From 2faf9e69c7b68c0848fe8914a21f6d9038600b7b Mon Sep 17 00:00:00 2001 From: "A. Wilcox" Date: Thu, 30 May 2024 21:08:38 -0500 Subject: user/mbedtls: [CVE] Update to 3.6.0 --- user/mbedtls/APKBUILD | 9 +- user/mbedtls/fix-big-endian-alignment-tests.patch | 313 ---------------------- 2 files changed, 3 insertions(+), 319 deletions(-) delete mode 100644 user/mbedtls/fix-big-endian-alignment-tests.patch diff --git a/user/mbedtls/APKBUILD b/user/mbedtls/APKBUILD index 46d1d5461..912f1f57c 100644 --- a/user/mbedtls/APKBUILD +++ b/user/mbedtls/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Síle Ekaterin Liszka # Maintainer: Síle Ekaterin Liszka pkgname=mbedtls -pkgver=3.4.1 +pkgver=3.6.0 pkgrel=0 pkgdesc="Lightweight TLS library" url="https://tls.mbed.org" @@ -11,9 +11,7 @@ depends="" checkdepends="python3" makedepends="cmake" subpackages="$pkgname-dev" -source="mbedtls-$pkgver.tar.gz::https://github.com/ARMmbed/mbedtls/archive/refs/tags/v$pkgver.tar.gz - fix-big-endian-alignment-tests.patch - " +source="https://github.com/ARMmbed/mbedtls/releases/download/v$pkgver/$pkgname-$pkgver.tar.bz2" # secfixes: # 3.3.0-r0: @@ -51,5 +49,4 @@ package() { make DESTDIR="$pkgdir" install } -sha512sums="4aa322b55489bdc54f3b6f4e6175515ca22e74b2d3615334b32f89fb61ac13339e24a5c659bfae27dd948e4ac8783d7f2b3628418ac3df412dc5b5decceebc69 mbedtls-3.4.1.tar.gz -40a4aefd39b63babf1f54bb2ab655278aaca1482da6e0b8943751a55c067307f8a591217b0c3b546a8ae02f7eca72c22da9d74378a5c28e00f8ca97dbcf1b7f8 fix-big-endian-alignment-tests.patch" +sha512sums="5c395890d486144af882aa96c9430103f79df889139969a64a490c0cafbdd5631a72bb668aa59b062204f19a5bb36dfcc5a096b59d76c7ef27f2560cd2388682 mbedtls-3.6.0.tar.bz2" diff --git a/user/mbedtls/fix-big-endian-alignment-tests.patch b/user/mbedtls/fix-big-endian-alignment-tests.patch deleted file mode 100644 index c03fdb426..000000000 --- a/user/mbedtls/fix-big-endian-alignment-tests.patch +++ /dev/null @@ -1,313 +0,0 @@ -See also: - - * https://git.adelielinux.org/adelie/packages/-/issues/1002 - * https://github.com/Mbed-TLS/mbedtls/issues/7428 - * https://github.com/Mbed-TLS/mbedtls/pull/7440 - -From 9dc8b6a6a201ccdbfcbf0de8f76b8b0ddfc2f85c Mon Sep 17 00:00:00 2001 -From: Dave Rodgman -Date: Thu, 13 Apr 2023 12:53:35 +0100 -Subject: [PATCH 1/6] Test fixes for big-endian - -Signed-off-by: Dave Rodgman ---- - tests/suites/test_suite_alignment.function | 58 ++++++++++++---------- - 1 file changed, 31 insertions(+), 27 deletions(-) - -diff --git a/tests/suites/test_suite_alignment.function b/tests/suites/test_suite_alignment.function -index f6703318ce7..45080cc7b6a 100644 ---- a/tests/suites/test_suite_alignment.function -+++ b/tests/suites/test_suite_alignment.function -@@ -17,6 +17,20 @@ int parse_hex_string(char *hex_string, uint64_t *result) - if (mbedtls_test_unhexify(raw, sizeof(raw), hex_string, &olen) != 0) { - return 0; - } -+ -+ /* If < 8 bytes, shift right and pad with leading zeros for big-endian */ -+ if (MBEDTLS_IS_BIG_ENDIAN) { -+ if (olen < 8) { -+ int offset = 8 - olen; -+ for (int i = olen - 1; i >= 0; i--) { -+ raw[i + offset] = raw[i]; -+ } -+ for (int i = 0; i < offset; i++) { -+ raw[i] = 0; -+ } -+ } -+ } -+ - *result = 0; - for (size_t i = 0; i < olen; i++) { - if (MBEDTLS_IS_BIG_ENDIAN) { -@@ -57,38 +71,28 @@ void mbedtls_unaligned_access(int size, int offset) - break; - } - -- /* Generate expected result */ -- uint64_t expected = 0; -- for (uint8_t i = 0; i < 8; i++) { -- uint8_t shift; -- if (MBEDTLS_IS_BIG_ENDIAN) { -- /* -- * Similar to little-endian case described below, but the shift needs -- * to be inverted -- */ -- shift = 7 - (i * 8); -- } else { -- /* example for offset == 1: -- * expected = (( 1 + 0 ) << (0 * 8)) | (( 1 + 1 ) << (1 * 8)) | (( 1 + 2 ) << (2 * 8))) -- * = (1 << 0) | (2 << 8) | (3 << 16) ... -- * = 0x0807060504030201 -- * x = { 0, 1, 2, 3, ... } -- * ie expected is the value that would be read from x on a LE system, when -- * byte swapping is not performed -- */ -- shift = i * 8; -- } -- uint64_t b = offset + i; -- expected |= b << shift; -+ /* Define expected result by manually aligning the raw bytes, and -+ * reading back with a normal pointer access. */ -+ uint64_t raw_aligned = 0; -+ uint8_t *e8 = (uint8_t *) &raw_aligned; -+ uint8_t *r8 = ((uint8_t *) &raw) + offset; -+ /* Make aligned copy */ -+ for (int i = 0; i < size / 8; i++) { -+ e8[i] = r8[i]; - } -- -- /* Mask out excess bits from expected result */ -+ /* Make a 16/32/64 byte read from the aligned location, and copy to expected */ -+ uint64_t expected = 0; - switch (size) { - case 16: -- expected &= 0xffff; -+ uint16_t *e16 = (uint16_t *) &raw_aligned; -+ expected = *e16; - break; - case 32: -- expected &= 0xffffffff; -+ uint32_t *e32 = (uint32_t *) &raw_aligned; -+ expected = *e32; -+ break; -+ case 64: -+ expected = raw_aligned; - break; - } - - -From 0a05e703dbc303fc5e1154e926bc96cb312ace89 Mon Sep 17 00:00:00 2001 -From: Dave Rodgman -Date: Thu, 13 Apr 2023 13:01:34 +0100 -Subject: [PATCH 2/6] Tidy-up - -Signed-off-by: Dave Rodgman ---- - tests/suites/test_suite_alignment.function | 29 ++++++++-------------- - 1 file changed, 11 insertions(+), 18 deletions(-) - -diff --git a/tests/suites/test_suite_alignment.function b/tests/suites/test_suite_alignment.function -index 45080cc7b6a..cd4502005f0 100644 ---- a/tests/suites/test_suite_alignment.function -+++ b/tests/suites/test_suite_alignment.function -@@ -19,15 +19,13 @@ int parse_hex_string(char *hex_string, uint64_t *result) - } - - /* If < 8 bytes, shift right and pad with leading zeros for big-endian */ -- if (MBEDTLS_IS_BIG_ENDIAN) { -- if (olen < 8) { -- int offset = 8 - olen; -- for (int i = olen - 1; i >= 0; i--) { -- raw[i + offset] = raw[i]; -- } -- for (int i = 0; i < offset; i++) { -- raw[i] = 0; -- } -+ if (MBEDTLS_IS_BIG_ENDIAN && olen < 8) { -+ int offset = 8 - olen; -+ for (int i = olen - 1; i >= 0; i--) { -+ raw[i + offset] = raw[i]; -+ } -+ for (int i = 0; i < offset; i++) { -+ raw[i] = 0; - } - } - -@@ -73,13 +71,8 @@ void mbedtls_unaligned_access(int