From patchwork Tue Feb 24 18:54:09 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 81825 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B21A1F4BB76 for ; Tue, 24 Feb 2026 18:54:55 +0000 (UTC) Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com [209.85.210.178]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.28006.1771959291467724351 for ; Tue, 24 Feb 2026 10:54:51 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=AzzKRt3o; spf=pass (domain: gmail.com, ip: 209.85.210.178, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pf1-f178.google.com with SMTP id d2e1a72fcca58-82318b640beso3050066b3a.0 for ; Tue, 24 Feb 2026 10:54:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1771959291; x=1772564091; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=Of240SzeVUBje+X7ZF/S0DKUo56i14qmYSthLL109fY=; b=AzzKRt3oOzcj5CVbyqqOoMop70qrREwAAt/1KH+kRbQL/JmcN/oFFdbqWxwELmk9rJ 345nYs29quM85DcDL5SyrqDD8fXpL34M2fGGes0oo5V9jfKMsx0bhlrGA7XYyS0xhkKD e8i0xbQoDsqWOBzid6Pmw1rsMzOkG38f1N7Xi/lPDt5CPWQslOBE3TK3529qliN0543r rqtYQjEDwWJ4O78ywrM9zAVAK+KymEisAhp8fzygcKi2We8C3DIH+HSaTQJk5MXaKnar QtFPkvjaTyWK2yeYmHkMedvjx6KzC09JoCl0GbiBY/MrZeqXsoG0epCJYtkAt72LmrVS HJYA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771959291; x=1772564091; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=Of240SzeVUBje+X7ZF/S0DKUo56i14qmYSthLL109fY=; b=wAMboujNVxTQKeJK2PVHbgKw7YG0h1kwhl4s79ECrk4J8N5SvMNwkbgl1DjA8hxgn/ IpR8itGufcevFEzECbmUXBlc6+1NXD+UOWI+EX3e5rn3ciggyvgLZoNZLo+mFvB5eBYd 2BHjwebeGpoWzFD6CgF8+Sput4YYL82asjOTknp7aMg7x6OKMCIp6sIPP3HI96S0tVSS vxPauahtnyMfcGE1YeCW/ausMvxYGB2VPoHaa/Z1sRa+1/qnsXhOmAfHbcWme3EGRp8e EJLiANqFCSdxSmBjPtSFO0WwZC2nsNowsgRJm1NEL0DgpyhE7LvU0YcnMdtVVpQmXNRa 3b7Q== X-Gm-Message-State: AOJu0YyST5jBqROZM24NoXECLKp3rkTyNhkc6wcO58ZRPf+1TUvmgPyy 3v/40CFoG6+crzpJ6Ge8qtJ5dvRfev9P6t1iriAZZqw6hN9NpKd3QfHVOuGqKQ== X-Gm-Gg: ATEYQzy34m27XrIYdkMbq9ct+t46lZkgSP1X9dwyt7ybo/qJpwrGi/LQfNQmor171XP O1QukdMl1RgPn9uwJN81algoT1MMJyI/svXwZnhl21/ThnOd7Q2tkA3WrOqfmKRg57eAJZ2dj9n D/kagvCHRhCwKhG4z40BAHDPe8Ihy4pmbq4tg94o/QnHaWjepDTmKeQZWs+HSNy2Oh8qTy1arml 7AL8HaTpNkTIMJge7yEmH2yvpC/rF4YJ9vfm6S2Wbm7wNQFedwPrwOFnWSM+fogU1UmNxSff7jz cKmuQFC5ChBVRIEx4NHyPudYKclC1I2QhuZvifA82R/qA2b9eers4BG/h6F7yBlvfJxA1dFrY9Q /OJLUCsG1T6CJ7SLEwM+QRlPJFI6VkgyFcMqmbDYZlW5pxqZ4gYVBPKxqwSjRrPJrRTaCWD7h0N +wLBE5JJyMpy1NssrHpWUdZW2TX8lJkHLVydw= X-Received: by 2002:a05:6a00:4fce:b0:821:8496:da9 with SMTP id d2e1a72fcca58-826daaa6937mr10950266b3a.60.1771959290336; Tue, 24 Feb 2026 10:54:50 -0800 (PST) Received: from NVAPF55DW0D-IPD.. ([147.161.217.33]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-826dd8ee179sm10945104b3a.61.2026.02.24.10.54.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 10:54:49 -0800 (PST) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-networking][whinlatter][PATCH 1/3] wolfssl: patch CVE-2025-13912 Date: Wed, 25 Feb 2026 07:54:09 +1300 Message-ID: <20260224185412.1835468-2-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 18:54:55 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124586 From: Ankur Tyagi Backport changes from PR[1] mentioned in nvd[2] [1] https://github.com/wolfSSL/wolfssl/pull/9148 [2] https://nvd.nist.gov/vuln/detail/CVE-2025-13912 Signed-off-by: Ankur Tyagi --- .../wolfssl/files/CVE-2025-13912.patch | 439 ++++++++++++++++++ .../wolfssl/wolfssl_5.8.0.bb | 1 + 2 files changed, 440 insertions(+) create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-13912.patch diff --git a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-13912.patch b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-13912.patch new file mode 100644 index 0000000000..32252058f7 --- /dev/null +++ b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-13912.patch @@ -0,0 +1,439 @@ +From 797e0e7abf5830d515ca838201c03a47f83356b0 Mon Sep 17 00:00:00 2001 +From: Daniel Pouzzner +Date: Tue, 30 Sep 2025 20:35:52 -0500 +Subject: [PATCH] Merge pull request #9148 from SparkiDev/ct_volatile + +Mark variables as volatile + +CVE: CVE-2025-13912 +Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/234ba7780ad3b7c8c1509973accdc43ed6c328b3] +Signed-off-by: Ankur Tyagi +--- + src/internal.c | 25 ++++++++++++--------- + src/tls.c | 8 +++++-- + wolfcrypt/src/aes.c | 4 ++-- + wolfcrypt/src/ecc.c | 8 +++---- + wolfcrypt/src/misc.c | 4 ++-- + wolfcrypt/src/rsa.c | 18 +++++++++------ + wolfcrypt/src/sp_int.c | 51 ++++++++++++++++++++++-------------------- + 7 files changed, 67 insertions(+), 51 deletions(-) + +diff --git a/src/internal.c b/src/internal.c +index eb2f16d63..6b3a227bc 100644 +--- a/src/internal.c ++++ b/src/internal.c +@@ -20887,7 +20887,7 @@ static byte MaskPadding(const byte* data, int sz, int macSz) + checkSz = TLS_MAX_PAD_SZ; + + for (i = 0; i < checkSz; i++) { +- byte mask = ctMaskLTE(i, paddingSz); ++ volatile byte mask = ctMaskLTE(i, paddingSz); + good |= mask & (data[sz - 1 - i] ^ paddingSz); + } + +@@ -20907,16 +20907,21 @@ static byte MaskPadding(const byte* data, int sz, int macSz) + static byte MaskMac(const byte* data, int sz, int macSz, byte* expMac) + { + int i, j; +- unsigned char mac[WC_MAX_DIGEST_SIZE]; +- int scanStart = sz - 1 - TLS_MAX_PAD_SZ - macSz; +- int macEnd = sz - 1 - data[sz - 1]; +- int macStart = macEnd - macSz; + int r = 0; +- unsigned char started, notEnded; ++ unsigned char mac[WC_MAX_DIGEST_SIZE]; ++ volatile int scanStart = sz - 1 - TLS_MAX_PAD_SZ - macSz; ++ volatile int macEnd = sz - 1 - data[sz - 1]; ++ volatile int macStart = macEnd - macSz; ++ volatile int maskScanStart; ++ volatile int maskMacStart; ++ volatile unsigned char started; ++ volatile unsigned char notEnded; + unsigned char good = 0; + +- scanStart &= ctMaskIntGTE(scanStart, 0); +- macStart &= ctMaskIntGTE(macStart, 0); ++ maskScanStart = ctMaskIntGTE(scanStart, 0); ++ maskMacStart = ctMaskIntGTE(macStart, 0); ++ scanStart &= maskScanStart; ++ macStart &= maskMacStart; + + /* Div on Intel has different speeds depending on value. + * Use a bitwise AND or mod a specific value (converted to mul). */ +@@ -41636,7 +41641,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], + case rsa_kea: + { + RsaKey* key = (RsaKey*)ssl->hsKey; +- int lenErrMask; ++ volatile int lenErrMask; + + ret = RsaDec(ssl, + input + args->idx, +@@ -41850,7 +41855,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], + case rsa_kea: + { + byte *tmpRsa; +- byte mask; ++ volatile byte mask; + + /* Add the signature length to idx */ + args->idx += args->length; +diff --git a/src/tls.c b/src/tls.c +index 6ad21c924..4f57ea938 100644 +--- a/src/tls.c ++++ b/src/tls.c +@@ -944,7 +944,10 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in, + unsigned int k; + int blockBits, blockMask; + int lastBlockLen, extraLen, eocIndex; +- int blocks, safeBlocks, lenBlock, eocBlock; ++ int blocks; ++ int safeBlocks; ++ int lenBlock; ++ int eocBlock; + word32 maxLen; + int blockSz, padSz; + int ret; +@@ -1054,7 +1057,8 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in, + + for (j = 0; j < blockSz; j++) { + unsigned char atEoc = ctMaskEq(j, eocIndex) & isEocBlock; +- unsigned char pastEoc = ctMaskGT(j, eocIndex) & isEocBlock; ++ volatile unsigned char maskPastEoc = ctMaskGT(j, eocIndex); ++ volatile unsigned