]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cad5d53) | patch
openssl: fix crash on aarch64 if BTI is enabled but no Crypto instructions
authorRoss Burton <ross.burton@arm.com>
Wed, 27 Mar 2024 11:15:07 +0000 (11:15 +0000)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Sat, 30 Mar 2024 22:20:28 +0000 (22:20 +0000)
commit438a390e8e1811bc2d3820c1cd2b8e099e70064a
treec4468c64b14c650791bfd62d7278f5334e028f6ctree | snapshot
parentcad5d53e13093ac2fc6f5ba1d0e26fb16e3d88f7commit | diff
openssl: fix crash on aarch64 if BTI is enabled but no Crypto instructions

On aarch64, if the processor doesn't have the Crypto instructions then
OpenSSL will fall back onto the "bit-sliced" assembler routines. When
branch protection (BTI) was enabled in OpenSSL these routines were
missed, so if BTI is available libssl will immediately abort when it
enters this assembler.

Backport a patch submitted upstream to add the required call target
annotations so that BTI doesn't believe the code is being exploited.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-connectivity/openssl/openssl/bti.patch [new file with mode: 0644] blob
meta/recipes-connectivity/openssl/openssl_3.2.1.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core