* [PATCH][V2][Jethro, fido 1/3] openssl: fix for CVE-2015-3193
@ 2016-01-07 23:04 Armin Kuster
2016-01-07 23:04 ` [PATCH][V2][Jethro, fido 2/3] openssl: fix for CVE-2015-3194 Armin Kuster
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Armin Kuster @ 2016-01-07 23:04 UTC (permalink / raw)
To: openembedded-core; +Cc: Armin Kuster
From: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
...64-mont5.pl-fix-carry-propagating-bug-CVE.patch | 101 +++++++++++++++++++++
.../recipes-connectivity/openssl/openssl_1.0.2d.bb | 1 +
2 files changed, 102 insertions(+)
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch
new file mode 100644
index 0000000..125016a
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch
@@ -0,0 +1,101 @@
+From d73cc256c8e256c32ed959456101b73ba9842f72 Mon Sep 17 00:00:00 2001
+From: Andy Polyakov <appro@openssl.org>
+Date: Tue, 1 Dec 2015 09:00:32 +0100
+Subject: [PATCH] bn/asm/x86_64-mont5.pl: fix carry propagating bug
+ (CVE-2015-3193).
+
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+(cherry picked from commit e7c078db57908cbf16074c68034977565ffaf107)
+
+Upstream-Status: Backport
+
+This patch was imported from
+https://git.openssl.org/?p=openssl.git;a=commit;h=d73cc256c8e256c32ed959456101b73ba9842f72
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ crypto/bn/asm/x86_64-mont5.pl | 22 +++++++++++++++++++---
+ crypto/bn/bntest.c | 18 ++++++++++++++++++
+ 2 files changed, 37 insertions(+), 3 deletions(-)
+
+Index: openssl-1.0.2d/crypto/bn/asm/x86_64-mont5.pl
+===================================================================
+--- openssl-1.0.2d.orig/crypto/bn/asm/x86_64-mont5.pl
++++ openssl-1.0.2d/crypto/bn/asm/x86_64-mont5.pl
+@@ -1779,6 +1779,15 @@ sqr8x_reduction:
+ .align 32
+ .L8x_tail_done:
+ add (%rdx),%r8 # can this overflow?
++ adc \$0,%r9
++ adc \$0,%r10
++ adc \$0,%r11
++ adc \$0,%r12
++ adc \$0,%r13
++ adc \$0,%r14
++ adc \$0,%r15 # can't overflow, because we
++ # started with "overhung" part
++ # of multiplication
+ xor %rax,%rax
+
+ neg $carry
+@@ -3125,6 +3134,15 @@ sqrx8x_reduction:
+ .align 32
+ .Lsqrx8x_tail_done:
+ add 24+8(%rsp),%r8 # can this overflow?
++ adc \$0,%r9
++ adc \$0,%r10
++ adc \$0,%r11
++ adc \$0,%r12
++ adc \$0,%r13
++ adc \$0,%r14
++ adc \$0,%r15 # can't overflow, because we
++ # started with "overhung" part
++ # of multiplication
+ mov $carry,%rax # xor %rax,%rax
+
+ sub 16+8(%rsp),$carry # mov 16(%rsp),%cf
+@@ -3168,13 +3186,11 @@ my ($rptr,$nptr)=("%rdx","%rbp");
+ my @ri=map("%r$_",(10..13));
+ my @ni=map("%r$_",(14..15));
+ $code.=<<___;
+- xor %rbx,%rbx
++ xor %ebx,%ebx
+ sub %r15,%rsi # compare top-most words
+ adc %rbx,%rbx
+ mov %rcx,%r10 # -$num
+- .byte 0x67
+ or %rbx,%rax
+- .byte 0x67
+ mov %rcx,%r9 # -$num
+ xor \$1,%rax
+ sar \$3+2,%rcx # cf=0
+Index: openssl-1.0.2d/crypto/bn/bntest.c
+===================================================================
+--- openssl-1.0.2d.orig/crypto/bn/bntest.c
++++ openssl-1.0.2d/crypto/bn/bntest.c
+@@ -1027,6 +1027,24 @@ int test_mod_exp_mont_consttime(BIO *bp,
