summaryrefslogtreecommitdiffstats
path: root/recipes-support/nettle
diff options
context:
space:
mode:
authorRichard Purdie <richard.purdie@linuxfoundation.org>2017-03-02 12:24:31 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-03-02 12:30:01 +0000
commit8ba70a1c28a4e0ee73db5308b38abc923b0be44d (patch)
tree0ed9bff8e4bd70766c81dbb559d32781bdd93ce8 /recipes-support/nettle
downloadmeta-gplv2-8ba70a1c28a4e0ee73db5308b38abc923b0be44d.tar.gz
Create meta-gplv2 from files from OE-Core
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'recipes-support/nettle')
-rw-r--r--recipes-support/nettle/files/Add-target-to-only-build-tests-not-run-them.patch46
-rw-r--r--recipes-support/nettle/files/run-ptest36
-rw-r--r--recipes-support/nettle/nettle-2.7.1/CVE-2015-8803_8805.patch71
-rw-r--r--recipes-support/nettle/nettle-2.7.1/CVE-2015-8804.patch272
-rw-r--r--recipes-support/nettle/nettle-2.7.1/check-header-files-of-openssl-only-if-enable_.patch38
-rw-r--r--recipes-support/nettle/nettle.inc37
-rw-r--r--recipes-support/nettle/nettle_2.7.1.bb19
7 files changed, 519 insertions, 0 deletions
diff --git a/recipes-support/nettle/files/Add-target-to-only-build-tests-not-run-them.patch b/recipes-support/nettle/files/Add-target-to-only-build-tests-not-run-them.patch
new file mode 100644
index 0000000..23da777
--- /dev/null
+++ b/recipes-support/nettle/files/Add-target-to-only-build-tests-not-run-them.patch
@@ -0,0 +1,46 @@
1From 46edf01cc98db9f9feec984897836dfdd26bdc8d Mon Sep 17 00:00:00 2001
2From: Jussi Kukkonen <jussi.kukkonen@intel.com>
3Date: Wed, 12 Aug 2015 23:27:27 +0300
4Subject: [PATCH] Add target to only build tests (not run them)
5
6Not sending upstream as this is only a start of a solution to
7installable tests: It's useful for us already as is.
8
9Upstream-Status: Inappropriate [not a complete solution]
10
11Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
12---
13 Makefile.in | 3 +++
14 testsuite/Makefile.in | 2 ++
15 2 files changed, 5 insertions(+)
16
17diff --git a/Makefile.in b/Makefile.in
18index 08efb7d..7909342 100644
19--- a/Makefile.in
20+++ b/Makefile.in
21@@ -55,6 +55,9 @@ clean distclean mostlyclean maintainer-clean tags:
22 echo "Making $@ in $$d" ; (cd $$d && $(MAKE) $@); done
23 $(MAKE) $@-here
24
25+buildtest:
26+ echo "Making $@ in testsuite" ; (cd testsuite && $(MAKE) $@)
27+
28 check-here:
29 true
30
31diff --git a/testsuite/Makefile.in b/testsuite/Makefile.in
32index 6bc1907..bb65bf0 100644
33--- a/testsuite/Makefile.in
34+++ b/testsuite/Makefile.in
35@@ -116,6 +116,8 @@ $(TARGETS) $(EXTRA_TARGETS): testutils.$(OBJEXT) ../nettle-internal.$(OBJEXT) \
36 # data.
37 VALGRIND = valgrind --error-exitcode=1 --leak-check=full --show-reachable=yes @IF_ASM@ --partial-loads-ok=yes
38
39+buildtest: $(TS_ALL)
40+
41 # The PATH update is for locating dlls on w*ndows.
42 check: $(TS_ALL)
43 LD_LIBRARY_PATH=../.lib PATH="../.lib:$$PATH" srcdir="$(srcdir)" \
44--
452.1.4
46
diff --git a/recipes-support/nettle/files/run-ptest b/recipes-support/nettle/files/run-ptest
new file mode 100644
index 0000000..b90bed6
--- /dev/null
+++ b/recipes-support/nettle/files/run-ptest
@@ -0,0 +1,36 @@
1#! /bin/sh
2
3cd testsuite
4
5failed=0
6all=0
7
8for f in *-test; do
9 if [ "$f" = "sha1-huge-test" ] ; then
10 echo "SKIP: $f (skipped for ludicrous run time)"
11 continue
12 fi
13
14 "./$f"
15 case "$?" in
16 0)
17 echo "PASS: $f"
18 all=$((all + 1))
19 ;;
20 77)
21 echo "SKIP: $f"
22 ;;
23 *)
24 echo "FAIL: $f"
25 failed=$((failed + 1))
26 all=$((all + 1))
27 ;;
28 esac
29done
30
31if [ "$failed" -eq 0 ] ; then
32 echo "All $all tests passed"
33else
34 echo "$failed of $all tests failed"
35fi
36
diff --git a/recipes-support/nettle/nettle-2.7.1/CVE-2015-8803_8805.patch b/recipes-support/nettle/nettle-2.7.1/CVE-2015-8803_8805.patch
new file mode 100644
index 0000000..a956f42
--- /dev/null
+++ b/recipes-support/nettle/nettle-2.7.1/CVE-2015-8803_8805.patch
@@ -0,0 +1,71 @@
1Upstream-Status: Backport
2https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e4550137209e3ce4d
3
4CVE: CVE-2015-8803
5CVE: CVE-2015-8805
6
7Same fix for both.
8
9Signed-off-by: Armin Kuster <akuster@mvista.com>
10
11Index: nettle-2.7.1/ecc-256.c
12===================================================================
13--- nettle-2.7.1.orig/ecc-256.c
14+++ nettle-2.7.1/ecc-256.c
15@@ -96,9 +96,19 @@ ecc_256_modp (const struct ecc_curve *ec
16 q2 += t + (q1 < t);
17
18 assert (q2 < 2);
19+ /*
20+ n-1 n-2 n-3 n-4
21+ +---+---+---+---+
22+ | u1| u0| u low |
23+ +---+---+---+---+
24+ - | q1(2^96-1)|
25+ +-------+---+
26+ |q2(2^.)|
27+ +-------+
28
29- /* We multiply by two low limbs of p, 2^96 - 1, so we could use
30- shifts rather than mul. */
31+ We multiply by two low limbs of p, 2^96 - 1, so we could use
32+ shifts rather than mul.
33+ */
34 t = mpn_submul_1 (rp + n - 4, ecc->p, 2, q1);
35 t += cnd_sub_n (q2, rp + n - 3, ecc->p, 1);
36 t += (-q2) & 0xffffffff;
37@@ -108,7 +118,10 @@ ecc_256_modp (const struct ecc_curve *ec
38 u0 -= t;
39 t = (u1 < cy);
40 u1 -= cy;
41- u1 += cnd_add_n (t, rp + n - 4, ecc->p, 3);
42+
43+ cy = cnd_add_n (t, rp + n - 4, ecc->p, 2);
44+ u0 += cy;
45+ u1 += (u0 < cy);
46 u1 -= (-t) & 0xffffffff;
47 }
48 rp[2] = u0;
49@@ -195,7 +208,7 @@ ecc_256_modq (const struct ecc_curve *ec
50
51 /* Conditional add of p */
52 u1 += t;
53- u2 += (t<<32) + (u0 < t);
54+ u2 += (t<<32) + (u1 < t);
55
56 t = cnd_add_n (t, rp + n - 4, ecc->q, 2);
57 u1 += t;
58Index: nettle-2.7.1/ChangeLog
59===================================================================
60--- nettle-2.7.1.orig/ChangeLog
61+++ nettle-2.7.1/ChangeLog
62@@ -1,3 +1,9 @@
63+2015-12-10 Niels Möller <nisse@lysator.liu.se>
64+
65+ * ecc-256.c (ecc_256_modp): Fixed carry propagation bug. Problem
66+ reported by Hanno Böck.
67+ (ecc_256_modq): Fixed another carry propagation bug.
68+
69 2013-05-28 Niels Möller <nisse@lysator.liu.se>
70
71 * Released nettle-2.7.1.
diff --git a/recipes-support/nettle/nettle-2.7.1/CVE-2015-8804.patch b/recipes-support/nettle/nettle-2.7.1/CVE-2015-8804.patch
new file mode 100644
index 0000000..73723a9
--- /dev/null
+++ b/recipes-support/nettle/nettle-2.7.1/CVE-2015-8804.patch
@@ -0,0 +1,272 @@
1Upstream-Status: Backport
2 https://git.lysator.liu.se/nettle/nettle/commit/fa269b6ad06dd13c901dbd84a12e52b918a09cd7
3
4CVE: CVE-2015-8804
5Signed-off-by: Armin Kuster <akuster@mvista.com>
6
7Index: nettle-2.7.1/ChangeLog
8===================================================================
9--- nettle-2.7.1.orig/ChangeLog
10+++ nettle-2.7.1/ChangeLog
11@@ -1,3 +1,11 @@
12+2015-12-15 Niels Möller <nisse@lysator.liu.se>
13+
14+ * x86_64/ecc-384-modp.asm: Fixed carry propagation bug. Problem
15+ reported by Hanno Böck. Simplified the folding to always use
16+ non-negative carry, the old code attempted to add in a carry which
17+ could be either positive or negative, but didn't get that case
18+ right.
