summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/nettle
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-support/nettle')
-rw-r--r--meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8803_8805.patch71
-rw-r--r--meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8804.patch272
-rw-r--r--meta/recipes-support/nettle/nettle-2.7.1/check-header-files-of-openssl-only-if-enable_.patch38
-rw-r--r--meta/recipes-support/nettle/nettle_2.7.1.bb19
4 files changed, 0 insertions, 400 deletions
diff --git a/meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8803_8805.patch b/meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8803_8805.patch
deleted file mode 100644
index a956f426b8..0000000000
--- a/meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8803_8805.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-Upstream-Status: Backport
-https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e4550137209e3ce4d
-
-CVE: CVE-2015-8803
-CVE: CVE-2015-8805
-
-Same fix for both.
-
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
-Index: nettle-2.7.1/ecc-256.c
-===================================================================
---- nettle-2.7.1.orig/ecc-256.c
-+++ nettle-2.7.1/ecc-256.c
-@@ -96,9 +96,19 @@ ecc_256_modp (const struct ecc_curve *ec
- q2 += t + (q1 < t);
-
- assert (q2 < 2);
-+ /*
-+ n-1 n-2 n-3 n-4
-+ +---+---+---+---+
-+ | u1| u0| u low |
-+ +---+---+---+---+
-+ - | q1(2^96-1)|
-+ +-------+---+
-+ |q2(2^.)|
-+ +-------+
-
-- /* We multiply by two low limbs of p, 2^96 - 1, so we could use
-- shifts rather than mul. */
-+ We multiply by two low limbs of p, 2^96 - 1, so we could use
-+ shifts rather than mul.
-+ */
- t = mpn_submul_1 (rp + n - 4, ecc->p, 2, q1);
- t += cnd_sub_n (q2, rp + n - 3, ecc->p, 1);
- t += (-q2) & 0xffffffff;
-@@ -108,7 +118,10 @@ ecc_256_modp (const struct ecc_curve *ec
- u0 -= t;
- t = (u1 < cy);
- u1 -= cy;
-- u1 += cnd_add_n (t, rp + n - 4, ecc->p, 3);
-+
-+ cy = cnd_add_n (t, rp + n - 4, ecc->p, 2);
-+ u0 += cy;
-+ u1 += (u0 < cy);
- u1 -= (-t) & 0xffffffff;
- }
- rp[2] = u0;
-@@ -195,7 +208,7 @@ ecc_256_modq (const struct ecc_curve *ec
-
- /* Conditional add of p */
- u1 += t;
-- u2 += (t<<32) + (u0 < t);
-+ u2 += (t<<32) + (u1 < t);
-
- t = cnd_add_n (t, rp + n - 4, ecc->q, 2);
- u1 += t;
-Index: nettle-2.7.1/ChangeLog
-===================================================================
---- nettle-2.7.1.orig/ChangeLog
-+++ nettle-2.7.1/ChangeLog
-@@ -1,3 +1,9 @@
-+2015-12-10 Niels Möller <nisse@lysator.liu.se>
-+
-+ * ecc-256.c (ecc_256_modp): Fixed carry propagation bug. Problem
-+ reported by Hanno Böck.
-+ (ecc_256_modq): Fixed another carry propagation bug.
-+
- 2013-05-28 Niels Möller <nisse@lysator.liu.se>
-
- * Released nettle-2.7.1.
diff --git a/meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8804.patch b/meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8804.patch
deleted file mode 100644
index 73723a998d..0000000000
--- a/meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8804.patch
+++ /dev/null
@@ -1,272 +0,0 @@
-Upstream-Status: Backport
- https://git.lysator.liu.se/nettle/nettle/commit/fa269b6ad06dd13c901dbd84a12e52b918a09cd7
-
-CVE: CVE-2015-8804
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
-Index: nettle-2.7.1/ChangeLog
-===================================================================
---- nettle-2.7.1.orig/ChangeLog
-+++ nettle-2.7.1/ChangeLog
-@@ -1,3 +1,11 @@
-+2015-12-15 Niels Möller <nisse@lysator.liu.se>
-+
-+ * x86_64/ecc-384-modp.asm: Fixed carry propagation bug. Problem
-+ reported by Hanno Böck. Simplified the folding to always use
-+ non-negative carry, the old code attempted to add in a carry which
-+ could be either positive or negative, but didn't get that case
-+ right.
-+
- 2015-12-10 Niels Möller <nisse@lysator.liu.se>
-
- * ecc-256.c (ecc_256_modp): Fixed carry propagation bug. Problem
-Index: nettle-2.7.1/x86_64/ecc-384-modp.asm
-===================================================================
---- nettle-2.7.1.orig/x86_64/ecc-384-modp.asm
-+++ nettle-2.7.1/x86_64/ecc-384-modp.asm
-@@ -20,7 +20,7 @@ C MA 02111-1301, USA.
