| 1 | From 797e0e7abf5830d515ca838201c03a47f83356b0 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Daniel Pouzzner <douzzer@wolfssl.com> | ||
| 3 | Date: Tue, 30 Sep 2025 20:35:52 -0500 | ||
| 4 | Subject: [PATCH] Merge pull request #9148 from SparkiDev/ct_volatile | ||
| 5 | |||
| 6 | Mark variables as volatile | ||
| 7 | |||
| 8 | CVE: CVE-2025-13912 | ||
| 9 | Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/234ba7780ad3b7c8c1509973accdc43ed6c328b3] | ||
| 10 | Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> | ||
| 11 | --- | ||
| 12 | src/internal.c | 25 ++++++++++++--------- | ||
| 13 | src/tls.c | 8 +++++-- | ||
| 14 | wolfcrypt/src/aes.c | 4 ++-- | ||
| 15 | wolfcrypt/src/ecc.c | 8 +++---- | ||
| 16 | wolfcrypt/src/misc.c | 4 ++-- | ||
| 17 | wolfcrypt/src/rsa.c | 18 +++++++++------ | ||
| 18 | wolfcrypt/src/sp_int.c | 51 ++++++++++++++++++++++-------------------- | ||
| 19 | 7 files changed, 67 insertions(+), 51 deletions(-) | ||
| 20 | |||
| 21 | diff --git a/src/internal.c b/src/internal.c | ||
| 22 | index eb2f16d63..6b3a227bc 100644 | ||
| 23 | --- a/src/internal.c | ||
| 24 | +++ b/src/internal.c | ||
| 25 | @@ -20887,7 +20887,7 @@ static byte MaskPadding(const byte* data, int sz, int macSz) | ||
| 26 | checkSz = TLS_MAX_PAD_SZ; | ||
| 27 | |||
| 28 | for (i = 0; i < checkSz; i++) { | ||
| 29 | - byte mask = ctMaskLTE(i, paddingSz); | ||
| 30 | + volatile byte mask = ctMaskLTE(i, paddingSz); | ||
| 31 | good |= mask & (data[sz - 1 - i] ^ paddingSz); | ||
| 32 | } | ||
| 33 | |||
| 34 | @@ -20907,16 +20907,21 @@ static byte MaskPadding(const byte* data, int sz, int macSz) | ||
| 35 | static byte MaskMac(const byte* data, int sz, int macSz, byte* expMac) | ||
| 36 | { | ||
| 37 | int i, j; | ||
| 38 | - unsigned char mac[WC_MAX_DIGEST_SIZE]; | ||
| 39 | - int scanStart = sz - 1 - TLS_MAX_PAD_SZ - macSz; | ||
| 40 | - int macEnd = sz - 1 - data[sz - 1]; | ||
| 41 | - int macStart = macEnd - macSz; | ||
| 42 | int r = 0; | ||
| 43 | - unsigned char started, notEnded; | ||
| 44 | + unsigned char mac[WC_MAX_DIGEST_SIZE]; | ||
| 45 | + volatile int scanStart = sz - 1 - TLS_MAX_PAD_SZ - macSz; | ||
| 46 | + volatile int macEnd = sz - 1 - data[sz - 1]; | ||
| 47 | + volatile int macStart = macEnd - macSz; | ||
| 48 | + volatile int maskScanStart; | ||
| 49 | + volatile int maskMacStart; | ||
| 50 | + volatile unsigned char started; | ||
| 51 | + volatile unsigned char notEnded; | ||
| 52 | unsigned char good = 0; | ||
| 53 | |||
| 54 | - scanStart &= ctMaskIntGTE(scanStart, 0); | ||
| 55 | - macStart &= ctMaskIntGTE(macStart, 0); | ||
| 56 | + maskScanStart = ctMaskIntGTE(scanStart, 0); | ||
| 57 | + maskMacStart = ctMaskIntGTE(macStart, 0); | ||
| 58 | + scanStart &= maskScanStart; | ||
| 59 | + macStart &= maskMacStart; | ||
| 60 | |||
| 61 | /* Div on Intel has different speeds depending on value. | ||
| 62 | * Use a bitwise AND or mod a specific value (converted to mul). */ | ||
