diff options
Diffstat (limited to 'recipes-support/nettle')
7 files changed, 519 insertions, 0 deletions
diff --git a/recipes-support/nettle/files/Add-target-to-only-build-tests-not-run-them.patch b/recipes-support/nettle/files/Add-target-to-only-build-tests-not-run-them.patch new file mode 100644 index 0000000..23da777 --- /dev/null +++ b/recipes-support/nettle/files/Add-target-to-only-build-tests-not-run-them.patch @@ -0,0 +1,46 @@ +From 46edf01cc98db9f9feec984897836dfdd26bdc8d Mon Sep 17 00:00:00 2001 +From: Jussi Kukkonen <jussi.kukkonen@intel.com> +Date: Wed, 12 Aug 2015 23:27:27 +0300 +Subject: [PATCH] Add target to only build tests (not run them) + +Not sending upstream as this is only a start of a solution to +installable tests: It's useful for us already as is. + +Upstream-Status: Inappropriate [not a complete solution] + +Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> +--- + Makefile.in | 3 +++ + testsuite/Makefile.in | 2 ++ + 2 files changed, 5 insertions(+) + +diff --git a/Makefile.in b/Makefile.in +index 08efb7d..7909342 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -55,6 +55,9 @@ clean distclean mostlyclean maintainer-clean tags: + echo "Making $@ in $$d" ; (cd $$d && $(MAKE) $@); done + $(MAKE) $@-here + ++buildtest: ++ echo "Making $@ in testsuite" ; (cd testsuite && $(MAKE) $@) ++ + check-here: + true + +diff --git a/testsuite/Makefile.in b/testsuite/Makefile.in +index 6bc1907..bb65bf0 100644 +--- a/testsuite/Makefile.in ++++ b/testsuite/Makefile.in +@@ -116,6 +116,8 @@ $(TARGETS) $(EXTRA_TARGETS): testutils.$(OBJEXT) ../nettle-internal.$(OBJEXT) \ + # data. + VALGRIND = valgrind --error-exitcode=1 --leak-check=full --show-reachable=yes @IF_ASM@ --partial-loads-ok=yes + ++buildtest: $(TS_ALL) ++ + # The PATH update is for locating dlls on w*ndows. + check: $(TS_ALL) + LD_LIBRARY_PATH=../.lib PATH="../.lib:$$PATH" srcdir="$(srcdir)" \ +-- +2.1.4 + diff --git a/recipes-support/nettle/files/run-ptest b/recipes-support/nettle/files/run-ptest new file mode 100644 index 0000000..b90bed6 --- /dev/null +++ b/recipes-support/nettle/files/run-ptest @@ -0,0 +1,36 @@ +#! /bin/sh + +cd testsuite + +failed=0 +all=0 + +for f in *-test; do + if [ "$f" = "sha1-huge-test" ] ; then + echo "SKIP: $f (skipped for ludicrous run time)" + continue + fi + + "./$f" + case "$?" in + 0) + echo "PASS: $f" + all=$((all + 1)) + ;; + 77) + echo "SKIP: $f" + ;; + *) + echo "FAIL: $f" + failed=$((failed + 1)) + all=$((all + 1)) + ;; + esac +done + +if [ "$failed" -eq 0 ] ; then + echo "All $all tests passed" +else + echo "$failed of $all tests failed" +fi + diff --git a/recipes-support/nettle/nettle-2.7.1/CVE-2015-8803_8805.patch b/recipes-support/nettle/nettle-2.7.1/CVE-2015-8803_8805.patch new file mode 100644 index 