Почетна Преглед Помоћ
Регистрација Пријавите се
PUBLIC_REPOS
/
buildroot
огледало од git://git.buildroot.net/buildroot
2
1
Креирај огранак 0
Датотеке
Преглед изворни кода

package/mbedtls: security bump to version 2.28.2

Fix the following security issues:
- Fix potential heap buffer overread and overwrite in DTLS if
  MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and
  MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.
- An adversary with access to precise enough information about memory
  accesses (typically, an untrusted operating system attacking a secure
  enclave) could recover an RSA private key after observing the victim
  performing a single private-key operation if the window size used for
  the exponentiation was 3 or smaller.

Drop patch (already in version:
https://github.com/Mbed-TLS/mbedtls/commit/9d9d45c6b2aeaedfdfdadfec3d05d168db685968)

https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c2baa583c350b9d594e87f9cab1db597789904df)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine пре 2 година
родитељ
d6352a905a
комит
738d05904c
3 измењених фајлова са 3 додато и 77 уклоњено
Један поглед Покажи статистику Diff
  1. 0 74
      package/mbedtls/0001-bn_mul.h-fix-x86-PIC-inline-ASM-compilation-with-GCC.patch
  2. 2 2
      package/mbedtls/mbedtls.hash
  3. 1 1
      package/mbedtls/mbedtls.mk

+ 0 - 74
package/mbedtls/0001-bn_mul.h-fix-x86-PIC-inline-ASM-compilation-with-GCC.patch
Прегледај датотеку 

@@ -1,74 +0,0 @@
 
-From a0ae2ba37ca479c6edddec8634b25686be965e0d Mon Sep 17 00:00:00 2001
 
-From: Peter Korsgaard <peter@korsgaard.com>
 
-Date: Mon, 27 Aug 2018 22:50:57 +0200
 
-Subject: [PATCH] bn_mul.h: fix x86 PIC inline ASM compilation with GCC < 5
 
-MIME-Version: 1.0
 
-Content-Type: text/plain; charset=UTF-8
 
-Content-Transfer-Encoding: 8bit
 
-
 
-Fixes #1910
 
-
 
-With ebx added to the MULADDC_STOP clobber list to fix #1550, the inline
 
-assembly fails to build with GCC < 5 in PIC mode with the following error:
 
-
 
-include/mbedtls/bn_mul.h:46:13: error: PIC register clobbered by ‘ebx’ in ‘asm’
 
-
 
-This is because older GCC versions treated the x86 ebx register (which is
 
-used for the GOT) as a fixed reserved register when building as PIC.
 
-
 
-This is fixed by an improved register allocator in GCC 5+.  From the release
 
-notes:
 
-
 
-Register allocation improvements: Reuse of the PIC hard register, instead of
 
-using a fixed register, was implemented on x86/x86-64 targets.  This
 
-improves generated PIC code performance as more hard registers can be used.
 
-
 
-https://www.gnu.org/software/gcc/gcc-5/changes.html
 
-
 
-As a workaround, detect this situation and disable the inline assembly,
 
-similar to the MULADDC_CANNOT_USE_R7 logic.
 
-
 
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 
-Upstream: https://github.com/ARMmbed/mbedtls/pull/1986
 
----
 
- include/mbedtls/bn_mul.h | 18 +++++++++++++++++-
 
- 1 file changed, 17 insertions(+), 1 deletion(-)
 
-
 
-diff --git a/include/mbedtls/bn_mul.h b/include/mbedtls/bn_mul.h
 
-index b587317d9..74a2d29be 100644
 
---- a/include/mbedtls/bn_mul.h
 
-+++ b/include/mbedtls/bn_mul.h
 
-@@ -50,13 +50,29 @@
 
- #if defined(__GNUC__) && \
 
-     ( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 )
 
- 
-+/*
 
-+ * GCC < 5.0 treated the x86 ebx (which is used for the GOT) as a
 
-+ * fixed reserved register when building as PIC, leading to errors
 
-+ * like: bn_mul.h:46:13: error: PIC register clobbered by ‘ebx’ in ‘asm’
 
-+ *
 
-+ * This is fixed by an improved register allocator in GCC 5+. From the
 
-+ * release notes:
 
-+ * Register allocation improvements: Reuse of the PIC hard register,
 
-+ * instead of using a fixed register, was implemented on x86/x86-64
 
-+ * targets. This improves generated PIC code performance as more hard
 
-+ * registers can be used.
 
-+ */
 
-+#if defined(__GNUC__) && __GNUC__ < 5 && defined(__PIC__)
 
-+#define MULADDC_CANNOT_USE_EBX
 
-+#endif
 
-+
 
- /*
 
-  * Disable use of the i386 assembly code below if option -O0, to disable all
 
-  * compiler optimisations, is passed, detected with __OPTIMIZE__
 
-  * This is done as the number of registers used in the assembly code doesn't
 
-  * work with the -O0 option.
 
-  */
 
--#if defined(__i386__) && defined(__OPTIMIZE__)
 
-+#if defined(__i386__) && defined(__OPTIMIZE__) && !defined(MULADDC_CANNOT_USE_EBX)
 
- 
- #define MULADDC_INIT                        \
 
-     asm(                                    \
 
--- 
-2.11.0
 
-

+ 2 - 2
package/mbedtls/mbedtls.hash
Прегледај датотеку 

@@ -1,4 +1,4 @@
 
-# From https://github.com/ARMmbed/mbedtls/releases/tag/v2.28.1:
 
-sha256  6797a7b6483ef589deeab8d33d401ed235d7be25eeecda1be8ddfed406d40ff4  mbedtls-2.28.1.tar.gz
 
+# From https://github.com/ARMmbed/mbedtls/releases/tag/v2.28.2:
 
+sha256  bc55232bf71fd66045122ba9050a29ea7cb2e8f99b064a9e6334a82f715881a0  mbedtls-2.28.2.tar.gz
 
 # Locally calculated
 
 # Locally calculated
 
 sha256  cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30  LICENSE
 
 sha256  cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30  LICENSE

+ 1 - 1
package/mbedtls/mbedtls.mk
Прегледај датотеку 

@@ -4,7 +4,7 @@
 
 #
 
 #
 
 ################################################################################
 
 ################################################################################
 
 
 
-MBEDTLS_VERSION = 2.28.1
 
+MBEDTLS_VERSION = 2.28.2
 
 MBEDTLS_SITE = $(call github,ARMmbed,mbedtls,v$(MBEDTLS_VERSION))
 
 MBEDTLS_SITE = $(call github,ARMmbed,mbedtls,v$(MBEDTLS_VERSION))
 
 MBEDTLS_CONF_OPTS = \
 
 MBEDTLS_CONF_OPTS = \
 
 	-DCMAKE_C_FLAGS="$(TARGET_CFLAGS) -std=c99" \
 
 	-DCMAKE_C_FLAGS="$(TARGET_CFLAGS) -std=c99" \