diff options
author | Stefan Agner <stefan.agner@toradex.com> | 2017-11-18 09:53:54 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-12-02 11:24:34 +0000 |
commit | a200115c769eff4b9b0241d54ed5ad86da08fdbc (patch) | |
tree | 58b37184ce207fde53b417c5350bdea586f8750e /meta/recipes-connectivity/openssl/openssl-1.0.2m/openssl_fix_for_x32.patch | |
parent | dac6515fcd23ea9cde5308c1d08a7a928efbb4d6 (diff) | |
download | openembedded-core-a200115c769eff4b9b0241d54ed5ad86da08fdbc.tar.gz |
openssl10: Upgrade 1.0.2l -> 1.0.2m
Deals with two CVEs:
* bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
* Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Acked-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Diffstat (limited to 'meta/recipes-connectivity/openssl/openssl-1.0.2m/openssl_fix_for_x32.patch')
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl-1.0.2m/openssl_fix_for_x32.patch | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2m/openssl_fix_for_x32.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/openssl_fix_for_x32.patch new file mode 100644 index 0000000000..0f08a642f6 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl-1.0.2m/openssl_fix_for_x32.patch @@ -0,0 +1,39 @@ +Upstream-Status: Pending + +Received from H J Liu @ Intel +Make the assembly syntax compatible with x32 gcc. Othewise x32 gcc throws errors. +Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13 + +ported the patch to the 1.0.0e version +Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01 +Index: openssl-1.0.2/crypto/bn/bn.h +=================================================================== +--- openssl-1.0.2.orig/crypto/bn/bn.h ++++ openssl-1.0.2/crypto/bn/bn.h +@@ -173,6 +173,13 @@ extern "C" { + # endif + # endif + ++/* Address type. */ ++#ifdef _WIN64 ++#define BN_ADDR unsigned long long ++#else ++#define BN_ADDR unsigned long ++#endif ++ + /* + * assuming long is 64bit - this is the DEC Alpha unsigned long long is only + * 64 bits :-(, don't define BN_LLONG for the DEC Alpha +Index: openssl-1.0.2/crypto/bn/bn_exp.c +=================================================================== +--- openssl-1.0.2.orig/crypto/bn/bn_exp.c ++++ openssl-1.0.2/crypto/bn/bn_exp.c +@@ -638,7 +638,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU + * multiple. + */ + #define MOD_EXP_CTIME_ALIGN(x_) \ +- ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK)))) ++ ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK)))) + + /* + * This variant of BN_mod_exp_mont() uses fixed windows and the special |