0000000..a956f42 --- /dev/null +++ b/recipes-support/nettle/nettle-2.7.1/CVE-2015-8803_8805.patch @@ -0,0 +1,71 @@ +Upstream-Status: Backport +https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e4550137209e3ce4d + +CVE: CVE-2015-8803 +CVE: CVE-2015-8805 + +Same fix for both. + +Signed-off-by: Armin Kuster <akuster@mvista.com> + +Index: nettle-2.7.1/ecc-256.c +=================================================================== +--- nettle-2.7.1.orig/ecc-256.c ++++ nettle-2.7.1/ecc-256.c +@@ -96,9 +96,19 @@ ecc_256_modp (const struct ecc_curve *ec + q2 += t + (q1 < t); + + assert (q2 < 2); ++ /* ++ n-1 n-2 n-3 n-4 ++ +---+---+---+---+ ++ | u1| u0| u low | ++ +---+---+---+---+ ++ - | q1(2^96-1)| ++ +-------+---+ ++ |q2(2^.)| ++ +-------+ + +- /* We multiply by two low limbs of p, 2^96 - 1, so we could use +- shifts rather than mul. */ ++ We multiply by two low limbs of p, 2^96 - 1, so we could use ++ shifts rather than mul. ++ */ + t = mpn_submul_1 (rp + n - 4, ecc->p, 2, q1); + t += cnd_sub_n (q2, rp + n - 3, ecc->p, 1); + t += (-q2) & 0xffffffff; +@@ -108,7 +118,10 @@ ecc_256_modp (const struct ecc_curve *ec + u0 -= t; + t = (u1 < cy); + u1 -= cy; +- u1 += cnd_add_n (t, rp + n - 4, ecc->p, 3); ++ ++ cy = cnd_add_n (t, rp + n - 4, ecc->p, 2); ++ u0 += cy; ++ u1 += (u0 < cy); + u1 -= (-t) & 0xffffffff; + } + rp[2] = u0; +@@ -195,7 +208,7 @@ ecc_256_modq (const struct ecc_curve *ec + + /* Conditional add of p */ + u1 += t; +- u2 += (t<<32) + (u0 < t); ++ u2 += (t<<32) + (u1 < t); + + t = cnd_add_n (t, rp + n - 4, ecc->q, 2); + u1 += t; +Index: nettle-2.7.1/ChangeLog +=================================================================== +--- nettle-2.7.1.orig/ChangeLog ++++ nettle-2.7.1/ChangeLog +@@ -1,3 +1,9 @@ ++2015-12-10 Niels Möller <nisse@lysator.liu.se> ++ ++ * ecc-256.c (ecc_256_modp): Fixed carry propagation bug. Problem ++ reported by Hanno Böck. ++ (ecc_256_modq): Fixed another carry propagation bug. ++ + 2013-05-28 Niels Möller <nisse@lysator.liu.se> + + * Released nettle-2.7.1. diff --git a/recipes-support/nettle/nettle-2.7.1/CVE-2015-8804.patch b/recipes-support/nettle/nettle-2.7.1/CVE-2015-8804.patch new file mode 100644 index 0000000..73723a9 --- /dev/null +++ b/recipes-support/nettle/nettle-2.7.1/CVE-2015-8804.patch @@ -0,0 +1,272 @@ +Upstream-Status: Backport + https://git.lysator.liu.se/nettle/nettle/commit/fa269b6ad06dd13c901dbd84a12e52b918a09cd7 + +CVE: CVE-2015-8804 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +Index: nettle-2.7.1/ChangeLog +=================================================================== +--- nettle-2.7.1.orig/ChangeLog ++++ nettle-2.7.1/ChangeLog +@@ -1,3 +1,11 @@ ++2015-12-15 Niels Möller <nisse@lysator.liu.se> ++ ++ * x86_64/ecc-384-modp.asm: Fixed carry propagation bug. Problem ++ reported by Hanno Böck. Simplified the folding to always use ++ non-negative carry, the old code attempted to add in a carry which ++ could be either positive or negative, but didn't get that case ++ right. ++ + 2015-12-10 Niels Möller <nisse@lysator.liu.se> + + * ecc-256.c (ecc_256_modp): Fixed carry propagation bug. Problem +Index: nettle-2.7.1/x86_64/ecc-384-modp.asm +=================================================================== +--- nettle-2.7.1.orig/x86_64/ecc-384-modp.asm ++++ nettle-2.7.1/x86_64/ecc-384-modp.asm +@@ -20,7 +20,7 @@ C MA 02111-1301, USA. + .file "ecc-384-modp.asm" + + define(<RP>, <%rsi>) +-define(<D4>, <%rax>) ++define(<D5>, <%rax>) + define(<T0>, <%rbx>) + define(<T1>, <%rcx>) + define(<T2>, <%rdx>) +@@ -35,8 +35,8 @@ define(<H4>, <%r13>) + define(<H5>, <%r14>) + define(<C2>, <%r15>) + define(<C0>, H5) C Overlap +-define(<D0>, RP) C Overlap +-define(<TMP>, H4) C Overlap ++define(<TMP>, RP) C Overlap ++ + + PROLOGUE(nettle_ecc_384_modp) + W64_ENTRY(2, 0) +@@ -48,34 +48,38 @@ PROLOGUE(nettle_ecc_384_modp) + push %r14 + push %r15 + +- C First get top 2 limbs, which need folding twice ++ C First get top 2 limbs, which need folding twice. ++ C B^10 = B^6 + B^4 + 2^32 (B-1)B^4. ++ C We handle the terms as follow: + C +- C H5 H4 +- C -H5 +- C ------ +- C H0 D4 ++ C B^6: Folded immediatly. + C +- C Then shift right, (H1,H0,D4) <-- (H0,D4) << 32 +- C and add ++ C B^4: Delayed, added in in the next folding. + C +- C H5 H4 +- C H1 H0 +- C ---------- +- C C2 H1 H0 +- +- mov 80(RP), D4 +- mov 88(RP), H0 +- mov D4, H4 +- mov H0, H5 +- sub H0, D4 +- sbb $0, H0 +- +- mov D4, T2 +- mov H0, H1 +- shl $32, H0 +- shr $32, T2 ++ C 2^32(B-1) B^4: Low half limb delayed until the next ++ C folding. Top 1.5 limbs subtracted and shifter now, resulting ++ C in 2.5 limbs. The low limb saved in D5, high 1.5 limbs added ++ C in. ++ ++ mov 80(RP), H4 ++ mov 88(RP), H5 ++ C Shift right 32 bits, into H1, H0 ++ mov H4, H0 ++ mov H5, H1 ++ mov H5, D5 + shr $32, H1 +- or T2, H0 ++ shl $32, D5 ++ shr $32, H0 ++ or D5, H0 ++ ++ C H1 H0 ++ C - H1 H0 ++ C -------- ++ C H1 H0 D5 ++ mov H0, D5 ++ neg D5 ++ sbb H1, H0 ++ sbb $0, H1 + + xor C2, C2 + add H4, H0 +@@ -114,118 +118,95 @@ PROLOGUE(nettle_ecc_384_modp) + adc H3, T5 + adc $0, C0 + +- C H3 H2 H1 H0 0 +- C - H4 H3 H2 H1 H0 +- C --------------- +- C H3 H2 H1 H0 D0 +- +- mov XREG(D4), XREG(D4) +- mov H0, D0 +- neg D0 +- sbb H1, H0 +- sbb H2, H1 +- sbb H3, H2 +- sbb H4, H3 +- sbb $0, D4 +- +- C Shift right. High bits are sign, to be added to C0. +- mov D4, TMP +- sar $32, TMP +- shl $32, D4 +- add TMP, C0 +- ++ C Shift left, including low half of H4 + mov H3, TMP ++ shl $32, H4 + shr $32, TMP +- shl $32, H3 +- or TMP, D4 ++ or TMP, H4 + + mov H2, TMP ++ shl $32, H3 + shr $32, TMP +- shl $32, H2 + or TMP, H3 + + mov H1, TMP ++ shl $32, H2 + shr $32, TMP +- shl $32, H1 + or TMP, H2 + + mov H0, TMP ++ shl $32, H1 + shr $32, TMP +- shl $32, H0 + or TMP, H1 + +- mov D0, TMP +- shr $32, TMP +- shl $32, D0 +- or TMP, H0 ++ shl $32, H0 ++ ++ C H4 H3 H2 H1 H0 0 ++ C - H4 H3 H2 H1 H0 ++ C --------------- ++ C H4 H3 H2 H1 H0 TMP + +- add D0, T0 ++ mov H0, TMP ++ neg TMP ++ sbb H1, H0 ++ sbb H2, H1 ++ sbb H3, H2 ++ sbb H4, H3 ++ sbb $0, H4 ++ ++ add TMP, T0 + adc H0, T1 + adc H1, T2 + adc H2, T3 + adc H3, T4 +- adc D4, T5 ++ adc H4, T5 + adc $0, C0 + + C Remains to add in C2 and C0 +- C C0 C0<<32 (-2^32+1)C0 +- C C2 C2<<32 (-2^32+1)C2 +- C where C2 is always positive, while C0 may be -1. ++ C Set H1, H0 = (2^96 - 2^32 + 1) C0 + mov C0, H0 + mov C0, H1 +- mov C0, H2 +- sar $63, C0 C Get sign + shl $32, H1 +- sub H1, H0 C Gives borrow iff C0 > 0 ++ sub H1, H0 + sbb $0, H1 +- add C0, H2 + ++ C Set H3, H2 = (2^96 - 2^32 + 1) C2 ++ mov C2, H2 ++ mov C2, H3 ++ shl $32, H3 ++ sub H3, H2 ++ sbb $0, H3 ++ add C0, H2 C No carry. Could use lea trick ++ ++ xor C0, C0 + add H0, T0 + adc H1, T1 +- adc $0, H2 +- adc $0, C0 +- +- C Set (H1 H0) <-- C2 << 96 - C2 << 32 + 1 +- mov C2, H0 +- mov C2, H1 +- shl $32, H1 +- sub H1, H0 +- sbb $0, H1 +- +- add H2, H0 +- adc C0, H1 +- adc C2, C0 +- mov C0, H2 +- sar $63, C0 +- add H0, T2 +- adc H1, T3 +- adc H2, T4 +- adc C0, T5 +- sbb C0, C0 ++ adc H2, T2 ++ adc H3, T3 ++ adc C2, T4 ++ adc D5, T5 C Value delayed from initial folding ++ adc $0, C0 C Use sbb and switch sign? + + C Final unlikely carry + mov C0, H0 + mov C0, H1 +- mov C0, H2 +- sar $63, C0 + shl $32, H1 + sub H1, H0 + sbb $0, H1 +- add C0, H2 + + pop RP + +- sub H0, T0 ++ add H0, T0 + mov T0, (RP) +- sbb H1, T1 ++ adc H1, T1 + mov T1, 8(RP) +- sbb H2, T2 ++ adc C0, T2 + mov T2, 16(RP) +- sbb C0, T3 ++ adc $0, T3 + mov T3, 24(RP) +- sbb C0, T4 ++ adc $0, T4 + mov T4, 32(RP) +- sbb C0, T5 ++ adc $0, T5 + mov T5, 40(RP) + + pop %r15 diff --git a/recipes-support/nettle/nettle-2.7.1/check-header-files-of-openssl-only-if-enable_.patch b/recipes-support/nettle/nettle-2.7.1/check-header-files-of-openssl-only-if-enable_.patch new file mode 100644 index 0000000..38d9107 --- /dev/null +++ b/recipes-support/nettle/nettle-2.7.1/check-header-files-of-openssl-only-if-enable_.patch @@ -0,0 +1,38 @@ +From c369dd7049f5a198f8b6c96fde6e294ce5146c2f Mon Sep 17 00:00:00 2001 +From: Haiqing Bai <Haiqing.Bai@windriver.com> +Date: Fri, 9 Dec 2016 16:16:45 +0800 +Subject: [PATCH] nettle: check header files of openssl only if + 'enable_openssl=yes'. + +The original configure script checks openssl header files to generate +config.h even if 'enable_openssl' is not set to yes, this made inconsistent +building for nettle. + +Upstream-Status: Pending +Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com> +--- + configure.ac | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 78a3d4e..4f16a98 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -603,9 +603,11 @@ AC_CHECK_ALIGNOF(uint64_t) + ALIGNOF_UINT64_T="$ac_cv_alignof_uint64_t" + AC_SUBST(ALIGNOF_UINT64_T) + +-AC_CHECK_HEADERS([openssl/blowfish.h openssl/des.h openssl/cast.h openssl/aes.h],, +-[enable_openssl=no +- break]) ++if test "x$enable_openssl" = "xyes"; then ++ AC_CHECK_HEADERS([openssl/blowfish.h openssl/des.h openssl/cast.h openssl/aes.h],, ++ [enable_openssl=no ++ break]) ++fi + + LSH_FUNC_ALLOCA + LSH_FUNC_STRERROR +-- +1.9.1 + diff --git a/recipes-support/nettle/nettle.inc b/recipes-support/nettle/nettle.inc new file mode 100644 index 0000000..af51fb6 --- /dev/null +++ b/recipes-support/nettle/nettle.inc @@ -0,0 +1,37 @@ +SUMMARY = "A low level cryptographic library" +HOMEPAGE = "http://www.lysator.liu.se/~nisse/nettle/" +SECTION = "libs" + +DEPENDS += "gmp" + +SRC_URI = "http://www.lysator.liu.se/~nisse/archive/${BP}.tar.gz \ + file://Add-target-to-only-build-tests-not-run-them.patch \ + file://run-ptest \ + " + +UPSTREAM_CHECK_REGEX = "nettle-(?P<pver>\d+(\.\d+)+)\.tar" + +inherit autotools ptest + +EXTRA_OECONF = "--disable-openssl" + +do_configure_prepend() { + if [ ! -e ${S}/acinclude.m4 -a -e ${S}/aclocal.m4 ]; then + cp ${S}/aclocal.m4 ${S}/acinclude.m4 + fi +} + +do_compile_ptest() { + oe_runmake buildtest +} + +do_install_ptest() { + install -d ${D}${PTEST_PATH}/testsuite/ + install ${S}/testsuite/gold-bug.txt ${D}${PTEST_PATH}/testsuite/ + install ${S}/testsuite/*-test ${D}${PTEST_PATH}/testsuite/ + # tools can be found in PATH, not in ../tools/ + sed -i -e 's|../tools/||' ${D}${PTEST_PATH}/testsuite/*-test + install ${B}/testsuite/*-test ${D}${PTEST_PATH}/testsuite/ +} + +BBCLASSEXTEND = "native nativesdk" diff --git a/recipes-support/nettle/nettle_2.7.1.bb b/recipes-support/nettle/nettle_2.7.1.bb new file mode 100644 index 0000000..2006146 --- /dev/null +++ b/recipes-support/nettle/nettle_2.7.1.bb @@ -0,0 +1,19 @@ +require nettle.inc + +LICENSE = "LGPLv2.1+ & GPLv2" +LICENSE_${PN} = "LGPLv2.1+" + +LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=2d5025d4aa3495befef8f17206a5b0a1 \ + file://serpent-decrypt.c;beginline=53;endline=67;md5=bcfd4745d53ca57f82907089898e390d \ + file://serpent-set-key.c;beginline=56;endline=70;md5=bcfd4745d53ca57f82907089898e390d" + +SRC_URI[md5sum] = "003d5147911317931dd453520eb234a5" +SRC_URI[sha256sum] = "bc71ebd43435537d767799e414fce88e521b7278d48c860651216e1fc6555b40" + +SRC_URI += "\ + file://CVE-2015-8803_8805.patch \ + file://CVE-2015-8804.patch \ + file://check-header-files-of-openssl-only-if-enable_.patch \ + " + +DISABLE_STATIC = "" |