+ return 0;
+ }
+ }
++
++ /* Regression test for carry propagation bug in sqr8x_reduction */
++ BN_hex2bn(&a, "050505050505");
++ BN_hex2bn(&b, "02");
++ BN_hex2bn(&c,
++ "4141414141414141414141274141414141414141414141414141414141414141"
++ "4141414141414141414141414141414141414141414141414141414141414141"
++ "4141414141414141414141800000000000000000000000000000000000000000"
++ "0000000000000000000000000000000000000000000000000000000000000000"
++ "0000000000000000000000000000000000000000000000000000000000000000"
++ "0000000000000000000000000000000000000000000000000000000001");
++ BN_mod_exp(d, a, b, c, ctx);
++ BN_mul(e, a, a, ctx);
++ if (BN_cmp(d, e)) {
++ fprintf(stderr, "BN_mod_exp and BN_mul produce different results!\n");
++ return 0;
++ }
++
+ BN_free(a);
+ BN_free(b);
+ BN_free(c);
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
index fd56841..79e86d8 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
@@ -37,6 +37,7 @@ SRC_URI += "file://configure-targets.patch \
file://crypto_use_bigint_in_x86-64_perl.patch \
file://openssl-1.0.2a-x32-asm.patch \
file://ptest_makefile_deps.patch \
+ file://CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch \
"
SRC_URI[md5sum] = "38dd619b2e77cbac69b99f52a053d25a"
--
2.3.5
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH][V2][Jethro, fido 2/3] openssl: fix for CVE-2015-3194
2016-01-07 23:04 [PATCH][V2][Jethro, fido 1/3] openssl: fix for CVE-2015-3193 Armin Kuster
@ 2016-01-07 23:04 ` Armin Kuster
2016-01-07 23:04 ` [PATCH][V2][Jethro, fido 3/3] openssl: fix for CVE-2015-3195 Armin Kuster
2016-01-12 3:35 ` [PATCH][V2][Jethro, fido 1/3] openssl: fix for CVE-2015-3193 Robert Yang
2 siblings, 0 replies; 5+ messages in thread
From: Armin Kuster @ 2016-01-07 23:04 UTC (permalink / raw)
To: openembedded-core; +Cc: Armin Kuster
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset=y, Size: 6044 bytes --]
From: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
.../openssl/0001-Add-test-for-CVE-2015-3194.patch | 66 ++++++++++++++++++++++
.../CVE-2015-3194-1-Add-PSS-parameter-check.patch | 45 +++++++++++++++
.../recipes-connectivity/openssl/openssl_1.0.2d.bb | 2 +
3 files changed, 113 insertions(+)
create mode 100644 meta/recipes-connectivity/openssl/openssl/0001-Add-test-for-CVE-2015-3194.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-1-Add-PSS-parameter-check.patch
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Add-test-for-CVE-2015-3194.patch b/meta/recipes-connectivity/openssl/openssl/0001-Add-test-for-CVE-2015-3194.patch
new file mode 100644
index 0000000..39a2e5a
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/0001-Add-test-for-CVE-2015-3194.patch
@@ -0,0 +1,66 @@
+From 00456fded43eadd4bb94bf675ae4ea5d158a764f Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve@openssl.org>
+Date: Wed, 4 Nov 2015 13:30:03 +0000
+Subject: [PATCH] Add test for CVE-2015-3194
+
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+
+Upstream-Status: Backport
+
+This patch was imported from
+https://git.openssl.org/?p=openssl.git;a=commit;h=00456fded43eadd4bb94bf675ae4ea5d158a764f
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ test/certs/pss1.pem | 21 +++++++++++++++++++++
+ test/tx509 | 7 +++++++
+ 2 files changed, 28 insertions(+)
+ create mode 100644 test/certs/pss1.pem
+
+diff --git a/test/certs/pss1.pem b/test/certs/pss1.pem
+new file mode 100644
+index 0000000..29da71d
+--- /dev/null
++++ b/test/certs/pss1.pem
+@@ -0,0 +1,21 @@
++-----BEGIN CERTIFICATE-----
++MIIDdjCCAjqgAwIBAgIJANcwZLyfEv7DMD4GCSqGSIb3DQEBCjAxoA0wCwYJYIZI
++AWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIEAgIA3jAnMSUwIwYD
++VQQDDBxUZXN0IEludmFsaWQgUFNTIGNlcnRpZmljYXRlMB4XDTE1MTEwNDE2MDIz
++NVoXDTE1MTIwNDE2MDIzNVowJzElMCMGA1UEAwwcVGVzdCBJbnZhbGlkIFBTUyBj
++ZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMTaM7WH
++qVCAGAIA+zL1KWvvASTrhlq+1ePdO7wsrWX2KiYoTYrJYTnxhLnn0wrHqApt79nL
++IBG7cfShyZqFHOY/IzlYPMVt+gPo293gw96Fds5JBsjhjkyGnOyr9OUntFqvxDbT
++IIFU7o9IdxD4edaqjRv+fegVE+B79pDk4s0ujsk6dULtCg9Rst0ucGFo19mr+b7k
++dbfn8pZ72ZNDJPueVdrUAWw9oll61UcYfk75XdrLk6JlL41GrYHc8KlfXf43gGQq
++QfrpHkg4Ih2cI6Wt2nhFGAzrlcorzLliQIUJRIhM8h4IgDfpBpaPdVQLqS2pFbXa
++5eQjqiyJwak2vJ8CAwEAAaNQME4wHQYDVR0OBBYEFCt180N4oGUt5LbzBwQ4Ia+2
++4V97MB8GA1UdIwQYMBaAFCt180N4oGUt5LbzBwQ4Ia+24V97MAwGA1UdEwQFMAMB
++Af8wMQYJKoZIhvcNAQEKMCSgDTALBglghkgBZQMEAgGhDTALBgkqhkiG9w0BAQii
++BAICAN4DggEBAAjBtm90lGxgddjc4Xu/nbXXFHVs2zVcHv/mqOZoQkGB9r/BVgLb
++xhHrFZ2pHGElbUYPfifdS9ztB73e1d4J+P29o0yBqfd4/wGAc/JA8qgn6AAEO/Xn
++plhFeTRJQtLZVl75CkHXgUGUd3h+ADvKtcBuW9dSUncaUrgNKR8u/h/2sMG38RWY
++DzBddC/66YTa3r7KkVUfW7yqRQfELiGKdcm+bjlTEMsvS+EhHup9CzbpoCx2Fx9p
++NPtFY3yEObQhmL1JyoCRWqBE75GzFPbRaiux5UpEkns+i3trkGssZzsOuVqHNTNZ
++lC9+9hPHIoc9UMmAQNo1vGIW3NWVoeGbaJ8=
++-----END CERTIFICATE-----
+diff --git a/test/tx509 b/test/tx509
+index 0ce3b52..77f5cac 100644
+--- a/test/tx509
++++ b/test/tx509
+@@ -74,5 +74,12 @@ if [ $? != 0 ]; then exit 1; fi
+ cmp x509-f.p x509-ff.p3
+ if [ $? != 0 ]; then exit 1; fi
+
++echo "Parsing test certificates"
++
++$cmd -in certs/pss1.pem -text -noout >/dev/null
++if [ $? != 0 ]; then exit 1; fi
++
++echo OK
++
+ /bin/rm -f x509-f.* x509-ff.* x509-fff.*
+ exit 0
+--
+2.3.5
+
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-1-Add-PSS-parameter-check.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-1-Add-PSS-parameter-check.patch
new file mode 100644
index 0000000..13d4891
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-1-Add-PSS-parameter-check.patch
@@ -0,0 +1,45 @@
+From c394a488942387246653833359a5c94b5832674e Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve@openssl.org>
+Date: Fri, 2 Oct 2015 12:35:19 +0100
+Subject: [PATCH] Add PSS parameter check.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Avoid seg fault by checking mgf1 parameter is not NULL. This can be
+triggered during certificate verification so could be a DoS attack
+against a client or a server enabling client authentication.
+
+Thanks to Loïc Jonas Etienne (Qnective AG) for discovering this bug.