19+
20 2015-12-10 Niels Möller <nisse@lysator.liu.se>
21
22 * ecc-256.c (ecc_256_modp): Fixed carry propagation bug. Problem
23Index: nettle-2.7.1/x86_64/ecc-384-modp.asm
24===================================================================
25--- nettle-2.7.1.orig/x86_64/ecc-384-modp.asm
26+++ nettle-2.7.1/x86_64/ecc-384-modp.asm
27@@ -20,7 +20,7 @@ C MA 02111-1301, USA.
28 .file "ecc-384-modp.asm"
29
30 define(<RP>, <%rsi>)
31-define(<D4>, <%rax>)
32+define(<D5>, <%rax>)
33 define(<T0>, <%rbx>)
34 define(<T1>, <%rcx>)
35 define(<T2>, <%rdx>)
36@@ -35,8 +35,8 @@ define(<H4>, <%r13>)
37 define(<H5>, <%r14>)
38 define(<C2>, <%r15>)
39 define(<C0>, H5) C Overlap
40-define(<D0>, RP) C Overlap
41-define(<TMP>, H4) C Overlap
42+define(<TMP>, RP) C Overlap
43+
44
45 PROLOGUE(nettle_ecc_384_modp)
46 W64_ENTRY(2, 0)
47@@ -48,34 +48,38 @@ PROLOGUE(nettle_ecc_384_modp)
48 push %r14
49 push %r15
50
51- C First get top 2 limbs, which need folding twice
52+ C First get top 2 limbs, which need folding twice.
53+ C B^10 = B^6 + B^4 + 2^32 (B-1)B^4.
54+ C We handle the terms as follow:
55 C
56- C H5 H4
57- C -H5
58- C ------
59- C H0 D4
60+ C B^6: Folded immediatly.
61 C
62- C Then shift right, (H1,H0,D4) <-- (H0,D4) << 32
63- C and add
64+ C B^4: Delayed, added in in the next folding.
65 C
66- C H5 H4
67- C H1 H0
68- C ----------
69- C C2 H1 H0
70-
71- mov 80(RP), D4
72- mov 88(RP), H0
73- mov D4, H4
74- mov H0, H5
75- sub H0, D4
76- sbb $0, H0
77-
78- mov D4, T2
79- mov H0, H1
80- shl $32, H0
81- shr $32, T2
82+ C 2^32(B-1) B^4: Low half limb delayed until the next
83+ C folding. Top 1.5 limbs subtracted and shifter now, resulting
84+ C in 2.5 limbs. The low limb saved in D5, high 1.5 limbs added
85+ C in.
86+
87+ mov 80(RP), H4
88+ mov 88(RP), H5
89+ C Shift right 32 bits, into H1, H0
90+ mov H4, H0
91+ mov H5, H1
92+ mov H5, D5
93 shr $32, H1
94- or T2, H0
95+ shl $32, D5
96+ shr $32, H0
97+ or D5, H0
98+
99+ C H1 H0
100+ C - H1 H0
101+ C --------
102+ C H1 H0 D5
103+ mov H0, D5
104+ neg D5
105+ sbb H1, H0
106+ sbb $0, H1
107
108 xor C2, C2
109 add H4, H0
110@@ -114,118 +118,95 @@ PROLOGUE(nettle_ecc_384_modp)
111 adc H3, T5
112 adc $0, C0
113
114- C H3 H2 H1 H0 0
115- C - H4 H3 H2 H1 H0
116- C ---------------
117- C H3 H2 H1 H0 D0
118-
119- mov XREG(D4), XREG(D4)
120- mov H0, D0
121- neg D0
122- sbb H1, H0
123- sbb H2, H1
124- sbb H3, H2
125- sbb H4, H3
126- sbb $0, D4
127-
128- C Shift right. High bits are sign, to be added to C0.