| 63 | @@ -41636,7 +41641,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], | ||
| 64 | case rsa_kea: | ||
| 65 | { | ||
| 66 | RsaKey* key = (RsaKey*)ssl->hsKey; | ||
| 67 | - int lenErrMask; | ||
| 68 | + volatile int lenErrMask; | ||
| 69 | |||
| 70 | ret = RsaDec(ssl, | ||
| 71 | input + args->idx, | ||
| 72 | @@ -41850,7 +41855,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], | ||
| 73 | case rsa_kea: | ||
| 74 | { | ||
| 75 | byte *tmpRsa; | ||
| 76 | - byte mask; | ||
| 77 | + volatile byte mask; | ||
| 78 | |||
| 79 | /* Add the signature length to idx */ | ||
| 80 | args->idx += args->length; | ||
| 81 | diff --git a/src/tls.c b/src/tls.c | ||
| 82 | index 6ad21c924..4f57ea938 100644 | ||
| 83 | --- a/src/tls.c | ||
| 84 | +++ b/src/tls.c | ||
| 85 | @@ -944,7 +944,10 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in, | ||
| 86 | unsigned int k; | ||
| 87 | int blockBits, blockMask; | ||
| 88 | int lastBlockLen, extraLen, eocIndex; | ||
| 89 | - int blocks, safeBlocks, lenBlock, eocBlock; | ||
| 90 | + int blocks; | ||
| 91 | + int safeBlocks; | ||
| 92 | + int lenBlock; | ||
| 93 | + int eocBlock; | ||
| 94 | word32 maxLen; | ||
| 95 | int blockSz, padSz; | ||
| 96 | int ret; | ||
| 97 | @@ -1054,7 +1057,8 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in, | ||
| 98 | |||
| 99 | for (j = 0; j < blockSz; j++) { | ||
| 100 | unsigned char atEoc = ctMaskEq(j, eocIndex) & isEocBlock; | ||
| 101 | - unsigned char pastEoc = ctMaskGT(j, eocIndex) & isEocBlock; | ||
| 102 | + volatile unsigned char maskPastEoc = ctMaskGT(j, eocIndex); | ||
| 103 | + volatile unsigned char pastEoc = maskPastEoc & isEocBlock; | ||
| 104 | unsigned char b = 0; | ||
| 105 | |||
| 106 | if (k < headerSz) | ||
| 107 | diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c | ||
| 108 | index 6e7f104dd..2cf7c695e 100644 | ||
| 109 | --- a/wolfcrypt/src/aes.c | ||
| 110 | +++ b/wolfcrypt/src/aes.c | ||
| 111 | @@ -6577,7 +6577,7 @@ static WC_INLINE void RIGHTSHIFTX(byte* x) | ||
| 112 | { | ||
| 113 | int i; | ||
| 114 | int carryIn = 0; | ||
| 115 | - byte borrow = (byte)((0x00U - (x[15] & 0x01U)) & 0xE1U); | ||
| 116 | + volatile byte borrow = (byte)((0x00U - (x[15] & 0x01U)) & 0xE1U); | ||
| 117 | |||
| 118 | for (i = 0; i < WC_AES_BLOCK_SIZE; i++) { | ||
| 119 | int carryOut = (x[i] & 0x01) << 7; | ||
| 120 | @@ -9113,7 +9113,7 @@ int WARN_UNUSED_RESULT AES_GCM_decrypt_C( | ||
| 121 | ALIGN16 byte scratch[WC_AES_BLOCK_SIZE]; | ||
| 122 | ALIGN16 byte Tprime[WC_AES_BLOCK_SIZE]; | ||
| 123 | ALIGN16 byte EKY0[WC_AES_BLOCK_SIZE]; | ||
| 124 | - sword32 res; | ||
| 125 | + volatile sword32 res; | ||
| 126 | |||
| 127 | if (ivSz == GCM_NONCE_MID_SZ) { | ||
| 128 | /* Counter is IV with bottom 4 bytes set to: 0x00,0x00,0x00,0x01. */ | ||
| 129 | diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c | ||
| 130 | index 6d4cd4de7..1fd30cfd9 100644 | ||
| 131 | --- a/wolfcrypt/src/ecc.c | ||
| 132 | +++ b/wolfcrypt/src/ecc.c | ||
| 133 | @@ -3166,7 +3166,7 @@ static int ecc_mulmod(const mp_int* k, ecc_point* P, ecc_point* Q, | ||
| 134 | ecc_point** R, mp_int* a, mp_int* modulus, mp_digit mp, WC_RNG* rng) | ||
| 135 | { | ||
| 136 | int err = MP_OKAY; | ||
| 137 | - int bytes = (mp_count_bits(modulus) + 7) / 8; | ||
| 138 | + int bytes = (mp_count_bits(modulus) + 7) >> 3; | ||
| 139 | int i; | ||
| 140 | int j = 1; | ||
| 141 | int cnt = DIGIT_BIT; | ||
| 142 | @@ -3406,7 +3406,7 @@ static int ecc_mulmod(const mp_int* k, ecc_point* P, ecc_point* Q, | ||
| 143 | ecc_point** R, mp_int* a, mp_int* modulus, mp_digit mp, WC_RNG* rng) | ||
| 144 | { | ||
| 145 | int err = MP_OKAY; | ||
| 146 | - int bytes = (mp_count_bits(modulus) + 7) / 8; | ||
| 147 | + int bytes = (mp_count_bits(modulus) + 7) >> 3; | ||
| 148 | int i; | ||
| 149 | int j = 1; | ||
| 150 | int cnt; | ||
| 151 | @@ -4450,7 +4450,7 @@ int wc_ecc_get_curve_id_from_params(int fieldSize, | ||
| 152 | Gx == NULL || Gy == NULL) | ||
| 153 | return BAD_FUNC_ARG; | ||
| 154 | |||
| 155 | - curveSz = (fieldSize + 1) / 8; /* round up */ | ||
| 156 | + curveSz = (fieldSize + 1) >> 3; /* round up */ | ||
| 157 | |||
| 158 | for (idx = 0; ecc_sets[idx].size != 0; idx++) { | ||
| 159 | if (curveSz == ecc_sets[idx].size) { | ||
| 160 | @@ -11922,7 +11922,7 @@ int wc_ecc_sig_size(const ecc_key* key) | ||
| 161 | keySz = key->dp->size; | ||
| 162 | orderBits = wc_ecc_get_curve_order_bit_count(key->dp); | ||
| 163 | if (orderBits > keySz * 8) { | ||
| 164 | - keySz = (orderBits + 7) / 8; | ||
| 165 | + keySz = (orderBits + 7) >> 3; | ||
| 166 | } | ||
| 167 | /* maximum possible signature header size is 7 bytes */ | ||
| 168 | maxSigSz = (keySz * 2) + SIG_HEADER_SZ; | ||
| 169 | diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c | ||
| 170 | index 98b83c7ae..496b0dbcc 100644 | ||
| 171 | --- a/wolfcrypt/src/misc.c | ||
| 172 | +++ b/wolfcrypt/src/misc.c | ||
| 173 | @@ -762,7 +762,7 @@ WC_MISC_STATIC WC_INLINE void ctMaskCopy(byte mask, byte* dst, byte* src, | ||
| 174 | WC_MISC_STATIC WC_INLINE word32 min(word32 a, word32 b) | ||
| 175 | { | ||
| 176 | #if !defined(WOLFSSL_NO_CT_OPS) && defined(WORD64_AVAILABLE) | ||
| 177 | - word32 gte_mask = (word32)ctMaskWord32GTE(a, b); | ||
| 178 | + volatile word32 gte_mask = (word32)ctMaskWord32GTE(a, b); | ||
| 179 | return (a & ~gte_mask) | (b & gte_mask); | ||
| 180 | #else /* WOLFSSL_NO_CT_OPS */ | ||
| 181 | return a > b ? b : a; | ||
| 182 | @@ -778,7 +778,7 @@ WC_MISC_STATIC WC_INLINE void ctMaskCopy(byte mask, byte* dst, byte* src, | ||
| 183 | WC_MISC_STATIC WC_INLINE word32 max(word32 a, word32 b) | ||
| 184 | { | ||
| 185 | #if !defined(WOLFSSL_NO_CT_OPS) && defined(WORD64_AVAILABLE) | ||
| 186 | - word32 gte_mask = (word32)ctMaskWord32GTE(a, b); | ||
| 187 | + volatile word32 gte_mask = (word32)ctMaskWord32GTE(a, b); | ||
| 188 | return (a & gte_mask) | (b & ~gte_mask); | ||
| 189 | #else /* WOLFSSL_NO_CT_OPS */ | ||
| 190 | return a > b ? a : b; | ||
| 191 | diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c | ||
