- Fix CVE-2019-14318: Crypto++ 8.2.0 and earlier contains a timing side
channel in ECDSA signature generation. This allows a local or remote
attacker, able to measure the duration of hundreds to thousands of
signing operations, to compute the private key used. The issue occurs
because scalar multiplication in ecp.cpp (prime field curves, small
leakage) and algebra.cpp (binary field curves, large leakage) is not
constant time and leaks the bit length of the scalar among other
information. For details, see:
https://github.com/weidai11/cryptopp/issues/869
- Update license hash due to the addition of ARM SHA1 and SHA256 asm
implementation from Cryptogams
1a63112faf4c9ca6b723https://www.cryptopp.com/release830.html
[Peter: adjust CVE info, issue is fixes in 8.3.0]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Replace utf-8 NO-BREAK-SPACE (c2 a0) in comment line by simple
ascii space character.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Replace install target by install-lib target to avoid building and
installing cryptest.exe
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Remove patch (already in version)
- Add BSD-3-Clause (CRYPTOGAMS) and Public domain (ChaCha SSE2 and AVX)
to LICENSE, see:
64a89bf352
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes:
http://autobuild.buildroot.net/results/0a26265961747600388258d32ba7dc9226c9249b/
Commit 40005b9a0d (package/cryptopp: fix build with gcc < 4.9) added a
patch to fix building with old toolchains. The source code unfortunately
contains a mix of DOS and UNIX newlines, and the DOS new lines got stripped
by the mailing list, causing the patch to no longer apply.
Fix up the patch manually.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
<PKG>_SITE cannot have a trailing slash.
This was not detected by the check in generic-package because it is a
host-only package without Config.in symbol.
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The infrastructure only provides HOST_CRYPTOPP_DL_DIR, because this
package is host only. Ideally the infra should provide CRYPTOPP_DL_DIR,
but it doesn't currently, and that requires more significant changes.
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Instead of DL_DIR, the package should now use $(PKG)_DL_DIR to ease the
transition into a new directory structure for DL_DIR.
This commit has been generated with the following scripts:
for i in $(find . -iname "*.mk"); do
if ! grep -q "\$(DL_DIR)" ${i}; then
continue
fi
pkg_name="$(basename $(dirname ${i}))"
[ "${pkg_name}" = "package" ] && continue
raw_pkg_name=$(echo ${pkg_name} | tr [a-z] [A-Z] | tr '-' '_')
pkg_dl_dir="${raw_pkg_name}_DL_DIR"
sed -i "s/\$(DL_DIR)/\$($pkg_dl_dir)/" ${i}
done
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Remove the redundant usr/ component of the HOST_DIR paths. Since a
previous commit added a symlink from $(HOST_DIR)/usr to $(HOST_DIR),
everything keeps on working.
This is a mechanical change with
git grep -l '\$(HOST_DIR)/usr' | xargs sed -i 's%\(prefix\|PREFIX\)=\("\?\)\$(HOST_DIR)/usr%\1=\2$(HOST_DIR)%g'
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for Boost Software License 1.0 is BSL-1.0.
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The patch did contain the correct newlines, but they got stripped by
patchwork so now the patch no longer applies.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit bumps cryptopp from 5.6.3 to 5.6.5 in order to fix bug
The commit f707b9ef1688d4429ca6239cf2dc236440974681, which Buildroot
was downloading as a patch to fix build with older gcc versions, has
been merged upstream as of 5.6.4, is therefore no longer necessary,
and dropped in this commit.
In addition, Andrey Volkov in the bug report #9321, proposed to add a
number of patches to cryptopp to solve issues when using
tegrarcm. Those patches are the following ones:
- patch 0: moving to autotools as the build system. This is not
strictly a bug fix, and is not necessary.
- patch 1: merged upstream in
"3941be18891a6a87626b7c70f715ca91c61c08c3 Fixed hang on ARM
platforms in Integer::DivideThreeWordsByTwo", which is part of
5.6.5.
- patch 2: merged upstream in
"9fca0c28023a177106cf58a3de6da610f185a6e4 Work around issue on
ARMEL in MultiplyTop and GCC. ARMHF is OK", which is part of 5.6.5.
- patch 3: merged upstream in
"dce2317195a7d9aa77b159fd1beddaf8358f6243 Increase range for GCC
workaround on ARMEL. After speaking with AP from GCC, he states
some issues are still likely present in Master, which is GCC 6.0",
which is part of 5.6.5
- patch 4: merged upstream in
"605744d8260c6ada033805c13ae0b2646acf18d6 Fixed SecBlock append
when "this == t", fixed assert, added validation test (Issue 92)",
which is part of 5.6.5
- patch 5: merged upstream in
"9f335d719ebc27f58251559240de0077ec42c583 Fix the Rijndael timing
attack counter measure", which is part of 5.6.5
- patch 6: merged upstream in
"d8b02cfaafd7350ed0f876cd5da405cff330d537 Fixed m68k detection
(Issue 153)", which is part of 5.6.5
- patch 7: merged upstream in
"c82fd655ed7465db8d21a0e0559c304a7a86d298 Cleared assert in debug
builds (Issue 138)", which is part of 5.6.5
Bottom line: none of the patches proposed by Andrey Volkov are
necessary if we bump to 5.6.5.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Import patch from cryptopp upstream which fixes the gcc version checks
for using attribute deprecated with messages. Fixes build with host
gcc versions < 4.5.
Signed-off-by: Julian Scheel <julian@jusst.de>
[Thomas:
- directly use the patch from upstream through <pkg>_PATCH rather
than storing it in package/cryptopp/, as it helps avoiding
line-endings problems: upstream has the source code with DOS line
endings.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Julian Scheel <julian@jusst.de>
[Thomas:
- put HOST_CRYPTOPP_EXTRACT_CMDS earlier in the file, since it's what
gets executed first.
- fix typo in the name of HOST_CRYPTOPP_MAKE_OPTS
- pass -fPIC in CXXFLAGS, since we're building a shared library
- just call "make shared" for the build and "make install" for the
installation.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>