- .file "ecc-384-modp.asm"
-
- define(<RP>, <%rsi>)
--define(<D4>, <%rax>)
-+define(<D5>, <%rax>)
- define(<T0>, <%rbx>)
- define(<T1>, <%rcx>)
- define(<T2>, <%rdx>)
-@@ -35,8 +35,8 @@ define(<H4>, <%r13>)
- define(<H5>, <%r14>)
- define(<C2>, <%r15>)
- define(<C0>, H5) C Overlap
--define(<D0>, RP) C Overlap
--define(<TMP>, H4) C Overlap
-+define(<TMP>, RP) C Overlap
-+
-
- PROLOGUE(nettle_ecc_384_modp)
- W64_ENTRY(2, 0)
-@@ -48,34 +48,38 @@ PROLOGUE(nettle_ecc_384_modp)
- push %r14
- push %r15
-
-- C First get top 2 limbs, which need folding twice
-+ C First get top 2 limbs, which need folding twice.
-+ C B^10 = B^6 + B^4 + 2^32 (B-1)B^4.
-+ C We handle the terms as follow:
- C
-- C H5 H4
-- C -H5
-- C ------
-- C H0 D4
-+ C B^6: Folded immediatly.
- C
-- C Then shift right, (H1,H0,D4) <-- (H0,D4) << 32
-- C and add
-+ C B^4: Delayed, added in in the next folding.
- C
-- C H5 H4
-- C H1 H0
-- C ----------
-- C C2 H1 H0
--
-- mov 80(RP), D4
-- mov 88(RP), H0
-- mov D4, H4
-- mov H0, H5
-- sub H0, D4
-- sbb $0, H0
--
-- mov D4, T2
-- mov H0, H1
-- shl $32, H0
-- shr $32, T2
-+ C 2^32(B-1) B^4: Low half limb delayed until the next
-+ C folding. Top 1.5 limbs subtracted and shifter now, resulting
-+ C in 2.5 limbs. The low limb saved in D5, high 1.5 limbs added
-+ C in.
-+
-+ mov 80(RP), H4
-+ mov 88(RP), H5
-+ C Shift right 32 bits, into H1, H0
-+ mov H4, H0
-+ mov H5, H1
-+ mov H5, D5
- shr $32, H1
-- or T2, H0
-+ shl $32, D5
-+ shr $32, H0
-+ or D5, H0
-+
-+ C H1 H0
-+ C - H1 H0
-+ C --------
-+ C H1 H0 D5
-+ mov H0, D5
-+ neg D5
-+ sbb H1, H0
-+ sbb $0, H1
-
- xor C2, C2
- add H4, H0
-@@ -114,118 +118,95 @@ PROLOGUE(nettle_ecc_384_modp)
- adc H3, T5
- adc $0, C0
-
-- C H3 H2 H1 H0 0
-- C - H4 H3 H2 H1 H0
-- C ---------------
-- C H3 H2 H1 H0 D0
--
-- mov XREG(D4), XREG(D4)
-- mov H0, D0
-- neg D0
-- sbb H1, H0
-- sbb H2, H1
-- sbb H3, H2
-- sbb H4, H3
-- sbb $0, D4
--
-- C Shift right. High bits are sign, to be added to C0.
-- mov D4, TMP
-- sar $32, TMP
-- shl $32, D4
-- add TMP, C0
--
-+ C Shift left, including low half of H4
- mov H3, TMP
-+ shl $32, H4
- shr $32, TMP
-- shl $32, H3
-- or TMP, D4
-+ or TMP, H4
-
- mov H2, TMP
-+ shl $32, H3
- shr $32, TMP
-- shl $32, H2
- or TMP, H3
-
- mov H1, TMP
-+ shl $32, H2
- shr $32, TMP
-- shl $32, H1
- or TMP, H2
-
- mov H0, TMP
-+ shl $32, H1
- shr $32, TMP
-- shl $32, H0
- or TMP, H1
-
-- mov D0, TMP
-- shr $32, TMP
-- shl $32, D0
-- or TMP, H0
-+ shl $32, H0
-+
-+ C H4 H3 H2 H1 H0 0
-+ C - H4 H3 H2 H1 H0
-+ C ---------------
-+ C H4 H3 H2 H1 H0 TMP
-
-- add D0, T0
-+ mov H0, TMP
-+ neg TMP
-+ sbb H1, H0
-+ sbb H2, H1
-+ sbb H3, H2
-+ sbb H4, H3
-+ sbb $0, H4
-+
-+ add TMP, T0
- adc H0, T1
- adc H1, T2
- adc H2, T3
- adc H3, T4
-- adc D4, T5
-+ adc H4, T5
- adc $0, C0
-
- C Remains to add in C2 and C0
-- C C0 C0<<32 (-2^32+1)C0
-- C C2 C2<<32 (-2^32+1)C2
-- C where C2 is always positive, while C0 may be -1.