| 192 | index 94d57bd8b..acd0c04c5 100644 | ||
| 193 | --- a/wolfcrypt/src/rsa.c | ||
| 194 | +++ b/wolfcrypt/src/rsa.c | ||
| 195 | @@ -1561,11 +1561,11 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen, | ||
| 196 | byte* optLabel, word32 labelLen, void* heap) | ||
| 197 | { | ||
| 198 | word32 hLen; | ||
| 199 | - int ret; | ||
| 200 | + volatile int ret; | ||
| 201 | byte h[WC_MAX_DIGEST_SIZE]; /* max digest size */ | ||
| 202 | word32 idx; | ||
| 203 | word32 i; | ||
| 204 | - word32 inc; | ||
| 205 | + volatile word32 inc; | ||
| 206 | |||
| 207 | #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) | ||
| 208 | byte* tmp = NULL; | ||
| 209 | @@ -1850,9 +1850,11 @@ static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen, | ||
| 210 | } | ||
| 211 | #ifndef WOLFSSL_RSA_VERIFY_ONLY | ||
| 212 | else { | ||
| 213 | - unsigned int j; | ||
| 214 | - word16 pastSep = 0; | ||
| 215 | - byte invalid = 0; | ||
| 216 | + unsigned int j; | ||
| 217 | + volatile word16 pastSep = 0; | ||
| 218 | + volatile byte invalid = 0; | ||
| 219 | + volatile byte minPad; | ||
| 220 | + volatile int invalidMask; | ||
| 221 | |||
| 222 | i = 0; | ||
| 223 | /* Decrypted with private key - unpad must be constant time. */ | ||
| 224 | @@ -1864,7 +1866,8 @@ static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen, | ||
| 225 | } | ||
| 226 | |||
| 227 | /* Minimum of 11 bytes of pre-message data - including leading 0x00. */ | ||
| 228 | - invalid |= ctMaskLT(i, RSA_MIN_PAD_SZ); | ||
| 229 | + minPad = ctMaskLT(i, RSA_MIN_PAD_SZ); | ||
| 230 | + invalid |= minPad; | ||
| 231 | /* Must have seen separator. */ | ||
| 232 | invalid |= (byte)~pastSep; | ||
| 233 | /* First byte must be 0x00. */ | ||
| 234 | @@ -1873,7 +1876,8 @@ static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen, | ||
| 235 | invalid |= ctMaskNotEq(pkcsBlock[1], padValue); | ||
| 236 | |||
| 237 | *output = (byte *)(pkcsBlock + i); | ||
| 238 | - ret = ((int)-1 + (int)(invalid >> 7)) & ((int)pkcsBlockLen - i); | ||
| 239 | + invalidMask = (int)-1 + (int)(invalid >> 7); | ||
| 240 | + ret = invalidMask & ((int)pkcsBlockLen - i); | ||
| 241 | } | ||
| 242 | #endif | ||
| 243 | |||
| 244 | diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c | ||
| 245 | index 1769840e7..0ee8aa252 100644 | ||
| 246 | --- a/wolfcrypt/src/sp_int.c | ||
| 247 | +++ b/wolfcrypt/src/sp_int.c | ||
| 248 | @@ -5502,7 +5502,7 @@ int sp_exch(sp_int* a, sp_int* b) | ||
| 249 | int sp_cond_swap_ct_ex(sp_int* a, sp_int* b, int cnt, int swap, sp_int* t) | ||
| 250 | { | ||
| 251 | unsigned int i; | ||
| 252 | - sp_int_digit mask = (sp_int_digit)0 - (sp_int_digit)swap; | ||
| 253 | + volatile sp_int_digit mask = (sp_int_digit)0 - (sp_int_digit)swap; | ||
| 254 | |||
| 255 | /* XOR other fields in sp_int into temp - mask set when swapping. */ | ||
| 256 | t->used = (a->used ^ b->used) & (sp_size_t)mask; | ||
| 257 | @@ -5772,7 +5772,7 @@ static int _sp_cmp_ct(const sp_int* a, const sp_int* b, unsigned int n) | ||
| 258 | { | ||
| 259 | int ret = MP_EQ; | ||
| 260 | int i; | ||
| 261 | - int mask = -1; | ||
| 262 | + volatile int mask = -1; | ||
| 263 | |||
| 264 | for (i = n - 1; i >= 0; i--) { | ||
| 265 | sp_int_digit ad = a->dp[i] & ((sp_int_digit)0 - (i < (int)a->used)); | ||
| 266 | @@ -7305,7 +7305,8 @@ static void _sp_div_2(const sp_int* a, sp_int* r) | ||
| 267 | |||
| 268 | /* Shift down each word by 1 and include bottom bit of next at top. */ | ||
| 269 | for (i = 0; i < (int)a->used - 1; i++) { | ||
| 270 | - r->dp[i] = (a->dp[i] >> 1) | (a->dp[i+1] << (SP_WORD_SIZE - 1)); | ||
| 271 | + r->dp[i] = a->dp[i] >> 1; | ||
| 272 | + r->dp[i] |= a->dp[i+1] << (SP_WORD_SIZE - 1); | ||
| 273 | } | ||
| 274 | /* Last word only needs to be shifted down. */ | ||
| 275 | r->dp[i] = a->dp[i] >> 1; | ||
| 276 | @@ -7385,7 +7386,7 @@ int sp_div_2_mod_ct(const sp_int* a, const sp_int* m, sp_int* r) | ||
| 277 | sp_int_digit t; | ||
| 278 | #endif | ||
| 279 | /* Mask to apply to modulus. */ | ||
| 280 | - sp_int_digit mask = (sp_int_digit)0 - (a->dp[0] & 1); | ||
| 281 | + volatile sp_int_digit mask = (sp_int_digit)0 - (a->dp[0] & 1); | ||
| 282 | sp_size_t i; | ||
| 283 | |||
| 284 | #if 0 | ||
| 285 | @@ -7396,7 +7397,7 @@ int sp_div_2_mod_ct(const sp_int* a, const sp_int* m, sp_int* r) | ||
| 286 | /* Add a to m, if a is odd, into r in constant time. */ | ||
| 287 | for (i = 0; i < m->used; i++) { | ||
| 288 | /* Mask to apply to a - set when used value at index. */ | ||
| 289 | - sp_int_digit mask_a = (sp_int_digit)0 - (i < a->used); | ||
| 290 | + volatile sp_int_digit mask_a = (sp_int_digit)0 - (i < a->used); | ||
| 291 | |||
| 292 | #ifndef SQR_MUL_ASM | ||
| 293 | /* Conditionally add modulus. */ | ||
| 294 | @@ -8017,7 +8018,7 @@ static void sp_clamp_ct(sp_int* a) | ||
| 295 | { | ||
| 296 | int i; | ||
| 297 | sp_size_t used = a->used; | ||
| 298 | - sp_size_t mask = (sp_size_t)-1; | ||
| 299 | + volatile sp_size_t mask = (sp_size_t)-1; | ||
| 300 | |||
| 301 | for (i = (int)a->used - 1; i >= 0; i--) { | ||
| 302 | #if ((SP_WORD_SIZE == 64) && \ | ||
| 303 | @@ -8066,9 +8067,9 @@ int sp_addmod_ct(const sp_int* a, const sp_int* b, const sp_int* m, sp_int* r) | ||
| 304 | sp_int_digit sh; | ||
| 305 | sp_int_digit t; | ||
| 306 | #endif | ||
| 307 | - sp_int_digit mask; | ||
| 308 | - sp_int_digit mask_a = (sp_int_digit)-1; | ||
| 309 | - sp_int_digit mask_b = (sp_int_digit)-1; | ||
| 310 | + volatile sp_int_digit mask; | ||
| 311 | + volatile sp_int_digit mask_a = (sp_int_digit)-1; | ||
| 312 | + volatile sp_int_digit mask_b = (sp_int_digit)-1; | ||
| 313 | sp_size_t i; | ||
| 314 | |||
| 315 | /* Check result is as big as modulus. */ | ||
| 316 | @@ -8230,9 +8231,9 @@ static void _sp_submod_ct(const sp_int* a, const sp_int* b, const sp_int* m, | ||
| 317 | sp_int_digit h; | ||
| 318 | sp_int_digit t; | ||
| 319 | #endif | ||
| 320 | - sp_int_digit mask; | ||
| 321 | - sp_int_digit mask_a = (sp_int_digit)-1; | ||