+
+CVE-2015-3194
+
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+
+Upstream-Status: Backport
+
+This patch was imported from
+https://git.openssl.org/?p=openssl.git;a=commit;h=c394a488942387246653833359a5c94b5832674e
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ crypto/rsa/rsa_ameth.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
+index ca3922e..4e06218 100644
+--- a/crypto/rsa/rsa_ameth.c
++++ b/crypto/rsa/rsa_ameth.c
+@@ -268,7 +268,7 @@ static X509_ALGOR *rsa_mgf1_decode(X509_ALGOR *alg)
+ {
+ const unsigned char *p;
+ int plen;
+- if (alg == NULL)
++ if (alg == NULL || alg->parameter == NULL)
+ return NULL;
+ if (OBJ_obj2nid(alg->algorithm) != NID_mgf1)
+ return NULL;
+--
+2.3.5
+
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
index 79e86d8..0364b64 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
@@ -38,6 +38,8 @@ SRC_URI += "file://configure-targets.patch \
file://openssl-1.0.2a-x32-asm.patch \
file://ptest_makefile_deps.patch \
file://CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch \
+ file://CVE-2015-3194-1-Add-PSS-parameter-check.patch \
+ file://0001-Add-test-for-CVE-2015-3194.patch \
"
SRC_URI[md5sum] = "38dd619b2e77cbac69b99f52a053d25a"
--
2.3.5
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH][V2][Jethro, fido 3/3] openssl: fix for CVE-2015-3195
2016-01-07 23:04 [PATCH][V2][Jethro, fido 1/3] openssl: fix for CVE-2015-3193 Armin Kuster
2016-01-07 23:04 ` [PATCH][V2][Jethro, fido 2/3] openssl: fix for CVE-2015-3194 Armin Kuster
@ 2016-01-07 23:04 ` Armin Kuster
2016-01-12 3:35 ` [PATCH][V2][Jethro, fido 1/3] openssl: fix for CVE-2015-3193 Robert Yang
2 siblings, 0 replies; 5+ messages in thread
From: Armin Kuster @ 2016-01-07 23:04 UTC (permalink / raw)
To: openembedded-core; +Cc: Armin Kuster
From: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
...CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch | 66 ++++++++++++++++++++++
.../recipes-connectivity/openssl/openssl_1.0.2d.bb | 1 +
2 files changed, 67 insertions(+)
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch
new file mode 100644
index 0000000..6fc4d0e
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch
@@ -0,0 +1,66 @@
+From cc598f321fbac9c04da5766243ed55d55948637d Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve@openssl.org>
+Date: Tue, 10 Nov 2015 19:03:07 +0000
+Subject: [PATCH] Fix leak with ASN.1 combine.
+
+When parsing a combined structure pass a flag to the decode routine
+so on error a pointer to the parent structure is not zeroed as
+this will leak any additional components in the parent.
+
+This can leak memory in any application parsing PKCS#7 or CMS structures.
+
+CVE-2015-3195.
+
+Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using
+libFuzzer.
+
+PR#4131
+
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+
+Upstream-Status: Backport
+
+This patch was imported from
+https://git.openssl.org/?p=openssl.git;a=commit;h=cc598f321fbac9c04da5766243ed55d55948637d
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ crypto/asn1/tasn_dec.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
+index febf605..9256049 100644
+--- a/crypto/asn1/tasn_dec.c
++++ b/crypto/asn1/tasn_dec.c
+@@ -180,6 +180,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
+ int otag;
+ int ret = 0;
+ ASN1_VALUE **pchptr, *ptmpval;
++ int combine = aclass & ASN1_TFLG_COMBINE;
++ aclass &= ~ASN1_TFLG_COMBINE;
+ if (!pval)
+ return 0;
+ if (aux && aux->asn1_cb)
+@@ -500,7 +502,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
+ auxerr:
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
+ err:
+- ASN1_item_ex_free(pval, it);
++ if (combine == 0)
++ ASN1_item_ex_free(pval, it);
+ if (errtt)
+ ERR_add_error_data(4, "Field=", errtt->field_name,
+ ", Type=", it->sname);
+@@ -689,7 +692,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
+ } else {
