libgcrypt: Security fix CVE-2015-7511

CVE-2015-7511 libgcrypt: side-channel attack on ECDH with Weierstrass curves affects libgcrypt < 1.6.5 adjust SRC_URI + for this version. Patch 1 is a dependancy patch. simple macro name change. Patch 2 is the cve fix. (From OE-Core master rev: c691ce99bd2d249d6fdc4ad58300719488fea12c) (From OE-Core rev: 88ba5ea3f3a421ac91d670e450f4b0645a53d733) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Armin Kuster <akuster@mvista.com> 2016-02-13 09:34:00 -0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-03-03 11:11:40 +0000
commit: d25973e203b8298005389983bf17f613c940c40e (patch)
tree: c4c01eac73f17ebf2a6697162aa0ff28a38cea60 /meta/recipes-support/libgcrypt/files/CVE-2015-7511_2.patch
parent: e1a2fb6e857c0d15c12324be64654ff0a314cc57 (diff)
download: poky-d25973e203b8298005389983bf17f613c940c40e.tar.gz
1 files changed, 55 insertions, 0 deletions
diff --git a/meta/recipes-support/libgcrypt/files/CVE-2015-7511_2.patch b/meta/recipes-support/libgcrypt/files/CVE-2015-7511_2.patch
new file mode 100644
index 0000000000..8093a18cf3
--- /dev/null
+++ b/meta/recipes-support/libgcrypt/files/CVE-2015-7511_2.patch
@@ -0,0 +1,55 @@
+From 88e1358962e902ff1cbec8d53ba3eee46407851a Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Wed, 25 Nov 2015 12:46:19 +0900
+Subject: [PATCH] ecc: Constant-time multiplication for Weierstrass curve.
+* mpi/ec.c (_gcry_mpi_ec_mul_point): Use simple left-to-right binary
+method for Weierstrass curve when SCALAR is secure.
+Upstream-Status: Backport
+http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=88e1358962e902ff1cbec8d53ba3eee46407851a
+CVE: CVE-2015-7511 fix
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ mpi/ec.c | 19 +++++++++++++++----
+ 1 file changed, 15 insertions(+), 4 deletions(-)
+Index: libgcrypt-1.6.3/mpi/ec.c
+===================================================================
+--- libgcrypt-1.6.3.orig/mpi/ec.c
+++ libgcrypt-1.6.3/mpi/ec.c
+@@ -1106,16 +1106,27 @@ _gcry_mpi_ec_mul_point (mpi_point_t resu
+   unsigned int i, loops;
+   mpi_point_struct p1, p2, p1inv;
+ 
+-  if (ctx->model == MPI_EC_EDWARDS)
+  if (ctx->model == MPI_EC_EDWARDS
+      || (ctx->model == MPI_EC_WEIERSTRASS
+          && mpi_is_secure (scalar)))
+     {
+       /* Simple left to right binary method.  GECC Algorithm 3.27 */
+       unsigned int nbits;
+       int j;
+ 
+       nbits = mpi_get_nbits (scalar);
+-      mpi_set_ui (result->x, 0);
+-      mpi_set_ui (result->y, 1);
+-      mpi_set_ui (result->z, 1);
+      if (ctx->model == MPI_EC_WEIERSTRASS)
+        {
+          mpi_set_ui (result->x, 1);
+          mpi_set_ui (result->y, 1);
+          mpi_set_ui (result->z, 0);
+        }
+      else
+        {
+          mpi_set_ui (result->x, 0);
+          mpi_set_ui (result->y, 1);
+          mpi_set_ui (result->z, 1);
+        }
+ 
+       if (mpi_is_secure (scalar))
+         {
author	Armin Kuster <akuster@mvista.com>	2016-02-13 09:34:00 -0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2016-03-03 11:11:40 +0000
commit	d25973e203b8298005389983bf17f613c940c40e (patch)
tree	c4c01eac73f17ebf2a6697162aa0ff28a38cea60 /meta/recipes-support/libgcrypt/files/CVE-2015-7511_2.patch
parent	e1a2fb6e857c0d15c12324be64654ff0a314cc57 (diff)
download	poky-d25973e203b8298005389983bf17f613c940c40e.tar.gz

diff --git a/meta/recipes-support/libgcrypt/files/CVE-2015-7511_2.patch b/meta/recipes-support/libgcrypt/files/CVE-2015-7511_2.patch new file mode 100644 index 0000000000..8093a18cf3 --- /dev/null +++ b/meta/recipes-support/libgcrypt/files/CVE-2015-7511_2.patch
@@ -0,0 +1,55 @@
	1	From 88e1358962e902ff1cbec8d53ba3eee46407851a Mon Sep 17 00:00:00 2001
	2	From: NIIBE Yutaka <gniibe@fsij.org>
	3	Date: Wed, 25 Nov 2015 12:46:19 +0900
	4	Subject: [PATCH] ecc: Constant-time multiplication for Weierstrass curve.
	5
	6	* mpi/ec.c (_gcry_mpi_ec_mul_point): Use simple left-to-right binary
	7	method for Weierstrass curve when SCALAR is secure.
	8
	9	Upstream-Status: Backport
	10
	11	http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=88e1358962e902ff1cbec8d53ba3eee46407851a
	12
	13	CVE: CVE-2015-7511 fix
	14	Signed-off-by: Armin Kuster <akuster@mvista.com>
	15
	16	---
	17	mpi/ec.c \| 19 +++++++++++++++----
	18	1 file changed, 15 insertions(+), 4 deletions(-)
	19
	20	Index: libgcrypt-1.6.3/mpi/ec.c
	21	===================================================================
	22	--- libgcrypt-1.6.3.orig/mpi/ec.c
	23	+++ libgcrypt-1.6.3/mpi/ec.c
	24	@@ -1106,16 +1106,27 @@ _gcry_mpi_ec_mul_point (mpi_point_t resu
	25	unsigned int i, loops;
	26	mpi_point_struct p1, p2, p1inv;
	27
	28	- if (ctx->model == MPI_EC_EDWARDS)
	29	+ if (ctx->model == MPI_EC_EDWARDS
	30	+ \|\| (ctx->model == MPI_EC_WEIERSTRASS
	31	+ && mpi_is_secure (scalar)))
	32	{
	33	/* Simple left to right binary method. GECC Algorithm 3.27 */
	34	unsigned int nbits;
	35	int j;
	36
	37	nbits = mpi_get_nbits (scalar);
	38	- mpi_set_ui (result->x, 0);
	39	- mpi_set_ui (result->y, 1);
	40	- mpi_set_ui (result->z, 1);
	41	+ if (ctx->model == MPI_EC_WEIERSTRASS)
	42	+ {
	43	+ mpi_set_ui (result->x, 1);
	44	+ mpi_set_ui (result->y, 1);
	45	+ mpi_set_ui (result->z, 0);
	46	+ }
	47	+ else
	48	+ {
	49	+ mpi_set_ui (result->x, 0);
	50	+ mpi_set_ui (result->y, 1);
	51	+ mpi_set_ui (result->z, 1);
	52	+ }
	53
	54	if (mpi_is_secure (scalar))
	55	{