Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OpenSSL float backports for 8.x and 6.x #24354

Closed

Conversation

rvagg
Copy link
Member

@rvagg rvagg commented Nov 14, 2018

Backports of #23965, #23965 and #24353 for OpenSSL 1.0.2. To go in 8.x and 6.x.

/cc @nodejs/release @nodejs/crypto

Vasili Skurydzin and others added 6 commits November 12, 2018 15:21
Only changes to src/base/debug/stack_trace_posix.cc included.

Original commit message:
    Fixes to V8 GN build process on aix platform

    src/base/debug/stack_trace_posix.cc: suppressed unused function
    warnings for functions DemangleSymbols, OutputPointer(in order to
    compile with -Werror flag)

    test/cctest/test-isolate-independent-builtins.cc: corrections to
    make ByteInText test case compatible with aix. (affects aix only)

    Change-Id: I49e45e63545404c77aaed3f51b26557f6f03455e
    Reviewed-on: https://chromium-review.googlesource.com/927484
    Reviewed-by: Jakob Gruber <jgruber@chromium.org>
    Reviewed-by: Michael Achenbach <machenbach@chromium.org>
    Commit-Queue: Jakob Gruber <jgruber@chromium.org>
    Cr-Commit-Position: refs/heads/master@{nodejs#52071}

PR-URL: nodejs#23958
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
    Original commit message:

    ppc64, aix: Pass CallFrequency object by const reference to avoid
    value copy error.

    Bug: v8:8193
    GCC bug: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61976

    Change-Id: I0d4efca4da03ef82651325e15ddf2160022bc8de
    Reviewed-on: https://chromium-review.googlesource.com/1228633
    Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
    Reviewed-by: Daniel Clifford <danno@chromium.org>
    Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
    Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
    Cr-Commit-Position: refs/heads/master@{nodejs#56275}

PR-URL: nodejs#23958
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Floating this patch since the code does not exist upstream anymore.

deps/v8/testing/gtest.gyp:
Suppress -Wnonnull-compare, -Waddress warnings for
deps/v8/testing/gtest project;

deps/v8/src/compiler/store-store-elimination.cc,
deps/v8/src/conversions.cc:
Suppress unused function warnings in order to compile with newer
(>4.8.5) gcc on Aix.

PR-URL: nodejs#23958
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Low severity timing vulnerability in the DSA signature algorithm

Publicly disclosed but unreleased, pending OpenSSL 1.0.2q

Ref: openssl/openssl#7486
Ref: openssl/openssl#7513
Ref: https://www.openssl.org/news/secadv/20181030.txt
Ref: nodejs#23965
Upstream: openssl/openssl@a9cfb8c2
Upstream: openssl/openssl@43e6a58d

Original commit message:

    Avoid a timing attack that leaks information via a side channel that
    triggers when a BN is resized.  Increasing the size of the BNs
    prior to doing anything with them suppresses the attack.

    Thanks due to Samuel Weiser for finding and locating this.

    Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
    (Merged from openssl/openssl#7486)

Original backport commit message:

    Merge DSA reallocation timing fix CVE-2018-0734.

    Reviewed-by: Richard Levitte <levitte@openssl.org>
    (Merged from openssl/openssl#7513)
Low severity timing vulnerability in the DSA signature algorithm

Publicly disclosed but unreleased, pending OpenSSL 1.0.2q, not deemed
severe enough to be assigned a CVE #.

Ref: openssl/openssl#7487
Ref: openssl/openssl#7512
Ref: nodejs#23965
Upstream: openssl/openssl@415c3356
Upstream: openssl/openssl@ebf65dbe

Original commit message:

    DSA mod inverse fix

    There is a side channel attack against the division used to calculate one of
    the modulo inverses in the DSA algorithm.  This change takes advantage of the
    primality of the modulo and Fermat's little theorem to calculate the inverse
    without leaking information.

    Thanks to Samuel Weiser for finding and reporting this.

    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
    Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
    (Merged from openssl/openssl#7487)

Original backport commit message:

    Reviewed-by: Richard Levitte <levitte@openssl.org>
    (Merged from openssl/openssl#7512)
The fix for CVE-2018-0734, floated in 213c7d2, failed to include a
constant-time calculation for one of the variables. This introduces
a fix for that.

Ref: openssl/openssl#7549
Ref: nodejs#24353
Upstream: openssl/openssl@26d7fce1

Original commit message:
    Add a constant time flag to one of the bignums to avoid a timing leak.

    Reviewed-by: Tim Hudson <tjh@openssl.org>
    (Merged from openssl/openssl#7549)

    (cherry picked from commit 00496b6423605391864fbbd1693f23631a1c5239)
@nodejs-github-bot nodejs-github-bot added openssl Issues and PRs related to the OpenSSL dependency. v8.x labels Nov 14, 2018
@rvagg rvagg mentioned this pull request Nov 14, 2018
@rvagg rvagg closed this Nov 25, 2018
@rvagg rvagg deleted the rvagg/openssl-8.x-float-backports branch November 25, 2018 22:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
openssl Issues and PRs related to the OpenSSL dependency.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants