mirror of
https://git.busybox.net/buildroot.git
synced 2025-01-24 21:33:24 +08:00
package/mbedtls: security bump to version 2.28.2
Fix the following security issues:
- Fix potential heap buffer overread and overwrite in DTLS if
MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and
MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.
- An adversary with access to precise enough information about memory
accesses (typically, an untrusted operating system attacking a secure
enclave) could recover an RSA private key after observing the victim
performing a single private-key operation if the window size used for
the exponentiation was 3 or smaller.
Drop patch (already in version:
9d9d45c6b2
)
https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
parent
9febd64bb0
commit
c2baa583c3
@ -1,74 +0,0 @@
|
||||
From a0ae2ba37ca479c6edddec8634b25686be965e0d Mon Sep 17 00:00:00 2001
|
||||
From: Peter Korsgaard <peter@korsgaard.com>
|
||||
Date: Mon, 27 Aug 2018 22:50:57 +0200
|
||||
Subject: [PATCH] bn_mul.h: fix x86 PIC inline ASM compilation with GCC < 5
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Fixes #1910
|
||||
|
||||
With ebx added to the MULADDC_STOP clobber list to fix #1550, the inline
|
||||
assembly fails to build with GCC < 5 in PIC mode with the following error:
|
||||
|
||||
include/mbedtls/bn_mul.h:46:13: error: PIC register clobbered by ‘ebx’ in ‘asm’
|
||||
|
||||
This is because older GCC versions treated the x86 ebx register (which is
|
||||
used for the GOT) as a fixed reserved register when building as PIC.
|
||||
|
||||
This is fixed by an improved register allocator in GCC 5+. From the release
|
||||
notes:
|
||||
|
||||
Register allocation improvements: Reuse of the PIC hard register, instead of
|
||||
using a fixed register, was implemented on x86/x86-64 targets. This
|
||||
improves generated PIC code performance as more hard registers can be used.
|
||||
|
||||
https://www.gnu.org/software/gcc/gcc-5/changes.html
|
||||
|
||||
As a workaround, detect this situation and disable the inline assembly,
|
||||
similar to the MULADDC_CANNOT_USE_R7 logic.
|
||||
|
||||
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
||||
Upstream: https://github.com/ARMmbed/mbedtls/pull/1986
|
||||
---
|
||||
include/mbedtls/bn_mul.h | 18 +++++++++++++++++-
|
||||
1 file changed, 17 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/include/mbedtls/bn_mul.h b/include/mbedtls/bn_mul.h
|
||||
index b587317d9..74a2d29be 100644
|
||||
--- a/include/mbedtls/bn_mul.h
|
||||
+++ b/include/mbedtls/bn_mul.h
|
||||
@@ -50,13 +50,29 @@
|
||||
#if defined(__GNUC__) && \
|
||||
( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 )
|
||||
|
||||
+/*
|
||||
+ * GCC < 5.0 treated the x86 ebx (which is used for the GOT) as a
|
||||
+ * fixed reserved register when building as PIC, leading to errors
|
||||
+ * like: bn_mul.h:46:13: error: PIC register clobbered by ‘ebx’ in ‘asm’
|
||||
+ *
|
||||
+ * This is fixed by an improved register allocator in GCC 5+. From the
|
||||
+ * release notes:
|
||||
+ * Register allocation improvements: Reuse of the PIC hard register,
|
||||
+ * instead of using a fixed register, was implemented on x86/x86-64
|
||||
+ * targets. This improves generated PIC code performance as more hard
|
||||
+ * registers can be used.
|
||||
+ */
|
||||
+#if defined(__GNUC__) && __GNUC__ < 5 && defined(__PIC__)
|
||||
+#define MULADDC_CANNOT_USE_EBX
|
||||
+#endif
|
||||
+
|
||||
/*
|
||||
* Disable use of the i386 assembly code below if option -O0, to disable all
|
||||
* compiler optimisations, is passed, detected with __OPTIMIZE__
|
||||
* This is done as the number of registers used in the assembly code doesn't
|
||||
* work with the -O0 option.
|
||||
*/
|
||||
-#if defined(__i386__) && defined(__OPTIMIZE__)
|
||||
+#if defined(__i386__) && defined(__OPTIMIZE__) && !defined(MULADDC_CANNOT_USE_EBX)
|
||||
|
||||
#define MULADDC_INIT \
|
||||
asm( \
|
||||
--
|
||||
2.11.0
|
||||
|
@ -1,4 +1,4 @@
|
||||
# From https://github.com/ARMmbed/mbedtls/releases/tag/v2.28.1:
|
||||
sha256 6797a7b6483ef589deeab8d33d401ed235d7be25eeecda1be8ddfed406d40ff4 mbedtls-2.28.1.tar.gz
|
||||
# From https://github.com/ARMmbed/mbedtls/releases/tag/v2.28.2:
|
||||
sha256 bc55232bf71fd66045122ba9050a29ea7cb2e8f99b064a9e6334a82f715881a0 mbedtls-2.28.2.tar.gz
|
||||
# Locally calculated
|
||||
sha256 cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30 LICENSE
|
||||
|
@ -4,7 +4,7 @@
|
||||
#
|
||||
################################################################################
|
||||
|
||||
MBEDTLS_VERSION = 2.28.1
|
||||
MBEDTLS_VERSION = 2.28.2
|
||||
MBEDTLS_SITE = $(call github,ARMmbed,mbedtls,v$(MBEDTLS_VERSION))
|
||||
MBEDTLS_CONF_OPTS = \
|
||||
-DCMAKE_C_FLAGS="$(TARGET_CFLAGS) -std=c99" \
|
||||
|
Loading…
Reference in New Issue
Block a user