On 01/11/2016 07:35 PM, Robert Yang wrote: > > Hi Armin, > > I got strange errors when use git am: > > git am /tmp/jethro/*openssl* > Applying: openssl: fix for CVE-2015-3193 > /buildarea/lyang1/poky/.git/rebase-apply/patch:24: trailing whitespace. > This patch was imported from > /buildarea/lyang1/poky/.git/rebase-apply/patch:41: space before tab in > indent. > add (%rdx),%r8 # can this overflow? > /buildarea/lyang1/poky/.git/rebase-apply/patch:51: space before tab in > indent. > xor %rax,%rax > /buildarea/lyang1/poky/.git/rebase-apply/patch:52: trailing whitespace. > > /buildarea/lyang1/poky/.git/rebase-apply/patch:53: space before tab in > indent. > neg $carry > warning: squelched 11 whitespace errors > warning: 16 lines add whitespace errors. > fatal: cannot convert from y to UTF-8 > > Would please put the patches to a repo ? so that I can fetch them ? Sure thing.
- armin > // Robert > > On 01/08/2016 07:04 AM, Armin Kuster wrote: >> From: Armin Kuster <[email protected]> >> >> Signed-off-by: Armin Kuster <[email protected]> >> --- >> ...64-mont5.pl-fix-carry-propagating-bug-CVE.patch | 101 >> +++++++++++++++++++++ >> .../recipes-connectivity/openssl/openssl_1.0.2d.bb | 1 + >> 2 files changed, 102 insertions(+) >> create mode 100644 >> meta/recipes-connectivity/openssl/openssl/CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch >> >> >> diff --git >> a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch >> b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch >> >> new file mode 100644 >> index 0000000..125016a >> --- /dev/null >> +++ >> b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch >> >> @@ -0,0 +1,101 @@ >> +From d73cc256c8e256c32ed959456101b73ba9842f72 Mon Sep 17 00:00:00 2001 >> +From: Andy Polyakov <[email protected]> >> +Date: Tue, 1 Dec 2015 09:00:32 +0100 >> +Subject: [PATCH] bn/asm/x86_64-mont5.pl: fix carry propagating bug >> + (CVE-2015-3193). >> + >> +Reviewed-by: Richard Levitte <[email protected]> >> +(cherry picked from commit e7c078db57908cbf16074c68034977565ffaf107) >> + >> +Upstream-Status: Backport >> + >> +This patch was imported from >> +https://git.openssl.org/?p=openssl.git;a=commit;h=d73cc256c8e256c32ed959456101b73ba9842f72 >> >> + >> +Signed-off-by: Armin Kuster <[email protected]> >> + >> +--- >> + crypto/bn/asm/x86_64-mont5.pl | 22 +++++++++++++++++++--- >> + crypto/bn/bntest.c | 18 ++++++++++++++++++ >> + 2 files changed, 37 insertions(+), 3 deletions(-) >> + >> +Index: openssl-1.0.2d/crypto/bn/asm/x86_64-mont5.pl >> +=================================================================== >> +--- openssl-1.0.2d.orig/crypto/bn/asm/x86_64-mont5.pl >> ++++ openssl-1.0.2d/crypto/bn/asm/x86_64-mont5.pl >> +@@ -1779,6 +1779,15 @@ sqr8x_reduction: >> + .align 32 >> + .L8x_tail_done: >> + add (%rdx),%r8 # can this overflow? >> ++ adc \$0,%r9 >> ++ adc \$0,%r10 >> ++ adc \$0,%r11 >> ++ adc \$0,%r12 >> ++ adc \$0,%r13 >> ++ adc \$0,%r14 >> ++ adc \$0,%r15 # can't overflow, because we >> ++ # started with "overhung" part >> ++ # of multiplication >> + xor %rax,%rax >> + >> + neg $carry >> +@@ -3125,6 +3134,15 @@ sqrx8x_reduction: >> + .align 32 >> + .Lsqrx8x_tail_done: >> + add 24+8(%rsp),%r8 # can this overflow? >> ++ adc \$0,%r9 >> ++ adc \$0,%r10 >> ++ adc \$0,%r11 >> ++ adc \$0,%r12 >> ++ adc \$0,%r13 >> ++ adc \$0,%r14 >> ++ adc \$0,%r15 # can't overflow, because we >> ++ # started with "overhung" part >> ++ # of multiplication >> + mov $carry,%rax # xor %rax,%rax >> + >> + sub 16+8(%rsp),$carry # mov 16(%rsp),%cf >> +@@ -3168,13 +3186,11 @@ my ($rptr,$nptr)=("%rdx","%rbp"); >> + my @ri=map("%r$_",(10..13)); >> + my @ni=map("%r$_",(14..15)); >> + $code.=<<___; >> +- xor %rbx,%rbx >> ++ xor %ebx,%ebx >> + sub %r15,%rsi # compare top-most words >> + adc %rbx,%rbx >> + mov %rcx,%r10 # -$num >> +- .byte 0x67 >> + or %rbx,%rax >> +- .byte 0x67 >> + mov %rcx,%r9 # -$num >> + xor \$1,%rax >> + sar \$3+2,%rcx # cf=0 >> +Index: openssl-1.0.2d/crypto/bn/bntest.c >> +=================================================================== >> +--- openssl-1.0.2d.orig/crypto/bn/bntest.c >> ++++ openssl-1.0.2d/crypto/bn/bntest.c >> +@@ -1027,6 +1027,24 @@ int test_mod_exp_mont_consttime(BIO *bp, >> + return 0; >> + } >> + } >> ++ >> ++ /* Regression test for carry propagation bug in sqr8x_reduction */ >> ++ BN_hex2bn(&a, "050505050505"); >> ++ BN_hex2bn(&b, "02"); >> ++ BN_hex2bn(&c, >> ++ >> "4141414141414141414141274141414141414141414141414141414141414141" >> ++ >> "4141414141414141414141414141414141414141414141414141414141414141" >> ++ >> "4141414141414141414141800000000000000000000000000000000000000000" >> ++ >> "0000000000000000000000000000000000000000000000000000000000000000" >> ++ >> "0000000000000000000000000000000000000000000000000000000000000000" >> ++ "0000000000000000000000000000000000000000000000000000000001"); >> ++ BN_mod_exp(d, a, b, c, ctx); >> ++ BN_mul(e, a, a, ctx); >> ++ if (BN_cmp(d, e)) { >> ++ fprintf(stderr, "BN_mod_exp and BN_mul produce different >> results!\n"); >> ++ return 0; >> ++ } >> ++ >> + BN_free(a); >> + BN_free(b); >> + BN_free(c); >> diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb >> b/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb >> index fd56841..79e86d8 100644 >> --- a/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb >> +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb >> @@ -37,6 +37,7 @@ SRC_URI += "file://configure-targets.patch \ >> file://crypto_use_bigint_in_x86-64_perl.patch \ >> file://openssl-1.0.2a-x32-asm.patch \ >> file://ptest_makefile_deps.patch \ >> + >> file://CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch >> \ >> " >> >> SRC_URI[md5sum] = "38dd619b2e77cbac69b99f52a053d25a" >> -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