| 322 | - sp_int_digit mask_b = (sp_int_digit)-1; | ||
| 323 | + volatile sp_int_digit mask; | ||
| 324 | + volatile sp_int_digit mask_a = (sp_int_digit)-1; | ||
| 325 | + volatile sp_int_digit mask_b = (sp_int_digit)-1; | ||
| 326 | unsigned int i; | ||
| 327 | |||
| 328 | /* In constant time, subtract b from a putting result in r. */ | ||
| 329 | @@ -17458,7 +17459,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct) | ||
| 330 | /* 1. mask = (1 << (NumBits(m) % WORD_SIZE)) - 1 | ||
| 331 | * Mask when last digit of modulus doesn't have highest bit set. | ||
| 332 | */ | ||
| 333 | - sp_int_digit mask = (sp_int_digit) | ||
| 334 | + volatile sp_int_digit mask = (sp_int_digit) | ||
| 335 | (((sp_int_digit)1 << (bits & (SP_WORD_SIZE - 1))) - 1); | ||
| 336 | /* Overflow. */ | ||
| 337 | sp_int_word o = 0; | ||
| 338 | @@ -17539,7 +17540,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct) | ||
| 339 | int bits; | ||
| 340 | sp_int_digit mu; | ||
| 341 | sp_int_digit o; | ||
| 342 | - sp_int_digit mask; | ||
| 343 | + volatile sp_int_digit mask; | ||
| 344 | |||
| 345 | #if 0 | ||
| 346 | sp_print(a, "a"); | ||
| 347 | @@ -18041,7 +18042,7 @@ int sp_unsigned_bin_size(const sp_int* a) | ||
| 348 | int cnt = 0; | ||
| 349 | |||
| 350 | if (a != NULL) { | ||
| 351 | - cnt = (sp_count_bits(a) + 7) / 8; | ||
| 352 | + cnt = (sp_count_bits(a) + 7) >> 3; | ||
| 353 | } | ||
| 354 | |||
| 355 | return cnt; | ||
| 356 | @@ -18265,20 +18266,22 @@ int sp_to_unsigned_bin_len_ct(const sp_int* a, byte* out, int outSz) | ||
| 357 | /* Start at the end of the buffer - least significant byte. */ | ||
| 358 | int j; | ||
| 359 | unsigned int i; | ||
| 360 | - sp_int_digit mask = (sp_int_digit)-1; | ||
| 361 | + volatile sp_int_digit mask = (sp_int_digit)-1; | ||
| 362 | sp_int_digit d; | ||
| 363 | |||
| 364 | /* Put each digit in. */ | ||
| 365 | i = 0; | ||
| 366 | for (j = outSz - 1; j >= 0; ) { | ||
| 367 | unsigned int b; | ||
| 368 | + volatile unsigned int notFull = (i < (unsigned int)a->used - 1); | ||
| 369 | + | ||
| 370 | d = a->dp[i]; | ||
| 371 | /* Place each byte of a digit into the buffer. */ | ||
| 372 | for (b = 0; (j >= 0) && (b < SP_WORD_SIZEOF); b++) { | ||
| 373 | out[j--] = (byte)(d & mask); | ||
| 374 | d >>= 8; | ||
| 375 | } | ||
| 376 | - mask &= (sp_int_digit)0 - (i < (unsigned int)a->used - 1); | ||
| 377 | + mask &= (sp_int_digit)0 - notFull; | ||
| 378 | i += (unsigned int)(1 & mask); | ||
| 379 | } | ||
| 380 | } | ||
| 381 | @@ -18289,7 +18292,7 @@ int sp_to_unsigned_bin_len_ct(const sp_int* a, byte* out, int outSz) | ||
| 382 | if (err == MP_OKAY) { | ||
| 383 | unsigned int i; | ||
| 384 | int j; | ||
| 385 | - sp_int_digit mask = (sp_int_digit)-1; | ||
| 386 | + volatile sp_int_digit mask = (sp_int_digit)-1; | ||
| 387 | |||
| 388 | i = 0; | ||
| 389 | for (j = outSz - 1; j >= 0; j--) { | ||
| 390 | @@ -18360,11 +18363,12 @@ static int _sp_read_radix_16(sp_int* a, const char* in) | ||
