From 9c136695f9507dd54e2741e310fc157c04a28270 Mon Sep 17 00:00:00 2001 From: Jussi Laako Date: Fri, 15 Sep 2017 15:02:59 +0300 Subject: libgcrypt: update from version 1.8.0 to 1.8.1 Update libgcrypt version from 1.8.0 to 1.8.1. (From OE-Core rev: b26d1dc8767cd0a34da47a8eb3ab001cc86cd8cc) Signed-off-by: Jussi Laako Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- .../0005-ecc-Add-input-validation-for-X25519.patch | 158 --------------------- meta/recipes-support/libgcrypt/libgcrypt_1.8.0.bb | 55 ------- meta/recipes-support/libgcrypt/libgcrypt_1.8.1.bb | 53 +++++++ 3 files changed, 53 insertions(+), 213 deletions(-) delete mode 100644 meta/recipes-support/libgcrypt/files/0005-ecc-Add-input-validation-for-X25519.patch delete mode 100644 meta/recipes-support/libgcrypt/libgcrypt_1.8.0.bb create mode 100644 meta/recipes-support/libgcrypt/libgcrypt_1.8.1.bb (limited to 'meta/recipes-support/libgcrypt') diff --git a/meta/recipes-support/libgcrypt/files/0005-ecc-Add-input-validation-for-X25519.patch b/meta/recipes-support/libgcrypt/files/0005-ecc-Add-input-validation-for-X25519.patch deleted file mode 100644 index 66fdd740b5..0000000000 --- a/meta/recipes-support/libgcrypt/files/0005-ecc-Add-input-validation-for-X25519.patch +++ /dev/null @@ -1,158 +0,0 @@ -From ef570e3d2773c12126e7d3fcdc4db9ef80a5e214 Mon Sep 17 00:00:00 2001 -From: NIIBE Yutaka -Date: Fri, 25 Aug 2017 18:13:28 +0900 -Subject: [PATCH] ecc: Add input validation for X25519. - -* cipher/ecc.c (ecc_decrypt_raw): Add input validation. -* mpi/ec.c (ec_p_init): Use scratch buffer for bad points. -(_gcry_mpi_ec_bad_point): New. - --- - -Following is the paper describing the attack: - - May the Fourth Be With You: A Microarchitectural Side Channel Attack - on Real-World Applications of Curve25519 - by Daniel Genkin, Luke Valenta, and Yuval Yarom - -In the current implementation, we do output checking and it results an -error for those bad points. However, when attacked, the computation -will done with leak of private key, even it will results errors. To -mitigate leak, we added input validation. - -Note that we only list bad points with MSB=0. By X25519, MSB is -always cleared. - -In future, we should implement constant-time field computation. Then, -this input validation could be removed, if performance is important -and we are sure for no leak. - -CVE-id: CVE-2017-0379 -Signed-off-by: NIIBE Yutaka - -Upstream-Status: Backport -CVE: CVE-2017-0379 -Signed-off-by: Hongxu Jia ---- - cipher/ecc.c | 17 +++++++++++++++-- - mpi/ec.c | 51 ++++++++++++++++++++++++++++++++++++++++++++++++--- - src/mpi.h | 1 + - 3 files changed, 64 insertions(+), 5 deletions(-) - -diff --git a/cipher/ecc.c b/cipher/ecc.c -index e25bf09..4e3e5b1 100644 ---- a/cipher/ecc.c -+++ b/cipher/ecc.c -@@ -1628,9 +1628,22 @@ ecc_decrypt_raw (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) - if (DBG_CIPHER) - log_printpnt ("ecc_decrypt kG", &kG, NULL); - -- if (!(flags & PUBKEY_FLAG_DJB_TWEAK) -+ if ((flags & PUBKEY_FLAG_DJB_TWEAK)) -+ { - /* For X25519, by its definition, validation should not be done. */ -- && !_gcry_mpi_ec_curve_point (&kG, ec)) -+ /* (Instead, we do output check.) -+ * -+ * However, to mitigate secret key leak from our implementation, -+ * we also do input validation here. For constant-time -+ * implementation, we can remove this input validation. -+ */ -+ if (_gcry_mpi_ec_bad_point (&kG, ec)) -+ { -+ rc = GPG_ERR_INV_DATA; -+ goto leave; -+ } -+ } -+ else if (!_gcry_mpi_ec_curve_point (&kG, ec)) - { - rc = GPG_ERR_INV_DATA; - goto leave; -diff --git a/mpi/ec.c b/mpi/ec.c -index a0f7357..4c16603 100644 ---- a/mpi/ec.c -+++ b/mpi/ec.c -@@ -396,6 +396,29 @@ ec_get_two_inv_p (mpi_ec_t ec) - } - - -+static const char *curve25519_bad_points[] = { -+ "0x0000000000000000000000000000000000000000000000000000000000000000", -+ "0x0000000000000000000000000000000000000000000000000000000000000001", -+ "0x00b8495f16056286fdb1329ceb8d09da6ac49ff1fae35616aeb8413b7c7aebe0", -+ "0x57119fd0dd4e22d8868e1c58c45c44045bef839c55b1d0b1248c50a3bc959c5f", -+ "0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffec", -+ "0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed", -+ "0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffee", -+ NULL -+}; -+ -+static gcry_mpi_t -+scanval (const char *string) -+{ -+ gpg_err_code_t rc; -+ gcry_mpi_t val; -+ -+ rc = _gcry_mpi_scan (&val, GCRYMPI_FMT_HEX, string, 0, NULL); -+ if (rc) -+ log_fatal ("scanning ECC parameter failed: %s\n", gpg_strerror (rc)); -+ return val; -+} -+ - - /* This function initialized a context for elliptic curve based on the - field GF(p). P is the prime specifying this field, A is the first -@@ -434,9 +457,17 @@ ec_p_init (mpi_ec_t ctx, enum gcry_mpi_ec_models model, - - _gcry_mpi_ec_get_reset (ctx); - -- /* Allocate scratch variables. */ -- for (i=0; i< DIM(ctx->t.scratch); i++) -- ctx->t.scratch[i] = mpi_alloc_like (ctx->p); -+ if (model == MPI_EC_MONTGOMERY) -+ { -+ for (i=0; i< DIM(ctx->t.scratch) && curve25519_bad_points[i]; i++) -+ ctx->t.scratch[i] = scanval (curve25519_bad_points[i]); -+ } -+ else -+ { -+ /* Allocate scratch variables. */ -+ for (i=0; i< DIM(ctx->t.scratch); i++) -+ ctx->t.scratch[i] = mpi_alloc_like (ctx->p); -+ } - - /* Prepare for fast reduction. */ - /* FIXME: need a test for NIST values. However it does not gain us -@@ -1572,3 +1603,17 @@ _gcry_mpi_ec_curve_point (gcry_mpi_point_t point, mpi_ec_t ctx) - - return res; - } -+ -+ -+int -+_gcry_mpi_ec_bad_point (gcry_mpi_point_t point, mpi_ec_t ctx) -+{ -+ int i; -+ gcry_mpi_t x_bad; -+ -+ for (i = 0; (x_bad = ctx->t.scratch[i]); i++) -+ if (!mpi_cmp (point->x, x_bad)) -+ return 1; -+ -+ return 0; -+} -diff --git a/src/mpi.h b/src/mpi.h -index b5385b5..aeba7f8 100644 ---- a/src/mpi.h -+++ b/src/mpi.h -@@ -296,6 +296,7 @@ void _gcry_mpi_ec_mul_point (mpi_point_t result, - gcry_mpi_t scalar, mpi_point_t point, - mpi_ec_t ctx); - int _gcry_mpi_ec_curve_point (gcry_mpi_point_t point, mpi_ec_t ctx); -+int _gcry_mpi_ec_bad_point (gcry_mpi_point_t point, mpi_ec_t ctx); - - gcry_mpi_t _gcry_mpi_ec_ec2os (gcry_mpi_point_t point, mpi_ec_t ectx); - --- -1.8.3.1 - diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.8.0.bb b/meta/recipes-support/libgcrypt/libgcrypt_1.8.0.bb deleted file mode 100644 index 02982f03c6..0000000000 --- a/meta/recipes-support/libgcrypt/libgcrypt_1.8.0.bb +++ /dev/null @@ -1,55 +0,0 @@ -SUMMARY = "General purpose cryptographic library based on the code from GnuPG" -HOMEPAGE = "http://directory.fsf.org/project/libgcrypt/" -BUGTRACKER = "https://bugs.g10code.com/gnupg/index" -SECTION = "libs" - -# helper program gcryptrnd and getrandom are under GPL, rest LGPL -LICENSE = "GPLv2+ & LGPLv2.1+ & GPLv3+" -LICENSE_${PN} = "LGPLv2.1+" -LICENSE_${PN}-dev = "GPLv2+ & LGPLv2.1+" -LICENSE_dumpsexp-dev = "GPLv3+" - -LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \ - file://COPYING.LIB;md5=bbb461211a33b134d42ed5ee802b37ff" - -DEPENDS = "libgpg-error" - -UPSTREAM_CHECK_URI = "https://gnupg.org/download/index.html" -SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.gz \ - file://0001-Add-and-use-pkg-config-for-libgcrypt-instead-of-conf.patch \ - file://0003-tests-bench-slope.c-workaround-ICE-failure-on-mips-w.patch \ - file://0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch \ - file://0004-tests-Makefile.am-fix-undefined-reference-to-pthread.patch \ - file://0005-ecc-Add-input-validation-for-X25519.patch \ - file://0006-Fix-building-AArch32-CE-implementations-when-target-.patch \ -" -SRC_URI[md5sum] = "110ce4352f9ea6f560bdc6c5644ae93c" -SRC_URI[sha256sum] = "f6e470b7f2d3a703e8747f05a8c19d9e10e26ebf2d5f3d71ff75a40f504e12ee" - -BINCONFIG = "${bindir}/libgcrypt-config" - -inherit autotools texinfo binconfig-disabled pkgconfig - -EXTRA_OECONF = "--disable-asm" -EXTRA_OEMAKE_class-target = "LIBTOOLFLAGS='--tag=CC'" - -PACKAGECONFIG ??= "capabilities" -PACKAGECONFIG[capabilities] = "--with-capabilities,--without-capabilities,libcap" - -do_configure_prepend () { - # Else this could be used in preference to the one in aclocal-copy - rm -f ${S}/m4/gpg-error.m4 -} - -# libgcrypt.pc is added locally and thus installed here -do_install_append() { - install -d ${D}/${libdir}/pkgconfig - install -m 0644 ${B}/src/libgcrypt.pc ${D}/${libdir}/pkgconfig/ -} - -PACKAGES =+ "dumpsexp-dev" - -FILES_${PN}-dev += "${bindir}/hmac256" -FILES_dumpsexp-dev += "${bindir}/dumpsexp" - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.8.1.bb b/meta/recipes-support/libgcrypt/libgcrypt_1.8.1.bb new file mode 100644 index 0000000000..5bd815ae55 --- /dev/null +++ b/meta/recipes-support/libgcrypt/libgcrypt_1.8.1.bb @@ -0,0 +1,53 @@ +SUMMARY = "General purpose cryptographic library based on the code from GnuPG" +HOMEPAGE = "http://directory.fsf.org/project/libgcrypt/" +BUGTRACKER = "https://bugs.g10code.com/gnupg/index" +SECTION = "libs" + +# helper program gcryptrnd and getrandom are under GPL, rest LGPL +LICENSE = "GPLv2+ & LGPLv2.1+ & GPLv3+" +LICENSE_${PN} = "LGPLv2.1+" +LICENSE_${PN}-dev = "GPLv2+ & LGPLv2.1+" +LICENSE_dumpsexp-dev = "GPLv3+" + +LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \ + file://COPYING.LIB;md5=bbb461211a33b134d42ed5ee802b37ff" + +DEPENDS = "libgpg-error" + +UPSTREAM_CHECK_URI = "https://gnupg.org/download/index.html" +SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \ + file://0001-Add-and-use-pkg-config-for-libgcrypt-instead-of-conf.patch \ + file://0003-tests-bench-slope.c-workaround-ICE-failure-on-mips-w.patch \ + file://0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch \ + file://0004-tests-Makefile.am-fix-undefined-reference-to-pthread.patch \ +" +SRC_URI[md5sum] = "b21817f9d850064d2177285f1073ec55" +SRC_URI[sha256sum] = "7a2875f8b1ae0301732e878c0cca2c9664ff09ef71408f085c50e332656a78b3" + +BINCONFIG = "${bindir}/libgcrypt-config" + +inherit autotools texinfo binconfig-disabled pkgconfig + +EXTRA_OECONF = "--disable-asm" +EXTRA_OEMAKE_class-target = "LIBTOOLFLAGS='--tag=CC'" + +PACKAGECONFIG ??= "capabilities" +PACKAGECONFIG[capabilities] = "--with-capabilities,--without-capabilities,libcap" + +do_configure_prepend () { + # Else this could be used in preference to the one in aclocal-copy + rm -f ${S}/m4/gpg-error.m4 +} + +# libgcrypt.pc is added locally and thus installed here +do_install_append() { + install -d ${D}/${libdir}/pkgconfig + install -m 0644 ${B}/src/libgcrypt.pc ${D}/${libdir}/pkgconfig/ +} + +PACKAGES =+ "dumpsexp-dev" + +FILES_${PN}-dev += "${bindir}/hmac256" +FILES_dumpsexp-dev += "${bindir}/dumpsexp" + +BBCLASSEXTEND = "native nativesdk" -- cgit v1.2.3-54-g00ecf