Re: [PATCH][V2][Jethro, fido 1/3] openssl: fix for CVE-2015-3193

public inbox for openembedded-core@lists.openembedded.org
 help / color / mirror / Atom feed

From: Robert Yang <liezhi.yang@windriver.com>
To: Armin Kuster <akuster808@gmail.com>,
	<openembedded-core@lists.openembedded.org>
Cc: Armin Kuster <akuster@mvista.com>
Subject: Re: [PATCH][V2][Jethro, fido 1/3] openssl: fix for CVE-2015-3193
Date: Tue, 12 Jan 2016 11:35:32 +0800	[thread overview]
Message-ID: <56947484.2060908@windriver.com> (raw)
In-Reply-To: <1452207843-29858-1-git-send-email-akuster808@gmail.com>


Hi Armin,

I got strange errors when use git am:

  git am /tmp/jethro/*openssl*
Applying: openssl: fix for CVE-2015-3193
/buildarea/lyang1/poky/.git/rebase-apply/patch:24: trailing whitespace.
This patch was imported from
/buildarea/lyang1/poky/.git/rebase-apply/patch:41: space before tab in indent.
         add     (%rdx),%r8              # can this overflow?
/buildarea/lyang1/poky/.git/rebase-apply/patch:51: space before tab in indent.
         xor     %rax,%rax
/buildarea/lyang1/poky/.git/rebase-apply/patch:52: trailing whitespace.

/buildarea/lyang1/poky/.git/rebase-apply/patch:53: space before tab in indent.
         neg     $carry
warning: squelched 11 whitespace errors
warning: 16 lines add whitespace errors.
fatal: cannot convert from y to UTF-8

Would please put the patches to a repo ? so that I can fetch them ?

// Robert

On 01/08/2016 07:04 AM, Armin Kuster wrote:
> From: Armin Kuster <akuster@mvista.com>
>
> Signed-off-by: Armin Kuster <akuster@mvista.com>
> ---
>   ...64-mont5.pl-fix-carry-propagating-bug-CVE.patch | 101 +++++++++++++++++++++
>   .../recipes-connectivity/openssl/openssl_1.0.2d.bb |   1 +
>   2 files changed, 102 insertions(+)
>   create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch
>
> diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch
> new file mode 100644
> index 0000000..125016a
> --- /dev/null
> +++ b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch
> @@ -0,0 +1,101 @@
> +From d73cc256c8e256c32ed959456101b73ba9842f72 Mon Sep 17 00:00:00 2001
> +From: Andy Polyakov <appro@openssl.org>
> +Date: Tue, 1 Dec 2015 09:00:32 +0100
> +Subject: [PATCH] bn/asm/x86_64-mont5.pl: fix carry propagating bug
> + (CVE-2015-3193).
> +
> +Reviewed-by: Richard Levitte <levitte@openssl.org>
> +(cherry picked from commit e7c078db57908cbf16074c68034977565ffaf107)
> +
> +Upstream-Status: Backport
> +
> +This patch was imported from
> +https://git.openssl.org/?p=openssl.git;a=commit;h=d73cc256c8e256c32ed959456101b73ba9842f72
> +
> +Signed-off-by: Armin Kuster <akuster@mvista.com>
> +
> +---
> + crypto/bn/asm/x86_64-mont5.pl | 22 +++++++++++++++++++---
> + crypto/bn/bntest.c            | 18 ++++++++++++++++++
> + 2 files changed, 37 insertions(+), 3 deletions(-)
> +
> +Index: openssl-1.0.2d/crypto/bn/asm/x86_64-mont5.pl
> +===================================================================
> +--- openssl-1.0.2d.orig/crypto/bn/asm/x86_64-mont5.pl
> ++++ openssl-1.0.2d/crypto/bn/asm/x86_64-mont5.pl
> +@@ -1779,6 +1779,15 @@ sqr8x_reduction:
> + .align	32
> + .L8x_tail_done:
> + 	add	(%rdx),%r8		# can this overflow?
> ++	adc	\$0,%r9
> ++	adc	\$0,%r10
> ++	adc	\$0,%r11
> ++	adc	\$0,%r12
> ++	adc	\$0,%r13
> ++	adc	\$0,%r14
> ++	adc	\$0,%r15		# can't overflow, because we
> ++					# started with "overhung" part
> ++					# of multiplication
> + 	xor	%rax,%rax
> +
> + 	neg	$carry
> +@@ -3125,6 +3134,15 @@ sqrx8x_reduction:
> + .align	32
> + .Lsqrx8x_tail_done:
> + 	add	24+8(%rsp),%r8		# can this overflow?
> ++	adc	\$0,%r9
> ++	adc	\$0,%r10
> ++	adc	\$0,%r11
> ++	adc	\$0,%r12
> ++	adc	\$0,%r13
> ++	adc	\$0,%r14
> ++	adc	\$0,%r15		# can't overflow, because we
> ++					# started with "overhung" part
> ++					# of multiplication
> + 	mov	$carry,%rax		# xor	%rax,%rax
> +
> + 	sub	16+8(%rsp),$carry	# mov 16(%rsp),%cf
> +@@ -3168,13 +3186,11 @@ my ($rptr,$nptr)=("%rdx","%rbp");
> + my @ri=map("%r$_",(10..13));
> + my @ni=map("%r$_",(14..15));
> + $code.=<<___;
> +-	xor	%rbx,%rbx
> ++	xor	%ebx,%ebx
> + 	sub	%r15,%rsi		# compare top-most words
> + 	adc	%rbx,%rbx
> + 	mov	%rcx,%r10		# -$num
> +-	.byte	0x67
> + 	or	%rbx,%rax
> +-	.byte	0x67
> + 	mov	%rcx,%r9		# -$num
> + 	xor	\$1,%rax
> + 	sar	\$3+2,%rcx		# cf=0
> +Index: openssl-1.0.2d/crypto/bn/bntest.c
> +===================================================================
> +--- openssl-1.0.2d.orig/crypto/bn/bntest.c
> ++++ openssl-1.0.2d/crypto/bn/bntest.c
> +@@ -1027,6 +1027,24 @@ int test_mod_exp_mont_consttime(BIO *bp,
> +             return 0;
> +         }
> +     }
> ++
> ++    /* Regression test for carry propagation bug in sqr8x_reduction */
> ++    BN_hex2bn(&a, "050505050505");
> ++    BN_hex2bn(&b, "02");
> ++    BN_hex2bn(&c,
> ++        "4141414141414141414141274141414141414141414141414141414141414141"
> ++        "4141414141414141414141414141414141414141414141414141414141414141"
> ++        "4141414141414141414141800000000000000000000000000000000000000000"
> ++        "0000000000000000000000000000000000000000000000000000000000000000"
> ++        "0000000000000000000000000000000000000000000000000000000000000000"
> ++        "0000000000000000000000000000000000000000000000000000000001");
> ++    BN_mod_exp(d, a, b, c, ctx);
> ++    BN_mul(e, a, a, ctx);
> ++    if (BN_cmp(d, e)) {
> ++        fprintf(stderr, "BN_mod_exp and BN_mul produce different results!\n");
> ++        return 0;
> ++    }
> ++
> +     BN_free(a);
> +     BN_free(b);
> +     BN_free(c);
> diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
> index fd56841..79e86d8 100644
> --- a/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
> +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
> @@ -37,6 +37,7 @@ SRC_URI += "file://configure-targets.patch \
>               file://crypto_use_bigint_in_x86-64_perl.patch \
>               file://openssl-1.0.2a-x32-asm.patch \
>               file://ptest_makefile_deps.patch  \
> +            file://CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch \
>              "
>
>   SRC_URI[md5sum] = "38dd619b2e77cbac69b99f52a053d25a"
>

next prev parent reply	other threads:[~2016-01-12  3:35 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-01-07 23:04 [PATCH][V2][Jethro, fido 1/3] openssl: fix for CVE-2015-3193 Armin Kuster
2016-01-07 23:04 ` [PATCH][V2][Jethro, fido 2/3] openssl: fix for CVE-2015-3194 Armin Kuster
2016-01-07 23:04 ` [PATCH][V2][Jethro, fido 3/3] openssl: fix for CVE-2015-3195 Armin Kuster
2016-01-12  3:35 ` Robert Yang [this message]
2016-01-12 17:40   ` [PATCH][V2][Jethro, fido 1/3] openssl: fix for CVE-2015-3193 akuster808

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=56947484.2060908@windriver.com \
    --to=liezhi.yang@windriver.com \
    --cc=akuster808@gmail.com \
    --cc=akuster@mvista.com \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox