Hi Armin,
I got strange errors when use git am:
git am /tmp/jethro/*openssl*
Applying: openssl: fix for CVE-2015-3193
/buildarea/lyang1/poky/.git/rebase-apply/patch:24: trailing whitespace.
This patch was imported from
/buildarea/lyang1/poky/.git/rebase-apply/patch:41: space before tab in indent.
add (%rdx),%r8 # can this overflow?
/buildarea/lyang1/poky/.git/rebase-apply/patch:51: space before tab in indent.
xor %rax,%rax
/buildarea/lyang1/poky/.git/rebase-apply/patch:52: trailing whitespace.
/buildarea/lyang1/poky/.git/rebase-apply/patch:53: space before tab in indent.
neg $carry
warning: squelched 11 whitespace errors
warning: 16 lines add whitespace errors.
fatal: cannot convert from y to UTF-8
Would please put the patches to a repo ? so that I can fetch them ?
// Robert
On 01/08/2016 07:04 AM, Armin Kuster wrote:
From: Armin Kuster <akus...@mvista.com>
Signed-off-by: Armin Kuster <akus...@mvista.com>
---
...64-mont5.pl-fix-carry-propagating-bug-CVE.patch | 101 +++++++++++++++++++++
.../recipes-connectivity/openssl/openssl_1.0.2d.bb | 1 +
2 files changed, 102 insertions(+)
create mode 100644
meta/recipes-connectivity/openssl/openssl/CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch
diff --git
a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch
b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch
new file mode 100644
index 0000000..125016a
--- /dev/null
+++
b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch
@@ -0,0 +1,101 @@
+From d73cc256c8e256c32ed959456101b73ba9842f72 Mon Sep 17 00:00:00 2001
+From: Andy Polyakov <ap...@openssl.org>
+Date: Tue, 1 Dec 2015 09:00:32 +0100
+Subject: [PATCH] bn/asm/x86_64-mont5.pl: fix carry propagating bug
+ (CVE-2015-3193).
+
+Reviewed-by: Richard Levitte <levi...@openssl.org>
+(cherry picked from commit e7c078db57908cbf16074c68034977565ffaf107)
+
+Upstream-Status: Backport
+
+This patch was imported from
+https://git.openssl.org/?p=openssl.git;a=commit;h=d73cc256c8e256c32ed959456101b73ba9842f72
+
+Signed-off-by: Armin Kuster <akus...@mvista.com>
+
+---
+ crypto/bn/asm/x86_64-mont5.pl | 22 +++++++++++++++++++---
+ crypto/bn/bntest.c | 18 ++++++++++++++++++
+ 2 files changed, 37 insertions(+), 3 deletions(-)
+
+Index: openssl-1.0.2d/crypto/bn/asm/x86_64-mont5.pl
+===================================================================
+--- openssl-1.0.2d.orig/crypto/bn/asm/x86_64-mont5.pl
++++ openssl-1.0.2d/crypto/bn/asm/x86_64-mont5.pl
+@@ -1779,6 +1779,15 @@ sqr8x_reduction:
+ .align 32
+ .L8x_tail_done:
+ add (%rdx),%r8 # can this overflow?
++ adc \$0,%r9
++ adc \$0,%r10
++ adc \$0,%r11
++ adc \$0,%r12
++ adc \$0,%r13
++ adc \$0,%r14
++ adc \$0,%r15 # can't overflow, because we
++ # started with "overhung" part
++ # of multiplication
+ xor %rax,%rax
+
+ neg $carry
+@@ -3125,6 +3134,15 @@ sqrx8x_reduction:
+ .align 32
+ .Lsqrx8x_tail_done:
+ add 24+8(%rsp),%r8 # can this overflow?
++ adc \$0,%r9
++ adc \$0,%r10
++ adc \$0,%r11
++ adc \$0,%r12
++ adc \$0,%r13
++ adc \$0,%r14
++ adc \$0,%r15 # can't overflow, because we
++ # started with "overhung" part
++ # of multiplication
+ mov $carry,%rax # xor %rax,%rax
+
+ sub 16+8(%rsp),$carry # mov 16(%rsp),%cf
+@@ -3168,13 +3186,11 @@ my ($rptr,$nptr)=("%rdx","%rbp");
+ my @ri=map("%r$_",(10..13));
+ my @ni=map("%r$_",(14..15));
+ $code.=<<___;
+- xor %rbx,%rbx
++ xor %ebx,%ebx
+ sub %r15,%rsi # compare top-most words
+ adc %rbx,%rbx
+ mov %rcx,%r10 # -$num
+- .byte 0x67
+ or %rbx,%rax
+- .byte 0x67
+ mov %rcx,%r9 # -$num
+ xor \$1,%rax
+ sar \$3+2,%rcx # cf=0
+Index: openssl-1.0.2d/crypto/bn/bntest.c
+===================================================================
+--- openssl-1.0.2d.orig/crypto/bn/bntest.c
++++ openssl-1.0.2d/crypto/bn/bntest.c
+@@ -1027,6 +1027,24 @@ int test_mod_exp_mont_consttime(BIO *bp,
+ return 0;
+ }
+ }
++
++ /* Regression test for carry propagation bug in sqr8x_reduction */
++ BN_hex2bn(&a, "050505050505");
++ BN_hex2bn(&b, "02");
++ BN_hex2bn(&c,
++ "4141414141414141414141274141414141414141414141414141414141414141"
++ "4141414141414141414141414141414141414141414141414141414141414141"
++ "4141414141414141414141800000000000000000000000000000000000000000"
++ "0000000000000000000000000000000000000000000000000000000000000000"
++ "0000000000000000000000000000000000000000000000000000000000000000"
++ "0000000000000000000000000000000000000000000000000000000001");
++ BN_mod_exp(d, a, b, c, ctx);
++ BN_mul(e, a, a, ctx);
++ if (BN_cmp(d, e)) {
++ fprintf(stderr, "BN_mod_exp and BN_mul produce different results!\n");
++ return 0;
++ }
++
+ BN_free(a);
+ BN_free(b);
+ BN_free(c);
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
b/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
index fd56841..79e86d8 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
@@ -37,6 +37,7 @@ SRC_URI += "file://configure-targets.patch \
file://crypto_use_bigint_in_x86-64_perl.patch \
file://openssl-1.0.2a-x32-asm.patch \
file://ptest_makefile_deps.patch \
+
file://CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch
\
"
SRC_URI[md5sum] = "38dd619b2e77cbac69b99f52a053d25a"
--
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
