[oe-commits] [openembedded-core] 04/06: nettle: Security fix CVE-2015-8803 and CVE-2015-8805
git at git.openembedded.org
git at git.openembedded.org
Thu Mar 10 10:00:46 UTC 2016
rpurdie pushed a commit to branch master-next
in repository openembedded-core.
commit 4ef94c1b962a1fc886368b4614e64b177e782bb9
Author: Armin Kuster <akuster at mvista.com>
AuthorDate: Fri Feb 5 08:37:29 2016 -0800
nettle: Security fix CVE-2015-8803 and CVE-2015-8805
(From OE-Core master rev: f62eb452244c3124cc88ef01c14116dac43f377a)
hand applied changes for ecc-256.c
(From OE-Core rev: cb03397ac97bfa99df6b72c80e1e03214e059e6e)
Signed-off-by: Armin Kuster <akuster at mvista.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster at mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock at intel.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
Signed-off-by: Ross Burton <ross.burton at intel.com>
---
.../nettle/nettle-2.7.1/CVE-2015-8803_8805.patch | 71 ++++++++++++++++++++++
meta/recipes-support/nettle/nettle_2.7.1.bb | 3 +
2 files changed, 74 insertions(+)
diff --git a/meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8803_8805.patch b/meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8803_8805.patch
new file mode 100644
index 0000000..1c4b9a9
--- /dev/null
+++ b/meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8803_8805.patch
@@ -0,0 +1,71 @@
+Upstream-Status: Backport
+https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e4550137209e3ce4d
+
+CVE: CVE-2015-8803
+CVE: CVE-2015-8805
+
+Same fix for both.
+
+Signed-off-by: Armin Kuster <akuster at mvista.com>
+
+Index: nettle-2.7.1/ecc-256.c
+===================================================================
+--- nettle-2.7.1.orig/ecc-256.c
++++ nettle-2.7.1/ecc-256.c
+@@ -96,9 +96,19 @@ ecc_256_modp (const struct ecc_curve *ec
+ q2 += t + (q1 < t);
+
+ assert (q2 < 2);
++ /*
++ n-1 n-2 n-3 n-4
++ +---+---+---+---+
++ | u1| u0| u low |
++ +---+---+---+---+
++ - | q1(2^96-1)|
++ +-------+---+
++ |q2(2^.)|
++ +-------+
+
+- /* We multiply by two low limbs of p, 2^96 - 1, so we could use
+- shifts rather than mul. */
++ We multiply by two low limbs of p, 2^96 - 1, so we could use
++ shifts rather than mul.
++ */
+ t = mpn_submul_1 (rp + n - 4, ecc->p, 2, q1);
+ t += cnd_sub_n (q2, rp + n - 3, ecc->p, 1);
+ t += (-q2) & 0xffffffff;
+@@ -108,7 +118,10 @@ ecc_256_modp (const struct ecc_curve *ec
+ u0 -= t;
+ t = (u1 < cy);
+ u1 -= cy;
+- u1 += cnd_add_n (t, rp + n - 4, ecc->p, 3);
++
++ cy = cnd_add_n (t, rp + n - 4, p->m, 2);
++ u0 += cy;
++ u1 += (u0 < cy);
+ u1 -= (-t) & 0xffffffff;
+ }
+ rp[2] = u0;
+@@ -195,7 +208,7 @@ ecc_256_modq (const struct ecc_curve *ec
+
+ /* Conditional add of p */
+ u1 += t;
+- u2 += (t<<32) + (u0 < t);
++ u2 += (t<<32) + (u1 < t);
+
+ t = cnd_add_n (t, rp + n - 4, ecc->q, 2);
+ u1 += t;
+Index: nettle-2.7.1/ChangeLog
+===================================================================
+--- nettle-2.7.1.orig/ChangeLog
++++ nettle-2.7.1/ChangeLog
+@@ -1,3 +1,9 @@
++2015-12-10 Niels Möller <nisse at lysator.liu.se>
++
++ * ecc-256.c (ecc_256_modp): Fixed carry propagation bug. Problem
++ reported by Hanno Böck.
++ (ecc_256_modq): Fixed another carry propagation bug.
++
+ 2013-05-28 Niels Möller <nisse at lysator.liu.se>
+
+ * Released nettle-2.7.1.
diff --git a/meta/recipes-support/nettle/nettle_2.7.1.bb b/meta/recipes-support/nettle/nettle_2.7.1.bb
index ae2574a..74b2ee2 100644
--- a/meta/recipes-support/nettle/nettle_2.7.1.bb
+++ b/meta/recipes-support/nettle/nettle_2.7.1.bb
@@ -10,3 +10,6 @@ LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=2d5025d4aa3495befef8f17206a5b0a1 \
SRC_URI[md5sum] = "003d5147911317931dd453520eb234a5"
SRC_URI[sha256sum] = "bc71ebd43435537d767799e414fce88e521b7278d48c860651216e1fc6555b40"
+SRC_URI += "\
+ file://CVE-2015-8803_8805.patch \
+ "
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list