1 files changed, 0 insertions, 154 deletions
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch
deleted file mode 100644
index 5dcde1f9cb..0000000000
--- a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch
+++ /dev/null
@@ -1,154 +0,0 @@
-Upstream-Status: Backport
-CVE: CVE-2013-4576
-Index: gnupg-1.4.7/cipher/dsa.c
-===================================================================
--- gnupg-1.4.7.orig/cipher/dsa.c       2006-12-12 02:27:21.000000000 +0800
-+++ gnupg-1.4.7/cipher/dsa.c    2014-01-23 11:30:17.300915919 +0800
-@@ -287,6 +287,8 @@
-     MPI kinv;
-     MPI tmp;
- 
-+    mpi_normalize (hash);
-+
-     /* select a random k with 0 < k < q */
-     k = gen_k( skey->q );
- 
-Index: gnupg-1.4.7/cipher/elgamal.c
-===================================================================
--- gnupg-1.4.7.orig/cipher/elgamal.c   2006-12-12 03:08:05.000000000 +0800
-+++ gnupg-1.4.7/cipher/elgamal.c        2014-01-23 11:30:17.300915919 +0800
-@@ -376,6 +376,9 @@
- {
-     MPI t1 = mpi_alloc_secure( mpi_get_nlimbs( skey->p ) );
- 
-+    mpi_normalize (a);
-+    mpi_normalize (b);
-+
-     /* output = b/(a^x) mod p */
-     mpi_powm( t1, a, skey->x, skey->p );
-     mpi_invm( t1, t1, skey->p );
-Index: gnupg-1.4.7/cipher/random.c
-===================================================================
--- gnupg-1.4.7.orig/cipher/random.c    2006-11-03 18:09:39.000000000 +0800
-+++ gnupg-1.4.7/cipher/random.c 2014-01-23 11:31:53.993495462 +0800
-@@ -273,6 +273,18 @@
- }
- 
- 
-+/* Randomize the MPI */ 
-+void
-+randomize_mpi (MPI mpi, size_t nbits, int level)
-+{
-+  unsigned char *buffer;
-+
-+  buffer = get_random_bits (nbits, level, mpi_is_secure (mpi));
-+  mpi_set_buffer (mpi, buffer, (nbits+7)/8, 0);
-+  xfree (buffer);
-+}
-+
-+
- int
- random_is_faked()
- {
-Index: gnupg-1.4.7/cipher/random.h
-===================================================================
--- gnupg-1.4.7.orig/cipher/random.h    2006-02-09 19:29:29.000000000 +0800
-+++ gnupg-1.4.7/cipher/random.h 2014-01-23 11:30:17.300915919 +0800
-@@ -32,6 +32,7 @@
- int  random_is_faked(void);
- void random_disable_locking (void);
- void randomize_buffer( byte *buffer, size_t length, int level );
-+void randomize_mpi (MPI mpi, size_t nbits, int level);
- byte *get_random_bits( size_t nbits, int level, int secure );
- void fast_random_poll( void );
- 
-Index: gnupg-1.4.7/cipher/rsa.c
-===================================================================
--- gnupg-1.4.7.orig/cipher/rsa.c       2006-12-12 03:09:00.000000000 +0800
-+++ gnupg-1.4.7/cipher/rsa.c    2014-01-23 11:35:04.330639125 +0800
-@@ -301,9 +301,26 @@
- #if 0
-     mpi_powm( output, input, skey->d, skey->n );
- #else
-    MPI m1   = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
-    MPI m2   = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
-    MPI h    = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
-+    int nlimbs = mpi_get_nlimbs (skey->n)+1;
-+    MPI m1   = mpi_alloc_secure (nlimbs);
-+    MPI m2   = mpi_alloc_secure (nlimbs);
-+    MPI h    = mpi_alloc_secure (nlimbs);
-+# if 1
-+    MPI bdata= mpi_alloc_secure (nlimbs);
-+    MPI r    = mpi_alloc_secure (nlimbs);
-+# endif
-+
-+    /* Remove superfluous leading zeroes from INPUT.  */
-+    mpi_normalize (input);
-+
-+# if 1 
-+    /* Blind:  bdata = (data * r^e) mod n   */
-+    randomize_mpi (r, mpi_get_nbits (skey->n), 0);
-+    mpi_fdiv_r (r, r, skey->n);
-+    mpi_powm (bdata, r, skey->e, skey->n);
-+    mpi_mulm (bdata, bdata, input, skey->n);
-+    input = bdata;
-+# endif
- 
