diff options
Diffstat (limited to 'import-layers/yocto-poky/meta/recipes-support/gnupg/gnupg-1.4.7')
8 files changed, 439 insertions, 0 deletions
diff --git a/import-layers/yocto-poky/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch b/import-layers/yocto-poky/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch new file mode 100644 index 000000000..f0667741c --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch @@ -0,0 +1,63 @@ +From e2202ff2b704623efc6277fb5256e4e15bac5676 Mon Sep 17 00:00:00 2001 +From: Werner Koch <wk@gnupg.org> +Date: Thu, 25 Jul 2013 11:17:52 +0200 +Subject: [PATCH] Mitigate a flush+reload cache attack on RSA secret + exponents. + +commit e2202ff2b704623efc6277fb5256e4e15bac5676 from +git://git.gnupg.org/libgcrypt.git + +* mpi/mpi-pow.c (gcry_mpi_powm): Always perfrom the mpi_mul for +exponents in secure memory. + +Upstream-Status: Backport +CVE: CVE-2013-4242 + +Signed-off-by: Kai Kang <kai.kang@windriver.com> +-- + +The attack is published as http://eprint.iacr.org/2013/448 : + +Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel +Attack by Yuval Yarom and Katrina Falkner. 18 July 2013. + + Flush+Reload is a cache side-channel attack that monitors access to + data in shared pages. In this paper we demonstrate how to use the + attack to extract private encryption keys from GnuPG. The high + resolution and low noise of the Flush+Reload attack enables a spy + program to recover over 98% of the bits of the private key in a + single decryption or signing round. Unlike previous attacks, the + attack targets the last level L3 cache. Consequently, the spy + program and the victim do not need to share the execution core of + the CPU. The attack is not limited to a traditional OS and can be + used in a virtualised environment, where it can attack programs + executing in a different VM. + +Index: gnupg-1.4.7/mpi/mpi-pow.c +=================================================================== +--- gnupg-1.4.7.orig/mpi/mpi-pow.c ++++ gnupg-1.4.7/mpi/mpi-pow.c +@@ -212,7 +212,13 @@ mpi_powm( MPI res, MPI base, MPI exponen + tp = rp; rp = xp; xp = tp; + rsize = xsize; + +- if( (mpi_limb_signed_t)e < 0 ) { ++ /* To mitigate the Yarom/Falkner flush+reload cache ++ * side-channel attack on the RSA secret exponent, we do ++ * the multiplication regardless of the value of the ++ * high-bit of E. But to avoid this performance penalty ++ * we do it only if the exponent has been stored in secure ++ * memory and we can thus assume it is a secret exponent. */ ++ if (esec || (mpi_limb_signed_t)e < 0) { + /*mpihelp_mul( xp, rp, rsize, bp, bsize );*/ + if( bsize < KARATSUBA_THRESHOLD ) { + mpihelp_mul( xp, rp, rsize, bp, bsize ); +@@ -227,6 +233,8 @@ mpi_powm( MPI res, MPI base, MPI exponen + mpihelp_divrem(xp + msize, 0, xp, xsize, mp, msize); + xsize = msize; + } ++ } ++ if ( (mpi_limb_signed_t)e < 0 ) { + + tp = rp; rp = xp; xp = tp; + rsize = xsize; diff --git a/import-layers/yocto-poky/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch b/import-layers/yocto-poky/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch new file mode 100644 index 000000000..b50a32f40 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch @@ -0,0 +1,45 @@ +Upstream-Status: Backport +CVE: CVE-2013-4351 + +Index: gnupg-1.4.7/g10/getkey.c +=================================================================== +--- gnupg-1.4.7.orig/g10/getkey.c 2007-03-05 16:54:41.000000000 +0800 ++++ gnupg-1.4.7/g10/getkey.c 2013-11-28 14:41:59.640212240 +0800 +@@ -1454,7 +1454,11 @@ + + if(flags) + key_usage |= PUBKEY_USAGE_UNKNOWN; ++ if (!key_usage) ++ key_usage |= PUBKEY_USAGE_NONE; + } ++ else if (p) ++ key_usage |= PUBKEY_USAGE_NONE; + + /* We set PUBKEY_USAGE_UNKNOWN to indicate that this key has a + capability that we do not handle. This serves to distinguish +Index: gnupg-1.4.7/g10/keygen.c +=================================================================== +--- gnupg-1.4.7.orig/g10/keygen.c 2007-02-05 00:27:40.000000000 +0800 ++++ gnupg-1.4.7/g10/keygen.c 2013-11-28 14:43:05.016670092 +0800 +@@ -209,9 +209,6 @@ + if (use & PUBKEY_USAGE_AUTH) + buf[0] |= 0x20; + +- if (!buf[0]) +- return; +- + build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1); + } + +Index: gnupg-1.4.7/include/cipher.h +=================================================================== +--- gnupg-1.4.7.orig/include/cipher.h 2006-04-21 20:39:49.000000000 +0800 ++++ gnupg-1.4.7/include/cipher.h 2013-11-28 14:49:24.159322744 +0800 +@@ -52,6 +52,7 @@ + #define PUBKEY_USAGE_CERT 4 /* key is also good to certify other keys*/ + #define PUBKEY_USAGE_AUTH 8 /* key is good for authentication */ + #define PUBKEY_USAGE_UNKNOWN 128 /* key has an unknown usage bit */ ++#define PUBKEY_USAGE_NONE 256 /* No usage given. */ + + #define DIGEST_ALGO_MD5 1 + #define DIGEST_ALGO_SHA1 2 diff --git a/import-layers/yocto-poky/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch b/import-layers/yocto-poky/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch new file mode 100644 index 000000000..5dcde1f9c --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch @@ -0,0 +1,154 @@ +Upstream-Status: Backport +CVE: CVE-2013-4576 + +Index: gnupg-1.4.7/cipher/dsa.c +=================================================================== +--- gnupg-1.4.7.orig/cipher/dsa.c 2006-12-12 02:27:21.000000000 +0800 ++++ gnupg-1.4.7/cipher/dsa.c 2014-01-23 11:30:17.300915919 +0800 +@@ -287,6 +287,8 @@ + MPI kinv; + MPI tmp; + ++ mpi_normalize (hash); ++ + /* select a random k with 0 < k < q */ + k = gen_k( skey->q ); + +Index: gnupg-1.4.7/cipher/elgamal.c +=================================================================== +--- gnupg-1.4.7.orig/cipher/elgamal.c 2006-12-12 03:08:05.000000000 +0800 ++++ gnupg-1.4.7/cipher/elgamal.c 2014-01-23 11:30:17.300915919 +0800 +@@ -376,6 +376,9 @@ + { + MPI t1 = mpi_alloc_secure( mpi_get_nlimbs( skey->p ) ); + ++ mpi_normalize (a); ++ mpi_normalize (b); ++ + /* output = b/(a^x) mod p */ + mpi_powm( t1, a, skey->x, skey->p ); + mpi_invm( t1, t1, skey->p ); +Index: gnupg-1.4.7/cipher/random.c +=================================================================== +--- gnupg-1.4.7.orig/cipher/random.c 2006-11-03 18:09:39.000000000 +0800 ++++ gnupg-1.4.7/cipher/random.c 2014-01-23 11:31:53.993495462 +0800 +@@ -273,6 +273,18 @@ + } + + ++/* Randomize the MPI */ ++void ++randomize_mpi (MPI mpi, size_t nbits, int level) ++{ ++ unsigned char *buffer; ++ ++ buffer = get_random_bits (nbits, level, mpi_is_secure (mpi)); ++ mpi_set_buffer (mpi, buffer, (nbits+7)/8, 0); ++ xfree (buffer); ++} ++ ++ + int + random_is_faked() + { +Index: gnupg-1.4.7/cipher/random.h +=================================================================== +--- gnupg-1.4.7.orig/cipher/random.h 