129- mov D4, TMP
130- sar $32, TMP
131- shl $32, D4
132- add TMP, C0
133-
134+ C Shift left, including low half of H4
135 mov H3, TMP
136+ shl $32, H4
137 shr $32, TMP
138- shl $32, H3
139- or TMP, D4
140+ or TMP, H4
141
142 mov H2, TMP
143+ shl $32, H3
144 shr $32, TMP
145- shl $32, H2
146 or TMP, H3
147
148 mov H1, TMP
149+ shl $32, H2
150 shr $32, TMP
151- shl $32, H1
152 or TMP, H2
153
154 mov H0, TMP
155+ shl $32, H1
156 shr $32, TMP
157- shl $32, H0
158 or TMP, H1
159
160- mov D0, TMP
161- shr $32, TMP
162- shl $32, D0
163- or TMP, H0
164+ shl $32, H0
165+
166+ C H4 H3 H2 H1 H0 0
167+ C - H4 H3 H2 H1 H0
168+ C ---------------
169+ C H4 H3 H2 H1 H0 TMP
170
171- add D0, T0
172+ mov H0, TMP
173+ neg TMP
174+ sbb H1, H0
175+ sbb H2, H1
176+ sbb H3, H2
177+ sbb H4, H3
178+ sbb $0, H4
179+
180+ add TMP, T0
181 adc H0, T1
182 adc H1, T2
183 adc H2, T3
184 adc H3, T4
185- adc D4, T5
186+ adc H4, T5
187 adc $0, C0
188
189 C Remains to add in C2 and C0
190- C C0 C0<<32 (-2^32+1)C0
191- C C2 C2<<32 (-2^32+1)C2
192- C where C2 is always positive, while C0 may be -1.
193+ C Set H1, H0 = (2^96 - 2^32 + 1) C0
194 mov C0, H0
195 mov C0, H1
196- mov C0, H2
197- sar $63, C0 C Get sign
198 shl $32, H1
199- sub H1, H0 C Gives borrow iff C0 > 0
200+ sub H1, H0
201 sbb $0, H1
202- add C0, H2
203
204+ C Set H3, H2 = (2^96 - 2^32 + 1) C2
205+ mov C2, H2
206+ mov C2, H3
207+ shl $32, H3
208+ sub H3, H2
209+ sbb $0, H3
210+ add C0, H2 C No carry. Could use lea trick
211+
212+ xor C0, C0
213 add H0, T0
214 adc H1, T1
215- adc $0, H2
216- adc $0, C0
217-
218- C Set (H1 H0) <-- C2 << 96 - C2 << 32 + 1
219- mov C2, H0
220- mov C2, H1
221- shl $32, H1
222- sub H1, H0
223- sbb $0, H1
224-
225- add H2, H0
226- adc C0, H1
227- adc C2, C0
228- mov C0, H2
229- sar $63, C0
230- add H0, T2
231- adc H1, T3
232- adc H2, T4
233- adc C0, T5
234- sbb C0, C0
235+ adc H2, T2
236+ adc H3, T3
237+ adc C2, T4
238+ adc D5, T5 C Value delayed from initial folding
239+ adc $0, C0 C Use sbb and switch sign?
240
241 C Final unlikely carry
242 mov C0, H0
243 mov C0, H1
244- mov C0, H2
245- sar $63, C0
246 shl $32, H1
247 sub H1, H0
248 sbb $0, H1
249- add C0, H2
250
251 pop RP
252
253- sub H0, T0
254+ add H0, T0
255 mov T0, (RP)
256- sbb H1, T1
257+ adc H1, T1
258 mov T1, 8(RP)
259- sbb H2, T2
260+ adc C0, T2
261 mov T2, 16(RP)
262- sbb C0, T3
263+ adc $0, T3
264 mov T3, 24(RP)
265- sbb C0, T4
266+ adc $0, T4
267 mov T4, 32(RP)
268- sbb C0, T5
269+ adc $0, T5
270 mov T5, 40(RP)
271
272 pop %r15
diff --git a/recipes-support/nettle/nettle-2.7.1/check-header-files-of-openssl-only-if-enable_.patch b/recipes-support/nettle/nettle-2.7.1/check-header-files-of-openssl-only-if-enable_.patch
new file mode 100644
index 0000000..38d9107
--- /dev/null
+++ b/recipes-support/nettle/nettle-2.7.1/check-header-files-of-openssl-only-if-enable_.patch
@@ -0,0 +1,38 @@
1From c369dd7049f5a198f8b6c96fde6e294ce5146c2f Mon Sep 17 00:00:00 2001
2From: Haiqing Bai <Haiqing.Bai@windriver.com>
3Date: Fri, 9 Dec 2016 16:16:45 +0800
4Subject: [PATCH] nettle: check header files of openssl only if
5 'enable_openssl=yes'.