-+ C Set H1, H0 = (2^96 - 2^32 + 1) C0
- mov C0, H0
- mov C0, H1
-- mov C0, H2
-- sar $63, C0 C Get sign
- shl $32, H1
-- sub H1, H0 C Gives borrow iff C0 > 0
-+ sub H1, H0
- sbb $0, H1
-- add C0, H2
-
-+ C Set H3, H2 = (2^96 - 2^32 + 1) C2
-+ mov C2, H2
-+ mov C2, H3
-+ shl $32, H3
-+ sub H3, H2
-+ sbb $0, H3
-+ add C0, H2 C No carry. Could use lea trick
-+
-+ xor C0, C0
- add H0, T0
- adc H1, T1
-- adc $0, H2
-- adc $0, C0
--
-- C Set (H1 H0) <-- C2 << 96 - C2 << 32 + 1
-- mov C2, H0
-- mov C2, H1
-- shl $32, H1
-- sub H1, H0
-- sbb $0, H1
--
-- add H2, H0
-- adc C0, H1
-- adc C2, C0
-- mov C0, H2
-- sar $63, C0
-- add H0, T2
-- adc H1, T3
-- adc H2, T4
-- adc C0, T5
-- sbb C0, C0
-+ adc H2, T2
-+ adc H3, T3
-+ adc C2, T4
-+ adc D5, T5 C Value delayed from initial folding
-+ adc $0, C0 C Use sbb and switch sign?
-
- C Final unlikely carry
- mov C0, H0
- mov C0, H1
-- mov C0, H2
-- sar $63, C0
- shl $32, H1
- sub H1, H0
- sbb $0, H1
-- add C0, H2
-
- pop RP
-
-- sub H0, T0
-+ add H0, T0
- mov T0, (RP)
-- sbb H1, T1
-+ adc H1, T1
- mov T1, 8(RP)
-- sbb H2, T2
-+ adc C0, T2
- mov T2, 16(RP)
-- sbb C0, T3
-+ adc $0, T3
- mov T3, 24(RP)
-- sbb C0, T4
-+ adc $0, T4
- mov T4, 32(RP)
-- sbb C0, T5
-+ adc $0, T5
- mov T5, 40(RP)
-
- pop %r15
diff --git a/meta/recipes-support/nettle/nettle-2.7.1/check-header-files-of-openssl-only-if-enable_.patch b/meta/recipes-support/nettle/nettle-2.7.1/check-header-files-of-openssl-only-if-enable_.patch
deleted file mode 100644
index 38d9107ce7..0000000000
--- a/meta/recipes-support/nettle/nettle-2.7.1/check-header-files-of-openssl-only-if-enable_.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From c369dd7049f5a198f8b6c96fde6e294ce5146c2f Mon Sep 17 00:00:00 2001
-From: Haiqing Bai <Haiqing.Bai@windriver.com>
-Date: Fri, 9 Dec 2016 16:16:45 +0800
-Subject: [PATCH] nettle: check header files of openssl only if
- 'enable_openssl=yes'.
-
-The original configure script checks openssl header files to generate
-config.h even if 'enable_openssl' is not set to yes, this made inconsistent
-building for nettle.
-
-Upstream-Status: Pending
-Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
----
- configure.ac | 8 +++++---
- 1 file changed, 5 insertions(+), 3 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 78a3d4e..4f16a98 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -603,9 +603,11 @@ AC_CHECK_ALIGNOF(uint64_t)
- ALIGNOF_UINT64_T="$ac_cv_alignof_uint64_t"
- AC_SUBST(ALIGNOF_UINT64_T)
-
--AC_CHECK_HEADERS([openssl/blowfish.h openssl/des.h openssl/cast.h openssl/aes.h],,
--[enable_openssl=no
-- break])
-+if test "x$enable_openssl" = "xyes"; then
-+ AC_CHECK_HEADERS([openssl/blowfish.h openssl/des.h openssl/cast.h openssl/aes.h],,
-+ [enable_openssl=no
-+ break])
-+fi
-
- LSH_FUNC_ALLOCA
- LSH_FUNC_STRERROR
---
-1.9.1
-
diff --git a/meta/recipes-support/nettle/nettle_2.7.1.bb b/meta/recipes-support/nettle/nettle_2.7.1.bb
deleted file mode 100644
index 2006146cfe..0000000000
--- a/meta/recipes-support/nettle/nettle_2.7.1.bb
+++ /dev/null
@@ -1,19 +0,0 @@
-require nettle.inc
-
-LICENSE = "LGPLv2.1+ & GPLv2"
-LICENSE_${PN} = "LGPLv2.1+"
-
-LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=2d5025d4aa3495befef8f17206a5b0a1 \
- file://serpent-decrypt.c;beginline=53;endline=67;md5=bcfd4745d53ca57f82907089898e390d \
- file://serpent-set-key.c;beginline=56;endline=70;md5=bcfd4745d53ca57f82907089898e390d"
-
-SRC_URI[md5sum] = "003d5147911317931dd453520eb234a5"
-SRC_URI[sha256sum] = "bc71ebd43435537d767799e414fce88e521b7278d48c860651216e1fc6555b40"
-
-SRC_URI += "\
- file://CVE-2015-8803_8805.patch \
- file://CVE-2015-8804.patch \
- file://check-header-files-of-openssl-only-if-enable_.patch \
- "
-
-DISABLE_STATIC = ""