+ /* Nothing special */
+ ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
+- -1, 0, opt, ctx);
++ -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx);
+ if (!ret) {
+ ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
+ goto err;
+--
+2.3.5
+
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
index 0364b64..3864e88 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
@@ -40,6 +40,7 @@ SRC_URI += "file://configure-targets.patch \
file://CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch \
file://CVE-2015-3194-1-Add-PSS-parameter-check.patch \
file://0001-Add-test-for-CVE-2015-3194.patch \
+ file://CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch \
"
SRC_URI[md5sum] = "38dd619b2e77cbac69b99f52a053d25a"
--
2.3.5
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH][V2][Jethro, fido 1/3] openssl: fix for CVE-2015-3193
2016-01-07 23:04 [PATCH][V2][Jethro, fido 1/3] openssl: fix for CVE-2015-3193 Armin Kuster
2016-01-07 23:04 ` [PATCH][V2][Jethro, fido 2/3] openssl: fix for CVE-2015-3194 Armin Kuster
2016-01-07 23:04 ` [PATCH][V2][Jethro, fido 3/3] openssl: fix for CVE-2015-3195 Armin Kuster
@ 2016-01-12 3:35 ` Robert Yang
2016-01-12 17:40 ` akuster808
2 siblings, 1 reply; 5+ messages in thread
From: Robert Yang @ 2016-01-12 3:35 UTC (permalink / raw)
To: Armin Kuster, openembedded-core; +Cc: Armin Kuster
Hi Armin,
I got strange errors when use git am:
git am /tmp/jethro/*openssl*
Applying: openssl: fix for CVE-2015-3193
/buildarea/lyang1/poky/.git/rebase-apply/patch:24: trailing whitespace.
This patch was imported from
/buildarea/lyang1/poky/.git/rebase-apply/patch:41: space before tab in indent.
add (%rdx),%r8 # can this overflow?
/buildarea/lyang1/poky/.git/rebase-apply/patch:51: space before tab in indent.
xor %rax,%rax
/buildarea/lyang1/poky/.git/rebase-apply/patch:52: trailing whitespace.
/buildarea/lyang1/poky/.git/rebase-apply/patch:53: space before tab in indent.
neg $carry
warning: squelched 11 whitespace errors
warning: 16 lines add whitespace errors.
fatal: cannot convert from y to UTF-8
Would please put the patches to a repo ? so that I can fetch them ?
// Robert
On 01/08/2016 07:04 AM, Armin Kuster wrote:
> From: Armin Kuster <akuster@mvista.com>
>
> Signed-off-by: Armin Kuster <akuster@mvista.com>
> ---
> ...64-mont5.pl-fix-carry-propagating-bug-CVE.patch | 101 +++++++++++++++++++++
> .../recipes-connectivity/openssl/openssl_1.0.2d.bb | 1 +
> 2 files changed, 102 insertions(+)
> create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch
>
> diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch
> new file mode 100644
> index 0000000..125016a
> --- /dev/null
> +++ b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch
> @@ -0,0 +1,101 @@
> +From d73cc256c8e256c32ed959456101b73ba9842f72 Mon Sep 17 00:00:00 2001
> +From: Andy Polyakov <appro@openssl.org>
> +Date: Tue, 1 Dec 2015 09:00:32 +0100
> +Subject: [PATCH] bn/asm/x86_64-mont5.pl: fix carry propagating bug
> + (CVE-2015-3193).
> +
> +Reviewed-by: Richard Levitte <levitte@openssl.org>
> +(cherry picked from commit e7c078db57908cbf16074c68034977565ffaf107)
> +
> +Upstream-Status: Backport
> +
> +This patch was imported from
> +https://git.openssl.org/?p=openssl.git;a=commit;h=d73cc256c8e256c32ed959456101b73ba9842f72
> +
> +Signed-off-by: Armin Kuster <akuster@mvista.com>
> +
> +---
> + crypto/bn/asm/x86_64-mont5.pl | 22 +++++++++++++++++++---
> + crypto/bn/bntest.c | 18 ++++++++++++++++++
> + 2 files changed, 37 insertions(+), 3 deletions(-)
> +
> +Index: openssl-1.0.2d/crypto/bn/asm/x86_64-mont5.pl
> +===================================================================
> +--- openssl-1.0.2d.orig/crypto/bn/asm/x86_64-mont5.pl
> ++++ openssl-1.0.2d/crypto/bn/asm/x86_64-mont5.pl
> +@@ -1779,6 +1779,15 @@ sqr8x_reduction:
> + .align 32
> + .L8x_tail_done:
> + add (%rdx),%r8 # can this overflow?