size, int offset) - - /* Define expected result by manually aligning the raw bytes, and - * reading back with a normal pointer access. */ -- uint64_t raw_aligned = 0; -- uint8_t *e8 = (uint8_t *) &raw_aligned; -- uint8_t *r8 = ((uint8_t *) &raw) + offset; -- /* Make aligned copy */ -- for (int i = 0; i < size / 8; i++) { -- e8[i] = r8[i]; -- } -+ uint64_t raw_aligned; -+ memcpy(&raw_aligned, ((uint8_t*)&raw) + offset, size / 8); - /* Make a 16/32/64 byte read from the aligned location, and copy to expected */ - uint64_t expected = 0; - switch (size) { -@@ -98,7 +91,7 @@ void mbedtls_unaligned_access(int size, int offset) - - TEST_EQUAL(r, expected); - -- /* Write sentinel to the part of the array we will testing writing to */ -+ /* Write sentinel to the part of the array we will test writing to */ - for (size_t i = 0; i < (size_t) (size / 8); i++) { - x[i + offset] = 0xff; - } -@@ -319,7 +312,7 @@ void unaligned_access_endian_aware(int size, int offset, int big_endian) - /* Verify read */ - TEST_EQUAL(read, expected); - -- /* Test writing back to memory. First write sentiel */ -+ /* Test writing back to memory. First write sentinel */ - for (size_t i = 0; i < (size_t) (size / 8); i++) { - x[i + offset] = 0xff; - } - -From df2d5b1ca1569f3a6e129e276756d9d15980f719 Mon Sep 17 00:00:00 2001 -From: Dave Rodgman -Date: Thu, 13 Apr 2023 13:41:09 +0100 -Subject: [PATCH 3/6] Fix compile error - -Signed-off-by: Dave Rodgman ---- - tests/suites/test_suite_alignment.function | 14 +++++++------- - 1 file changed, 7 insertions(+), 7 deletions(-) - -diff --git a/tests/suites/test_suite_alignment.function b/tests/suites/test_suite_alignment.function -index cd4502005f0..3a5038e98c2 100644 ---- a/tests/suites/test_suite_alignment.function -+++ b/tests/suites/test_suite_alignment.function -@@ -71,21 +71,21 @@ void mbedtls_unaligned_access(int size, int offset) - - /* Define expected result by manually aligning the raw bytes, and - * reading back with a normal pointer access. */ -- uint64_t raw_aligned; -- memcpy(&raw_aligned, ((uint8_t*)&raw) + offset, size / 8); -+ uint64_t raw_aligned_64; -+ uint16_t *raw_aligned_16 = (uint16_t *) &raw_aligned_64; -+ uint32_t *raw_aligned_32 = (uint32_t *) &raw_aligned_64; -+ memcpy(&raw_aligned_64, ((uint8_t *) &raw) + offset, size / 8); - /* Make a 16/32/64 byte read from the aligned location, and copy to expected */ - uint64_t expected = 0; - switch (size) { - case 16: -- uint16_t *e16 = (uint16_t *) &raw_aligned; -- expected = *e16; -+ expected = *raw_aligned_16; - break; - case 32: -- uint32_t *e32 = (uint32_t *) &raw_aligned; -- expected = *e32; -+ expected = *raw_aligned_32; - break; - case 64: -- expected = raw_aligned; -+ expected = raw_aligned_64; - break; - } - - -From b169671c50e7c1779763ac89d35af11dc0997477 Mon Sep 17 00:00:00 2001 -From: Dave Rodgman -Date: Thu, 13 Apr 2023 13:46:46 +0100 -Subject: [PATCH 4/6] Tidy-up - -Signed-off-by: Dave Rodgman ---- - tests/suites/test_suite_alignment.function | 9 ++------- - 1 file changed, 