openssl: fix for CVE-2015-3193

(From OE-Core rev: 4d9006b1217ee7e97108f36db19aebd93e1d9850) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Armin Kuster <akuster@mvista.com> 2015-12-07 16:55:52 -0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-01-14 15:18:27 +0000
commit: 7dcaa840ff03b4aef774b35ae4d5e64b0b540142 (patch)
tree: c03f9e35850642f57cf44f7bc2753b0c48994117
parent: 435139b2a90f765b898c074c0dfa34a0208962fa (diff)
download: poky-7dcaa840ff03b4aef774b35ae4d5e64b0b540142.tar.gz
2 files changed, 102 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch
new file mode 100644
index 0000000000..125016a23a
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch
@@ -0,0 +1,101 @@
+From d73cc256c8e256c32ed959456101b73ba9842f72 Mon Sep 17 00:00:00 2001
+From: Andy Polyakov <appro@openssl.org>
+Date: Tue, 1 Dec 2015 09:00:32 +0100
+Subject: [PATCH] bn/asm/x86_64-mont5.pl: fix carry propagating bug
+ (CVE-2015-3193).
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+(cherry picked from commit e7c078db57908cbf16074c68034977565ffaf107)
+Upstream-Status: Backport
+This patch was imported from 
+https://git.openssl.org/?p=openssl.git;a=commit;h=d73cc256c8e256c32ed959456101b73ba9842f72
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ crypto/bn/asm/x86_64-mont5.pl | 22 +++++++++++++++++++---
+ crypto/bn/bntest.c            | 18 ++++++++++++++++++
+ 2 files changed, 37 insertions(+), 3 deletions(-)
+Index: openssl-1.0.2d/crypto/bn/asm/x86_64-mont5.pl
+===================================================================
+--- openssl-1.0.2d.orig/crypto/bn/asm/x86_64-mont5.pl
+++ openssl-1.0.2d/crypto/bn/asm/x86_64-mont5.pl
+@@ -1779,6 +1779,15 @@ sqr8x_reduction:
+ .align 32
+ .L8x_tail_done:
+        add     (%rdx),%r8              # can this overflow?
+       adc     \$0,%r9
+       adc     \$0,%r10
+       adc     \$0,%r11
+       adc     \$0,%r12
+       adc     \$0,%r13
+       adc     \$0,%r14
+       adc     \$0,%r15                # can't overflow, because we
+                                       # started with "overhung" part
+                                       # of multiplication
+        xor     %rax,%rax
+ 
+        neg     $carry
+@@ -3125,6 +3134,15 @@ sqrx8x_reduction:
+ .align 32
+ .Lsqrx8x_tail_done:
+        add     24+8(%rsp),%r8          # can this overflow?
+       adc     \$0,%r9
+       adc     \$0,%r10
+       adc     \$0,%r11
+       adc     \$0,%r12
+       adc     \$0,%r13
+       adc     \$0,%r14
+       adc     \$0,%r15                # can't overflow, because we
+                                       # started with "overhung" part
+                                       # of multiplication
+        mov     $carry,%rax             # xor   %rax,%rax
+ 
+        sub     16+8(%rsp),$carry       # mov 16(%rsp),%cf
+@@ -3168,13 +3186,11 @@ my ($rptr,$nptr)=("%rdx","%rbp");
+ my @ri=map("%r$_",(10..13));
+ my @ni=map("%r$_",(14..15));
+ $code.=<<___;
+-       xor     %rbx,%rbx
+       xor     %ebx,%ebx
+        sub     %r15,%rsi               # compare top-most words
+        adc     %rbx,%rbx
+        mov     %rcx,%r10               # -$num
+-       .byte   0x67
+        or      %rbx,%rax
+-       .byte   0x67
+        mov     %rcx,%r9                # -$num
+        xor     \$1,%rax
+        sar     \$3+2,%rcx              # cf=0
+Index: openssl-1.0.2d/crypto/bn/bntest.c
