diff options
author | Yi Zhao <yi.zhao@windriver.com> | 2019-10-15 15:42:12 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-10-29 09:08:18 +0000 |
commit | 149ad2c3e23dee4b36c60dff2b5aee6aee6a892c (patch) | |
tree | 081bcabde2bb7bfbf49afaa2850d8f0f8513ed87 /meta/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch | |
parent | 6b86b7fd577fca9a7705d5a8dafaab6551225d5b (diff) | |
download | poky-149ad2c3e23dee4b36c60dff2b5aee6aee6a892c.tar.gz |
libgcrypt: fix CVE-2019-12904
In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a
flush-and-reload side-channel attack because physical addresses are
available to other processes. (The C implementation is used on platforms
where an assembly-language implementation is unavailable.)
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2019-12904
Patches from:
https://github.com/gpg/libgcrypt/commit/1374254c2904ab5b18ba4a890856824a102d4705
https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762
https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020
(From OE-Core rev: 757f2d50d7cd194e5f734a24e68d8f0da98b38f8)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 37e390ff05b6a4509019db358ed496731d80cc51)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch')
-rw-r--r-- | meta/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch | 90 |
1 files changed, 90 insertions, 0 deletions
diff --git a/meta/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch b/meta/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch new file mode 100644 index 0000000000..4df96f0011 --- /dev/null +++ b/meta/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch | |||
@@ -0,0 +1,90 @@ | |||
1 | From 1374254c2904ab5b18ba4a890856824a102d4705 Mon Sep 17 00:00:00 2001 | ||
2 | From: Jussi Kivilinna <jussi.kivilinna@iki.fi> | ||
3 | Date: Sat, 27 Apr 2019 19:33:28 +0300 | ||
4 | Subject: [PATCH 1/3] Prefetch GCM look-up tables | ||
5 | |||
6 | * cipher/cipher-gcm.c (prefetch_table, do_prefetch_tables) | ||
7 | (prefetch_tables): New. | ||
8 | (ghash_internal): Call prefetch_tables. | ||
9 | -- | ||
10 | |||
11 | Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> | ||
12 | |||
13 | Upstream-Status: Backport | ||
14 | [https://github.com/gpg/libgcrypt/commit/1374254c2904ab5b18ba4a890856824a102d4705] | ||
15 | |||
16 | CVE: CVE-2019-12904 | ||
17 | |||
18 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> | ||
19 | --- | ||
20 | cipher/cipher-gcm.c | 33 +++++++++++++++++++++++++++++++++ | ||
21 | 1 file changed, 33 insertions(+) | ||
22 | |||
23 | diff --git a/cipher/cipher-gcm.c b/cipher/cipher-gcm.c | ||
24 | index c19f09f..11f119a 100644 | ||
25 | --- a/cipher/cipher-gcm.c | ||
26 | +++ b/cipher/cipher-gcm.c | ||
27 | @@ -118,6 +118,34 @@ static const u16 gcmR[256] = { | ||
28 | 0xbbf0, 0xba32, 0xb874, 0xb9b6, 0xbcf8, 0xbd3a, 0xbf7c, 0xbebe, | ||
29 | }; | ||
30 | |||
31 | +static inline | ||
32 | +void prefetch_table(const void *tab, size_t len) | ||
33 | +{ | ||
34 | + const volatile byte *vtab = tab; | ||
35 | + size_t i; | ||
36 | + | ||
37 | + for (i = 0; i < len; i += 8 * 32) | ||
38 | + { | ||
39 | + (void)vtab[i + 0 * 32]; | ||
40 | + (void)vtab[i + 1 * 32]; | ||
41 | + (void)vtab[i + 2 * 32]; | ||
42 | + (void)vtab[i + 3 * 32]; | ||
43 | + (void)vtab[i + 4 * 32]; | ||
44 | + (void)vtab[i + 5 * 32]; | ||
45 | + (void)vtab[i + 6 * 32]; | ||
46 | + (void)vtab[i + 7 * 32]; | ||
47 | + } | ||
48 | + | ||
49 | + (void)vtab[len - 1]; | ||
50 | +} | ||
51 | + | ||
52 | +static inline void | ||
53 | +do_prefetch_tables (const void *gcmM, size_t gcmM_size) | ||
54 | +{ | ||
55 | + prefetch_table(gcmM, gcmM_size); | ||
56 | + prefetch_table(gcmR, sizeof(gcmR)); | ||
57 | +} | ||
58 | + | ||
59 | #ifdef GCM_TABLES_USE_U64 | ||
60 | static void | ||
61 | bshift (u64 * b0, u64 * b1) | ||
62 | @@ -365,6 +393,8 @@ do_ghash (unsigned char *result, const unsigned char *buf, const u32 *gcmM) | ||
63 | #define fillM(c) \ | ||
64 | do_fillM (c->u_mode.gcm.u_ghash_key.key, c->u_mode.gcm.gcm_table) | ||
65 | #define GHASH(c, result, buf) do_ghash (result, buf, c->u_mode.gcm.gcm_table) | ||
66 | +#define prefetch_tables(c) \ | ||
67 | + do_prefetch_tables(c->u_mode.gcm.gcm_table, sizeof(c->u_mode.gcm.gcm_table)) | ||
68 | |||
69 | #else | ||
70 | |||
71 | @@ -430,6 +460,7 @@ do_ghash (unsigned char *hsub, unsigned char *result, const unsigned char *buf) | ||
72 | |||
73 | #define fillM(c) do { } while (0) | ||
74 | #define GHASH(c, result, buf) do_ghash (c->u_mode.gcm.u_ghash_key.key, result, buf) | ||
75 | +#define prefetch_tables(c) do {} while (0) | ||
76 | |||
77 | #endif /* !GCM_USE_TABLES */ | ||
78 | |||
79 | @@ -441,6 +472,8 @@ ghash_internal (gcry_cipher_hd_t c, byte *result, const byte *buf, | ||
80 | const unsigned int blocksize = GCRY_GCM_BLOCK_LEN; | ||
81 | unsigned int burn = 0; | ||
82 | |||
83 | + prefetch_tables (c); | ||
84 | + | ||
85 | while (nblocks) | ||
86 | { | ||
87 | burn = GHASH (c, result, buf); | ||
88 | -- | ||
89 | 2.7.4 | ||
90 | |||