> ++ adc \$0,%r9
> ++ adc \$0,%r10
> ++ adc \$0,%r11
> ++ adc \$0,%r12
> ++ adc \$0,%r13
> ++ adc \$0,%r14
> ++ adc \$0,%r15 # can't overflow, because we
> ++ # started with "overhung" part
> ++ # of multiplication
> + xor %rax,%rax
> +
> + neg $carry
> +@@ -3125,6 +3134,15 @@ sqrx8x_reduction:
> + .align 32
> + .Lsqrx8x_tail_done:
> + add 24+8(%rsp),%r8 # can this overflow?
> ++ adc \$0,%r9
> ++ adc \$0,%r10
> ++ adc \$0,%r11
> ++ adc \$0,%r12
> ++ adc \$0,%r13
> ++ adc \$0,%r14
> ++ adc \$0,%r15 # can't overflow, because we
> ++ # started with "overhung" part
> ++ # of multiplication
> + mov $carry,%rax # xor %rax,%rax
> +
> + sub 16+8(%rsp),$carry # mov 16(%rsp),%cf
> +@@ -3168,13 +3186,11 @@ my ($rptr,$nptr)=("%rdx","%rbp");
> + my @ri=map("%r$_",(10..13));
> + my @ni=map("%r$_",(14..15));
> + $code.=<<___;
> +- xor %rbx,%rbx
> ++ xor %ebx,%ebx
> + sub %r15,%rsi # compare top-most words
> + adc %rbx,%rbx
> + mov %rcx,%r10 # -$num
> +- .byte 0x67
> + or %rbx,%rax
> +- .byte 0x67
> + mov %rcx,%r9 # -$num
> + xor \$1,%rax
> + sar \$3+2,%rcx # cf=0
> +Index: openssl-1.0.2d/crypto/bn/bntest.c
> +===================================================================
> +--- openssl-1.0.2d.orig/crypto/bn/bntest.c
> ++++ openssl-1.0.2d/crypto/bn/bntest.c
> +@@ -1027,6 +1027,24 @@ int test_mod_exp_mont_consttime(BIO *bp,
> + return 0;
> + }
> + }
> ++
> ++ /* Regression test for carry propagation bug in sqr8x_reduction */
> ++ BN_hex2bn(&a, "050505050505");
> ++ BN_hex2bn(&b, "02");
> ++ BN_hex2bn(&c,
> ++ "4141414141414141414141274141414141414141414141414141414141414141"
> ++ "4141414141414141414141414141414141414141414141414141414141414141"
> ++ "4141414141414141414141800000000000000000000000000000000000000000"
> ++ "0000000000000000000000000000000000000000000000000000000000000000"
> ++ "0000000000000000000000000000000000000000000000000000000000000000"
> ++ "0000000000000000000000000000000000000000000000000000000001");
> ++ BN_mod_exp(d, a, b, c, ctx);
> ++ BN_mul(e, a, a, ctx);
> ++ if (BN_cmp(d, e)) {
> ++ fprintf(stderr, "BN_mod_exp and BN_mul produce different results!\n");
> ++ return 0;
> ++ }
> ++
> + BN_free(a);
> + BN_free(b);
> + BN_free(c);
> diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
> index fd56841..79e86d8 100644
> --- a/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
> +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
> @@ -37,6 +37,7 @@ SRC_URI += "file://configure-targets.patch \
> file://crypto_use_bigint_in_x86-64_perl.patch \
> file://openssl-1.0.2a-x32-asm.patch \
> file://ptest_makefile_deps.patch \
> + file://CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch \
> "
>
> SRC_URI[md5sum] = "38dd619b2e77cbac69b99f52a053d25a"
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH][V2][Jethro, fido 1/3] openssl: fix for CVE-2015-3193
2016-01-12 3:35 ` [PATCH][V2][Jethro, fido 1/3] openssl: fix for CVE-2015-3193 Robert Yang
@ 2016-01-12 17:40 ` akuster808
0 siblings, 0 replies; 5+ messages in thread
From: akuster808 @ 2016-01-12 17:40 UTC (permalink / raw)
To: Robert Yang, openembedded-core; +Cc: Armin Kuster
On 01/11/2016 07:35 PM, Robert Yang wrote:
>
> Hi Armin,
>
> I got strange errors when use git am:
>
> git am /tmp/jethro/*openssl*
> Applying: openssl: fix for CVE-2015-3193
> /buildarea/lyang1/poky/.git/rebase-apply/patch:24: trailing whitespace.