2 insertions(+), 7 deletions(-) - -diff --git a/tests/suites/test_suite_alignment.function b/tests/suites/test_suite_alignment.function -index 3a5038e98c2..b027c4b1165 100644 ---- a/tests/suites/test_suite_alignment.function -+++ b/tests/suites/test_suite_alignment.function -@@ -20,13 +20,8 @@ int parse_hex_string(char *hex_string, uint64_t *result) - - /* If < 8 bytes, shift right and pad with leading zeros for big-endian */ - if (MBEDTLS_IS_BIG_ENDIAN && olen < 8) { -- int offset = 8 - olen; -- for (int i = olen - 1; i >= 0; i--) { -- raw[i + offset] = raw[i]; -- } -- for (int i = 0; i < offset; i++) { -- raw[i] = 0; -- } -+ memmove(raw + 8 - olen, raw, olen); -+ memset(raw, 0, 8 - olen); - } - - *result = 0; - -From c07df36f9e402ef8b97beb92b25556b04c10c77e Mon Sep 17 00:00:00 2001 -From: Dave Rodgman -Date: Thu, 13 Apr 2023 14:54:12 +0100 -Subject: [PATCH 5/6] More fixes for big-endian - -Signed-off-by: Dave Rodgman ---- - tests/suites/test_suite_alignment.function | 12 +----------- - 1 file changed, 1 insertion(+), 11 deletions(-) - -diff --git a/tests/suites/test_suite_alignment.function b/tests/suites/test_suite_alignment.function -index b027c4b1165..717c51a6951 100644 ---- a/tests/suites/test_suite_alignment.function -+++ b/tests/suites/test_suite_alignment.function -@@ -18,19 +18,9 @@ int parse_hex_string(char *hex_string, uint64_t *result) - return 0; - } - -- /* If < 8 bytes, shift right and pad with leading zeros for big-endian */ -- if (MBEDTLS_IS_BIG_ENDIAN && olen < 8) { -- memmove(raw + 8 - olen, raw, olen); -- memset(raw, 0, 8 - olen); -- } -- - *result = 0; - for (size_t i = 0; i < olen; i++) { -- if (MBEDTLS_IS_BIG_ENDIAN) { -- *result |= ((uint64_t) raw[i]) << (i * 8); -- } else { -- *result |= ((uint64_t) raw[i]) << ((olen - i - 1) * 8); -- } -+ *result |= ((uint64_t) raw[i]) << ((olen - i - 1) * 8); - } - return 1; - } - -From 9145dc46ed98f0bc19e09d52486ba120c1f14589 Mon Sep 17 00:00:00 2001 -From: Dave Rodgman -Date: Thu, 13 Apr 2023 14:59:03 +0100 -Subject: [PATCH 6/6] Ensure variables initialised - -Signed-off-by: Dave Rodgman ---- - tests/suites/test_suite_alignment.function | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/tests/suites/test_suite_alignment.function b/tests/suites/test_suite_alignment.function -index 717c51a6951..ed8f918d8c3 100644 ---- a/tests/suites/test_suite_alignment.function -+++ b/tests/suites/test_suite_alignment.function -@@ -12,7 +12,7 @@ - */ - int parse_hex_string(char *hex_string, uint64_t *result) - { -- uint8_t raw[8]; -+ uint8_t raw[8] = {0}; - size_t olen; - if (mbedtls_test_unhexify(raw, sizeof(raw), hex_string, &olen) != 0) { - return 0; -@@ -104,7 +104,7 @@ void mbedtls_unaligned_access(int size, int offset) - /* BEGIN_CASE */ - void mbedtls_byteswap(char *input_str, int size, char *expected_str) - { -- uint64_t input, expected; -+ uint64_t input = 0, expected = 0; - TEST_ASSERT(parse_hex_string(input_str, &input)); - TEST_ASSERT(parse_hex_string(expected_str, &expected)); - -- cgit v1.2.3-70-g09d2