]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d105cc0) | patch
openssl: fix crash on aarch64 if BTI is enabled but no Crypto instructions
authorRoss Burton <ross.burton@arm.com>
Wed, 27 Mar 2024 11:16:15 +0000 (11:16 +0000)
committerSteve Sakoman <steve@sakoman.com>
Wed, 27 Mar 2024 13:34:46 +0000 (03:34 -1000)
commitec555688dbdc87cc695db653201c8d9e20079d22
tree322569fa62c72d6eaa30c94d470f751d87f10ad0tree | snapshot
parentd105cc0dae1fcca285c08f33df7888c68fb0dc2fcommit | diff
openssl: fix crash on aarch64 if BTI is enabled but no Crypto instructions

On aarch64, if the processor doesn't have the Crypto instructions then
OpenSSL will fall back onto the "bit-sliced" assembler routines. When
branch protection (BTI) was enabled in OpenSSL these routines were
missed, so if BTI is available libssl will immediately abort when it
enters this assembler.

Backport a patch submitted upstream to add the required call target
annotations so that BTI doesn't believe the code is being exploited.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-connectivity/openssl/openssl/bti.patch [new file with mode: 0644] blob
meta/recipes-connectivity/openssl/openssl_3.1.5.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core