diff options
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch | 54 | ||||
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl_1.0.2h.bb | 1 |
2 files changed, 55 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch new file mode 100644 index 0000000000..07b131082e --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch | |||
@@ -0,0 +1,54 @@ | |||
1 | From 621eaf49a289bfac26d4cbcdb7396e796784c534 Mon Sep 17 00:00:00 2001 | ||
2 | From: Cesar Pereida <cesar.pereida@aalto.fi> | ||
3 | Date: Mon, 23 May 2016 12:45:25 +0300 | ||
4 | Subject: [PATCH] Fix DSA, preserve BN_FLG_CONSTTIME | ||
5 | |||
6 | Operations in the DSA signing algorithm should run in constant time in | ||
7 | order to avoid side channel attacks. A flaw in the OpenSSL DSA | ||
8 | implementation means that a non-constant time codepath is followed for | ||
9 | certain operations. This has been demonstrated through a cache-timing | ||
10 | attack to be sufficient for an attacker to recover the private DSA key. | ||
11 | |||
12 | CVE-2016-2178 | ||
13 | |||
14 | Reviewed-by: Richard Levitte <levitte@openssl.org> | ||
15 | Reviewed-by: Matt Caswell <matt@openssl.org> | ||
16 | |||
17 | Upstream-Status: Backport | ||
18 | CVE: CVE-2016-2178 | ||
19 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
20 | |||
21 | --- | ||
22 | crypto/dsa/dsa_ossl.c | 6 +++--- | ||
23 | 1 file changed, 3 insertions(+), 3 deletions(-) | ||
24 | |||
25 | diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c | ||
26 | index efc4f1b..b29eb4b 100644 | ||
27 | --- a/crypto/dsa/dsa_ossl.c | ||
28 | +++ b/crypto/dsa/dsa_ossl.c | ||
29 | @@ -248,9 +248,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, | ||
30 | if (!BN_rand_range(&k, dsa->q)) | ||
31 | goto err; | ||
32 | while (BN_is_zero(&k)) ; | ||
33 | - if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { | ||
34 | - BN_set_flags(&k, BN_FLG_CONSTTIME); | ||
35 | - } | ||
36 | |||
37 | if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { | ||
38 | if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p, | ||
39 | @@ -279,9 +276,12 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, | ||
40 | } | ||
41 | |||
42 | K = &kq; | ||
43 | + | ||
44 | + BN_set_flags(K, BN_FLG_CONSTTIME); | ||
45 | } else { | ||
46 | K = &k; | ||
47 | } | ||
48 | + | ||
49 | DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx, | ||
50 | dsa->method_mont_p); | ||
51 | if (!BN_mod(r, r, dsa->q, ctx)) | ||
52 | -- | ||
53 | 2.7.4 | ||
54 | |||
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb index ae65992b4e..0db19fa214 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb | |||
@@ -38,6 +38,7 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \ | |||
38 | file://ptest_makefile_deps.patch \ | 38 | file://ptest_makefile_deps.patch \ |
39 | file://configure-musl-target.patch \ | 39 | file://configure-musl-target.patch \ |
40 | file://parallel.patch \ | 40 | file://parallel.patch \ |
41 | file://CVE-2016-2178.patch \ | ||
41 | " | 42 | " |
42 | SRC_URI[md5sum] = "9392e65072ce4b614c1392eefc1f23d0" | 43 | SRC_URI[md5sum] = "9392e65072ce4b614c1392eefc1f23d0" |
43 | SRC_URI[sha256sum] = "1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919" | 44 | SRC_URI[sha256sum] = "1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919" |