char pastEoc = maskPastEoc & isEocBlock; + unsigned char b = 0; + + if (k < headerSz) +diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c +index 6e7f104dd..2cf7c695e 100644 +--- a/wolfcrypt/src/aes.c ++++ b/wolfcrypt/src/aes.c +@@ -6577,7 +6577,7 @@ static WC_INLINE void RIGHTSHIFTX(byte* x) + { + int i; + int carryIn = 0; +- byte borrow = (byte)((0x00U - (x[15] & 0x01U)) & 0xE1U); ++ volatile byte borrow = (byte)((0x00U - (x[15] & 0x01U)) & 0xE1U); + + for (i = 0; i < WC_AES_BLOCK_SIZE; i++) { + int carryOut = (x[i] & 0x01) << 7; +@@ -9113,7 +9113,7 @@ int WARN_UNUSED_RESULT AES_GCM_decrypt_C( + ALIGN16 byte scratch[WC_AES_BLOCK_SIZE]; + ALIGN16 byte Tprime[WC_AES_BLOCK_SIZE]; + ALIGN16 byte EKY0[WC_AES_BLOCK_SIZE]; +- sword32 res; ++ volatile sword32 res; + + if (ivSz == GCM_NONCE_MID_SZ) { + /* Counter is IV with bottom 4 bytes set to: 0x00,0x00,0x00,0x01. */ +diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c +index 6d4cd4de7..1fd30cfd9 100644 +--- a/wolfcrypt/src/ecc.c ++++ b/wolfcrypt/src/ecc.c +@@ -3166,7 +3166,7 @@ static int ecc_mulmod(const mp_int* k, ecc_point* P, ecc_point* Q, + ecc_point** R, mp_int* a, mp_int* modulus, mp_digit mp, WC_RNG* rng) + { + int err = MP_OKAY; +- int bytes = (mp_count_bits(modulus) + 7) / 8; ++ int bytes = (mp_count_bits(modulus) + 7) >> 3; + int i; + int j = 1; + int cnt = DIGIT_BIT; +@@ -3406,7 +3406,7 @@ static int ecc_mulmod(const mp_int* k, ecc_point* P, ecc_point* Q, + ecc_point** R, mp_int* a, mp_int* modulus, mp_digit mp, WC_RNG* rng) + { + int err = MP_OKAY; +- int bytes = (mp_count_bits(modulus) + 7) / 8; ++ int bytes = (mp_count_bits(modulus) + 7) >> 3; + int i; + int j = 1; + int cnt; +@@ -4450,7 +4450,7 @@ int wc_ecc_get_curve_id_from_params(int fieldSize, + Gx == NULL || Gy == NULL) + return BAD_FUNC_ARG; + +- curveSz = (fieldSize + 1) / 8; /* round up */ ++ curveSz = (fieldSize + 1) >> 3; /* round up */ + + for (idx = 0; ecc_sets[idx].size != 0; idx++) { + if (curveSz == ecc_sets[idx].size) { +@@ -11922,7 +11922,7 @@ int wc_ecc_sig_size(const ecc_key* key) + keySz = key->dp->size; + orderBits = wc_ecc_get_curve_order_bit_count(key->dp); + if (orderBits > keySz * 8) { +- keySz = (orderBits + 7) / 8; ++ keySz = (orderBits + 7) >> 3; + } + /* maximum possible signature header size is 7 bytes */ + maxSigSz = (keySz * 2) + SIG_HEADER_SZ; +diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c +index 98b83c7ae..496b0dbcc 100644 +--- a/wolfcrypt/src/misc.c ++++ b/wolfcrypt/src/misc.c +@@ -762,7 +762,7 @@ WC_MISC_STATIC WC_INLINE void ctMaskCopy(byte mask, byte* dst, byte* src, + WC_MISC_STATIC WC_INLINE word32 min(word32 a, word32 b) + { + #if !defined(WOLFSSL_NO_CT_OPS) && defined(WORD64_AVAILABLE) +- word32 gte_mask = (word32)ctMaskWord32GTE(a, b); ++ volatile word32 gte_mask = (word32)ctMaskWord32GTE(a, b); + return (a & ~gte_mask) | (b & gte_mask); + #else /* WOLFSSL_NO_CT_OPS */ + return a > b ? b : a; +@@ -778,7 +778,7 @@ WC_MISC_STATIC WC_INLINE void ctMaskCopy(byte mask, byte* dst, byte* src, + WC_MISC_STATIC WC_INLINE word32 max(word32 a, word32 b) + { + #if !defined(WOLFSSL_NO_CT_OPS) && defined(WORD64_AVAILABLE) +- word32 gte_mask = (word32)ctMaskWord32GTE(a, b); ++ volatile word32 gte_mask = (word32)ctMaskWord32GTE(a, b); + return (a & gte_mask) | (b & ~gte_mask); + #else /* WOLFSSL_NO_CT_OPS */ + return a > b ? a : b; +diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c +index 94d57bd8b..acd0c04c5 100644 +--- a/wolfcrypt/src/rsa.c ++++ b/wolfcrypt/src/rsa.c +@@ -1561,11 +1561,11 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen, + byte* optLabel, word32 labelLen, void* heap) + { + word32 hLen; +- int ret; ++ volatile int ret; + byte h[WC_MAX_DIGEST_SIZE]; /* max digest size */ + word32 idx; + word32 i; +- word32 inc; ++ volatile word32 inc; + + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + byte* tmp = NULL; +@@ -1850,9 +1850,11 @@ static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen, + } + #ifndef WOLFSSL_RSA_VERIFY_ONLY + else { +- unsigned int j; +- word16 pastSep = 0; +- byte invalid = 0; ++ unsigned int j; ++ volatile word16 pastSep = 0; ++ volatile byte invalid = 0; ++ volatile byte minPad; ++ volatile int invalidMask; + + i = 0; + /* Decrypted with private key - unpad must be constant time. */ +@@ -1864,7 +1866,8 @@ static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen, + } + + /* Minimum of 11 bytes of pre-message data - including leading 0x00. */ +- invalid |= ctMaskLT(i, RSA_MIN_PAD_SZ); ++ minPad = ctMaskLT(i, RSA_MIN_PAD_SZ); ++ invalid |= minPad; + /* Must have seen separator. */ + invalid |= (byte)~pastSep; + /* First byte must be 0x00. */ +@@ -1873,7 +1876,8 @@ static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen, + invalid |= ctMaskNotEq(pkcsBlock[1], padValue); + + *output = (byte *)(pkcsBlock + i); +- ret = ((int)-1 + (int)(invalid >> 7)) & ((int)pkcsBlockLen - i); ++ invalidMask = (int)-1 + (int)(invalid >> 7); ++ ret = invalidMask & ((int)pkcsBlockLen - i); + } + #endif + +diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c +index 1769840e7..0ee8aa252 100644 +--- a/wolfcrypt/src/sp_int.c ++++ b/wolfcrypt/src/sp_int.c +@@ -5502,7 +5502,7 @@ int sp_exch(sp_int* a, sp_int* b) + int sp_cond_swap_ct_ex(sp_int* a, sp_int* b, int cnt, int swap, sp_int* t) + { + unsigned int i; +- sp_int_digit mask = (sp_int_digit)0 - (sp_int_digit)swap; ++ volatile sp_int_digit mask = (sp_int_digit)0 - (sp_int_digit)swap; + + /* XOR other fields in sp_int into temp - mask set when swapping. */ + t->used = (a->used ^ b->used) & (sp_size_t)mask; +@@ -5772,7 +5772,7 @@ static int _sp_cmp_ct(const sp_int* a, const sp_int* b, unsigned int n) + { + int ret = MP_EQ; + int i; +- int mask = -1; ++ volatile int mask = -1; + + for (i = n - 1; i >= 0; i--) { + sp_int_digit ad = a->dp[i] & ((sp_int_digit)0 - (i < (int)a->used)); +@@ -7305,7 +7305,8 @@ static void _sp_div_2(const sp_int* a, sp_int* r) + + /* Shift down each word by 1 and include bottom bit of next at top. */ + for (i = 0; i < (int)a->used - 1; i++) { +- r->dp[i] = (a->dp[i] >> 1) | (a->dp[i+1] << (SP_WORD_SIZE - 1)); ++ r->dp[i] = a->dp[i] >> 1; ++ r->dp[i] |= a->dp[i+1] << (SP_WORD_SIZE - 1); + } + /* Last word only needs to be shifted down. */ + r->dp[i] = a->dp[i] >> 1; +@@ -7385,7 +7386,7 @@ int sp_div_2_mod_ct(const sp_int* a, const sp_int* m, sp_int* r) + sp_int_digit t; + #endif + /* Mask to apply to modulus. */ +- sp_int_digit mask = (sp_int_digit)0 - (a->dp[0] & 1); ++ volatile sp_int_digit mask = (sp_int_digit)0 - (a->dp[0] & 1); + sp_size_t i; + + #if 0 +@@ -7396,7 +7397,7 @@ int sp_div_2_mod_ct(const sp_int* a, const sp_int* m, sp_int* r) + /* Add a to m, if a is odd, into r in constant time. */ + for (i = 0; i < m->used; i++) { + /* Mask to apply to a - set when used value at index. */ +- sp_int_digit mask_a = (sp_int_digit)0 - (i < a->used); ++ volatile sp_int_digit mask_a = (sp_int_digit)0 - (i < a->used); + + #ifndef SQR_MUL_ASM + /* Conditionally add modulus. */ +@@ -8017,7 +8018,7 @@ static void sp_clamp_ct(sp_int* a) + { + int i; + sp_size_t used = a->used; +- sp_size_t mask = (sp_size_t)-1; ++ volatile sp_size_t mask = (sp_size_t)-1; + + for (i = (int)a->used - 1; i >= 0; i--) { + #if ((SP_WORD_SIZE == 64) && \ +@@ -8066,9 +8067,9 @@ int sp_addmod_ct(const sp_int* a, const sp_int* b, const sp_int* m, sp_int* r) + sp_int_digit sh; + sp_int_digit t; + #endif +- sp_int_digit mask; +- sp_int_digit mask_a = (sp_int_digit)-1; +- sp_int_digit mask_b = (sp_int_digit)-1; ++ volatile sp_int_digit mask; ++ volatile sp_int_digit mask_a = (sp_int_digit)-1; ++ volatile sp_int_digit mask_b = (sp_int_digit)-1; + sp_size_t i; + + /* Check result is as big as modulus. */ +@@ -8230,9 +8231,9 @@ static void _sp_submod_ct(const sp_int* a, const sp_int* b, const sp_int* m, + sp_int_digit h; + sp_int_digit t; + #endif +- sp_int_digit mask; +- sp_int_digit mask_a = (sp_int_digit)-1; +- sp_int_digit mask_b = (sp_int_digit)-1; ++ volatile sp_int_digit mask; ++ volatile sp_int_digit mask_a = (sp_int_digit)-1; ++ volatile sp_int_digit mask_b = (sp_int_digit)-1; + unsigned int i; + + /* In constant time, subtract b from a putting result in r. */ +@@ -17458,7 +17459,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct) + /* 1. mask = (1 << (NumBits(m) % WORD_SIZE)) - 1 + * Mask when last digit of modulus doesn't have highest bit set. + */ +- sp_int_digit mask = (sp_int_digit) ++ volatile sp_int_digit mask = (sp_int_digit) + (((sp_int_digit)1 << (bits & (SP_WORD_SIZE - 1))) - 1); + /* Overflow. */ + sp_int_word o = 0; +@@ -17539,7 +17540,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct) + int bits; + sp_int_digit mu; + sp_int_digit o; +- sp_int_digit mask; ++ volatile sp_int_digit mask; + + #if 0 + sp_print(a, "a"); +@@ -18041,7 +18042,7 @@ int sp_unsigned_bin_size(const sp_int* a) + int cnt = 0; + + if (a != NULL) { +- cnt = (sp_count_bits(a) + 7) / 8; ++ cnt = (sp_count_bits(a) + 7) >> 3; + } + + return cnt; +@@ -18265,20 +18266,22 @@ int sp_to_unsigned_bin_len_ct(const sp_int* a, byte* out, int outSz) + /* Start at the end of the buffer - least significant byte. */ + int j; + unsigned int i; +- sp_int_digit mask = (sp_int_digit)-1; ++ volatile sp_int_digit mask = (sp_int_digit)-1; + sp_int_digit d; + + /* Put each digit in. */ + i = 0; + for (j = outSz - 1; j >= 0; ) { + unsigned int b; ++ volatile unsigned int notFull = (i < (unsigned int)a->used - 1); ++ + d = a->dp[i]; + /* Place each byte of a digit into the buffer. */ + for (b = 0; (j >= 0) && (b < SP_WORD_SIZEOF); b++) { + out[j--] = (byte)(d & mask); + d >>= 8; + } +- mask &= (sp_int_digit)0 - (i < (unsigned int)a->used - 1); ++ mask &= (sp_int_digit)0 - notFull; + i += (unsigned int)(1 & mask); + } + } +@@ -18289,7 +18292,7 @@ int sp_to_unsigned_bin_len_ct(const sp_int* a, byte* out, int outSz) + if (err == MP_OKAY) { + unsigned int i; + int j; +- sp_int_digit mask = (sp_int_digit)-1; ++ volatile sp_int_digit mask = (sp_int_digit)-1; + + i = 0; + for (j = outSz - 1; j >= 0; j--) { +@@ -18360,11 +18363,12 @@ static int _sp_read_radix_16(sp_int* a, const char* in) + /* Step through string a character at a time starting at end - least + * significant byte. */ + for (i = (int)(XSTRLEN(in) - 1); i >= 0; i--) { ++ volatile char c = in[i]; + /* Convert character from hex. */ +- int ch = (int)HexCharToByte(in[i]); ++ int ch = (int)HexCharToByte(c); + /* Check for invalid character. */ + if (ch < 0) { +- if (!eol_done && CharIsWhiteSpace(in[i])) ++ if (!eol_done && CharIsWhiteSpace(c)) + continue; + err = MP_VAL; + break; +@@ -18424,7 +18428,6 @@ static int _sp_read_radix_10(sp_int* a, const char* in) + { + int err = MP_OKAY; + int i; +- char ch; + + /* Start with a being zero. */ + _sp_zero(a); +@@ -18432,7 +18435,7 @@ static int _sp_read_radix_10(sp_int* a, const char* in) + /* Process all characters. */ + for (i = 0; in[i] != '\0'; i++) { + /* Get character. */ +- ch = in[i]; ++ volatile char ch = in[i]; + /* Check character is valid. */ + if ((ch >= '0') && (ch <= '9')) { + /* Assume '0'..'9' are continuous values as characters. */ +@@ -18794,7 +18797,7 @@ int sp_radix_size(const sp_int* a, int radix, int* size) + } + else { + /* Count of nibbles. */ +- int cnt = (sp_count_bits(a) + 3) / 4; ++ int cnt = (sp_count_bits(a) + 3) >> 2; + #ifndef WC_DISABLE_RADIX_ZERO_PAD + /* Must have even number of nibbles to have complete bytes. */ + if (cnt & 1) { +@@ -19404,7 +19407,7 @@ static int _sp_prime_random_trials(const sp_int* a, int trials, int* result, + { + int err = MP_OKAY; + int bits = sp_count_bits(a); +- word32 baseSz = ((word32)bits + 7) / 8; ++ word32 baseSz = ((word32)bits + 7) >> 3; + DECL_SP_INT_ARRAY(ds, a->used + 1, 2); + DECL_SP_INT_ARRAY(d, a->used * 2 + 1, 2); + diff --git a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb index af591cfd7a..9cd7c07ad2 100644 --- a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb +++ b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb @@ -16,6 +16,7 @@ SRC_URI = " \ git://github.com/wolfSSL/wolfssl.git;protocol=https;branch=master \ file://0001-wolfssl-wolfcrypt-logging.h-and-wolfcrypt-src-loggin.patch \ file://run-ptest \ + file://CVE-2025-13912.patch \ " SRCREV = "b077c81eb635392e694ccedbab8b644297ec0285" From patchwork Tue Feb 24 18:54:11 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 81826 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9B070F4BB76 for ; Tue, 24 Feb 2026 18:55:05 +0000 (UTC) Received: from mail-pf1-f169.google.com (mail-pf1-f169.google.com [209.85.210.169]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.27890.1771959303213724243 for ; Tue, 24 Feb 2026 10:55:03 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=eeDVqgob; spf=pass (domain: gmail.com, ip: 209.85.210.169, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pf1-f169.google.com with SMTP id d2e1a72fcca58-8230d228372so2849381b3a.1 for ; Tue, 24 Feb 2026 10:55:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1771959302; x=1772564102; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=qGETLH0j2jkvxlQVUnfgKAPEp0NdEx9Wxvefaat5VQA=; b=eeDVqgobE6J0lcVnAjvvPbKgcXQjxq6rSw/C+i5/5qv5zTkqoa5CS0b7r6BgiO1J/z 8WoiObXhk7/nsVhwiqbBO5NgvEXDY+BZKPmtn7GO9IEV9gTx25Ol5WwtTCfW+MOEepur khmZbFk+JMJYsQea6vVTgHJT15a5w70BKGdtQVR3cOcRic/yn5Opao7k0lmBK3dnEu7e T6GwrFi+2DJ5XPbzcnq0vl9P4wZGspar4wiXh3ZqkS4jqy0fQXeZcWJZfoiHHs/TgNnm w54DdXfSAJqwfKGn4fBVWrkBoH1dvScrdDipMyoB43eYS+eDw27y5M5ReF3xvoC79SNP 97Ng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771959302; x=1772564102; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=qGETLH0j2jkvxlQVUnfgKAPEp0NdEx9Wxvefaat5VQA=; b=uZ2khwjA8kO/O9jCQYxQixaF//qk4vDbBYVdeh5hciOJG+7oPyAyhXbD9c8w9ZV1hc VZg9uq2hjtXNUTE1Mdmmi3wZIG1+vFUKZ1S3nariQJfS6j9yWP+WQHxBbcLWe9H6e0Gp 1Q7uRYk4WJPxipGbNZ6iL7Md14yMHs/Ye5CXbc+T6lUiSjIiBPxB/MROp+djKmREfAu2 YQ3SL1H4KwjKxDEAbAcDIjhS1KSN2A0jZ2sxYP/r5h4lnSjI//+lT4fA91sSK8T5GK2K snb8fmYcgUkVANWcef0cYO1ZNTxrjdwfBpjgmz56I0rTYc99yrK6C74a5vGgD8LcnIPk /Rew== X-Gm-Message-State: AOJu0YwZevY0mAM1ETayiMa0kSrA/B2L1mT6CF3j1xfZYL0XczMZ0zd9 1XxAG6TX/AiRthjIlAVJiWuA59oOhkEqijQEjrYqqZCpeVzlc5I80ZdCATlsWg== X-Gm-Gg: ATEYQzzvWlbFHhgzIf2wR/s3yckWGiF44M7dziyE3eraGcKao4vTh5YHV5cWnemwma5 9s8VIpQtjExDeH27YEWeXBXLixdCuP5P5Vck195b+xHqv5mwsgXMSiY0swAIcDxsJiG+k1mw/W3 39d7oFWPDwvehu0quwnytn7F5eErP3ofH40TJYoIKU1O0umuAJIFlqMBmpaum3ee9CHMhQMV5we v9hsLdosdUJ60Po4ZwuUCz/HgMaQgZL6s6SKGMgROSyOyLD38QC5wYZhtSD+OSG7jCsbR+Ae5/w KFgUFM/urqb/RtpAIuhbdN9Ci+aEFEogQvkVI1OiQockdKoJIJKWzJIHFXNS/vC1RShqPef4WWa sL0Ct/5+QXn6xLWP+wC3J3sXejr5hctPWeyHbvesAXfwlRAGZsmrzZYKqYgMM36cZBlvMSCgtb6 L0YHkcQLsb9t070R2z0VSymv/SmR5hJnFy/cQ= X-Received: by 2002:a05:6a00:4f84:b0:81f:3d32:fe53 with SMTP id d2e1a72fcca58-826daa0cdd2mr11948700b3a.32.1771959302229; Tue, 24 Feb 2026 10:55:02 -0800 (PST) Received: from NVAPF55DW0D-IPD.. ([147.161.217.33]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-826dd8ee179sm10945104b3a.61.2026.02.24.10.55.