| 391 | /* Step through string a character at a time starting at end - least | ||
| 392 | * significant byte. */ | ||
| 393 | for (i = (int)(XSTRLEN(in) - 1); i >= 0; i--) { | ||
| 394 | + volatile char c = in[i]; | ||
| 395 | /* Convert character from hex. */ | ||
| 396 | - int ch = (int)HexCharToByte(in[i]); | ||
| 397 | + int ch = (int)HexCharToByte(c); | ||
| 398 | /* Check for invalid character. */ | ||
| 399 | if (ch < 0) { | ||
| 400 | - if (!eol_done && CharIsWhiteSpace(in[i])) | ||
| 401 | + if (!eol_done && CharIsWhiteSpace(c)) | ||
| 402 | continue; | ||
| 403 | err = MP_VAL; | ||
| 404 | break; | ||
| 405 | @@ -18424,7 +18428,6 @@ static int _sp_read_radix_10(sp_int* a, const char* in) | ||
| 406 | { | ||
| 407 | int err = MP_OKAY; | ||
| 408 | int i; | ||
| 409 | - char ch; | ||
| 410 | |||
| 411 | /* Start with a being zero. */ | ||
| 412 | _sp_zero(a); | ||
| 413 | @@ -18432,7 +18435,7 @@ static int _sp_read_radix_10(sp_int* a, const char* in) | ||
| 414 | /* Process all characters. */ | ||
| 415 | for (i = 0; in[i] != '\0'; i++) { | ||
| 416 | /* Get character. */ | ||
| 417 | - ch = in[i]; | ||
| 418 | + volatile char ch = in[i]; | ||
| 419 | /* Check character is valid. */ | ||
| 420 | if ((ch >= '0') && (ch <= '9')) { | ||
| 421 | /* Assume '0'..'9' are continuous values as characters. */ | ||
| 422 | @@ -18794,7 +18797,7 @@ int sp_radix_size(const sp_int* a, int radix, int* size) | ||
| 423 | } | ||
| 424 | else { | ||
| 425 | /* Count of nibbles. */ | ||
| 426 | - int cnt = (sp_count_bits(a) + 3) / 4; | ||
| 427 | + int cnt = (sp_count_bits(a) + 3) >> 2; | ||
| 428 | #ifndef WC_DISABLE_RADIX_ZERO_PAD | ||
| 429 | /* Must have even number of nibbles to have complete bytes. */ | ||
| 430 | if (cnt & 1) { | ||
| 431 | @@ -19404,7 +19407,7 @@ static int _sp_prime_random_trials(const sp_int* a, int trials, int* result, | ||
| 432 | { | ||
| 433 | int err = MP_OKAY; | ||
| 434 | int bits = sp_count_bits(a); | ||
| 435 | - word32 baseSz = ((word32)bits + 7) / 8; | ||
| 436 | + word32 baseSz = ((word32)bits + 7) >> 3; | ||
| 437 | DECL_SP_INT_ARRAY(ds, a->used + 1, 2); | ||
| 438 | DECL_SP_INT_ARRAY(d, a->used * 2 + 1, 2); | ||
| 439 | |||
diff --git a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb index af591cfd7a..9cd7c07ad2 100644 --- a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb +++ b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb | |||
| @@ -16,6 +16,7 @@ SRC_URI = " \ | |||
| 16 | git://github.com/wolfSSL/wolfssl.git;protocol=https;branch=master \ | 16 | git://github.com/wolfSSL/wolfssl.git;protocol=https;branch=master \ |
| 17 | file://0001-wolfssl-wolfcrypt-logging.h-and-wolfcrypt-src-loggin.patch \ | 17 | file://0001-wolfssl-wolfcrypt-logging.h-and-wolfcrypt-src-loggin.patch \ |
| 18 | file://run-ptest \ | 18 | file://run-ptest \ |
| 19 | file://CVE-2025-13912.patch \ | ||
| 19 | " | 20 | " |
| 20 | 21 | ||
| 21 | SRCREV = "b077c81eb635392e694ccedbab8b644297ec0285" | 22 | SRCREV = "b077c81eb635392e694ccedbab8b644297ec0285" |