2006-02-09 19:29:29.000000000 +0800 ++++ gnupg-1.4.7/cipher/random.h 2014-01-23 11:30:17.300915919 +0800 +@@ -32,6 +32,7 @@ + int random_is_faked(void); + void random_disable_locking (void); + void randomize_buffer( byte *buffer, size_t length, int level ); ++void randomize_mpi (MPI mpi, size_t nbits, int level); + byte *get_random_bits( size_t nbits, int level, int secure ); + void fast_random_poll( void ); + +Index: gnupg-1.4.7/cipher/rsa.c +=================================================================== +--- gnupg-1.4.7.orig/cipher/rsa.c 2006-12-12 03:09:00.000000000 +0800 ++++ gnupg-1.4.7/cipher/rsa.c 2014-01-23 11:35:04.330639125 +0800 +@@ -301,9 +301,26 @@ + #if 0 + mpi_powm( output, input, skey->d, skey->n ); + #else +- MPI m1 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 ); +- MPI m2 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 ); +- MPI h = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 ); ++ int nlimbs = mpi_get_nlimbs (skey->n)+1; ++ MPI m1 = mpi_alloc_secure (nlimbs); ++ MPI m2 = mpi_alloc_secure (nlimbs); ++ MPI h = mpi_alloc_secure (nlimbs); ++# if 1 ++ MPI bdata= mpi_alloc_secure (nlimbs); ++ MPI r = mpi_alloc_secure (nlimbs); ++# endif ++ ++ /* Remove superfluous leading zeroes from INPUT. */ ++ mpi_normalize (input); ++ ++# if 1 ++ /* Blind: bdata = (data * r^e) mod n */ ++ randomize_mpi (r, mpi_get_nbits (skey->n), 0); ++ mpi_fdiv_r (r, r, skey->n); ++ mpi_powm (bdata, r, skey->e, skey->n); ++ mpi_mulm (bdata, bdata, input, skey->n); ++ input = bdata; ++# endif + + /* m1 = c ^ (d mod (p-1)) mod p */ + mpi_sub_ui( h, skey->p, 1 ); +@@ -321,8 +338,15 @@ + /* m = m2 + h * p */ + mpi_mul ( h, h, skey->p ); + mpi_add ( output, m1, h ); +- /* ready */ +- ++ ++# if 1 ++ mpi_free (bdata); ++ /* Unblind: output = (output * r^(-1)) mod n */ ++ mpi_invm (r, r, skey->n); ++ mpi_mulm (output, output, r, skey->n); ++ mpi_free (r); ++# endif ++ + mpi_free ( h ); + mpi_free ( m1 ); + mpi_free ( m2 ); +@@ -397,6 +421,7 @@ + rsa_decrypt( int algo, MPI *result, MPI *data, MPI *skey ) + { + RSA_secret_key sk; ++ MPI input; + + if( algo != 1 && algo != 2 ) + return G10ERR_PUBKEY_ALGO; +@@ -407,8 +432,14 @@ + sk.p = skey[3]; + sk.q = skey[4]; + sk.u = skey[5]; +- *result = mpi_alloc_secure( mpi_get_nlimbs( sk.n ) ); +- secret( *result, data[0], &sk ); ++ ++ /* Mitigates side-channel attacks (CVE-2013-4576). */ ++ input = mpi_alloc (0); ++ mpi_normalize (data[0]); ++ mpi_fdiv_r (input, data[0], sk.n); ++ *result = mpi_alloc_secure (mpi_get_nlimbs (sk.n)); ++ secret (*result, input, &sk); ++ mpi_free (input); + return 0; + } + +Index: gnupg-1.4.7/g10/gpgv.c +=================================================================== +--- gnupg-1.4.7.orig/g10/gpgv.c 2006-12-13 19:25:04.000000000 +0800 ++++ gnupg-1.4.7/g10/gpgv.c 2014-01-23 11:30:17.300915919 +0800 +@@ -390,6 +390,7 @@ + void random_dump_stats(void) {} + int quick_random_gen( int onoff ) { return -1;} + void randomize_buffer( byte *buffer, size_t length, int level ) {} ++void randomize_mpi (MPI mpi, size_t nbits, int level) {} + int random_is_faked() { return -1;} + byte *get_random_bits( size_t nbits, int level, int secure ) { return NULL;} + void set_random_seed_file( const char *name ) {} diff --git a/import-layers/yocto-poky/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch b/import-layers/yocto-poky/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch new file mode 100644 index 000000000..362717636 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch @@ -0,0 +1,64 @@ +commit f0b33b6fb8e0586e9584a7a409dcc31263776a67 +Author: Werner Koch <wk@gnupg.org> +Date: Thu Dec 20 09:43:41 2012 +0100 + + gpg: Import only packets which are allowed in a keyblock. + + * g10/import.c (valid_keyblock_packet): New. + (read_block): Store only valid packets. + -- + + A corrupted key, which for example included a mangled public key + encrypted packet, used to corrupt the keyring. This change skips all + packets which are not allowed in a keyblock. + + GnuPG-bug-id: 1455 + + (cherry-picked from commit f795a0d59e197455f8723c300eebf59e09853efa) + +Upstream-Status: Backport +CVE: CVE-2012-6085 + +Signed-off-by: Saul Wold <sgw@linux.intel.com> + +diff --git a/g10/import.c b/g10/import.c +index bfe02eb..a57b32e 100644 +--- a/g10/import.c ++++ b/g10/import.c +@@ -384,6 +384,27 @@ import_print_stats (void *hd) + } + + ++/* Return true if PKTTYPE is valid in a keyblock. */ ++static int ++valid_keyblock_packet (int pkttype) ++{ ++ switch (pkttype) ++ { ++ case PKT_PUBLIC_KEY: ++ case PKT_PUBLIC_SUBKEY: ++ case PKT_SECRET_KEY: ++ case PKT_SECRET_SUBKEY: ++ case PKT_SIGNATURE: ++ case PKT_USER_ID: ++ case PKT_ATTRIBUTE: ++ case PKT_RING_TRUST: ++ return 1; ++ default: ++ return 0; ++ } ++} ++ ++ + /**************** + * Read the next keyblock from stream A. + * PENDING_PKT should be initialzed to NULL +@@ -461,7 +482,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root ) + } + in_cert = 1; + default: +- if( in_cert ) { ++ if (in_cert && valid_keyblock_packet (pkt->pkttype)) { + if( !root ) + root = new_kbnode( pkt ); + else diff --git a/import-layers/yocto-poky/meta/recipes-support/gnupg/gnupg-1.4.7/configure.patch b/import-layers/yocto-poky/meta/recipes-support/gnupg/gnupg-1.4.7/configure.patch new file mode 100644 index 000000000..e005ac658 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-support/gnupg/gnupg-1.4.7/configure.patch @@ -0,0 +1,17 @@ + +Upstream-Status: Inappropriate [configuration] + +Signed-off-by: Saul Wold <sgw@linux.intel.com> + +Index: gnupg-1.4.7/configure.ac +=================================================================== +--- gnupg-1.4.7.orig/configure.ac ++++ gnupg-1.4.7/configure.ac +@@ -827,7 +827,6 @@ else + AC_SUBST(USE_NLS) + AC_SUBST(USE_INCLUDED_LIBINTL) + AC_SUBST(BUILD_INCLUDED_LIBINTL) +- AM_PO_SUBDIRS + fi + + if test "$try_extensions" = yes || test x"$card_support" = xyes ; then diff --git a/import-layers/yocto-poky/meta/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch b/import-layers/yocto-poky/meta/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch new file mode 100644 index 000000000..e5fb24aa6 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-support/gnupg/gnupg-1.4.7/curl_typeof_fix_backport.patch @@ -0,0 +1,27 @@ + +This has been discussed in a couple of different bug reported +upstream: + +http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=486250 +http://bugs.sourcemage.org/show_bug.cgi?id=14446 + +Fix: +http://lists.gnupg.org/pipermail/gnupg-devel/2008-April/024344.html + +Upstream-Status: Backport [Debian] + +Signed-off-by: Saul Wold <sgw@linux.intel.com> + +Index: gnupg-1.4.7/keyserver/gpgkeys_curl.c +=================================================================== +--- gnupg-1.4.7.orig/keyserver/gpgkeys_curl.c ++++ gnupg-1.4.7/keyserver/gpgkeys_curl.c +@@ -286,7 +286,7 @@ main(int argc,char *argv[]) + curl_easy_setopt(curl,CURLOPT_VERBOSE,1); + } + +- curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,opt->flags.check_cert); ++ curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,(long)opt->flags.check_cert); + curl_easy_setopt(curl,CURLOPT_CAINFO,opt->ca_cert_file); + + if(proxy) diff --git a/import-layers/yocto-poky/meta/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch b/import-layers/yocto-poky/meta/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch new file mode 100644 index 000000000..2855cab24 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-support/gnupg/gnupg-1.4.7/long-long-thumb.patch @@ -0,0 +1,19 @@ +Orignal Patch came from OpenWrt via OE-Classic +https://dev.openwrt.org/browser/packages/utils/gnupg/patches/001-mips_gcc4.4 +which is no longer a valid revision! + +Upstream-Status: Inappropriate [configuration] + + +--- gnupg/mpi/longlong.h~ 2006-02-14 10:09:55.000000000 +0000 ++++ gnupg/mpi/longlong.h 2008-10-27 13:11:09.000000000 +0000 +@@ -181,7 +181,7 @@ + /*************************************** + ************** ARM ****************** + ***************************************/ +-#if defined (__arm__) && W_TYPE_SIZE == 32 ++#if defined (__arm__) && W_TYPE_SIZE == 32 && !defined(__thumb__) + #define add_ssaaaa(sh, sl, ah, al, bh, bl) \ + __asm__ ("adds %1, %4, %5\n" \ + "adc %0, %2, %3" \ + diff --git a/import-layers/yocto-poky/meta/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch b/import-layers/yocto-poky/meta/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch new file mode 100644 index 000000000..9a03b2b70 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-support/gnupg/gnupg-1.4.7/mips_gcc4.4.patch @@ -0,0 +1,50 @@ + +From Openembedded-Classic + + gnupg-1.4.10: Readd the ARM Thumb patch as debian has no thumb support + + +Upstream-Status: Inappropriate [embedded-specific] + +Index: gnupg-1.4.10/mpi/longlong.h +=================================================================== +--- gnupg-1.4.10.orig/mpi/longlong.h 2008-12-11 17:39:43.000000000 +0100 ++++ gnupg-1.4.10/mpi/longlong.h 2010-03-27 14:27:53.000000000 +0100 +@@ -706,18 +706,35 @@ + #endif /* __m88110__ */ + #endif /* __m88000__ */ + ++/* Test for gcc >= maj.min, as per __GNUC_PREREQ in glibc */ ++#if defined (__GNUC__) && defined (__GNUC_MINOR__) ++#define __GNUC_PREREQ(maj, min) \ ++ ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min)) ++#else ++#define __GNUC_PREREQ(maj, min) 0 ++#endif ++ + /*************************************** + ************** MIPS ***************** + ***************************************/ + #if defined (__mips__) && W_TYPE_SIZE == 32 +-#if __GNUC__ > 2 || __GNUC_MINOR__ >= 7 ++#if __GNUC_PREREQ (4,4) ++#define umul_ppmm(w1, w0, u, v) \ ++ do { \ ++ UDItype __ll = (UDItype)(u) * (v); \ ++ w1 = __ll >> 32; \ ++ w0 = __ll; \ ++ } while (0) ++#endif ++#if !defined (umul_ppmm) && __GNUC_PREREQ (2,7) + #define umul_ppmm(w1, w0, u, v) \ + __asm__ ("multu %2,%3" \ + : "=l" ((USItype)(w0)), \ + "=h" ((USItype)(w1)) \ + : "d" ((USItype)(u)), \ + "d" ((USItype)(v))) +-#else ++#endif ++#if !defined (umul_ppmm) + #define umul_ppmm(w1, w0, u, v) \ + __asm__ ("multu %2,%3 \n" \ + "mflo %0 \n" \ |