-     /* m1 = c ^ (d mod (p-1)) mod p */
-     mpi_sub_ui( h, skey->p, 1  );
-@@ -321,8 +338,15 @@
-     /* m = m2 + h * p */
-     mpi_mul ( h, h, skey->p );
-     mpi_add ( output, m1, h );
-    /* ready */
-    
-+
-+# if 1
-+    mpi_free (bdata);
-+    /* Unblind: output = (output * r^(-1)) mod n  */
-+    mpi_invm (r, r, skey->n);
-+    mpi_mulm (output, output, r, skey->n);
-+    mpi_free (r);
-+# endif
-+
-     mpi_free ( h );
-     mpi_free ( m1 );
-     mpi_free ( m2 );
-@@ -397,6 +421,7 @@
- rsa_decrypt( int algo, MPI *result, MPI *data, MPI *skey )
- {
-     RSA_secret_key sk;
-+    MPI input;
- 
-     if( algo != 1 && algo != 2 )
-        return G10ERR_PUBKEY_ALGO;
-@@ -407,8 +432,14 @@
-     sk.p = skey[3];
-     sk.q = skey[4];
-     sk.u = skey[5];
-    *result = mpi_alloc_secure( mpi_get_nlimbs( sk.n ) );
-    secret( *result, data[0], &sk );
-+
-+    /* Mitigates side-channel attacks (CVE-2013-4576).  */
-+    input = mpi_alloc (0);
-+    mpi_normalize (data[0]);
-+    mpi_fdiv_r (input, data[0], sk.n);
-+    *result = mpi_alloc_secure (mpi_get_nlimbs (sk.n));
-+    secret (*result, input, &sk);
-+    mpi_free (input);
-     return 0;
- }
- 
-Index: gnupg-1.4.7/g10/gpgv.c
-===================================================================
--- gnupg-1.4.7.orig/g10/gpgv.c 2006-12-13 19:25:04.000000000 +0800
-+++ gnupg-1.4.7/g10/gpgv.c      2014-01-23 11:30:17.300915919 +0800
-@@ -390,6 +390,7 @@
- void random_dump_stats(void) {}
- int quick_random_gen( int onoff ) { return -1;}
- void randomize_buffer( byte *buffer, size_t length, int level ) {}
-+void randomize_mpi (MPI mpi, size_t nbits, int level) {}
- int random_is_faked() { return -1;}
- byte *get_random_bits( size_t nbits, int level, int secure ) { return NULL;}
- void set_random_seed_file( const char *name ) {}

diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch deleted file mode 100644 index 5dcde1f9cb..0000000000 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch +++ /dev/null
@@ -1,154 +0,0 @@
1	Upstream-Status: Backport
2	CVE: CVE-2013-4576
3
4	Index: gnupg-1.4.7/cipher/dsa.c
5	===================================================================
6	--- gnupg-1.4.7.orig/cipher/dsa.c 2006-12-12 02:27:21.000000000 +0800
7	+++ gnupg-1.4.7/cipher/dsa.c 2014-01-23 11:30:17.300915919 +0800
8	@@ -287,6 +287,8 @@
9	MPI kinv;
10	MPI tmp;
11
12	+ mpi_normalize (hash);
13	+
14	/* select a random k with 0 < k < q */
15	k = gen_k( skey->q );
16
17	Index: gnupg-1.4.7/cipher/elgamal.c
18	===================================================================
19	--- gnupg-1.4.7.orig/cipher/elgamal.c 2006-12-12 03:08:05.000000000 +0800
20	+++ gnupg-1.4.7/cipher/elgamal.c 2014-01-23 11:30:17.300915919 +0800
21	@@ -376,6 +376,9 @@
22	{
23	MPI t1 = mpi_alloc_secure( mpi_get_nlimbs( skey->p ) );
24
25	+ mpi_normalize (a);
26	+ mpi_normalize (b);
27	+
28	/* output = b/(a^x) mod p */
29	mpi_powm( t1, a, skey->x, skey->p );
30	mpi_invm( t1, t1, skey->p );
31	Index: gnupg-1.4.7/cipher/random.c
32	===================================================================
33	--- gnupg-1.4.7.orig/cipher/random.c 2006-11-03 18:09:39.000000000 +0800
34	+++ gnupg-1.4.7/cipher/random.c 2014-01-23 11:31:53.993495462 +0800
35	@@ -273,6 +273,18 @@
36	}
37
38
39	+/* Randomize the MPI */
40	+void
41	+randomize_mpi (MPI mpi, size_t nbits, int level)
42	+{
43	+ unsigned char *buffer;
44	+
45	+ buffer = get_random_bits (nbits, level, mpi_is_secure (mpi));
46	+ mpi_set_buffer (mpi, buffer, (nbits+7)/8, 0);
47	+ xfree (buffer);
48	+}
49	+
50	+
51	int
52	random_is_faked()
53	{