+===================================================================
+--- openssl-1.0.2d.orig/crypto/bn/bntest.c
+++ openssl-1.0.2d/crypto/bn/bntest.c
+@@ -1027,6 +1027,24 @@ int test_mod_exp_mont_consttime(BIO *bp,
+             return 0;
+         }
+     }
+
+    /* Regression test for carry propagation bug in sqr8x_reduction */
+    BN_hex2bn(&a, "050505050505");
+    BN_hex2bn(&b, "02");
+    BN_hex2bn(&c,
+        "4141414141414141414141274141414141414141414141414141414141414141"
+        "4141414141414141414141414141414141414141414141414141414141414141"
+        "4141414141414141414141800000000000000000000000000000000000000000"
+        "0000000000000000000000000000000000000000000000000000000000000000"
+        "0000000000000000000000000000000000000000000000000000000000000000"
+        "0000000000000000000000000000000000000000000000000000000001");
+    BN_mod_exp(d, a, b, c, ctx);
+    BN_mul(e, a, a, ctx);
+    if (BN_cmp(d, e)) {
+        fprintf(stderr, "BN_mod_exp and BN_mul produce different results!\n");
+        return 0;
+    }
+
+     BN_free(a);
+     BN_free(b);
+     BN_free(c);
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
index 659e0bd49e..b5ec133016 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
@@ -37,6 +37,7 @@ SRC_URI += "file://configure-targets.patch \
            file://crypto_use_bigint_in_x86-64_perl.patch \
            file://openssl-1.0.2a-x32-asm.patch \
            file://ptest_makefile_deps.patch  \
+            file://CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch \
           "
 SRC_URI[md5sum] = "38dd619b2e77cbac69b99f52a053d25a"
author	Armin Kuster <akuster@mvista.com>	2015-12-07 16:55:52 -0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2016-01-14 15:18:27 +0000
commit	7dcaa840ff03b4aef774b35ae4d5e64b0b540142 (patch)
tree	c03f9e35850642f57cf44f7bc2753b0c48994117
parent	435139b2a90f765b898c074c0dfa34a0208962fa (diff)
download	poky-7dcaa840ff03b4aef774b35ae4d5e64b0b540142.tar.gz

diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch new file mode 100644 index 0000000000..125016a23a --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch
@@ -0,0 +1,101 @@
		1	From d73cc256c8e256c32ed959456101b73ba9842f72 Mon Sep 17 00:00:00 2001
		2	From: Andy Polyakov <appro@openssl.org>
		3	Date: Tue, 1 Dec 2015 09:00:32 +0100
		4	Subject: [PATCH] bn/asm/x86_64-mont5.pl: fix carry propagating bug
		5	(CVE-2015-3193).
		6
		7	Reviewed-by: Richard Levitte <levitte@openssl.org>
		8	(cherry picked from commit e7c078db57908cbf16074c68034977565ffaf107)
		9
		10	Upstream-Status: Backport
		11
		12	This patch was imported from
		13	https://git.openssl.org/?p=openssl.git;a=commit;h=d73cc256c8e256c32ed959456101b73ba9842f72
		14
		15	Signed-off-by: Armin Kuster <akuster@mvista.com>
		16
		17	---
		18	crypto/bn/asm/x86_64-mont5.pl \| 22 +++++++++++++++++++---
		19	crypto/bn/bntest.c \| 18 ++++++++++++++++++
		20	2 files changed, 37 insertions(+), 3 deletions(-)
		21
		22	Index: openssl-1.0.2d/crypto/bn/asm/x86_64-mont5.pl
		23	===================================================================
		24	--- openssl-1.0.2d.orig/crypto/bn/asm/x86_64-mont5.pl
		25	+++ openssl-1.0.2d/crypto/bn/asm/x86_64-mont5.pl
		26	@@ -1779,6 +1779,15 @@ sqr8x_reduction:
		27	.align 32
		28	.L8x_tail_done:
		29	add (%rdx),%r8 # can this overflow?
