summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArmin Kuster <akuster@mvista.com>2016-02-05 08:37:29 -0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-02-07 22:55:24 +0000
commit3e8a07b90185b391ec6002fb8d27175a5d90423b (patch)
tree2cb2152242dcf5040bd9707d90740370ffef8494
parent5ffc3267e70cd591596dcce7aebdfc5cf9961e1b (diff)
downloadpoky-3e8a07b90185b391ec6002fb8d27175a5d90423b.tar.gz
nettle: Security fix CVE-2015-8803 and CVE-2015-8805
(From OE-Core rev: f62eb452244c3124cc88ef01c14116dac43f377a) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-support/nettle/nettle-3.1.1/CVE-2015-8803_8805.patch71
-rw-r--r--meta/recipes-support/nettle/nettle_3.1.1.bb4
2 files changed, 75 insertions, 0 deletions
diff --git a/meta/recipes-support/nettle/nettle-3.1.1/CVE-2015-8803_8805.patch b/meta/recipes-support/nettle/nettle-3.1.1/CVE-2015-8803_8805.patch
new file mode 100644
index 0000000000..b4ff228f6c
--- /dev/null
+++ b/meta/recipes-support/nettle/nettle-3.1.1/CVE-2015-8803_8805.patch
@@ -0,0 +1,71 @@
1Upstream-Status: Backport
2https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e4550137209e3ce4d
3
4CVE: CVE-2015-8803
5CVE: CVE-2015-8805
6
7Same fix for both.
8
9Signed-off-by: Armin Kuster <akuster@mvista.com>
10
11Index: nettle-3.1.1/ecc-256.c
12===================================================================
13--- nettle-3.1.1.orig/ecc-256.c
14+++ nettle-3.1.1/ecc-256.c
15@@ -113,8 +113,19 @@ ecc_256_modp (const struct ecc_modulo *p
16
17 assert (q2 < 2);
18
19- /* We multiply by two low limbs of p, 2^96 - 1, so we could use
20- shifts rather than mul. */
21+ /*
22+ n-1 n-2 n-3 n-4
23+ +---+---+---+---+
24+ | u1| u0| u low |
25+ +---+---+---+---+
26+ - | q1(2^96-1)|
27+ +-------+---+
28+ |q2(2^.)|
29+ +-------+
30+
31+ We multiply by two low limbs of p, 2^96 - 1, so we could use
32+ shifts rather than mul.
33+ */
34 t = mpn_submul_1 (rp + n - 4, p->m, 2, q1);
35 t += cnd_sub_n (q2, rp + n - 3, p->m, 1);
36 t += (-q2) & 0xffffffff;
37@@ -124,7 +135,10 @@ ecc_256_modp (const struct ecc_modulo *p
38 u0 -= t;
39 t = (u1 < cy);
40 u1 -= cy;
41- u1 += cnd_add_n (t, rp + n - 4, p->m, 3);
42+
43+ cy = cnd_add_n (t, rp + n - 4, p->m, 2);
44+ u0 += cy;
45+ u1 += (u0 < cy);
46 u1 -= (-t) & 0xffffffff;
47 }
48 rp[2] = u0;
49@@ -211,7 +225,7 @@ ecc_256_modq (const struct ecc_modulo *q
50
51 /* Conditional add of p */
52 u1 += t;
53- u2 += (t<<32) + (u0 < t);
54+ u2 += (t<<32) + (u1 < t);
55
56 t = cnd_add_n (t, rp + n - 4, q->m, 2);
57 u1 += t;
58Index: nettle-3.1.1/ChangeLog
59===================================================================
60--- nettle-3.1.1.orig/ChangeLog
61+++ nettle-3.1.1/ChangeLog
62@@ -1,3 +1,9 @@
63+2015-12-10 Niels Möller <nisse@lysator.liu.se>
64+
65+ * ecc-256.c (ecc_256_modp): Fixed carry propagation bug. Problem
66+ reported by Hanno Böck.
67+ (ecc_256_modq): Fixed another carry propagation bug.
68+
69 2015-04-24 Niels Möller <nisse@lysator.liu.se>
70
71 * Released nettle-3.1.1.
diff --git a/meta/recipes-support/nettle/nettle_3.1.1.bb b/meta/recipes-support/nettle/nettle_3.1.1.bb
index 7d7134f192..1fe34615ca 100644
--- a/meta/recipes-support/nettle/nettle_3.1.1.bb
+++ b/meta/recipes-support/nettle/nettle_3.1.1.bb
@@ -7,5 +7,9 @@ LIC_FILES_CHKSUM = "file://COPYING.LESSERv3;md5=6a6a8e020838b23406c81b19c1d46df6
7 file://serpent-decrypt.c;beginline=14;endline=36;md5=ca0d220bc413e1842ecc507690ce416e \ 7 file://serpent-decrypt.c;beginline=14;endline=36;md5=ca0d220bc413e1842ecc507690ce416e \
8 file://serpent-set-key.c;beginline=14;endline=36;md5=ca0d220bc413e1842ecc507690ce416e" 8 file://serpent-set-key.c;beginline=14;endline=36;md5=ca0d220bc413e1842ecc507690ce416e"
9 9
10SRC_URI += "\
11 file://CVE-2015-8803_8805.patch \
12 "
13
10SRC_URI[md5sum] = "b40fa88dc32f37a182b6b42092ebb144" 14SRC_URI[md5sum] = "b40fa88dc32f37a182b6b42092ebb144"
11SRC_URI[sha256sum] = "5fd4d25d64d8ddcb85d0d897572af73b05b4d163c6cc49438a5bfbb8ff293d4c" 15SRC_URI[sha256sum] = "5fd4d25d64d8ddcb85d0d897572af73b05b4d163c6cc49438a5bfbb8ff293d4c"