diff options
Diffstat (limited to 'meta/recipes-support/gnupg/gnupg-1.4.7')
8 files changed, 0 insertions, 439 deletions
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch deleted file mode 100644 index f0667741c8..0000000000 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch +++ /dev/null @@ -1,63 +0,0 @@ -From e2202ff2b704623efc6277fb5256e4e15bac5676 Mon Sep 17 00:00:00 2001 -From: Werner Koch <wk@gnupg.org> -Date: Thu, 25 Jul 2013 11:17:52 +0200 -Subject: [PATCH] Mitigate a flush+reload cache attack on RSA secret - exponents. - -commit e2202ff2b704623efc6277fb5256e4e15bac5676 from -git://git.gnupg.org/libgcrypt.git - -* mpi/mpi-pow.c (gcry_mpi_powm): Always perfrom the mpi_mul for -exponents in secure memory. - -Upstream-Status: Backport -CVE: CVE-2013-4242 - -Signed-off-by: Kai Kang <kai.kang@windriver.com> --- - -The attack is published as http://eprint.iacr.org/2013/448 : - -Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel -Attack by Yuval Yarom and Katrina Falkner. 18 July 2013. - - Flush+Reload is a cache side-channel attack that monitors access to - data in shared pages. In this paper we demonstrate how to use the - attack to extract private encryption keys from GnuPG. The high - resolution and low noise of the Flush+Reload attack enables a spy - program to recover over 98% of the bits of the private key in a - single decryption or signing round. Unlike previous attacks, the - attack targets the last level L3 cache. Consequently, the spy - program and the victim do not need to share the execution core of - the CPU. The attack is not limited to a traditional OS and can be - used in a virtualised environment, where it can attack programs - executing in a different VM. - -Index: gnupg-1.4.7/mpi/mpi-pow.c -=================================================================== ---- gnupg-1.4.7.orig/mpi/mpi-pow.c -+++ gnupg-1.4.7/mpi/mpi-pow.c -@@ -212,7 +212,13 @@ mpi_powm( MPI res, MPI base, MPI exponen - tp = rp; rp = xp; xp = tp; - rsize = xsize; - -- if( (mpi_limb_signed_t)e < 0 ) { -+ /* To mitigate the Yarom/Falkner flush+reload cache -+ * side-channel attack on the RSA secret exponent, we do -+ * the multiplication regardless of the value of the -+ * high-bit of E. But to avoid this performance penalty -+ * we do it only if the exponent has been stored in secure -+ * memory and we can thus assume it is a secret exponent. */ -+ if (esec || (mpi_limb_signed_t)e < 0) { - /*mpihelp_mul( xp, rp, rsize, bp, bsize );*/ - if( bsize < KARATSUBA_THRESHOLD ) { - mpihelp_mul( xp, rp, rsize, bp, bsize ); -@@ -227,6 +233,8 @@ mpi_powm( MPI res, MPI base, MPI exponen - mpihelp_divrem(xp + msize, 0, xp, xsize, mp, msize); - xsize = msize; - } -+ } -+ if ( (mpi_limb_signed_t)e < 0 ) { - - tp = rp; rp = xp; xp = tp; - rsize = xsize; diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch deleted file mode 100644 index b50a32f40c..0000000000 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch +++ /dev/null @@ -1,45 +0,0 @@ -Upstream-Status: Backport -CVE: CVE-2013-4351 - -Index: gnupg-1.4.7/g10/getkey.c -=================================================================== ---- gnupg-1.4.7.orig/g10/getkey.c 