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 10:55:01 -0800 (PST) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-networking][whinlatter][PATCH 2/3] wolfssl: patch CVE-2025-7395 Date: Wed, 25 Feb 2026 07:54:11 +1300 Message-ID: <20260224185412.1835468-4-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260224185412.1835468-2-ankur.tyagi85@gmail.com> References: <20260224185412.1835468-2-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 18:55:05 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124587 From: Ankur Tyagi Details: https://nvd.nist.gov/vuln/detail/CVE-2025-7395 Backport patches from the PR[1] mentioned in the changelog[2] [1] github.com/wolfSSL/wolfssl/pull/8833 [2] https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-582-july-17-2025 Signed-off-by: Ankur Tyagi --- .../wolfssl/files/CVE-2025-7395-1.patch | 85 +++++++++++++++++++ .../wolfssl/files/CVE-2025-7395-2.patch | 28 ++++++ .../wolfssl/files/CVE-2025-7395-3.patch | 26 ++++++ .../wolfssl/files/CVE-2025-7395-4.patch | 27 ++++++ .../wolfssl/wolfssl_5.8.0.bb | 4 + 5 files changed, 170 insertions(+) create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-1.patch create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-2.patch create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-3.patch create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-4.patch diff --git a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-1.patch b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-1.patch new file mode 100644 index 0000000000..576d261dc3 --- /dev/null +++ b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-1.patch @@ -0,0 +1,85 @@ +From 420f3390c4922febaf54d02a81da1fdab0ad5f04 Mon Sep 17 00:00:00 2001 +From: Ruby Martin +Date: Mon, 2 Jun 2025 16:38:32 -0600 +Subject: [PATCH] create policy for WOLFSSL_APPLE_NATIVE_CERT_VALIDATION, + domain name checking + +CVE: CVE-2025-7395 +Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/9864959e41bd9259f258c09171ae2ec1c43fbc7f] +(cherry picked from commit 9864959e41bd9259f258c09171ae2ec1c43fbc7f) +Signed-off-by: Ankur Tyagi +--- + src/internal.c | 25 ++++++++++++++++++++----- + 1 file changed, 20 insertions(+), 5 deletions(-) + +diff --git a/src/internal.c b/src/internal.c +index 6b3a227bc..1b9a469ee 100644 +--- a/src/internal.c ++++ b/src/internal.c +@@ -211,7 +211,7 @@ int writeAeadAuthData(WOLFSSL* ssl, word16 sz, byte type, byte* additional, + #include + #include + #include +-static int DoAppleNativeCertValidation(const WOLFSSL_BUFFER_INFO* certs, ++static int DoAppleNativeCertValidation(WOLFSSL* ssl, const WOLFSSL_BUFFER_INFO* certs, + int totalCerts); + #endif /* #if defined(__APPLE__) && defined(WOLFSSL_SYS_CA_CERTS) */ + +@@ -16775,7 +16775,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, + * into wolfSSL, try to validate against the system certificates + * using Apple's native trust APIs */ + if ((ret != 0) && (ssl->ctx->doAppleNativeCertValidationFlag)) { +- if (DoAppleNativeCertValidation(args->certs, ++ if (DoAppleNativeCertValidation(ssl, args->certs, + args->totalCerts)) { + WOLFSSL_MSG("Apple native cert chain validation SUCCESS"); + ret = 0; +@@ -42665,7 +42665,8 @@ cleanup: + * wolfSSL's built-in certificate validation mechanisms anymore. We instead + * must call into the Security Framework APIs to authenticate peer certificates + */ +-static int DoAppleNativeCertValidation(const WOLFSSL_BUFFER_INFO* certs, ++static int DoAppleNativeCertValidation(WOLFSSL* ssl, ++ const WOLFSSL_BUFFER_INFO* certs, + int totalCerts) + { + int i; +@@ -42674,7 +42675,8 @@ static int DoAppleNativeCertValidation(const WOLFSSL_BUFFER_INFO* certs, + CFMutableArrayRef certArray = NULL; + SecCertificateRef secCert = NULL; + SecTrustRef trust = NULL; +- SecPolicyRef policy = NULL ; ++ SecPolicyRef policy = NULL; ++ CFStringRef hostname = NULL; + + WOLFSSL_ENTER("DoAppleNativeCertValidation"); + +@@ -42703,7 +42705,17 @@ static int DoAppleNativeCertValidation(const WOLFSSL_BUFFER_INFO* certs, + } + + /* Create trust object for SecCertifiate Ref */ +- policy = SecPolicyCreateSSL(true, NULL); ++ if (ssl->buffers.domainName.buffer && ++ ssl->buffers.domainName.length > 0) { ++ /* Create policy with specified value to require host name match */ ++ hostname = CFStringCreateWithCString(kCFAllocatorDefault, ++ (const char*)ssl->buffers.domainName.buffer, kCFStringEncodingUTF8); ++ } ++ if (hostname != NULL) { ++ policy = SecPolicyCreateSSL(true, hostname); ++ } else { ++ policy = SecPolicyCreateSSL(true, NULL); ++ } + status = SecTrustCreateWithCertificates(certArray, policy, &trust); + if (status != errSecSuccess) { + WOLFSSL_MSG_EX("Error creating trust object, " +@@ -42734,6 +42746,9 @@ cleanup: + if (policy) { + CFRelease(policy); + } ++ if (hostname) { ++ CFRelease(hostname); ++ } + + WOLFSSL_LEAVE("DoAppleNativeCertValidation", ret); + diff --git a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-2.patch b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-2.patch new file mode 100644 index 0000000000..223b6d52a0 --- /dev/null +++ b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-2.patch @@ -0,0 +1,28 @@ +From 7867076975aa84ebaed4001fae1ebffd013322d5 Mon Sep 17 00:00:00 2001 +From: Brett +Date: Wed, 4 Jun 2025 15:48:15 -0600 +Subject: [PATCH] prevent apple native cert validation from overriding error + codes other than ASN_NO_SIGNER_E + +CVE: CVE-2025-7395 +Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/bc8eeea703253bd65d472a9541b54fef326e8050] +(cherry picked from commit bc8eeea703253bd65d472a9541b54fef326e8050) +Signed-off-by: Ankur Tyagi +--- + src/internal.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/internal.c b/src/internal.c +index 1b9a469ee..6a76eb130 100644 +--- a/src/internal.c ++++ b/src/internal.c +@@ -16774,7 +16774,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, + /* If we can't validate the peer cert chain against the CAs loaded + * into wolfSSL, try to validate against the system certificates + * using Apple's native trust APIs */ +- if ((ret != 0) && (ssl->ctx->doAppleNativeCertValidationFlag)) { ++ if ((ret == ASN_NO_SIGNER_E) && ++ (ssl->ctx->doAppleNativeCertValidationFlag)) { + if (DoAppleNativeCertValidation(ssl, args->certs, + args->totalCerts)) { + WOLFSSL_MSG("Apple native cert chain validation SUCCESS"); diff --git a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-3.patch b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-3.patch new file mode 100644 index 0000000000..f786656765 --- /dev/null +++ b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-3.patch @@ -0,0 +1,26 @@ +From 70302af2c21a121845e1e721ed27b3b106f186f6 Mon Sep 17 00:00:00 2001 +From: Brett +Date: Wed, 4 Jun 2025 16:56:16 -0600 +Subject: [PATCH] add missing error trace macro + +CVE: CVE-2025-7395 +Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/0e2a3fd0b64bc6ba633aa9227e92ecacb42b5b1b] +(cherry picked from commit 0e2a3fd0b64bc6ba633aa9227e92ecacb42b5b1b) +Signed-off-by: Ankur Tyagi +--- + src/internal.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/internal.c b/src/internal.c +index 6a76eb130..1d01ee095 100644 +--- a/src/internal.c ++++ b/src/internal.c +@@ -16774,7 +16774,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, + /* If we can't validate the peer cert chain against the CAs loaded + * into wolfSSL, try to validate against the system certificates + * using Apple's native trust APIs */ +- if ((ret == ASN_NO_SIGNER_E) && ++ if ((ret == WC_NO_ERR_TRACE(ASN_NO_SIGNER_E)) && + (ssl->ctx->doAppleNativeCertValidationFlag)) { + if (DoAppleNativeCertValidation(ssl, args->certs, + args->totalCerts)) { diff --git a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-4.patch b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-4.patch new file mode 100644 index 0000000000..8af431f938 --- /dev/null +++ b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-4.patch @@ -0,0 +1,27 @@ +From 71d4cb57ceada7830457938787583c2aa6ba3555 Mon Sep 17 00:00:00 2001 +From: Brett +Date: Wed, 4 Jun 2025 18:29:05 -0600 +Subject: [PATCH] formatting + +CVE: CVE-2025-7395 +Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/89be92f1a8b255d85c0d8bfb8849571d259c199c] +(cherry picked from commit 89be92f1a8b255d85c0d8bfb8849571d259c199c) +Signed-off-by: Ankur Tyagi +--- + src/internal.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/internal.c b/src/internal.c +index 1d01ee095..992c10d2c 100644 +--- a/src/internal.c ++++ b/src/internal.c +@@ -42710,7 +42710,8 @@ static int DoAppleNativeCertValidation(WOLFSSL* ssl, + ssl->buffers.domainName.length > 0) { + /* Create policy with specified value to require host name match */ + hostname = CFStringCreateWithCString(kCFAllocatorDefault, +- (const char*)ssl->buffers.domainName.buffer, kCFStringEncodingUTF8); ++ (const char*)ssl->buffers.domainName.buffer, ++ kCFStringEncodingUTF8); + } + if (hostname != NULL) { + policy = SecPolicyCreateSSL(true, hostname); diff --git a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb index 9cd7c07ad2..4f323ec128 100644 --- a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb +++ b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb @@ -17,6 +17,10 @@ SRC_URI = " \ file://0001-wolfssl-wolfcrypt-logging.h-and-wolfcrypt-src-loggin.patch \ file://run-ptest \ file://CVE-2025-13912.patch \ + file://CVE-2025-7395-1.patch \ + file://CVE-2025-7395-2.patch \ + file://CVE-2025-7395-3.patch \ + file://CVE-2025-7395-4.patch \ " SRCREV = "b077c81eb635392e694ccedbab8b644297ec0285" From patchwork Tue Feb 24 18:54:12 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 81827 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id AC0BDF4BB77 for ; Tue, 24 Feb 2026 18:55:15 +0000 (UTC) Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com [209.85.210.177]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.27893.1771959308237970657 for ; Tue, 24 Feb 2026 10:55:08 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=EdRkN0B+; spf=pass (domain: gmail.com, ip: 209.85.210.177, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pf1-f177.google.com with SMTP id d2e1a72fcca58-8249cb73792so5250030b3a.3 for ; Tue, 24 Feb 2026 10:55:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1771959307; x=1772564107; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=iS7lrfQEaeYzPCavrDMIbJA7TfP854x/IR7LlMYlkA8=; b=EdRkN0B+0ph7UfMN8icBs0Uj3Qd7gZFBw5RELPXMxVw0Fv5AOZmtcz5FhF1jzLWm0a Vi6S5e20QXhMsuvnQRJkdIOFZbXRKv2nUlpYldkn0j9yL6RR32tUyh/njjSbKyOOu4W4 QLImzpkjGU4xxCzkKGWIqAnjT3RrAYKN7leYh6PyPW5PKdjGJrPua0kzJJ2Ecvee2iOX UJzY4g9bMJ8jwn+Yg3G6UAMadhT1l0XirzimHbWTs4+U2Dyz2XrSD283Up18tjJrcSSZ EtHrg+aR2SqVqnzB/In3A9mxwsoV9GyuyEh0kV7RJ8njwndrEXmU34rPlekoOVo0i4UO V0Cw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771959307; x=1772564107; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=iS7lrfQEaeYzPCavrDMIbJA7TfP854x/IR7LlMYlkA8=; b=Idb4PS/QPotxKgxmis5vBgNU6IBvYDyKsx054uwBra+Yaw/wjKltiD7HH5yPuqevnR uZFxO3GudJNMt3RXWiVYog0Ojn2fY2S9BYJ49kslwi7jvwbLWY5kCike0Dt0S+3s2tF9 AG17LgbhOHaXmiI4XjA6hlYZk3h8zu7zZsGpxxASQcrltgcSdBhAFAb0EZZy2cZsGlho 2RyDN3xZAdP8jHyGoIDnLT0YmejRwoeWlbkH377DlGsv7lx6cWzzV8Upethv3cLpNQls h7ON2m4z9h+OKeKYdjTkMAxdhDJ1/0opMohcxrjWZryMGuyheKdF8XdY+AksDn4bp6Jr qG2Q== X-Gm-Message-State: AOJu0YzozrVmKOMxKZ1arcUqmP50w6FagGpT3gYMyXlBJ9TEwQNHYuUt qsf5eE7y2ofXjuyoW6Fp9BOt290r3sE2e9zckQqnpHcDNcpgS5QkItD6SL41kQ== X-Gm-Gg: ATEYQzzefzYXtN/a4RHQKE5Nz1HfpVxkSi3u378AfRyxMv/i5430gfYyhVNPXjptHf5 zqs82cQUoF9CY9fRiR6pmB3TAyDQoQJ3WGl4zV8AM9a8x7RBvTnbI27g4VpXvgXOIjYfotSzH/V DXu0FwiQzDvtS7SAgMAihH95NWSBALoUTDAKk65rJK47ihJnrW7udgIR/ZpPS6vpPAZRzSyUkSv JQjl+9HUrnb1QYGcm+YiLP46ZyOmFm8vB3FF9E+qDy7o71s9MdLZ8JXtg7fplbIvWvOXkXySl4c OhHFAk1k9gXXgWM+8t0MH0+lMfX5aOXX3coKahhi20Ay8g8hK9I8VD0wrgU2zDH4JjYkj+cmZl2 uzvdRijXh2EFa2a0QkMRG2i1FiogWnf/rHjXPXhBFftWmXH//RDBfehbZ5cW879TZeXo9blbvEk RTx3EknmzBzoHCJ0O9J+VJsgxenvZqfmcyTgc= X-Received: by 2002:a05:6a00:2daa:b0:822:bd7:e94f with SMTP id d2e1a72fcca58-826daa626c2mr11857364b3a.53.1771959307135; Tue, 24 Feb 2026 10:55:07 -0800 (PST) Received: from NVAPF55DW0D-IPD.. ([147.161.217.33]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-826dd8ee179sm10945104b3a.61.2026.02.24.10.55.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 10:55:06 -0800 (PST) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-networking][whinlatter][PATCH 3/3] wolfssl: patch CVE-2025-7394 Date: Wed, 25 Feb 2026 07:54:12 +1300 Message-ID: <20260224185412.1835468-5-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260224185412.1835468-2-ankur.tyagi85@gmail.com> References: <20260224185412.1835468-2-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 18:55:15 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124588 From: Ankur Tyagi Details: https://nvd.nist.gov/vuln/detail/CVE-2025-7394 Backport patches from the PR[1][2][3] mentioned in the changelog[4]. [1] https://github.com/wolfSSL/wolfssl/pull/8849 [2] https://github.com/wolfSSL/wolfssl/pull/8867 [3] https://github.com/wolfSSL/wolfssl/pull/8898 [4] https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-582-july-17-2025 Dropped changes to github workflow and tests during backport. Signed-off-by: Ankur Tyagi --- .../wolfssl/files/CVE-2025-7394-1.patch | 46 +++ .../wolfssl/files/CVE-2025-7394-2.patch | 276 ++++++++++++++++++ .../wolfssl/files/CVE-2025-7394-3.patch | 125 ++++++++ .../wolfssl/files/CVE-2025-7394-4.patch | 88 ++++++ .../wolfssl/files/CVE-2025-7394-5.patch | 42 +++ .../wolfssl/files/CVE-2025-7394-6.patch | 49 ++++ .../wolfssl/wolfssl_5.8.0.bb | 6 + 7 files changed, 632 insertions(+) create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-1.patch create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-2.patch create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-3.patch create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-4.patch create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-5.patch