diff options
author | Armin Kuster <akuster@mvista.com> | 2016-02-05 08:37:29 -0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-03-10 23:06:23 +0000 |
commit | e5026f1e3fd069c3421789a179f2310df3796519 (patch) | |
tree | e8575ff8e0f6d2f4c916e6d85e7145d50b183b51 /meta/recipes-support/nettle | |
parent | ae11f395121e071774b0da450b64bcc98908dd58 (diff) | |
download | openembedded-core-e5026f1e3fd069c3421789a179f2310df3796519.tar.gz openembedded-core-e5026f1e3fd069c3421789a179f2310df3796519.tar.bz2 openembedded-core-e5026f1e3fd069c3421789a179f2310df3796519.zip |
nettle: Security fix CVE-2015-8803 and CVE-2015-8805
(From OE-Core master rev: f62eb452244c3124cc88ef01c14116dac43f377a)
hand applied changes for ecc-256.c
(From OE-Core rev: cb03397ac97bfa99df6b72c80e1e03214e059e6e)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Diffstat (limited to 'meta/recipes-support/nettle')
-rw-r--r-- | meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8803_8805.patch | 71 | ||||
-rw-r--r-- | meta/recipes-support/nettle/nettle_2.7.1.bb | 3 |
2 files changed, 74 insertions, 0 deletions
diff --git a/meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8803_8805.patch b/meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8803_8805.patch new file mode 100644 index 0000000000..1c4b9a98f2 --- /dev/null +++ b/meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8803_8805.patch @@ -0,0 +1,71 @@ +Upstream-Status: Backport +https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e4550137209e3ce4d + +CVE: CVE-2015-8803 +CVE: CVE-2015-8805 + +Same fix for both. + +Signed-off-by: Armin Kuster <akuster@mvista.com> + +Index: nettle-2.7.1/ecc-256.c +=================================================================== +--- nettle-2.7.1.orig/ecc-256.c ++++ nettle-2.7.1/ecc-256.c +@@ -96,9 +96,19 @@ ecc_256_modp (const struct ecc_curve *ec + q2 += t + (q1 < t); + + assert (q2 < 2); ++ /* ++ n-1 n-2 n-3 n-4 ++ +---+---+---+---+ ++ | u1| u0| u low | ++ +---+---+---+---+ ++ - | q1(2^96-1)| ++ +-------+---+ ++ |q2(2^.)| ++ +-------+ + +- /* We multiply by two low limbs of p, 2^96 - 1, so we could use +- shifts rather than mul. */ ++ We multiply by two low limbs of p, 2^96 - 1, so we could use ++ shifts rather than mul. ++ */ + t = mpn_submul_1 (rp + n - 4, ecc->p, 2, q1); + t += cnd_sub_n (q2, rp + n - 3, ecc->p, 1); + t += (-q2) & 0xffffffff; +@@ -108,7 +118,10 @@ ecc_256_modp (const struct ecc_curve *ec + u0 -= t; + t = (u1 < cy); + u1 -= cy; +- u1 += cnd_add_n (t, rp + n - 4, ecc->p, 3); ++ ++ cy = cnd_add_n (t, rp + n - 4, p->m, 2); ++ u0 += cy; ++ u1 += (u0 < cy); + u1 -= (-t) & 0xffffffff; + } + rp[2] = u0; +@@ -195,7 +208,7 @@ ecc_256_modq (const struct ecc_curve *ec + + /* Conditional add of p */ + u1 += t; +- u2 += (t<<32) + (u0 < t); ++ u2 += (t<<32) + (u1 < t); + + t = cnd_add_n (t, rp + n - 4, ecc->q, 2); + u1 += t; +Index: nettle-2.7.1/ChangeLog +=================================================================== +--- nettle-2.7.1.orig/ChangeLog ++++ nettle-2.7.1/ChangeLog +@@ -1,3 +1,9 @@ ++2015-12-10 Niels Möller <nisse@lysator.liu.se> ++ ++ * ecc-256.c (ecc_256_modp): Fixed carry propagation bug. Problem ++ reported by Hanno Böck. ++ (ecc_256_modq): Fixed another carry propagation bug. ++ + 2013-05-28 Niels Möller <nisse@lysator.liu.se> + + * Released nettle-2.7.1. diff --git a/meta/recipes-support/nettle/nettle_2.7.1.bb b/meta/recipes-support/nettle/nettle_2.7.1.bb index ae2574a23d..74b2ee2948 100644 --- a/meta/recipes-support/nettle/nettle_2.7.1.bb +++ b/meta/recipes-support/nettle/nettle_2.7.1.bb @@ -10,3 +10,6 @@ LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=2d5025d4aa3495befef8f17206a5b0a1 \ SRC_URI[md5sum] = "003d5147911317931dd453520eb234a5" SRC_URI[sha256sum] = "bc71ebd43435537d767799e414fce88e521b7278d48c860651216e1fc6555b40" +SRC_URI += "\ + file://CVE-2015-8803_8805.patch \ + " |