6
7The original configure script checks openssl header files to generate
8config.h even if 'enable_openssl' is not set to yes, this made inconsistent
9building for nettle.
10
11Upstream-Status: Pending
12Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
13---
14 configure.ac | 8 +++++---
15 1 file changed, 5 insertions(+), 3 deletions(-)
16
17diff --git a/configure.ac b/configure.ac
18index 78a3d4e..4f16a98 100644
19--- a/configure.ac
20+++ b/configure.ac
21@@ -603,9 +603,11 @@ AC_CHECK_ALIGNOF(uint64_t)
22 ALIGNOF_UINT64_T="$ac_cv_alignof_uint64_t"
23 AC_SUBST(ALIGNOF_UINT64_T)
24
25-AC_CHECK_HEADERS([openssl/blowfish.h openssl/des.h openssl/cast.h openssl/aes.h],,
26-[enable_openssl=no
27- break])
28+if test "x$enable_openssl" = "xyes"; then
29+ AC_CHECK_HEADERS([openssl/blowfish.h openssl/des.h openssl/cast.h openssl/aes.h],,
30+ [enable_openssl=no
31+ break])
32+fi
33
34 LSH_FUNC_ALLOCA
35 LSH_FUNC_STRERROR
36--
371.9.1
38
diff --git a/recipes-support/nettle/nettle.inc b/recipes-support/nettle/nettle.inc
new file mode 100644
index 0000000..af51fb6
--- /dev/null
+++ b/recipes-support/nettle/nettle.inc
@@ -0,0 +1,37 @@
1SUMMARY = "A low level cryptographic library"
2HOMEPAGE = "http://www.lysator.liu.se/~nisse/nettle/"
3SECTION = "libs"
4
5DEPENDS += "gmp"
6
7SRC_URI = "http://www.lysator.liu.se/~nisse/archive/${BP}.tar.gz \
8 file://Add-target-to-only-build-tests-not-run-them.patch \
9 file://run-ptest \
10 "
11
12UPSTREAM_CHECK_REGEX = "nettle-(?P<pver>\d+(\.\d+)+)\.tar"
13
14inherit autotools ptest
15
16EXTRA_OECONF = "--disable-openssl"
17
18do_configure_prepend() {
19 if [ ! -e ${S}/acinclude.m4 -a -e ${S}/aclocal.m4 ]; then
20 cp ${S}/aclocal.m4 ${S}/acinclude.m4
21 fi
22}
23
24do_compile_ptest() {
25 oe_runmake buildtest
26}
27
28do_install_ptest() {
29 install -d ${D}${PTEST_PATH}/testsuite/
30 install ${S}/testsuite/gold-bug.txt ${D}${PTEST_PATH}/testsuite/
31 install ${S}/testsuite/*-test ${D}${PTEST_PATH}/testsuite/
32 # tools can be found in PATH, not in ../tools/
33 sed -i -e 's|../tools/||' ${D}${PTEST_PATH}/testsuite/*-test
34 install ${B}/testsuite/*-test ${D}${PTEST_PATH}/testsuite/
35}
36
37BBCLASSEXTEND = "native nativesdk"
diff --git a/recipes-support/nettle/nettle_2.7.1.bb b/recipes-support/nettle/nettle_2.7.1.bb
new file mode 100644
index 0000000..2006146
--- /dev/null
+++ b/recipes-support/nettle/nettle_2.7.1.bb
@@ -0,0 +1,19 @@
1require nettle.inc
2
3LICENSE = "LGPLv2.1+ & GPLv2"
4LICENSE_${PN} = "LGPLv2.1+"
5
6LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=2d5025d4aa3495befef8f17206a5b0a1 \
7 file://serpent-decrypt.c;beginline=53;endline=67;md5=bcfd4745d53ca57f82907089898e390d \
8 file://serpent-set-key.c;beginline=56;endline=70;md5=bcfd4745d53ca57f82907089898e390d"
9
10SRC_URI[md5sum] = "003d5147911317931dd453520eb234a5"
11SRC_URI[sha256sum] = "bc71ebd43435537d767799e414fce88e521b7278d48c860651216e1fc6555b40"
12
13SRC_URI += "\
14 file://CVE-2015-8803_8805.patch \
15 file://CVE-2015-8804.patch \
16 file://check-header-files-of-openssl-only-if-enable_.patch \
17 "
18
19DISABLE_STATIC = ""