create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-6.patch diff --git a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-1.patch b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-1.patch new file mode 100644 index 0000000000..5c680cd7cd --- /dev/null +++ b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-1.patch @@ -0,0 +1,46 @@ +From 95f350e136ed89eadb1de68d82b7357b9078d167 Mon Sep 17 00:00:00 2001 +From: Josh Holtrop +Date: Thu, 5 Jun 2025 19:48:34 -0400 +Subject: [PATCH] Reseed DRBG in RAND_poll() + +CVE: CVE-2025-7394 +Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/0c12337194ee6dd082f082f0ccaed27fc4ee44f5] +(cherry picked from commit 0c12337194ee6dd082f082f0ccaed27fc4ee44f5) +Signed-off-by: Ankur Tyagi +--- + src/ssl.c | 20 +++++++++++++++++--- + 1 file changed, 17 insertions(+), 3 deletions(-) + +diff --git a/src/ssl.c b/src/ssl.c +index 0b74065fa..95739f098 100644 +--- a/src/ssl.c ++++ b/src/ssl.c +@@ -26017,11 +26017,25 @@ int wolfSSL_RAND_poll(void) + return WOLFSSL_FAILURE; + } + ret = wc_GenerateSeed(&globalRNG.seed, entropy, entropy_sz); +- if (ret != 0){ ++ if (ret != 0) { + WOLFSSL_MSG("Bad wc_RNG_GenerateBlock"); + ret = WOLFSSL_FAILURE; +- }else +- ret = WOLFSSL_SUCCESS; ++ } ++ else { ++#ifdef HAVE_HASHDRBG ++ ret = wc_RNG_DRBG_Reseed(&globalRNG, entropy, entropy_sz); ++ if (ret != 0) { ++ WOLFSSL_MSG("Error reseeding DRBG"); ++ ret = WOLFSSL_FAILURE; ++ } ++ else { ++ ret = WOLFSSL_SUCCESS; ++ } ++#else ++ WOLFSSL_MSG("RAND_poll called with HAVE_HASHDRBG not set"); ++ ret = WOLFSSL_FAILURE; ++#endif ++ } + + return ret; + } diff --git a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-2.patch b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-2.patch new file mode 100644 index 0000000000..a10839b7c4 --- /dev/null +++ b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-2.patch @@ -0,0 +1,276 @@ +From baa7c51d9c4b788213c8b7ae51ea351222f0d06a Mon Sep 17 00:00:00 2001 +From: JacobBarthelmeh +Date: Tue, 10 Jun 2025 12:49:08 -0600 +Subject: [PATCH] add sanity checks on pid with RNG + +CVE: CVE-2025-7394 +Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/31490ab813a5aac096f50800c26c690d8ae586d2] +(cherry picked from commit 31490ab813a5aac096f50800c26c690d8ae586d2) +Signed-off-by: Ankur Tyagi +--- + CMakeLists.txt | 1 + + configure.ac | 4 +- + src/ssl.c | 40 +++++++++++- + wolfcrypt/src/random.c | 126 ++++++++++++++++++++++--------------- + wolfssl/wolfcrypt/random.h | 3 + + 5 files changed, 118 insertions(+), 56 deletions(-) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 4abba9b8a..a2cd40b56 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -124,6 +124,7 @@ check_function_exists("memset" HAVE_MEMSET) + check_function_exists("socket" HAVE_SOCKET) + check_function_exists("strftime" HAVE_STRFTIME) + check_function_exists("__atomic_fetch_add" HAVE_C___ATOMIC) ++check_function_exists("getpid" HAVE_GETPID) + + include(CheckSymbolExists) + check_symbol_exists(isascii "ctype.h" HAVE_ISASCII) +diff --git a/configure.ac b/configure.ac +index 5d1357058..2b0ab1716 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -129,8 +129,8 @@ AC_CHECK_HEADER(assert.h, [AM_CPPFLAGS="$AM_CPPFLAGS -DWOLFSSL_HAVE_ASSERT_H"],[ + # check if functions of interest are linkable, but also check if + # they're declared by the expected headers, and if not, supersede the + # unusable positive from AC_CHECK_FUNCS(). +-AC_CHECK_FUNCS([gethostbyname getaddrinfo gettimeofday gmtime_r gmtime_s inet_ntoa memset socket strftime atexit isascii]) +-AC_CHECK_DECLS([gethostbyname, getaddrinfo, gettimeofday, gmtime_r, gmtime_s, inet_ntoa, memset, socket, strftime, atexit, isascii], [], [ ++AC_CHECK_FUNCS([gethostbyname getaddrinfo gettimeofday gmtime_r gmtime_s inet_ntoa memset socket strftime atexit isascii getpid]) ++AC_CHECK_DECLS([gethostbyname, getaddrinfo, gettimeofday, gmtime_r, gmtime_s, inet_ntoa, memset, socket, strftime, atexit, isascii, getpid], [], [ + if test "$(eval echo \$"$(eval 'echo ac_cv_func_${as_decl_name}')")" = "yes" + then + AC_MSG_NOTICE([ note: earlier check for $(eval 'echo ${as_decl_name}') superseded.]) +diff --git a/src/ssl.c b/src/ssl.c +index 95739f098..7e989685b 100644 +--- a/src/ssl.c ++++ b/src/ssl.c +@@ -25470,6 +25470,10 @@ int wolfSSL_RAND_Init(void) + if (initGlobalRNG == 0) { + ret = wc_InitRng(&globalRNG); + if (ret == 0) { ++ #if defined(HAVE_GETPID) && defined(HAVE_FIPS) && \ ++ FIPS_VERSION3_LT(6,0,0))) ++ currentPid = getpid(); ++ #endif + initGlobalRNG = 1; + ret = WOLFSSL_SUCCESS; + } +@@ -25904,8 +25908,30 @@ int wolfSSL_RAND_pseudo_bytes(unsigned char* buf, int num) + return ret; + } + +-/* returns WOLFSSL_SUCCESS if the bytes generated are valid otherwise +- * WOLFSSL_FAILURE */ ++#if defined(HAVE_GETPID) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0))) ++/* In older FIPS bundles add check for reseed here since it does not exist in ++ * the older random.c certified files. */ ++static pid_t currentPid = 0; ++ ++/* returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure */ ++static int RandCheckReSeed() ++{ ++ int ret = WOLFSSL_SUCCESS; ++ pid_t p; ++ ++ p = getpid(); ++ if (p != currentPid) { ++ currentPid = p; ++ if (wolfSSL_RAND_poll() != WOLFSSL_SUCCESS) { ++ ret = WOLFSSL_FAILURE; ++ } ++ } ++ return ret; ++} ++#endif ++ ++/* returns WOLFSSL_SUCCESS (1) if the bytes generated are valid otherwise 0 ++ * on failure */ + int wolfSSL_RAND_bytes(unsigned char* buf, int num) + { + int ret = 0; +@@ -25948,6 +25974,16 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num) + */ + if (initGlobalRNG) { + rng = &globalRNG; ++ ++ #if defined(HAVE_GETPID) && defined(HAVE_FIPS) && \ ++ FIPS_VERSION3_LT(6,0,0))) ++ if (RandCheckReSeed() != WOLFSSL_SUCCESS) { ++ wc_UnLockMutex(&globalRNGMutex); ++ WOLFSSL_MSG("Issue with check pid and reseed"); ++ return ret; ++ } ++ #endif ++ + used_global = 1; + } + else { +diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c +index 746a06b90..4978db95e 100644 +--- a/wolfcrypt/src/random.c ++++ b/wolfcrypt/src/random.c +@@ -1640,6 +1640,9 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz, + #else + rng->heap = heap; + #endif ++#ifdef HAVE_GETPID ++ rng->pid = getpid(); ++#endif + #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB) + rng->devId = devId; + #if defined(WOLF_CRYPTO_CB) +@@ -1895,6 +1898,63 @@ int wc_InitRngNonce_ex(WC_RNG* rng, byte* nonce, word32 nonceSz, + return _InitRng(rng, nonce, nonceSz, heap, devId); + } + ++#ifdef HAVE_HASHDRBG ++static int PollAndReSeed(WC_RNG* rng) ++{ ++ int ret = DRBG_NEED_RESEED; ++ int devId = INVALID_DEVID; ++#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB) ++ devId = rng->devId; ++#endif ++ if (wc_RNG_HealthTestLocal(1, rng->heap, devId) == 0) { ++ #ifndef WOLFSSL_SMALL_STACK ++ byte newSeed[SEED_SZ + SEED_BLOCK_SZ]; ++ ret = DRBG_SUCCESS; ++ #else ++ byte* newSeed = (byte*)XMALLOC(SEED_SZ + SEED_BLOCK_SZ, rng->heap, ++ DYNAMIC_TYPE_SEED); ++ ret = (newSeed == NULL) ? MEMORY_E : DRBG_SUCCESS; ++ #endif ++ if (ret == DRBG_SUCCESS) { ++ #ifdef WC_RNG_SEED_CB ++ if (seedCb == NULL) { ++ ret = DRBG_NO_SEED_CB; ++ } ++ else { ++ ret = seedCb(&rng->seed, newSeed, SEED_SZ + SEED_BLOCK_SZ); ++ if (ret != 0) { ++ ret = DRBG_FAILURE; ++ } ++ } ++ #else ++ ret = wc_GenerateSeed(&rng->seed, newSeed, ++ SEED_SZ + SEED_BLOCK_SZ); ++ #endif ++ if (ret != 0) ++ ret = DRBG_FAILURE; ++ } ++ if (ret == DRBG_SUCCESS) ++ ret = wc_RNG_TestSeed(newSeed, SEED_SZ + SEED_BLOCK_SZ); ++ ++ if (ret == DRBG_SUCCESS) ++ ret = Hash_DRBG_Reseed((DRBG_internal *)rng->drbg, ++ newSeed + SEED_BLOCK_SZ, SEED_SZ); ++ #ifdef WOLFSSL_SMALL_STACK ++ if (newSeed != NULL) { ++ ForceZero(newSeed, SEED_SZ + SEED_BLOCK_SZ); ++ } ++ XFREE(newSeed, rng->heap, DYNAMIC_TYPE_SEED); ++ #else ++ ForceZero(newSeed, sizeof(newSeed)); ++ #endif ++ } ++ else { ++ ret = DRBG_CONT_FAILURE; ++ } ++ ++ return ret; ++} ++#endif + + /* place a generated block in output */ + WOLFSSL_ABI +@@ -1954,60 +2014,22 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz) + if (rng->status != DRBG_OK) + return RNG_FAILURE_E; + ++#ifdef HAVE_GETPID ++ if (rng->pid != getpid()) { ++ rng->pid = getpid(); ++ ret = PollAndReSeed(rng); ++ if (ret != DRBG_SUCCESS) { ++ rng->status = DRBG_FAILED; ++ return RNG_FAILURE_E; ++ } ++ } ++#endif ++ + ret = Hash_DRBG_Generate((DRBG_internal *)rng->drbg, output, sz); + if (ret == DRBG_NEED_RESEED) { +- int devId = INVALID_DEVID; +- #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB) +- devId = rng->devId; +- #endif +- if (wc_RNG_HealthTestLocal(1, rng->heap, devId) == 0) { +- #ifndef WOLFSSL_SMALL_STACK +- byte newSeed[SEED_SZ + SEED_BLOCK_SZ]; +- ret = DRBG_SUCCESS; +- #else +- byte* newSeed = (byte*)XMALLOC(SEED_SZ + SEED_BLOCK_SZ, rng->heap, +- DYNAMIC_TYPE_SEED); +- ret = (newSeed == NULL) ? MEMORY_E : DRBG_SUCCESS; +- #endif +- if (ret == DRBG_SUCCESS) { +- #ifdef WC_RNG_SEED_CB +- if (seedCb == NULL) { +- ret = DRBG_NO_SEED_CB; +- } +- else { +- ret = seedCb(&rng->seed, newSeed, SEED_SZ + SEED_BLOCK_SZ); +- if (ret != 0) { +- ret = DRBG_FAILURE; +- } +- } +- #else +- ret = wc_GenerateSeed(&rng->seed, newSeed, +- SEED_SZ + SEED_BLOCK_SZ); +- #endif +- if (ret != 0) +- ret = DRBG_FAILURE; +- } +- if (ret == DRBG_SUCCESS) +- ret = wc_RNG_TestSeed(newSeed, SEED_SZ + SEED_BLOCK_SZ); +- +- if (ret == DRBG_SUCCESS) +- ret = Hash_DRBG_Reseed((DRBG_internal *)rng->drbg, +- newSeed + SEED_BLOCK_SZ, SEED_SZ); +- if (ret == DRBG_SUCCESS) +- ret = Hash_DRBG_Generate((DRBG_internal *)rng->drbg, output, sz); +- +- #ifdef WOLFSSL_SMALL_STACK +- if (newSeed != NULL) { +- ForceZero(newSeed, SEED_SZ + SEED_BLOCK_SZ); +- } +- XFREE(newSeed, rng->heap, DYNAMIC_TYPE_SEED); +- #else +- ForceZero(newSeed, sizeof(newSeed)); +- #endif +- } +- else { +- ret = DRBG_CONT_FAILURE; +- } ++ ret = PollAndReSeed(rng); ++ if (ret == DRBG_SUCCESS) ++ ret = Hash_DRBG_Generate((DRBG_internal *)rng->drbg, output, sz); + } + + if (ret == DRBG_SUCCESS) { +diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h +index 3b4533e0d..ff5f89c3f 100644 +--- a/wolfssl/wolfcrypt/random.h ++++ b/wolfssl/wolfcrypt/random.h +@@ -183,6 +183,9 @@ struct WC_RNG { + #endif + byte status; + #endif ++#ifdef HAVE_GETPID ++ pid_t pid; ++#endif + #ifdef WOLFSSL_ASYNC_CRYPT + WC_ASYNC_DEV asyncDev; + #endif diff --git a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-3.patch b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-3.patch new file mode 100644 index 0000000000..c1af745385 --- /dev/null +++ b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-3.patch @@ -0,0 +1,125 @@ +From ec8edec282bfcc18e6b2681e240fae816d694161 Mon Sep 17 00:00:00 2001 +From: JacobBarthelmeh +Date: Tue, 10 Jun 2025 14:15:38 -0600 +Subject: [PATCH] add mutex locking and compat layer FIPS case + +CVE: CVE-2025-7394 +Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/fbbb6b7707f7f8ae1c38ab68daec0af02ee0208a] +(cherry picked from commit fbbb6b7707f7f8ae1c38ab68daec0af02ee0208a) +Signed-off-by: Ankur Tyagi +--- + src/ssl.c | 62 +++++++++++++++++++++++++++---------------------------- + 1 file changed, 31 insertions(+), 31 deletions(-) + +diff --git a/src/ssl.c b/src/ssl.c +index 7e989685b..ae432eb59 100644 +--- a/src/ssl.c ++++ b/src/ssl.c +@@ -25458,6 +25458,12 @@ static int wolfSSL_RAND_InitMutex(void) + + #ifdef OPENSSL_EXTRA + ++#if defined(HAVE_GETPID) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) ++/* In older FIPS bundles add check for reseed here since it does not exist in ++ * the older random.c certified files. */ ++static pid_t currentRandPid = 0; ++#endif ++ + /* Checks if the global RNG has been created. If not then one is created. + * + * Returns WOLFSSL_SUCCESS when no error is encountered. +@@ -25471,8 +25477,8 @@ int wolfSSL_RAND_Init(void) + ret = wc_InitRng(&globalRNG); + if (ret == 0) { + #if defined(HAVE_GETPID) && defined(HAVE_FIPS) && \ +- FIPS_VERSION3_LT(6,0,0))) +- currentPid = getpid(); ++ FIPS_VERSION3_LT(6,0,0) ++ currentRandPid = getpid(); + #endif + initGlobalRNG = 1; + ret = WOLFSSL_SUCCESS; +@@ -25908,28 +25914,6 @@ int wolfSSL_RAND_pseudo_bytes(unsigned char* buf, int num) + return ret; + } + +-#if defined(HAVE_GETPID) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0))) +-/* In older FIPS bundles add check for reseed here since it does not exist in +- * the older random.c certified files. */ +-static pid_t currentPid = 0; +- +-/* returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure */ +-static int RandCheckReSeed() +-{ +- int ret = WOLFSSL_SUCCESS; +- pid_t p; +- +- p = getpid(); +- if (p != currentPid) { +- currentPid = p; +- if (wolfSSL_RAND_poll() != WOLFSSL_SUCCESS) { +- ret = WOLFSSL_FAILURE; +- } +- } +- return ret; +-} +-#endif +- + /* returns WOLFSSL_SUCCESS (1) if the bytes generated are valid otherwise 0 + * on failure */ + int wolfSSL_RAND_bytes(unsigned char* buf, int num) +@@ -25973,17 +25957,27 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num) + * have the lock. + */ + if (initGlobalRNG) { +- rng = &globalRNG; +- + #if defined(HAVE_GETPID) && defined(HAVE_FIPS) && \ +- FIPS_VERSION3_LT(6,0,0))) +- if (RandCheckReSeed() != WOLFSSL_SUCCESS) { ++ FIPS_VERSION3_LT(6,0,0) ++ pid_t p; ++ ++ p = getpid(); ++ if (p != currentRandPid) { + wc_UnLockMutex(&globalRNGMutex); +- WOLFSSL_MSG("Issue with check pid and reseed"); +- return ret; ++ if (wolfSSL_RAND_poll() != WOLFSSL_SUCCESS) { ++ WOLFSSL_MSG("Issue with check pid and reseed"); ++ ret = WOLFSSL_FAILURE; ++ } ++ ++ /* reclaim lock after wolfSSL_RAND_poll */ ++ if (wc_LockMutex(&globalRNGMutex) != 0) { ++ WOLFSSL_MSG("Bad Lock Mutex rng"); ++ return ret; ++ } ++ currentRandPid = p; + } + #endif +- ++ rng = &globalRNG; + used_global = 1; + } + else { +@@ -26059,6 +26053,11 @@ int wolfSSL_RAND_poll(void) + } + else { + #ifdef HAVE_HASHDRBG ++ if (wc_LockMutex(&globalRNGMutex) != 0) { ++ WOLFSSL_MSG("Bad Lock Mutex rng"); ++ return ret; ++ } ++ + ret = wc_RNG_DRBG_Reseed(&globalRNG, entropy, entropy_sz); + if (ret != 0) { + WOLFSSL_MSG("Error reseeding DRBG"); +@@ -26067,6 +26066,7 @@ int wolfSSL_RAND_poll(void) + else { + ret = WOLFSSL_SUCCESS; + } ++ wc_UnLockMutex(&globalRNGMutex); + #else + WOLFSSL_MSG("RAND_poll called with HAVE_HASHDRBG not set"); + ret = WOLFSSL_FAILURE; diff --git a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-4.patch b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-4.patch new file mode 100644 index 0000000000..fb1215f898 --- /dev/null +++ b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-4.patch @@ -0,0 +1,88 @@ +From 7f1ab20a83f953233cac113108ceefb1d5f4fe97 Mon Sep 17 00:00:00 2001 +From: JacobBarthelmeh +Date: Tue, 10 Jun 2025 16:12:09 -0600 +Subject: [PATCH] add a way to restore previous pid behavior + +CVE: CVE-2025-7394 +Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/47cf634965a3aabe82fd97a8feed9efd6688e34a] + +Dropped changes to github workflow and test from original commit. + +Signed-off-by: Ankur Tyagi +--- + src/ssl.c | 11 ++++++----- + wolfcrypt/src/random.c | 4 ++-- + wolfssl/wolfcrypt/random.h | 2 +- + 3 files changed, 9 insertions(+), 8 deletions(-) + +diff --git a/src/ssl.c b/src/ssl.c +index ae432eb59..e69fa19ac 100644 +--- a/src/ssl.c ++++ b/src/ssl.c +@@ -25458,7 +25458,8 @@ static int wolfSSL_RAND_InitMutex(void) + + #ifdef OPENSSL_EXTRA + +-#if defined(HAVE_GETPID) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) ++#if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) && \ ++ defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) + /* In older FIPS bundles add check for reseed here since it does not exist in + * the older random.c certified files. */ + static pid_t currentRandPid = 0; +@@ -25476,8 +25477,8 @@ int wolfSSL_RAND_Init(void) + if (initGlobalRNG == 0) { + ret = wc_InitRng(&globalRNG); + if (ret == 0) { +- #if defined(HAVE_GETPID) && defined(HAVE_FIPS) && \ +- FIPS_VERSION3_LT(6,0,0) ++ #if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) && \ ++ defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) + currentRandPid = getpid(); + #endif + initGlobalRNG = 1; +@@ -25957,8 +25958,8 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num) + * have the lock. + */ + if (initGlobalRNG) { +- #if defined(HAVE_GETPID) && defined(HAVE_FIPS) && \ +- FIPS_VERSION3_LT(6,0,0) ++ #if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) && \ ++ defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) + pid_t p; + + p = getpid(); +diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c +index 4978db95e..32ebb8bae 100644 +--- a/wolfcrypt/src/random.c ++++ b/wolfcrypt/src/random.c +@@ -1640,7 +1640,7 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz, + #else + rng->heap = heap; + #endif +-#ifdef HAVE_GETPID ++#if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) + rng->pid = getpid(); + #endif + #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB) +@@ -2014,7 +2014,7 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz) + if (rng->status != DRBG_OK) + return RNG_FAILURE_E; + +-#ifdef HAVE_GETPID ++#if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) + if (rng->pid != getpid()) { + rng->pid = getpid(); + ret = PollAndReSeed(rng); +diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h +index ff5f89c3f..faa999473 100644 +--- a/wolfssl/wolfcrypt/random.h ++++ b/wolfssl/wolfcrypt/random.h +@@ -183,7 +183,7 @@ struct WC_RNG { + #endif + byte status; + #endif +-#ifdef HAVE_GETPID ++#if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) + pid_t pid; + #endif + #ifdef WOLFSSL_ASYNC_CRYPT diff --git a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-5.patch b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-5.patch new file mode 100644 index 0000000000..6ea6e3b972 --- /dev/null +++ b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-5.patch @@ -0,0 +1,42 @@ +From ec46c4146d16c38abddb427efcb9ca177d74cd03 Mon Sep 17 00:00:00 2001 +From: Chris Conlon +Date: Wed, 18 Jun 2025 16:08:34 -0600 +Subject: [PATCH] Add HAVE_GETPID to options.h if getpid detected, needed for + apps to correctly detect size of WC_RNG struct + +CVE: CVE-2025-7394 +Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/9c35c0de65e135e621400958f22829c0d2555ed4] + +(cherry picked from commit 9c35c0de65e135e621400958f22829c0d2555ed4) +Signed-off-by: Ankur Tyagi +--- + configure.ac | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/configure.ac b/configure.ac +index 2b0ab1716..ecb2d694f 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -160,6 +160,9 @@ fi + #ifdef HAVE_STDLIB_H + #include + #endif ++#ifdef HAVE_UNISTD_H ++ #include ++#endif + #ifdef HAVE_CTYPE_H + #include + #endif +@@ -10361,6 +10364,12 @@ then + AM_CFLAGS="$AM_CFLAGS -DHAVE___UINT128_T=1" + fi + ++# Add HAVE_GETPID to AM_CFLAGS for inclusion in options.h ++if test "$ac_cv_func_getpid" = "yes" ++then ++ AM_CFLAGS="$AM_CFLAGS -DHAVE_GETPID=1" ++fi ++ + LIB_SOCKET_NSL + AX_HARDEN_CC_COMPILER_FLAGS + diff --git a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-6.patch b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-6.patch new file mode 100644 index 0000000000..999b0dd250 --- /dev/null +++ b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-6.patch @@ -0,0 +1,49 @@ +From e282569d0437abd39604ded73d9078e994a54db2 Mon Sep 17 00:00:00 2001 +From: Chris Conlon +Date: Wed, 18 Jun 2025 16:57:02 -0600 +Subject: [PATCH] Add check for reseed in ssl.c for HAVE_SELFTEST, similar to + old FIPS bundles that do not have older random.c files + +CVE: CVE-2025-7394 +Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/cdd02f9665ef43126503307972e4389070a00a73 + +(cherry picked from commit cdd02f9665ef43126503307972e4389070a00a73) +Signed-off-by: Ankur Tyagi +--- + src/ssl.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/src/ssl.c b/src/ssl.c +index e69fa19ac..8f1c79890 100644 +--- a/src/ssl.c ++++ b/src/ssl.c +@@ -25459,7 +25459,7 @@ static int wolfSSL_RAND_InitMutex(void) + #ifdef OPENSSL_EXTRA + + #if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) && \ +- defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) ++ ((defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)) || defined(HAVE_SELFTEST)) + /* In older FIPS bundles add check for reseed here since it does not exist in + * the older random.c certified files. */ + static pid_t currentRandPid = 0; +@@ -25478,7 +25478,9 @@ int wolfSSL_RAND_Init(void) + ret = wc_InitRng(&globalRNG); + if (ret == 0) { + #if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) && \ +- defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) ++ ((defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)) || \ ++ defined(HAVE_SELFTEST)) ++ + currentRandPid = getpid(); + #endif + initGlobalRNG = 1; +@@ -25959,7 +25961,8 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num) + */ + if (initGlobalRNG) { + #if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) && \ +- defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) ++ ((defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)) || \ ++ defined(HAVE_SELFTEST)) + pid_t p; + + p = getpid(); diff --git a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb index 4f323ec128..78d17630c7 100644 --- a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb +++ b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb @@ -21,6 +21,12 @@ SRC_URI = " \ file://CVE-2025-7395-2.patch \ file://CVE-2025-7395-3.patch \ file://CVE-2025-7395-4.patch \ + file://CVE-2025-7394-1.patch \ + file://CVE-2025-7394-2.patch \ + file://CVE-2025-7394-3.patch \ + file://CVE-2025-7394-4.patch \ + file://CVE-2025-7394-5.patch \ + file://CVE-2025-7394-6.patch \ " SRCREV = "b077c81eb635392e694ccedbab8b644297ec0285"