nettle: Security fix CVE-2015-8803 and CVE-2015-8805

(From OE-Core rev: f62eb452244c3124cc88ef01c14116dac43f377a) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Armin Kuster <akuster@mvista.com> 2016-02-05 08:37:29 -0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-02-07 22:55:24 +0000
commit: 3e8a07b90185b391ec6002fb8d27175a5d90423b (patch)
tree: 2cb2152242dcf5040bd9707d90740370ffef8494
parent: 5ffc3267e70cd591596dcce7aebdfc5cf9961e1b (diff)
download: poky-3e8a07b90185b391ec6002fb8d27175a5d90423b.tar.gz
2 files changed, 75 insertions, 0 deletions
diff --git a/meta/recipes-support/nettle/nettle-3.1.1/CVE-2015-8803_8805.patch b/meta/recipes-support/nettle/nettle-3.1.1/CVE-2015-8803_8805.patch
new file mode 100644
index 0000000000..b4ff228f6c
--- /dev/null
+++ b/meta/recipes-support/nettle/nettle-3.1.1/CVE-2015-8803_8805.patch
@@ -0,0 +1,71 @@
+Upstream-Status: Backport
+https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e4550137209e3ce4d
+CVE: CVE-2015-8803
+CVE: CVE-2015-8805
+Same fix for both.
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+Index: nettle-3.1.1/ecc-256.c
+===================================================================
+--- nettle-3.1.1.orig/ecc-256.c
+++ nettle-3.1.1/ecc-256.c
+@@ -113,8 +113,19 @@ ecc_256_modp (const struct ecc_modulo *p
+ 
+       assert (q2 < 2);
+ 
+-      /* We multiply by two low limbs of p, 2^96 - 1, so we could use
+-        shifts rather than mul. */
+      /*
+        n-1 n-2 n-3 n-4
+        +---+---+---+---+
+        | u1| u0| u low |
+        +---+---+---+---+
+          - | q1(2^96-1)|
+            +-------+---+
+            |q2(2^.)|
+            +-------+
+
+        We multiply by two low limbs of p, 2^96 - 1, so we could use
+        shifts rather than mul.
+      */
+       t = mpn_submul_1 (rp + n - 4, p->m, 2, q1);
+       t += cnd_sub_n (q2, rp + n - 3, p->m, 1);
+       t += (-q2) & 0xffffffff;
+@@ -124,7 +135,10 @@ ecc_256_modp (const struct ecc_modulo *p
+       u0 -= t;
+       t = (u1 < cy);
+       u1 -= cy;
+-      u1 += cnd_add_n (t, rp + n - 4, p->m, 3);
+
+      cy = cnd_add_n (t, rp + n - 4, p->m, 2);
+      u0 += cy;
+      u1 += (u0 < cy);
+       u1 -= (-t) & 0xffffffff;
+     }
+   rp[2] = u0;
+@@ -211,7 +225,7 @@ ecc_256_modq (const struct ecc_modulo *q
+ 
+       /* Conditional add of p */
+       u1 += t;
+-      u2 += (t<<32) + (u0 < t);
+      u2 += (t<<32) + (u1 < t);
+ 
+       t = cnd_add_n (t, rp + n - 4, q->m, 2);
+       u1 += t;
+Index: nettle-3.1.1/ChangeLog
+===================================================================
+--- nettle-3.1.1.orig/ChangeLog
+++ nettle-3.1.1/ChangeLog
+@@ -1,3 +1,9 @@
+2015-12-10  Niels Möller  <nisse@lysator.liu.se>
+
+   * ecc-256.c (ecc_256_modp): Fixed carry propagation bug. Problem
+   reported by Hanno Böck.
+   (ecc_256_modq): Fixed another carry propagation bug.
+
+ 2015-04-24  Niels Möller  <nisse@lysator.liu.se>
+ 
+        * Released nettle-3.1.1.
diff --git a/meta/recipes-support/nettle/nettle_3.1.1.bb b/meta/recipes-support/nettle/nettle_3.1.1.bb
index 7d7134f192..1fe34615ca 100644
--- a/meta/recipes-support/nettle/nettle_3.1.1.bb
+++ b/meta/recipes-support/nettle/nettle_3.1.1.bb
@@ -7,5 +7,9 @@ LIC_FILES_CHKSUM = "file://COPYING.LESSERv3;md5=6a6a8e020838b23406c81b19c1d46df6
                    file://serpent-decrypt.c;beginline=14;endline=36;md5=ca0d220bc413e1842ecc507690ce416e \
                    file://serpent-set-key.c;beginline=14;endline=36;md5=ca0d220bc413e1842ecc507690ce416e"
+SRC_URI += "\
+            file://CVE-2015-8803_8805.patch \
+            "
 SRC_URI[md5sum] = "b40fa88dc32f37a182b6b42092ebb144"
 SRC_URI[sha256sum] = "5fd4d25d64d8ddcb85d0d897572af73b05b4d163c6cc49438a5bfbb8ff293d4c"
author	Armin Kuster <akuster@mvista.com>	2016-02-05 08:37:29 -0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2016-02-07 22:55:24 +0000
commit	3e8a07b90185b391ec6002fb8d27175a5d90423b (patch)
tree	2cb2152242dcf5040bd9707d90740370ffef8494
parent	5ffc3267e70cd591596dcce7aebdfc5cf9961e1b (diff)
download	poky-3e8a07b90185b391ec6002fb8d27175a5d90423b.tar.gz