		30	+ adc \$0,%r9
		31	+ adc \$0,%r10
		32	+ adc \$0,%r11
		33	+ adc \$0,%r12
		34	+ adc \$0,%r13
		35	+ adc \$0,%r14
		36	+ adc \$0,%r15 # can't overflow, because we
		37	+ # started with "overhung" part
		38	+ # of multiplication
		39	xor %rax,%rax
		40
		41	neg $carry
		42	@@ -3125,6 +3134,15 @@ sqrx8x_reduction:
		43	.align 32
		44	.Lsqrx8x_tail_done:
		45	add 24+8(%rsp),%r8 # can this overflow?
		46	+ adc \$0,%r9
		47	+ adc \$0,%r10
		48	+ adc \$0,%r11
		49	+ adc \$0,%r12
		50	+ adc \$0,%r13
		51	+ adc \$0,%r14
		52	+ adc \$0,%r15 # can't overflow, because we
		53	+ # started with "overhung" part
		54	+ # of multiplication
		55	mov $carry,%rax # xor %rax,%rax
		56
		57	sub 16+8(%rsp),$carry # mov 16(%rsp),%cf
		58	@@ -3168,13 +3186,11 @@ my ($rptr,$nptr)=("%rdx","%rbp");
		59	my @ri=map("%r$_",(10..13));
		60	my @ni=map("%r$_",(14..15));
		61	$code.=<<___;
		62	- xor %rbx,%rbx
		63	+ xor %ebx,%ebx
		64	sub %r15,%rsi # compare top-most words
		65	adc %rbx,%rbx
		66	mov %rcx,%r10 # -$num
		67	- .byte 0x67
		68	or %rbx,%rax
		69	- .byte 0x67
		70	mov %rcx,%r9 # -$num
		71	xor \$1,%rax
		72	sar \$3+2,%rcx # cf=0
		73	Index: openssl-1.0.2d/crypto/bn/bntest.c
		74	===================================================================
		75	--- openssl-1.0.2d.orig/crypto/bn/bntest.c
		76	+++ openssl-1.0.2d/crypto/bn/bntest.c
		77	@@ -1027,6 +1027,24 @@ int test_mod_exp_mont_consttime(BIO *bp,
		78	return 0;
		79	}
		80	}
		81	+
		82	+ /* Regression test for carry propagation bug in sqr8x_reduction */
		83	+ BN_hex2bn(&a, "050505050505");
		84	+ BN_hex2bn(&b, "02");
		85	+ BN_hex2bn(&c,
		86	+ "4141414141414141414141274141414141414141414141414141414141414141"
		87	+ "4141414141414141414141414141414141414141414141414141414141414141"
		88	+ "4141414141414141414141800000000000000000000000000000000000000000"
		89	+ "0000000000000000000000000000000000000000000000000000000000000000"
		90	+ "0000000000000000000000000000000000000000000000000000000000000000"
		91	+ "0000000000000000000000000000000000000000000000000000000001");
		92	+ BN_mod_exp(d, a, b, c, ctx);
		93	+ BN_mul(e, a, a, ctx);
		94	+ if (BN_cmp(d, e)) {
		95	+ fprintf(stderr, "BN_mod_exp and BN_mul produce different results!\n");
		96	+ return 0;
		97	+ }
		98	+
		99	BN_free(a);
		100	BN_free(b);
		101	BN_free(c);


diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb index 659e0bd49e..b5ec133016 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
@@ -37,6 +37,7 @@ SRC_URI += "file://configure-targets.patch \
37	file://crypto_use_bigint_in_x86-64_perl.patch \	37	file://crypto_use_bigint_in_x86-64_perl.patch \
38	file://openssl-1.0.2a-x32-asm.patch \	38	file://openssl-1.0.2a-x32-asm.patch \
39	file://ptest_makefile_deps.patch \	39	file://ptest_makefile_deps.patch \
		40	file://CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch \
40	"	41	"
41		42
42	SRC_URI[md5sum] = "38dd619b2e77cbac69b99f52a053d25a"	43	SRC_URI[md5sum] = "38dd619b2e77cbac69b99f52a053d25a"