diff options
author | Armin Kuster <akuster@mvista.com> | 2016-02-13 09:34:00 -0800 |
---|---|---|
committer | Joshua Lock <joshua.g.lock@intel.com> | 2016-02-29 15:05:16 +0000 |
commit | 88ba5ea3f3a421ac91d670e450f4b0645a53d733 (patch) | |
tree | 728b9b0149c161441c736a799418f217e00a074d /meta/recipes-support/libgcrypt/files/CVE-2015-7511_2.patch | |
parent | bed289a9ac39fb9b613e3075d5a062b24c59c956 (diff) | |
download | openembedded-core-contrib-88ba5ea3f3a421ac91d670e450f4b0645a53d733.tar.gz |
libgcrypt: Security fix CVE-2015-7511
CVE-2015-7511 libgcrypt: side-channel attack on ECDH with Weierstrass curves
affects libgcrypt < 1.6.5
adjust SRC_URI + for this version.
Patch 1 is a dependancy patch. simple macro name change.
Patch 2 is the cve fix.
(From OE-Core master rev: c691ce99bd2d249d6fdc4ad58300719488fea12c)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Diffstat (limited to 'meta/recipes-support/libgcrypt/files/CVE-2015-7511_2.patch')
-rw-r--r-- | meta/recipes-support/libgcrypt/files/CVE-2015-7511_2.patch | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/meta/recipes-support/libgcrypt/files/CVE-2015-7511_2.patch b/meta/recipes-support/libgcrypt/files/CVE-2015-7511_2.patch new file mode 100644 index 0000000000..8093a18cf3 --- /dev/null +++ b/meta/recipes-support/libgcrypt/files/CVE-2015-7511_2.patch @@ -0,0 +1,55 @@ +From 88e1358962e902ff1cbec8d53ba3eee46407851a Mon Sep 17 00:00:00 2001 +From: NIIBE Yutaka <gniibe@fsij.org> +Date: Wed, 25 Nov 2015 12:46:19 +0900 +Subject: [PATCH] ecc: Constant-time multiplication for Weierstrass curve. + +* mpi/ec.c (_gcry_mpi_ec_mul_point): Use simple left-to-right binary +method for Weierstrass curve when SCALAR is secure. + +Upstream-Status: Backport + +http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=88e1358962e902ff1cbec8d53ba3eee46407851a + +CVE: CVE-2015-7511 fix +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + mpi/ec.c | 19 +++++++++++++++---- + 1 file changed, 15 insertions(+), 4 deletions(-) + +Index: libgcrypt-1.6.3/mpi/ec.c +=================================================================== +--- libgcrypt-1.6.3.orig/mpi/ec.c ++++ libgcrypt-1.6.3/mpi/ec.c +@@ -1106,16 +1106,27 @@ _gcry_mpi_ec_mul_point (mpi_point_t resu + unsigned int i, loops; + mpi_point_struct p1, p2, p1inv; + +- if (ctx->model == MPI_EC_EDWARDS) ++ if (ctx->model == MPI_EC_EDWARDS ++ || (ctx->model == MPI_EC_WEIERSTRASS ++ && mpi_is_secure (scalar))) + { + /* Simple left to right binary method. GECC Algorithm 3.27 */ + unsigned int nbits; + int j; + + nbits = mpi_get_nbits (scalar); +- mpi_set_ui (result->x, 0); +- mpi_set_ui (result->y, 1); +- mpi_set_ui (result->z, 1); ++ if (ctx->model == MPI_EC_WEIERSTRASS) ++ { ++ mpi_set_ui (result->x, 1); ++ mpi_set_ui (result->y, 1); ++ mpi_set_ui (result->z, 0); ++ } ++ else ++ { ++ mpi_set_ui (result->x, 0); ++ mpi_set_ui (result->y, 1); ++ mpi_set_ui (result->z, 1); ++ } + + if (mpi_is_secure (scalar)) + { |