diff --git a/meta/recipes-support/nettle/nettle-3.1.1/CVE-2015-8803_8805.patch b/meta/recipes-support/nettle/nettle-3.1.1/CVE-2015-8803_8805.patch new file mode 100644 index 0000000000..b4ff228f6c --- /dev/null +++ b/meta/recipes-support/nettle/nettle-3.1.1/CVE-2015-8803_8805.patch
@@ -0,0 +1,71 @@
		1	Upstream-Status: Backport
		2	https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e4550137209e3ce4d
		3
		4	CVE: CVE-2015-8803
		5	CVE: CVE-2015-8805
		6
		7	Same fix for both.
		8
		9	Signed-off-by: Armin Kuster <akuster@mvista.com>
		10
		11	Index: nettle-3.1.1/ecc-256.c
		12	===================================================================
		13	--- nettle-3.1.1.orig/ecc-256.c
		14	+++ nettle-3.1.1/ecc-256.c
		15	@@ -113,8 +113,19 @@ ecc_256_modp (const struct ecc_modulo *p
		16
		17	assert (q2 < 2);
		18
		19	- /* We multiply by two low limbs of p, 2^96 - 1, so we could use
		20	- shifts rather than mul. */
		21	+ /*
		22	+ n-1 n-2 n-3 n-4
		23	+ +---+---+---+---+
		24	+ \| u1\| u0\| u low \|
		25	+ +---+---+---+---+
		26	+ - \| q1(2^96-1)\|
		27	+ +-------+---+
		28	+ \|q2(2^.)\|
		29	+ +-------+
		30	+
		31	+ We multiply by two low limbs of p, 2^96 - 1, so we could use
		32	+ shifts rather than mul.
		33	+ */
		34	t = mpn_submul_1 (rp + n - 4, p->m, 2, q1);
		35	t += cnd_sub_n (q2, rp + n - 3, p->m, 1);
		36	t += (-q2) & 0xffffffff;
		37	@@ -124,7 +135,10 @@ ecc_256_modp (const struct ecc_modulo *p
		38	u0 -= t;
		39	t = (u1 < cy);
		40	u1 -= cy;
		41	- u1 += cnd_add_n (t, rp + n - 4, p->m, 3);
		42	+
		43	+ cy = cnd_add_n (t, rp + n - 4, p->m, 2);
		44	+ u0 += cy;
		45	+ u1 += (u0 < cy);
		46	u1 -= (-t) & 0xffffffff;
		47	}
		48	rp[2] = u0;
		49	@@ -211,7 +225,7 @@ ecc_256_modq (const struct ecc_modulo *q
		50
		51	/* Conditional add of p */
		52	u1 += t;
		53	- u2 += (t<<32) + (u0 < t);
		54	+ u2 += (t<<32) + (u1 < t);
		55
		56	t = cnd_add_n (t, rp + n - 4, q->m, 2);
		57	u1 += t;
		58	Index: nettle-3.1.1/ChangeLog
		59	===================================================================
		60	--- nettle-3.1.1.orig/ChangeLog
		61	+++ nettle-3.1.1/ChangeLog
		62	@@ -1,3 +1,9 @@
		63	+2015-12-10 Niels Möller <nisse@lysator.liu.se>
		64	+
		65	+ * ecc-256.c (ecc_256_modp): Fixed carry propagation bug. Problem
		66	+ reported by Hanno Böck.
		67	+ (ecc_256_modq): Fixed another carry propagation bug.
		68	+
		69	2015-04-24 Niels Möller <nisse@lysator.liu.se>
		70
		71	* Released nettle-3.1.1.


diff --git a/meta/recipes-support/nettle/nettle_3.1.1.bb b/meta/recipes-support/nettle/nettle_3.1.1.bb index 7d7134f192..1fe34615ca 100644 --- a/meta/recipes-support/nettle/nettle_3.1.1.bb +++ b/meta/recipes-support/nettle/nettle_3.1.1.bb
@@ -7,5 +7,9 @@ LIC_FILES_CHKSUM = "file://COPYING.LESSERv3;md5=6a6a8e020838b23406c81b19c1d46df6
7	file://serpent-decrypt.c;beginline=14;endline=36;md5=ca0d220bc413e1842ecc507690ce416e \	7	file://serpent-decrypt.c;beginline=14;endline=36;md5=ca0d220bc413e1842ecc507690ce416e \
8	file://serpent-set-key.c;beginline=14;endline=36;md5=ca0d220bc413e1842ecc507690ce416e"	8	file://serpent-set-key.c;beginline=14;endline=36;md5=ca0d220bc413e1842ecc507690ce416e"
9		9
		10	SRC_URI += "\
		11	file://CVE-2015-8803_8805.patch \
		12	"
		13
10	SRC_URI[md5sum] = "b40fa88dc32f37a182b6b42092ebb144"	14	SRC_URI[md5sum] = "b40fa88dc32f37a182b6b42092ebb144"
11	SRC_URI[sha256sum] = "5fd4d25d64d8ddcb85d0d897572af73b05b4d163c6cc49438a5bfbb8ff293d4c"	15	SRC_URI[sha256sum] = "5fd4d25d64d8ddcb85d0d897572af73b05b4d163c6cc49438a5bfbb8ff293d4c"