> This patch was imported from
> /buildarea/lyang1/poky/.git/rebase-apply/patch:41: space before tab in
> indent.
> add (%rdx),%r8 # can this overflow?
> /buildarea/lyang1/poky/.git/rebase-apply/patch:51: space before tab in
> indent.
> xor %rax,%rax
> /buildarea/lyang1/poky/.git/rebase-apply/patch:52: trailing whitespace.
>
> /buildarea/lyang1/poky/.git/rebase-apply/patch:53: space before tab in
> indent.
> neg $carry
> warning: squelched 11 whitespace errors
> warning: 16 lines add whitespace errors.
> fatal: cannot convert from y to UTF-8
>
> Would please put the patches to a repo ? so that I can fetch them ?
Sure thing.
- armin
> // Robert
>
> On 01/08/2016 07:04 AM, Armin Kuster wrote:
>> From: Armin Kuster <akuster@mvista.com>
>>
>> Signed-off-by: Armin Kuster <akuster@mvista.com>
>> ---
>> ...64-mont5.pl-fix-carry-propagating-bug-CVE.patch | 101
>> +++++++++++++++++++++
>> .../recipes-connectivity/openssl/openssl_1.0.2d.bb | 1 +
>> 2 files changed, 102 insertions(+)
>> create mode 100644
>> meta/recipes-connectivity/openssl/openssl/CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch
>>
>>
>> diff --git
>> a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch
>> b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch
>>
>> new file mode 100644
>> index 0000000..125016a
>> --- /dev/null
>> +++
>> b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch
>>
>> @@ -0,0 +1,101 @@
>> +From d73cc256c8e256c32ed959456101b73ba9842f72 Mon Sep 17 00:00:00 2001
>> +From: Andy Polyakov <appro@openssl.org>
>> +Date: Tue, 1 Dec 2015 09:00:32 +0100
>> +Subject: [PATCH] bn/asm/x86_64-mont5.pl: fix carry propagating bug
>> + (CVE-2015-3193).
>> +
>> +Reviewed-by: Richard Levitte <levitte@openssl.org>
>> +(cherry picked from commit e7c078db57908cbf16074c68034977565ffaf107)
>> +
>> +Upstream-Status: Backport
>> +
>> +This patch was imported from
>> +https://git.openssl.org/?p=openssl.git;a=commit;h=d73cc256c8e256c32ed959456101b73ba9842f72
>>
>> +
>> +Signed-off-by: Armin Kuster <akuster@mvista.com>
>> +
>> +---
>> + crypto/bn/asm/x86_64-mont5.pl | 22 +++++++++++++++++++---
>> + crypto/bn/bntest.c | 18 ++++++++++++++++++
>> + 2 files changed, 37 insertions(+), 3 deletions(-)
>> +
>> +Index: openssl-1.0.2d/crypto/bn/asm/x86_64-mont5.pl
>> +===================================================================
>> +--- openssl-1.0.2d.orig/crypto/bn/asm/x86_64-mont5.pl
>> ++++ openssl-1.0.2d/crypto/bn/asm/x86_64-mont5.pl
>> +@@ -1779,6 +1779,15 @@ sqr8x_reduction:
>> + .align 32
>> + .L8x_tail_done:
>> + add (%rdx),%r8 # can this overflow?
>> ++ adc \$0,%r9
>> ++ adc \$0,%r10
>> ++ adc \$0,%r11
>> ++ adc \$0,%r12
>> ++ adc \$0,%r13
>> ++ adc \$0,%r14
>> ++ adc \$0,%r15 # can't overflow, because we
>> ++ # started with "overhung" part
>> ++ # of multiplication
>> + xor %rax,%rax
>> +
>> + neg $carry
>> +@@ -3125,6 +3134,15 @@ sqrx8x_reduction:
>> + .align 32
>> + .Lsqrx8x_tail_done:
>> + add 24+8(%rsp),%r8 # can this overflow?
