mirror of
git://git.openwrt.org/openwrt/openwrt.git
synced 2024-12-11 17:34:57 +00:00
mbedtls: update to version 2.28.2
Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2 This release of Mbed TLS provides bug fixes and minor enhancements. This release includes fixes for security issues. Fixes the following CVEs: * CVE-2022-46393: Fix potential heap buffer overread and overwrite in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX. * CVE-2022-46392: An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) could recover an RSA private key after observing the victim performing a single private-key operation if the window size used for the exponentiation was 3 or smaller. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This commit is contained in:
parent
12fdb4c9f4
commit
af3c9b74e1
@ -8,13 +8,13 @@
|
|||||||
include $(TOPDIR)/rules.mk
|
include $(TOPDIR)/rules.mk
|
||||||
|
|
||||||
PKG_NAME:=mbedtls
|
PKG_NAME:=mbedtls
|
||||||
PKG_VERSION:=2.28.1
|
PKG_VERSION:=2.28.2
|
||||||
PKG_RELEASE:=$(AUTORELEASE)
|
PKG_RELEASE:=1
|
||||||
PKG_USE_MIPS16:=0
|
PKG_USE_MIPS16:=0
|
||||||
|
|
||||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
||||||
PKG_SOURCE_URL:=https://codeload.github.com/ARMmbed/mbedtls/tar.gz/v$(PKG_VERSION)?
|
PKG_SOURCE_URL:=https://codeload.github.com/ARMmbed/mbedtls/tar.gz/v$(PKG_VERSION)?
|
||||||
PKG_HASH:=6797a7b6483ef589deeab8d33d401ed235d7be25eeecda1be8ddfed406d40ff4
|
PKG_HASH:=bc55232bf71fd66045122ba9050a29ea7cb2e8f99b064a9e6334a82f715881a0
|
||||||
|
|
||||||
PKG_LICENSE:=GPL-2.0-or-later
|
PKG_LICENSE:=GPL-2.0-or-later
|
||||||
PKG_LICENSE_FILES:=gpl-2.0.txt
|
PKG_LICENSE_FILES:=gpl-2.0.txt
|
||||||
|
@ -4,7 +4,7 @@ Bug report: https://github.com/Mbed-TLS/mbedtls/issues/6243
|
|||||||
|
|
||||||
--- a/programs/ssl/ssl_server2.c
|
--- a/programs/ssl/ssl_server2.c
|
||||||
+++ b/programs/ssl/ssl_server2.c
|
+++ b/programs/ssl/ssl_server2.c
|
||||||
@@ -2511,7 +2511,6 @@ int main( int argc, char *argv[] )
|
@@ -2529,7 +2529,6 @@ int main( int argc, char *argv[] )
|
||||||
}
|
}
|
||||||
key_cert_init2 = 2;
|
key_cert_init2 = 2;
|
||||||
#endif /* MBEDTLS_ECDSA_C */
|
#endif /* MBEDTLS_ECDSA_C */
|
||||||
@ -12,11 +12,11 @@ Bug report: https://github.com/Mbed-TLS/mbedtls/issues/6243
|
|||||||
|
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
if( opt.key_opaque != 0 )
|
if( opt.key_opaque != 0 )
|
||||||
@@ -2540,6 +2539,7 @@ int main( int argc, char *argv[] )
|
@@ -2558,6 +2557,7 @@ int main( int argc, char *argv[] )
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
#endif /* MBEDTLS_CERTS_C */
|
#endif /* MBEDTLS_CERTS_C */
|
||||||
+ }
|
+ }
|
||||||
|
|
||||||
mbedtls_printf( " ok (key types: %s - %s)\n", mbedtls_pk_get_name( &pkey ), mbedtls_pk_get_name( &pkey2 ) );
|
mbedtls_printf( " ok (key types: %s - %s)\n", mbedtls_pk_get_name( &pkey ), mbedtls_pk_get_name( &pkey2 ) );
|
||||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||||
|
Loading…
Reference in New Issue
Block a user