diff options
Diffstat (limited to 'meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-20305-1.patch')
| -rw-r--r-- | meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-20305-1.patch | 215 |
1 files changed, 215 insertions, 0 deletions
diff --git a/meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-20305-1.patch b/meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-20305-1.patch new file mode 100644 index 0000000000..cfc0f382fa --- /dev/null +++ b/meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-20305-1.patch @@ -0,0 +1,215 @@ +Backport of: + +From a63893791280d441c713293491da97c79c0950fe Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se> +Date: Thu, 11 Mar 2021 19:37:41 +0100 +Subject: [PATCH] New functions ecc_mod_mul_canonical and + ecc_mod_sqr_canonical. + +* ecc-mod-arith.c (ecc_mod_mul_canonical, ecc_mod_sqr_canonical): +New functions. +* ecc-internal.h: Declare and document new functions. +* curve448-eh-to-x.c (curve448_eh_to_x): Use ecc_mod_sqr_canonical. +* curve25519-eh-to-x.c (curve25519_eh_to_x): Use ecc_mod_mul_canonical. +* ecc-eh-to-a.c (ecc_eh_to_a): Likewise. +* ecc-j-to-a.c (ecc_j_to_a): Likewise. +* ecc-mul-m.c (ecc_mul_m): Likewise. + +(cherry picked from commit 2bf497ba4d6acc6f352bca015837fad33008565c) + +Upstream-Status: Backport +https://sources.debian.org/data/main/n/nettle/3.4.1-1%2Bdeb10u1/debian/patches/CVE-2021-20305-1.patch +CVE: CVE-2021-20305 dep1 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + ChangeLog | 11 +++++++++++ + curve25519-eh-to-x.c | 6 +----- + curve448-eh-to-x.c | 5 +---- + ecc-eh-to-a.c | 12 ++---------- + ecc-internal.h | 15 +++++++++++++++ + ecc-j-to-a.c | 15 +++------------ + ecc-mod-arith.c | 24 ++++++++++++++++++++++++ + ecc-mul-m.c | 6 ++---- + 8 files changed, 59 insertions(+), 35 deletions(-) + +#diff --git a/ChangeLog b/ChangeLog +#index fd138d82..5cc5c188 100644 +#--- a/ChangeLog +#+++ b/ChangeLog +#@@ -1,3 +1,14 @@ +#+2021-03-11 Niels Möller <nisse@lysator.liu.se> +#+ +#+ * ecc-mod-arith.c (ecc_mod_mul_canonical, ecc_mod_sqr_canonical): +#+ New functions. +#+ * ecc-internal.h: Declare and document new functions. +#+ * curve448-eh-to-x.c (curve448_eh_to_x): Use ecc_mod_sqr_canonical. +#+ * curve25519-eh-to-x.c (curve25519_eh_to_x): Use ecc_mod_mul_canonical. +#+ * ecc-eh-to-a.c (ecc_eh_to_a): Likewise. +#+ * ecc-j-to-a.c (ecc_j_to_a): Likewise. +#+ * ecc-mul-m.c (ecc_mul_m): Likewise. +#+ +# 2021-02-17 Niels Möller <nisse@lysator.liu.se> +# +# * Released Nettle-3.7.1. +Index: nettle-3.5.1/curve25519-eh-to-x.c +=================================================================== +--- nettle-3.5.1.orig/curve25519-eh-to-x.c ++++ nettle-3.5.1/curve25519-eh-to-x.c +@@ -53,7 +53,6 @@ curve25519_eh_to_x (mp_limb_t *xp, const + #define t2 (scratch + 2*ecc->p.size) + + const struct ecc_curve *ecc = &_nettle_curve25519; +- mp_limb_t cy; + + /* If u = U/W and v = V/W are the coordiantes of the point on the + Edwards curve we get the curve25519 x coordinate as +@@ -69,10 +68,7 @@ curve25519_eh_to_x (mp_limb_t *xp, const + ecc->p.invert (&ecc->p, t1, t0, t2 + ecc->p.size); + + ecc_modp_add (ecc, t0, wp, vp); +- ecc_modp_mul (ecc, t2, t0, t1); +- +- cy = mpn_sub_n (xp, t2, ecc->p.m, ecc->p.size); +- cnd_copy (cy, xp, t2, ecc->p.size); ++ ecc_mod_mul_canonical (&ecc->p, xp, t0, t1, t2); + #undef vp + #undef wp + #undef t0 +Index: nettle-3.5.1/ecc-eh-to-a.c +=================================================================== +--- nettle-3.5.1.orig/ecc-eh-to-a.c ++++ nettle-3.5.1/ecc-eh-to-a.c +@@ -59,9 +59,7 @@ ecc_eh_to_a (const struct ecc_curve *ecc + /* Needs 2*size + scratch for the invert call. */ + ecc->p.invert (&ecc->p, izp, zp, tp + ecc->p.size); + +- ecc_modp_mul (ecc, tp, xp, izp); +- cy = mpn_sub_n (r, tp, ecc->p.m, ecc->p.size); +- cnd_copy (cy, r, tp, ecc->p.size); ++ ecc_mod_mul_canonical (&ecc->p, r, xp, izp, tp); + + if (op) + { +@@ -81,7 +79,5 @@ ecc_eh_to_a (const struct ecc_curve *ecc + } + return; + } +- ecc_modp_mul (ecc, tp, yp, izp); +- cy = mpn_sub_n (r + ecc->p.size, tp, ecc->p.m, ecc->p.size); +- cnd_copy (cy, r + ecc->p.size, tp, ecc->p.size); ++ ecc_mod_mul_canonical (&ecc->p, r + ecc->p.size, yp, izp, tp); + } +Index: nettle-3.5.1/ecc-internal.h +=================================================================== +--- nettle-3.5.1.orig/ecc-internal.h ++++ nettle-3.5.1/ecc-internal.h +@@ -49,6 +49,8 @@ + #define ecc_mod_submul_1 _nettle_ecc_mod_submul_1 + #define ecc_mod_mul _nettle_ecc_mod_mul + #define ecc_mod_sqr _nettle_ecc_mod_sqr ++#define ecc_mod_mul_canonical _nettle_ecc_mod_mul_canonical ++#define ecc_mod_sqr_canonical _nettle_ecc_mod_sqr_canonical + #define ecc_mod_random _nettle_ecc_mod_random + #define ecc_mod _nettle_ecc_mod + #define ecc_mod_inv _nettle_ecc_mod_inv +@@ -263,6 +265,19 @@ ecc_mod_sqr (const struct ecc_modulo *m, + #define ecc_modq_mul(ecc, r, a, b) \ + ecc_mod_mul (&(ecc)->q, (r), (a), (b)) + ++/* These mul and sqr functions produce a canonical result, 0 <= R < M. ++ Requirements on input and output areas are similar to the above ++ functions, except that it is *not* allowed to pass rp = rp + ++ m->size. ++ */ ++void ++ecc_mod_mul_canonical (const struct ecc_modulo *m, mp_limb_t *rp, ++ const mp_limb_t *ap, const mp_limb_t *bp, mp_limb_t *tp); ++ ++void ++ecc_mod_sqr_canonical (const struct ecc_modulo *m, mp_limb_t *rp, ++ const mp_limb_t *ap, mp_limb_t *tp); ++ + /* mod q operations. */ + void + ecc_mod_random (const struct ecc_modulo *m, mp_limb_t *xp, +Index: nettle-3.5.1/ecc-j-to-a.c +=================================================================== +--- nettle-3.5.1.orig/ecc-j-to-a.c ++++ nettle-3.5.1/ecc-j-to-a.c +@@ -51,8 +51,6 @@ ecc_j_to_a (const struct ecc_curve *ecc, + #define izBp (scratch + 3*ecc->p.size) + #define tp scratch + +- mp_limb_t cy; +- + if (ecc->use_redc) + { + /* Set v = (r_z / B^2)^-1, +@@ -86,17 +84,14 @@ ecc_j_to_a (const struct ecc_curve *ecc, + ecc_modp_sqr (ecc, iz2p, izp); + } + +- ecc_modp_mul (ecc, iz3p, iz2p, p); +- /* ecc_modp (and ecc_modp_mul) may return a value up to 2p - 1, so +- do a conditional subtraction. */ +- cy = mpn_sub_n (r, iz3p, ecc->p.m, ecc->p.size); +- cnd_copy (cy, r, iz3p, ecc->p.size); ++ ecc_mod_mul_canonical (&ecc->p, r, iz2p, p, iz3p); + + if (op) + { + /* Skip y coordinate */ + if (op > 1) + { ++ mp_limb_t cy; + /* Also reduce the x coordinate mod ecc->q. It should + already be < 2*ecc->q, so one subtraction should + suffice. */ +@@ -106,10 +101,7 @@ ecc_j_to_a (const struct ecc_curve *ecc, + return; + } + ecc_modp_mul (ecc, iz3p, iz2p, izp); +- ecc_modp_mul (ecc, tp, iz3p, p + ecc->p.size); +- /* And a similar subtraction. */ +- cy = mpn_sub_n (r + ecc->p.size, tp, ecc->p.m, ecc->p.size); +- cnd_copy (cy, r + ecc->p.size, tp, ecc->p.size); ++ ecc_mod_mul_canonical (&ecc->p, r + ecc->p.size, iz3p, p + ecc->p.size, iz3p); + + #undef izp + #undef up +Index: nettle-3.5.1/ecc-mod-arith.c +=================================================================== +--- nettle-3.5.1.orig/ecc-mod-arith.c ++++ nettle-3.5.1/ecc-mod-arith.c +@@ -119,6 +119,30 @@ ecc_mod_mul (const struct ecc_modulo *m, + } + + void ++ecc_mod_mul_canonical (const struct ecc_modulo *m, mp_limb_t *rp, ++ const mp_limb_t *ap, const mp_limb_t *bp, mp_limb_t *tp) ++{ ++ mp_limb_t cy; ++ mpn_mul_n (tp + m->size, ap, bp, m->size); ++ m->reduce (m, tp + m->size); ++ ++ cy = mpn_sub_n (rp, tp + m->size, m->m, m->size); ++ cnd_copy (cy, rp, tp + m->size, m->size); ++} ++ ++void ++ecc_mod_sqr_canonical (const struct ecc_modulo *m, mp_limb_t *rp, ++ const mp_limb_t *ap, mp_limb_t *tp) ++{ ++ mp_limb_t cy; ++ mpn_sqr (tp + m->size, ap, m->size); ++ m->reduce (m, tp + m->size); ++ ++ cy = mpn_sub_n (rp, tp + m->size, m->m, m->size); ++ cnd_copy (cy, rp, tp + m->size, m->size); ++} ++ ++void + ecc_mod_sqr (const struct ecc_modulo *m, mp_limb_t *rp, + const mp_limb_t *ap) + { |