aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/libgcrypt/libgcrypt.inc
diff options
context:
space:
mode:
authorRoss Burton <ross.burton@intel.com>2017-07-18 23:07:34 +0100
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-07-19 11:29:54 +0100
commit04d7a4adafa09f9f3012c355f4f2f9728cb0b166 (patch)
treeb496bab7ad1fe3c9b5254d3331867dd53890bdd3 /meta/recipes-support/libgcrypt/libgcrypt.inc
parentbefda6ce3fd916ab04c035d1d82ed173759f7f09 (diff)
downloadopenembedded-core-04d7a4adafa09f9f3012c355f4f2f9728cb0b166.tar.gz
openembedded-core-04d7a4adafa09f9f3012c355f4f2f9728cb0b166.tar.bz2
openembedded-core-04d7a4adafa09f9f3012c355f4f2f9728cb0b166.zip
libgcrypt: fix CVE-2017-9526
In libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point operations are used in the MPI library. Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support/libgcrypt/libgcrypt.inc')
-rw-r--r--meta/recipes-support/libgcrypt/libgcrypt.inc1
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-support/libgcrypt/libgcrypt.inc b/meta/recipes-support/libgcrypt/libgcrypt.inc
index 15805cd436..7c4c0e83b5 100644
--- a/meta/recipes-support/libgcrypt/libgcrypt.inc
+++ b/meta/recipes-support/libgcrypt/libgcrypt.inc
@@ -20,6 +20,7 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.gz \
file://libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch \
file://fix-ICE-failure-on-mips-with-option-O-and-g.patch \
file://fix-undefined-reference-to-pthread.patch \
+ file://0001-ecc-Store-EdDSA-session-key-in-secure-memory.patch \
"
BINCONFIG = "${bindir}/libgcrypt-config"