2007-03-05 16:54:41.000000000 +0800 -+++ gnupg-1.4.7/g10/getkey.c 2013-11-28 14:41:59.640212240 +0800 -@@ -1454,7 +1454,11 @@ - - if(flags) - key_usage |= PUBKEY_USAGE_UNKNOWN; -+ if (!key_usage) -+ key_usage |= PUBKEY_USAGE_NONE; - } -+ else if (p) -+ key_usage |= PUBKEY_USAGE_NONE; - - /* We set PUBKEY_USAGE_UNKNOWN to indicate that this key has a - capability that we do not handle. This serves to distinguish -Index: gnupg-1.4.7/g10/keygen.c -=================================================================== ---- gnupg-1.4.7.orig/g10/keygen.c 2007-02-05 00:27:40.000000000 +0800 -+++ gnupg-1.4.7/g10/keygen.c 2013-11-28 14:43:05.016670092 +0800 -@@ -209,9 +209,6 @@ - if (use & PUBKEY_USAGE_AUTH) - buf[0] |= 0x20; - -- if (!buf[0]) -- return; -- - build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1); - } - -Index: gnupg-1.4.7/include/cipher.h -=================================================================== ---- gnupg-1.4.7.orig/include/cipher.h 2006-04-21 20:39:49.000000000 +0800 -+++ gnupg-1.4.7/include/cipher.h 2013-11-28 14:49:24.159322744 +0800 -@@ -52,6 +52,7 @@ - #define PUBKEY_USAGE_CERT 4 /* key is also good to certify other keys*/ - #define PUBKEY_USAGE_AUTH 8 /* key is good for authentication */ - #define PUBKEY_USAGE_UNKNOWN 128 /* key has an unknown usage bit */ -+#define PUBKEY_USAGE_NONE 256 /* No usage given. */ - - #define DIGEST_ALGO_MD5 1 - #define DIGEST_ALGO_SHA1 2 diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch deleted file mode 100644 index 5dcde1f9cb..0000000000 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch +++ /dev/null @@ -1,154 +0,0 @@ -Upstream-Status: Backport -CVE: CVE-2013-4576 - -Index: gnupg-1.4.7/cipher/dsa.c -=================================================================== ---- gnupg-1.4.7.orig/cipher/dsa.c 2006-12-12 02:27:21.000000000 +0800 -+++ gnupg-1.4.7/cipher/dsa.c 2014-01-23 11:30:17.300915919 +0800 -@@ -287,6 +287,8 @@ - MPI kinv; - MPI tmp; - -+ mpi_normalize (hash); -+ - /* select a random k with 0 < k < q */ - k = gen_k( skey->q ); - -Index: gnupg-1.4.7/cipher/elgamal.c -=================================================================== ---- gnupg-1.4.7.orig/cipher/elgamal.c 2006-12-12 03:08:05.000000000 +0800 -+++ gnupg-1.4.7/cipher/elgamal.c 2014-01-23 11:30:17.300915919 +0800 -@@ -376,6 +376,9 @@ - { - MPI t1 = mpi_alloc_secure( mpi_get_nlimbs( skey->p ) ); - -+ mpi_normalize (a); -+ mpi_normalize (b); -+ - /* output = b/(a^x) mod p */ - mpi_powm( t1, a, skey->x, skey->p ); - mpi_invm( t1, t1, skey->p ); -Index: gnupg-1.4.7/cipher/random.c -=================================================================== ---- gnupg-1.4.7.orig/cipher/random.c 2006-11-03 18:09:39.000000000 +0800 -+++ gnupg-1.4.7/cipher/random.c 2014-01-23 11:31:53.993495462 +0800 -@@ -273,6 +273,18 @@ - } - - -+/* Randomize the MPI */ -+void -+randomize_mpi (MPI mpi, size_t nbits, int level) -+{ -+ unsigned char *buffer; -+ -+ buffer = get_random_bits (nbits, level, mpi_is_secure (mpi)); -+ mpi_set_buffer (mpi, buffer, (nbits+7)/8, 0); -+ xfree (buffer); -+} -+ -+ - int - random_is_faked() - { -Index: gnupg-1.4.7/cipher/random.h -=================================================================== ---- gnupg-1.4.7.orig/cipher/random.h 2006-02-09 19:29:29.000000000 +0800 -+++ gnupg-1.4.7/cipher/random.h 2014-01-23 11:30:17.300915919 +0800 -@@ -32,6 +32,7 @@ - int random_is_faked(void); - void random_disable_locking (void); - void randomize_buffer( byte *buffer, size_t length, int level ); -+void randomize_mpi (MPI mpi, size_t nbits, int level); - byte *get_random_bits( size_t nbits, int level, int secure ); - void fast_random_poll( void ); - -Index: gnupg-1.4.7/cipher/rsa.c -=================================================================== ---- gnupg-1.4.7.orig/cipher/rsa.c 2006-12-12 03:09:00.000000000 +0800 -+++ gnupg-1.4.7/cipher/rsa.c 2014-01-23 11:35:04.330639125 +0800 -@@ -301,9 +301,26 @@ - #if 0 - mpi_powm( output, input, skey->d, skey->n ); - #else -- MPI m1 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 ); -- MPI m2 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 ); -- MPI h = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 ); -+ int nlimbs = mpi_get_nlimbs (skey->n)+1; -+ MPI m1 = mpi_alloc_secure (nlimbs); -+ MPI m2 = mpi_alloc_secure (nlimbs); -+ MPI h = mpi_alloc_secure (nlimbs); -+# if 1 -+ MPI bdata= mpi_alloc_secure (nlimbs); -+ MPI r = mpi_alloc_secure (nlimbs); -+# endif -+ -+ /* Remove superfluous leading zeroes from INPUT. */ -+ mpi_normalize (input); -+ -+# if 1 -+ /* Blind: bdata = (data * r^e) mod n */ -+ randomize_mpi (r, mpi_get_nbits (skey->n), 0); -+ mpi_fdiv_r (r, r, skey->n); -+ mpi_powm (bdata, r, skey->e, skey->n); -+ mpi_mulm (bdata, bdata, input, skey->n); -+ input = bdata; -+# endif - - /* m1 = c ^ (d mod (p-1)) mod p */ - mpi_sub_ui( h, skey->p, 1 ); -@@ -321,8 +338,15 @@ - /* m = m2 + h * p */ - mpi_mul ( h, h, skey->p ); - mpi_add ( output, m1, h ); -- /* ready */ -- -+ -+# if 1 -+ mpi_free (bdata); -+ /* Unblind: output = (output * r^(-1)) mod n */ -+ mpi_invm (r, r, skey->n); -+ mpi_mulm (output, output, r, skey->n); -+ mpi_free (r); -+# endif -+ - mpi_free ( h ); - mpi_free ( m1 ); - mpi_free ( m2 ); -@@ -397,6 +421,7 @@ - rsa_decrypt( int algo, MPI *result, MPI *data, MPI *skey ) - { - RSA_secret_key sk; -+ MPI input; - - if( algo != 1 && algo != 2 ) - return G10ERR_PUBKEY_ALGO; -@@ -407,8 +432,14 @@ - sk.p = skey[3]; - sk.q = skey[4]; - sk.u = skey[5]; -- *result = mpi_alloc_secure( mpi_get_nlimbs( sk.n ) ); -- secret( *result, data[0], &sk ); -+ -+ /* Mitigates side-channel attacks (CVE-2013-4576). */ -+ input = mpi_alloc (0); -+ mpi_normalize (data[0]); -+ mpi_fdiv_r (input, data[0], sk.n); -+ *result = mpi_alloc_secure (mpi_get_nlimbs (sk.n)); -+ secret (*result, input, &sk); -+ mpi_free (input); - return 0; - } - -Index: gnupg-1.4.7/g10/gpgv.c -=================================================================== ---- gnupg-1.4.7.orig/g10/gpgv.c 2006-12-13 19:25:04.000000000 +0800 -+++ gnupg-1.4.7/g10/gpgv.c 2014-01-23 11:30:17.300915919 +0800 -@@ -390,6 +390,7 @@ - void random_dump_stats(void) {} - int quick_random_gen( int onoff ) { return -1;} - void randomize_buffer( byte *buffer, size_t length, int level ) {} -+void randomize_mpi (MPI mpi, size_t nbits, int level) {} - int random_is_faked() { return -1;} - byte *get_random_bits( size_t nbits, int level, int secure ) { return NULL;} - void set_random_seed_file( const char *name ) {} diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch deleted file mode 100644 index 362717636b..0000000000 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch +++ /dev/null @@ -1,64 +0,0 @@ -commit f0b33b6fb8e0586e9584a7a409dcc31263776a67 -Author: Werner Koch <wk@gnupg.org> -Date: Thu Dec 20 09:43:41 2012 +0100 - - gpg: Import only packets which are allowed in a keyblock. - - * g10/import.c (valid_keyblock_packet): New. - (read_block): Store only valid packets. - -- - - A corrupted key, which for example included a mangled public key - encrypted packet, used to corrupt the keyring. This change skips all - packets which are not allowed in a keyblock. - - GnuPG-bug-id: 1455 - - (cherry-picked from commit f795a0d59e197455f8723c300eebf59e09853efa) - -Upstream-Status: Backport -CVE: CVE-2012-6085 - -Signed-off-by: Saul Wold <sgw@linux.intel.com> - -diff --git a/g10/import.c b/g10/import.c -index bfe02eb..a57b32e 100644 ---- a/g10/import.c -+++ b/g10/import.c -@@ -384,6 +384,27 @@ import_print_stats (void *hd) - } - - -+/* Return true if PKTTYPE is valid in a keyblock. */ -+static int -+valid_keyblock_packet (int pkttype) -+{ -+ switch (pkttype) -+ { -+ case PKT_PUBLIC_KEY: -+ case PKT_PUBLIC_SUBKEY: -+ case PKT_SECRET_KEY: -+ case PKT_SECRET_SUBKEY: -+ case PKT_SIGNATURE: -+ case PKT_USER_ID: -+ case PKT_ATTRIBUTE: -+ case PKT_RING_TRUST: -+ return 1; -+ default: -+ return 0; -+ } -+} -+ -+ - /**************** - * Read the next keyblock from stream A. - * PENDING_PKT should be initialzed to NULL -@@ -461,7 +482,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root ) - } - in_cert = 1; - default: -- if( in_cert ) { -+ if (in_cert && valid_keyblock_packet (pkt->pkttype)) { - if( !root ) - root = new_kbnode( pkt ); - else diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/configure.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/configure.patch deleted file mode 100644 index e005ac658f..0000000000 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/configure.patch +++ /dev/null @@ -1,17 +0,0 @@ - -Upstream-Status: Inappropriate [configuration] - -Signed-off-by: Saul Wold <sgw@linux.intel.com> - -Index: gnupg-1.4.7/configure.ac -=================================================================== ---- gnupg-1.4.7.orig/configure.ac -+++ gnupg-1.4.7/configure.ac -@@ -827,7 +827,6 @@ else - AC_SUBST(USE_NLS) - AC_SUBST(USE_INCLUDED_LIBINTL) - AC_SUBST(BUILD_INCLUDED_LIBINTL) -- AM_PO_SUBDIRS - fi - - if test "$try_extensions" = yes || test x"$card_support" = xyes ; then diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch deleted file mode 100644 index e5fb24aa63..0000000000 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch +++ /dev/null @@ -1,27 +0,0 @@ - -This has been discussed in a couple of different bug reported -upstream: - -http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=486250 -http://bugs.sourcemage.org/show_bug.cgi?id=14446 - -Fix: -http://lists.gnupg.org/pipermail/gnupg-devel/2008-April/024344.html - -Upstream-Status: Backport [Debian] - -Signed-off-by: Saul Wold <sgw@linux.intel.com> - -Index: gnupg-1.4.7/keyserver/gpgkeys_curl.c -=================================================================== ---- gnupg-1.4.7.orig/keyserver/gpgkeys_curl.c -+++ gnupg-1.4.7/keyserver/gpgkeys_curl.c -@@ -286,7 +286,7 @@ main(int argc,char *argv[]) - curl_easy_setopt(curl,CURLOPT_VERBOSE,1); - } - -- curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,opt->flags.check_cert); -+ curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,(long)opt->flags.check_cert); - curl_easy_setopt(curl,CURLOPT_CAINFO,opt->ca_cert_file); - - if(proxy) diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch deleted file mode 100644 index 2855cab24b..0000000000 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch +++ /dev/null @@ -1,19 +0,0 @@ -Orignal Patch came from OpenWrt via OE-Classic -https://dev.openwrt.org/browser/packages/utils/gnupg/patches/001-mips_gcc4.4 -which is no longer a valid revision! - -Upstream-Status: Inappropriate [configuration] - - ---- gnupg/mpi/longlong.h~ 2006-02-14 10:09:55.000000000 +0000 -+++ gnupg/mpi/longlong.h 2008-10-27 13:11:09.000000000 +0000 -@@ -181,7 +181,7 @@ - /*************************************** - ************** ARM ****************** - ***************************************/ --#if defined (__arm__) && W_TYPE_SIZE == 32 -+#if defined (__arm__) && W_TYPE_SIZE == 32 && !defined(__thumb__) - #define add_ssaaaa(sh, sl, ah, al, bh, bl) \ - __asm__ ("adds %1, %4, %5\n" \ - "adc %0, %2, %3" \ - diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch deleted file mode 100644 index 9a03b2b705..0000000000 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch +++ /dev/null @@ -1,50 +0,0 @@ - -From Openembedded-Classic - - gnupg-1.4.10: Readd the ARM Thumb patch as debian has no thumb support - - -Upstream-Status: Inappropriate [embedded-specific] - -Index: gnupg-1.4.10/mpi/longlong.h -=================================================================== ---- gnupg-1.4.10.orig/mpi/longlong.h 2008-12-11 17:39:43.000000000 +0100 -+++ gnupg-1.4.10/mpi/longlong.h 2010-03-27 14:27:53.000000000 +0100 -@@ -706,18 +706,35 @@ - #endif /* __m88110__ */ - #endif /* __m88000__ */ - -+/* Test for gcc >= maj.min, as per __GNUC_PREREQ in glibc */ -+#if defined (__GNUC__) && defined (__GNUC_MINOR__) -+#define __GNUC_PREREQ(maj, min) \ -+ ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min)) -+#else -+#define __GNUC_PREREQ(maj, min) 0 -+#endif -+ - /*************************************** - ************** MIPS ***************** - ***************************************/ - #if defined (__mips__) && W_TYPE_SIZE == 32 --#if __GNUC__ > 2 || __GNUC_MINOR__ >= 7 -+#if __GNUC_PREREQ (4,4) -+#define umul_ppmm(w1, w0, u, v) \ -+ do { \ -+ UDItype __ll = (UDItype)(u) * (v); \ -+ w1 = __ll >> 32; \ -+ w0 = __ll; \ -+ } while (0) -+#endif -+#if !defined (umul_ppmm) && __GNUC_PREREQ (2,7) - #define umul_ppmm(w1, w0, u, v) \ - __asm__ ("multu %2,%3" \ - : "=l" ((USItype)(w0)), \ - "=h" ((USItype)(w1)) \ - : "d" ((USItype)(u)), \ - "d" ((USItype)(v))) --#else -+#endif -+#if !defined (umul_ppmm) - #define umul_ppmm(w1, w0, u, v) \ - __asm__ ("multu %2,%3 \n" \ - "mflo %0 \n" \ |