nettle: Security fix CVE-2015-8803 and CVE-2015-8805
(From OE-Core master rev: f62eb452244c3124cc88ef01c14116dac43f377a) hand applied changes for ecc-256.c (From OE-Core rev: cb03397ac97bfa99df6b72c80e1e03214e059e6e) (From OE-Core rev: e5026f1e3fd069c3421789a179f2310df3796519) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
parent
24aea3a87b
commit
dae57151f8
|
@ -0,0 +1,71 @@
|
|||
Upstream-Status: Backport
|
||||
https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e4550137209e3ce4d
|
||||
|
||||
CVE: CVE-2015-8803
|
||||
CVE: CVE-2015-8805
|
||||
|
||||
Same fix for both.
|
||||
|
||||
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
||||
|
||||
Index: nettle-2.7.1/ecc-256.c
|
||||
===================================================================
|
||||
--- nettle-2.7.1.orig/ecc-256.c
|
||||
+++ nettle-2.7.1/ecc-256.c
|
||||
@@ -96,9 +96,19 @@ ecc_256_modp (const struct ecc_curve *ec
|
||||
q2 += t + (q1 < t);
|
||||
|
||||
assert (q2 < 2);
|
||||
+ /*
|
||||
+ n-1 n-2 n-3 n-4
|
||||
+ +---+---+---+---+
|
||||
+ | u1| u0| u low |
|
||||
+ +---+---+---+---+
|
||||
+ - | q1(2^96-1)|
|
||||
+ +-------+---+
|
||||
+ |q2(2^.)|
|
||||
+ +-------+
|
||||
|
||||
- /* We multiply by two low limbs of p, 2^96 - 1, so we could use
|
||||
- shifts rather than mul. */
|
||||
+ We multiply by two low limbs of p, 2^96 - 1, so we could use
|
||||
+ shifts rather than mul.
|
||||
+ */
|
||||
t = mpn_submul_1 (rp + n - 4, ecc->p, 2, q1);
|
||||
t += cnd_sub_n (q2, rp + n - 3, ecc->p, 1);
|
||||
t += (-q2) & 0xffffffff;
|
||||
@@ -108,7 +118,10 @@ ecc_256_modp (const struct ecc_curve *ec
|
||||
u0 -= t;
|
||||
t = (u1 < cy);
|
||||
u1 -= cy;
|
||||
- u1 += cnd_add_n (t, rp + n - 4, ecc->p, 3);
|
||||
+
|
||||
+ cy = cnd_add_n (t, rp + n - 4, p->m, 2);
|
||||
+ u0 += cy;
|
||||
+ u1 += (u0 < cy);
|
||||
u1 -= (-t) & 0xffffffff;
|
||||
}
|
||||
rp[2] = u0;
|
||||
@@ -195,7 +208,7 @@ ecc_256_modq (const struct ecc_curve *ec
|
||||
|
||||
/* Conditional add of p */
|
||||
u1 += t;
|
||||
- u2 += (t<<32) + (u0 < t);
|
||||
+ u2 += (t<<32) + (u1 < t);
|
||||
|
||||
t = cnd_add_n (t, rp + n - 4, ecc->q, 2);
|
||||
u1 += t;
|
||||
Index: nettle-2.7.1/ChangeLog
|
||||
===================================================================
|
||||
--- nettle-2.7.1.orig/ChangeLog
|
||||
+++ nettle-2.7.1/ChangeLog
|
||||
@@ -1,3 +1,9 @@
|
||||
+2015-12-10 Niels Möller <nisse@lysator.liu.se>
|
||||
+
|
||||
+ * ecc-256.c (ecc_256_modp): Fixed carry propagation bug. Problem
|
||||
+ reported by Hanno Böck.
|
||||
+ (ecc_256_modq): Fixed another carry propagation bug.
|
||||
+
|
||||
2013-05-28 Niels Möller <nisse@lysator.liu.se>
|
||||
|
||||
* Released nettle-2.7.1.
|
|
@ -10,3 +10,6 @@ LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=2d5025d4aa3495befef8f17206a5b0a1 \
|
|||
SRC_URI[md5sum] = "003d5147911317931dd453520eb234a5"
|
||||
SRC_URI[sha256sum] = "bc71ebd43435537d767799e414fce88e521b7278d48c860651216e1fc6555b40"
|
||||
|
||||
SRC_URI += "\
|
||||
file://CVE-2015-8803_8805.patch \
|
||||
"
|
||||
|
|
Loading…
Reference in New Issue