>> ++ adc \$0,%r9
>> ++ adc \$0,%r10
>> ++ adc \$0,%r11
>> ++ adc \$0,%r12
>> ++ adc \$0,%r13
>> ++ adc \$0,%r14
>> ++ adc \$0,%r15 # can't overflow, because we
>> ++ # started with "overhung" part
>> ++ # of multiplication
>> + mov $carry,%rax # xor %rax,%rax
>> +
>> + sub 16+8(%rsp),$carry # mov 16(%rsp),%cf
>> +@@ -3168,13 +3186,11 @@ my ($rptr,$nptr)=("%rdx","%rbp");
>> + my @ri=map("%r$_",(10..13));
>> + my @ni=map("%r$_",(14..15));
>> + $code.=<<___;
>> +- xor %rbx,%rbx
>> ++ xor %ebx,%ebx
>> + sub %r15,%rsi # compare top-most words
>> + adc %rbx,%rbx
>> + mov %rcx,%r10 # -$num
>> +- .byte 0x67
>> + or %rbx,%rax
>> +- .byte 0x67
>> + mov %rcx,%r9 # -$num
>> + xor \$1,%rax
>> + sar \$3+2,%rcx # cf=0
>> +Index: openssl-1.0.2d/crypto/bn/bntest.c
>> +===================================================================
>> +--- openssl-1.0.2d.orig/crypto/bn/bntest.c
>> ++++ openssl-1.0.2d/crypto/bn/bntest.c
>> +@@ -1027,6 +1027,24 @@ int test_mod_exp_mont_consttime(BIO *bp,
>> + return 0;
>> + }
>> + }
>> ++
>> ++ /* Regression test for carry propagation bug in sqr8x_reduction */
>> ++ BN_hex2bn(&a, "050505050505");
>> ++ BN_hex2bn(&b, "02");
>> ++ BN_hex2bn(&c,
>> ++
>> "4141414141414141414141274141414141414141414141414141414141414141"
>> ++
>> "4141414141414141414141414141414141414141414141414141414141414141"
>> ++
>> "4141414141414141414141800000000000000000000000000000000000000000"
>> ++
>> "0000000000000000000000000000000000000000000000000000000000000000"
>> ++
>> "0000000000000000000000000000000000000000000000000000000000000000"
>> ++ "0000000000000000000000000000000000000000000000000000000001");
>> ++ BN_mod_exp(d, a, b, c, ctx);
>> ++ BN_mul(e, a, a, ctx);
>> ++ if (BN_cmp(d, e)) {
>> ++ fprintf(stderr, "BN_mod_exp and BN_mul produce different
>> results!\n");
>> ++ return 0;
>> ++ }
>> ++
>> + BN_free(a);
>> + BN_free(b);
>> + BN_free(c);
>> diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
>> b/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
>> index fd56841..79e86d8 100644
>> --- a/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
>> +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
>> @@ -37,6 +37,7 @@ SRC_URI += "file://configure-targets.patch \
>> file://crypto_use_bigint_in_x86-64_perl.patch \
>> file://openssl-1.0.2a-x32-asm.patch \
>> file://ptest_makefile_deps.patch \
>> +
>> file://CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch
>> \
>> "
>>
>> SRC_URI[md5sum] = "38dd619b2e77cbac69b99f52a053d25a"
>>
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2016-01-12 17:40 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-01-07 23:04 [PATCH][V2][Jethro, fido 1/3] openssl: fix for CVE-2015-3193 Armin Kuster
2016-01-07 23:04 ` [PATCH][V2][Jethro, fido 2/3] openssl: fix for CVE-2015-3194 Armin Kuster
2016-01-07 23:04 ` [PATCH][V2][Jethro, fido 3/3] openssl: fix for CVE-2015-3195 Armin Kuster
2016-01-12 3:35 ` [PATCH][V2][Jethro, fido 1/3] openssl: fix for CVE-2015-3193 Robert Yang
2016-01-12 17:40 ` akuster808
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.