diff options
| author |   Armin Kuster <akuster@mvista.com> | 2016-09-23 23:00:38 -0700 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-09-27 09:05:20 +0100 |
| commit | 2752dba61da730ccd914b7720490754a476d1024 (patch) | |
| tree | 4ba2bcb62e2e2ea6fae4f02b89aebcbc797a6cfd | |
| parent | 64757265e0122314036e80aa1440c29654c052c0 (diff) | |
| download | openembedded-core-contrib-2752dba61da730ccd914b7720490754a476d1024.tar.gz | |
openssl: Security fix CVE-2016-2178
affects openssl < 1.0.2i
Signed-off-by: Armin Kuster <akuster@mvista.com>
| -rw-r--r-- | meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch | 54 | ||||
| -rw-r--r-- | meta/recipes-connectivity/openssl/openssl_1.0.2h.bb | 1 |
2 files changed, 55 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch new file mode 100644 index 0000000000..07b131082e --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch @@ -0,0 +1,54 @@ +From 621eaf49a289bfac26d4cbcdb7396e796784c534 Mon Sep 17 00:00:00 2001 +From: Cesar Pereida <cesar.pereida@aalto.fi> +Date: Mon, 23 May 2016 12:45:25 +0300 +Subject: [PATCH] Fix DSA, preserve BN_FLG_CONSTTIME + +Operations in the DSA signing algorithm should run in constant time in +order to avoid side channel attacks. A flaw in the OpenSSL DSA +implementation means that a non-constant time codepath is followed for +certain operations. This has been demonstrated through a cache-timing +attack to be sufficient for an attacker to recover the private DSA key. + +CVE-2016-2178 + +Reviewed-by: Richard Levitte <levitte@openssl.org> +Reviewed-by: Matt Caswell <matt@openssl.org> + +Upstream-Status: Backport +CVE: CVE-2016-2178 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + crypto/dsa/dsa_ossl.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c +index efc4f1b..b29eb4b 100644 +--- a/crypto/dsa/dsa_ossl.c ++++ b/crypto/dsa/dsa_ossl.c +@@ -248,9 +248,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, + if (!BN_rand_range(&k, dsa->q)) + goto err; + while (BN_is_zero(&k)) ; +- if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { +- BN_set_flags(&k, BN_FLG_CONSTTIME); +- } + + if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { + if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p, +@@ -279,9 +276,12 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, + } + + K = &kq; ++ ++ BN_set_flags(K, BN_FLG_CONSTTIME); + } else { + K = &k; + } ++ + DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx, + dsa->method_mont_p); + if (!BN_mod(r, r, dsa->q, ctx)) +-- +2.7.4 + diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb index ae65992b4e..0db19fa214 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb @@ -38,6 +38,7 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \ file://ptest_makefile_deps.patch \ file://configure-musl-target.patch \ file://parallel.patch \ + file://CVE-2016-2178.patch \ " SRC_URI[md5sum] = "9392e65072ce4b614c1392eefc1f23d0" SRC_URI[sha256sum] = "1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919" |