mbedtls: update to version 2.28.2
authorHauke Mehrtens <hauke@hauke-m.de>
Thu, 29 Dec 2022 20:26:28 +0000 (21:26 +0100)
committerHauke Mehrtens <hauke@hauke-m.de>
Sat, 31 Dec 2022 13:45:23 +0000 (14:45 +0100)
commit158a33591d5d4baeb5b09f7c2eec9b5a0b8db609
tree0912d6d6f72b74208c55a09d5f661511f2d11e51
parentb23cab2fcfe893f860018013feb591395c5c32b0
mbedtls: update to version 2.28.2

Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for security issues.

Fixes the following CVEs:
* CVE-2022-46393: Fix potential heap buffer overread and overwrite in
DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and
MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.

* CVE-2022-46392: An adversary with access to precise enough information
about memory accesses (typically, an untrusted operating system
attacking a secure enclave) could recover an RSA private key after
observing the victim performing a single private-key operation if the
window size used for the exponentiation was 3 or smaller.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit af3c9b74e177019b18055c263099a42c1c6c3453)
package/libs/mbedtls/Makefile
package/libs/mbedtls/patches/100-fix-compile.patch