diff options
author | Yi Zhao <yi.zhao@windriver.com> | 2016-11-16 18:07:33 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-11-23 11:10:14 +0000 |
commit | 25078834f701fca21399a3c64c3a9720ada30858 (patch) | |
tree | 8001ffdadab10b5fa95a342eb9509c508dab9f16 /meta/recipes-connectivity/openssl | |
parent | f3c9e66e8dbf70ca46fc375616a3a666ccce7cf4 (diff) | |
download | poky-25078834f701fca21399a3c64c3a9720ada30858.tar.gz |
openssl: Security fix CVE-2016-7055
There is a carry propagating bug in the Broadwell-specific Montgomery
multiplication procedure that handles input lengths divisible by, but
longer than 256 bits.
External References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7055
https://www.openssl.org/news/secadv/20161110.txt
Patch from:
https://github.com/openssl/openssl/commit/57c4b9f6a2f800b41ce2836986fe33640f6c3f8a
(From OE-Core rev: 07cfa9e2bceb07f3baf40681f8c57f4d3da0aee5)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/openssl')
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl/CVE-2016-7055.patch | 43 | ||||
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl_1.0.2j.bb | 1 |
2 files changed, 44 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-7055.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-7055.patch new file mode 100644 index 0000000000..83a74cdacb --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/CVE-2016-7055.patch | |||
@@ -0,0 +1,43 @@ | |||
1 | From 57c4b9f6a2f800b41ce2836986fe33640f6c3f8a Mon Sep 17 00:00:00 2001 | ||
2 | From: Andy Polyakov <appro@openssl.org> | ||
3 | Date: Sun, 6 Nov 2016 18:33:17 +0100 | ||
4 | Subject: [PATCH] bn/asm/x86_64-mont.pl: fix for CVE-2016-7055 (Low severity). | ||
5 | |||
6 | Reviewed-by: Rich Salz <rsalz@openssl.org> | ||
7 | (cherry picked from commit 2fac86d9abeaa643677d1ffd0a139239fdf9406a) | ||
8 | |||
9 | Upstream-Status: Backport [https://github.com/openssl/openssl/commit/57c4b9f6a2f800b41ce2836986fe33640f6c3f8a] | ||
10 | CVE: CVE-2016-7055 | ||
11 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> | ||
12 | --- | ||
13 | crypto/bn/asm/x86_64-mont.pl | 5 ++--- | ||
14 | 1 file changed, 2 insertions(+), 3 deletions(-) | ||
15 | |||
16 | diff --git a/crypto/bn/asm/x86_64-mont.pl b/crypto/bn/asm/x86_64-mont.pl | ||
17 | index 044fd7e..80492d8 100755 | ||
18 | --- a/crypto/bn/asm/x86_64-mont.pl | ||
19 | +++ b/crypto/bn/asm/x86_64-mont.pl | ||
20 | @@ -1148,18 +1148,17 @@ $code.=<<___; | ||
21 | mulx 2*8($aptr),%r15,%r13 # ... | ||
22 | adox -3*8($tptr),%r11 | ||
23 | adcx %r15,%r12 | ||
24 | - adox $zero,%r12 | ||
25 | + adox -2*8($tptr),%r12 | ||
26 | adcx $zero,%r13 | ||
27 | + adox $zero,%r13 | ||
28 | |||
29 | mov $bptr,8(%rsp) # off-load &b[i] | ||
30 | - .byte 0x67 | ||
31 | mov $mi,%r15 | ||
32 | imulq 24(%rsp),$mi # "t[0]"*n0 | ||
33 | xor %ebp,%ebp # xor $zero,$zero # cf=0, of=0 | ||
34 | |||
35 | mulx 3*8($aptr),%rax,%r14 | ||
36 | mov $mi,%rdx | ||
37 | - adox -2*8($tptr),%r12 | ||
38 | adcx %rax,%r13 | ||
39 | adox -1*8($tptr),%r13 | ||
40 | adcx $zero,%r14 | ||
41 | -- | ||
42 | 2.7.4 | ||
43 | |||
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2j.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2j.bb index 257e3cfc4b..f2aca36eca 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.0.2j.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2j.bb | |||
@@ -40,6 +40,7 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \ | |||
40 | file://configure-musl-target.patch \ | 40 | file://configure-musl-target.patch \ |
41 | file://parallel.patch \ | 41 | file://parallel.patch \ |
42 | file://openssl-util-perlpath.pl-cwd.patch \ | 42 | file://openssl-util-perlpath.pl-cwd.patch \ |
43 | file://CVE-2016-7055.patch \ | ||
43 | " | 44 | " |
44 | SRC_URI[md5sum] = "96322138f0b69e61b7212bc53d5e912b" | 45 | SRC_URI[md5sum] = "96322138f0b69e61b7212bc53d5e912b" |
45 | SRC_URI[sha256sum] = "e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431" | 46 | SRC_URI[sha256sum] = "e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431" |