diff options
author | Armin Kuster <akuster@mvista.com> | 2016-02-13 09:34:00 -0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-03-03 11:11:40 +0000 |
commit | d25973e203b8298005389983bf17f613c940c40e (patch) | |
tree | c4c01eac73f17ebf2a6697162aa0ff28a38cea60 /meta/recipes-support/libgcrypt/files/CVE-2015-7511_2.patch | |
parent | e1a2fb6e857c0d15c12324be64654ff0a314cc57 (diff) | |
download | poky-d25973e203b8298005389983bf17f613c940c40e.tar.gz |
libgcrypt: Security fix CVE-2015-7511
CVE-2015-7511 libgcrypt: side-channel attack on ECDH with Weierstrass curves
affects libgcrypt < 1.6.5
adjust SRC_URI + for this version.
Patch 1 is a dependancy patch. simple macro name change.
Patch 2 is the cve fix.
(From OE-Core master rev: c691ce99bd2d249d6fdc4ad58300719488fea12c)
(From OE-Core rev: 88ba5ea3f3a421ac91d670e450f4b0645a53d733)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support/libgcrypt/files/CVE-2015-7511_2.patch')
-rw-r--r-- | meta/recipes-support/libgcrypt/files/CVE-2015-7511_2.patch | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/meta/recipes-support/libgcrypt/files/CVE-2015-7511_2.patch b/meta/recipes-support/libgcrypt/files/CVE-2015-7511_2.patch new file mode 100644 index 0000000000..8093a18cf3 --- /dev/null +++ b/meta/recipes-support/libgcrypt/files/CVE-2015-7511_2.patch | |||
@@ -0,0 +1,55 @@ | |||
1 | From 88e1358962e902ff1cbec8d53ba3eee46407851a Mon Sep 17 00:00:00 2001 | ||
2 | From: NIIBE Yutaka <gniibe@fsij.org> | ||
3 | Date: Wed, 25 Nov 2015 12:46:19 +0900 | ||
4 | Subject: [PATCH] ecc: Constant-time multiplication for Weierstrass curve. | ||
5 | |||
6 | * mpi/ec.c (_gcry_mpi_ec_mul_point): Use simple left-to-right binary | ||
7 | method for Weierstrass curve when SCALAR is secure. | ||
8 | |||
9 | Upstream-Status: Backport | ||
10 | |||
11 | http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=88e1358962e902ff1cbec8d53ba3eee46407851a | ||
12 | |||
13 | CVE: CVE-2015-7511 fix | ||
14 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
15 | |||
16 | --- | ||
17 | mpi/ec.c | 19 +++++++++++++++---- | ||
18 | 1 file changed, 15 insertions(+), 4 deletions(-) | ||
19 | |||
20 | Index: libgcrypt-1.6.3/mpi/ec.c | ||
21 | =================================================================== | ||
22 | --- libgcrypt-1.6.3.orig/mpi/ec.c | ||
23 | +++ libgcrypt-1.6.3/mpi/ec.c | ||
24 | @@ -1106,16 +1106,27 @@ _gcry_mpi_ec_mul_point (mpi_point_t resu | ||
25 | unsigned int i, loops; | ||
26 | mpi_point_struct p1, p2, p1inv; | ||
27 | |||
28 | - if (ctx->model == MPI_EC_EDWARDS) | ||
29 | + if (ctx->model == MPI_EC_EDWARDS | ||
30 | + || (ctx->model == MPI_EC_WEIERSTRASS | ||
31 | + && mpi_is_secure (scalar))) | ||
32 | { | ||
33 | /* Simple left to right binary method. GECC Algorithm 3.27 */ | ||
34 | unsigned int nbits; | ||
35 | int j; | ||
36 | |||
37 | nbits = mpi_get_nbits (scalar); | ||
38 | - mpi_set_ui (result->x, 0); | ||
39 | - mpi_set_ui (result->y, 1); | ||
40 | - mpi_set_ui (result->z, 1); | ||
41 | + if (ctx->model == MPI_EC_WEIERSTRASS) | ||
42 | + { | ||
43 | + mpi_set_ui (result->x, 1); | ||
44 | + mpi_set_ui (result->y, 1); | ||
45 | + mpi_set_ui (result->z, 0); | ||
46 | + } | ||
47 | + else | ||
48 | + { | ||
49 | + mpi_set_ui (result->x, 0); | ||
50 | + mpi_set_ui (result->y, 1); | ||
51 | + mpi_set_ui (result->z, 1); | ||
52 | + } | ||
53 | |||
54 | if (mpi_is_secure (scalar)) | ||
55 | { | ||