54	Index: gnupg-1.4.7/cipher/random.h
55	===================================================================
56	--- gnupg-1.4.7.orig/cipher/random.h 2006-02-09 19:29:29.000000000 +0800
57	+++ gnupg-1.4.7/cipher/random.h 2014-01-23 11:30:17.300915919 +0800
58	@@ -32,6 +32,7 @@
59	int random_is_faked(void);
60	void random_disable_locking (void);
61	void randomize_buffer( byte *buffer, size_t length, int level );
62	+void randomize_mpi (MPI mpi, size_t nbits, int level);
63	byte *get_random_bits( size_t nbits, int level, int secure );
64	void fast_random_poll( void );
65
66	Index: gnupg-1.4.7/cipher/rsa.c
67	===================================================================
68	--- gnupg-1.4.7.orig/cipher/rsa.c 2006-12-12 03:09:00.000000000 +0800
69	+++ gnupg-1.4.7/cipher/rsa.c 2014-01-23 11:35:04.330639125 +0800
70	@@ -301,9 +301,26 @@
71	#if 0
72	mpi_powm( output, input, skey->d, skey->n );
73	#else
74	- MPI m1 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
75	- MPI m2 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
76	- MPI h = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
77	+ int nlimbs = mpi_get_nlimbs (skey->n)+1;
78	+ MPI m1 = mpi_alloc_secure (nlimbs);
79	+ MPI m2 = mpi_alloc_secure (nlimbs);
80	+ MPI h = mpi_alloc_secure (nlimbs);
81	+# if 1
82	+ MPI bdata= mpi_alloc_secure (nlimbs);
83	+ MPI r = mpi_alloc_secure (nlimbs);
84	+# endif
85	+
86	+ /* Remove superfluous leading zeroes from INPUT. */
87	+ mpi_normalize (input);
88	+
89	+# if 1
90	+ /* Blind: bdata = (data * r^e) mod n */
91	+ randomize_mpi (r, mpi_get_nbits (skey->n), 0);
92	+ mpi_fdiv_r (r, r, skey->n);
93	+ mpi_powm (bdata, r, skey->e, skey->n);
94	+ mpi_mulm (bdata, bdata, input, skey->n);
95	+ input = bdata;
96	+# endif
97
98	/* m1 = c ^ (d mod (p-1)) mod p */
99	mpi_sub_ui( h, skey->p, 1 );
100	@@ -321,8 +338,15 @@
101	/* m = m2 + h * p */
102	mpi_mul ( h, h, skey->p );
103	mpi_add ( output, m1, h );
104	- /* ready */
105	-
106	+
107	+# if 1
108	+ mpi_free (bdata);
109	+ /* Unblind: output = (output * r^(-1)) mod n */
110	+ mpi_invm (r, r, skey->n);
111	+ mpi_mulm (output, output, r, skey->n);
112	+ mpi_free (r);
113	+# endif
114	+
115	mpi_free ( h );
116	mpi_free ( m1 );
117	mpi_free ( m2 );
118	@@ -397,6 +421,7 @@
119	rsa_decrypt( int algo, MPI result, MPI data, MPI *skey )
120	{
121	RSA_secret_key sk;
122	+ MPI input;
123
124	if( algo != 1 && algo != 2 )
125	return G10ERR_PUBKEY_ALGO;
126	@@ -407,8 +432,14 @@
127	sk.p = skey[3];
128	sk.q = skey[4];
129	sk.u = skey[5];
130	- *result = mpi_alloc_secure( mpi_get_nlimbs( sk.n ) );
131	- secret( *result, data[0], &sk );
132	+
133	+ /* Mitigates side-channel attacks (CVE-2013-4576). */
134	+ input = mpi_alloc (0);
135	+ mpi_normalize (data[0]);
136	+ mpi_fdiv_r (input, data[0], sk.n);
137	+ *result = mpi_alloc_secure (mpi_get_nlimbs (sk.n));
138	+ secret (*result, input, &sk);
139	+ mpi_free (input);
140	return 0;
141	}
142
143	Index: gnupg-1.4.7/g10/gpgv.c
144	===================================================================
145	--- gnupg-1.4.7.orig/g10/gpgv.c 2006-12-13 19:25:04.000000000 +0800
146	+++ gnupg-1.4.7/g10/gpgv.c 2014-01-23 11:30:17.300915919 +0800
147	@@ -390,6 +390,7 @@
148	void random_dump_stats(void) {}
149	int quick_random_gen( int onoff ) { return -1;}
150	void randomize_buffer( byte *buffer, size_t length, int level ) {}
151	+void randomize_mpi (MPI mpi, size_t nbits, int level) {}
152	int random_is_faked() { return -1;}
153	byte *get_random_bits( size_t nbits, int level, int secure ) { return NULL;}
154	void set_random_seed_file( const char *name ) {}