Package: wolfssl / 5.9.0-0.2

Metadata

Package Version Patches format
wolfssl 5.9.0-0.2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
multi arch.patch | (download)

configure.ac | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 
 make header files multi-arch compatible
 Exclude architecture dependent option HAVE___UINT128 from config.h
dfsg.patch | (download)

Makefile.am | 19 0 + 19 - 0 !
1 file changed, 19 deletions(-)

 
 strike references to removed non-dfsg sources from build files
fix hurd i386 flags.patch | (download)

wolfssl/test.h | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 fix type definition for socklen_t on hurd-i386
 Based on http://bugs.mysql.com/bug.php?id=22326
handle debian files.patch | (download)

Makefile.am | 1 0 + 1 - 0 !
configure.ac | 2 0 + 2 - 0 !
2 files changed, 3 deletions(-)

 
 handling existing debian directory
configure ac rules.patch | (download)

configure.ac | 1 0 + 1 - 0 !
1 file changed, 1 deletion(-)

 
---
pkcs7 verification.patch | (download)

wolfcrypt/src/pkcs7.c | 4 1 + 3 - 0 !
1 file changed, 1 insertion(+), 3 deletions(-)

 
 wolfcrypt/src/pkcs7.c: fix pkcs#7 verification for digestalgorithm.parameters = null

RFC 8017 hardcodes DER serialization samples of DigestInfo, where the
parameter part is always NULL (05 00) for any hash algorithm. This value
does therefore *not* depend on SignerInfo.digestAlgorithm.parameters.
WolfSSL wrongly assumed and implemented such a dependency.

This non-conformance caused an interoperability bug with OpenSSL: A
signature created with openssl cms (SHA-2) could not be verified in
WolfSSL. OpenSSL leaves SignerInfo.digestAlgorithm.parameters absent,
and adds explicit NULL to DigestInfo. WolfSSL saw the absence and
wrongly inferred DigestInfo would have no explicit NULL - but it has -
leading to size mismatch.