mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-15 16:07:26 +00:00
botan: patch CVE-2024-50382 and CVE-2024-50383
Same patch fixes both vulnerabilities. Details: https://nvd.nist.gov/vuln/detail/CVE-2024-50382 https://nvd.nist.gov/vuln/detail/CVE-2024-50383 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
@@ -0,0 +1,66 @@
|
|||||||
|
From 157bf1cd6877e16084e910d68c1844ac73b4f6ff Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jack Lloyd <jack@randombit.net>
|
||||||
|
Date: Sat, 19 Oct 2024 07:43:18 -0400
|
||||||
|
Subject: [PATCH] Add more value barriers to avoid compiler induced side
|
||||||
|
channels
|
||||||
|
|
||||||
|
The paper https://arxiv.org/pdf/2410.13489 claims that on specific
|
||||||
|
architectures Clang and GCC may introduce jumps here. The donna128
|
||||||
|
issues only affect 32-bit processors, which explains why we would not
|
||||||
|
see it in the x86-64 valgrind runs.
|
||||||
|
|
||||||
|
The GHASH leak would seem to be generic but the authors only observed
|
||||||
|
it on RISC-V.
|
||||||
|
|
||||||
|
CVE: CVE-2024-50382
|
||||||
|
CVE: CVE-2024-50383
|
||||||
|
Upstream-Status: Backport [https://github.com/randombit/botan/commit/53b0cfde580e86b03d0d27a488b6c134f662e957]
|
||||||
|
(cherry picked from commit 53b0cfde580e86b03d0d27a488b6c134f662e957)
|
||||||
|
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
|
||||||
|
---
|
||||||
|
src/lib/utils/donna128.h | 5 +++--
|
||||||
|
src/lib/utils/ghash/ghash.cpp | 2 +-
|
||||||
|
2 files changed, 4 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/lib/utils/donna128.h b/src/lib/utils/donna128.h
|
||||||
|
index f39f57f97..ab7fb4c83 100644
|
||||||
|
--- a/src/lib/utils/donna128.h
|
||||||
|
+++ b/src/lib/utils/donna128.h
|
||||||
|
@@ -8,6 +8,7 @@
|
||||||
|
#ifndef BOTAN_CURVE25519_DONNA128_H_
|
||||||
|
#define BOTAN_CURVE25519_DONNA128_H_
|
||||||
|
|
||||||
|
+#include <botan/internal/ct_utils.h>
|
||||||
|
#include <botan/internal/mul128.h>
|
||||||
|
|
||||||
|
namespace Botan {
|
||||||
|
@@ -54,14 +55,14 @@ class donna128 final {
|
||||||
|
l += x.l;
|
||||||
|
h += x.h;
|
||||||
|
|
||||||
|
- const uint64_t carry = (l < x.l);
|
||||||
|
+ const uint64_t carry = CT::Mask<uint64_t>::is_lt(l, x.l).if_set_return(1);
|
||||||
|
h += carry;
|
||||||
|
return *this;
|
||||||
|
}
|
||||||
|
|
||||||
|
donna128& operator+=(uint64_t x) {
|
||||||
|
l += x;
|
||||||
|
- const uint64_t carry = (l < x);
|
||||||
|
+ const uint64_t carry = CT::Mask<uint64_t>::is_lt(l, x).if_set_return(1);
|
||||||
|
h += carry;
|
||||||
|
return *this;
|
||||||
|
}
|
||||||
|
diff --git a/src/lib/utils/ghash/ghash.cpp b/src/lib/utils/ghash/ghash.cpp
|
||||||
|
index 38604afdb..5c244b4f8 100644
|
||||||
|
--- a/src/lib/utils/ghash/ghash.cpp
|
||||||
|
+++ b/src/lib/utils/ghash/ghash.cpp
|
||||||
|
@@ -129,7 +129,7 @@ void GHASH::key_schedule(std::span<const uint8_t> key) {
|
||||||
|
m_HM[4 * j + 2 * i + 1] = H1;
|
||||||
|
|
||||||
|
// GCM's bit ops are reversed so we carry out of the bottom
|
||||||
|
- const uint64_t carry = R * (H1 & 1);
|
||||||
|
+ const uint64_t carry = CT::Mask<uint64_t>::expand(H1 & 1).if_set_return(R);
|
||||||
|
H1 = (H1 >> 1) | (H0 << 63);
|
||||||
|
H0 = (H0 >> 1) ^ carry;
|
||||||
|
}
|
||||||
@@ -6,6 +6,7 @@ SECTION = "libs"
|
|||||||
|
|
||||||
SRC_URI = "https://botan.randombit.net/releases/Botan-${PV}.tar.xz \
|
SRC_URI = "https://botan.randombit.net/releases/Botan-${PV}.tar.xz \
|
||||||
file://CVE-2024-34703.patch \
|
file://CVE-2024-34703.patch \
|
||||||
|
file://CVE-2024-50382-and-CVE-2024-50383.patch \
|
||||||
"
|
"
|
||||||
SRC_URI[sha256sum] = "049c847835fcf6ef3a9e206b33de05dd38999c325e247482772a5598d9e5ece3"
|
SRC_URI[sha256sum] = "049c847835fcf6ef3a9e206b33de05dd38999c325e247482772a5598d9e5ece3"
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user