탐색 도움말
로그인
crispAudio
/
poky
의 미러 git://git.yoctoproject.org/poky
5
0
포크 0
파일 이슈 0 위키
트리: 4e13752934
브랜치 태그
poky
/
meta
/
recipes-bsp
/
grub
/
files
/
CVE-2024-56738.patch

CVE-2024-56738.patch 2.3 KB
히스토리 Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374 
  1. From 4cef2fc7308b2132317ad166939994f098b41561 Mon Sep 17 00:00:00 2001
    2. 

  2. From: Ross Burton <ross.burton@arm.com>
    3. 

  3. Date: Tue, 9 Sep 2025 14:23:14 +0100
    4. 

  4. Subject: [PATCH] CVE-2024-56738
    5. 

  5. 

  6. Backport an algorithmic change to grub_crypto_memcmp() so that it completes in
    7. 

  7. constant time and thus isn't susceptible to side-channel attacks.
    8. 

  8. 

  9. This is a partial backport of grub 0739d24cd
    10. 

  10. ("libgcrypt: Adjust import script, definitions and API users for libgcrypt 1.11")
    11. 

  11. 

  12. CVE: CVE-2024-56738
    13. 

  13. Upstream-Status: Backport [0739d24cd]
    14. 

  14. Signed-off-by: Ross Burton <ross.burton@arm.com>
    15. 

  15. ---
    16. 

  16.  grub-core/lib/crypto.c | 23 ++++++++++++++++-------
    17. 

  17.  include/grub/crypto.h  |  2 +-
    18. 

  18.  2 files changed, 17 insertions(+), 8 deletions(-)
    19. 

  19. 

  20. diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c
    21. 

  21. index 396f76410..19db7870a 100644
    22. 

  22. --- a/grub-core/lib/crypto.c
    23. 

  23. +++ b/grub-core/lib/crypto.c
    24. 

  24. @@ -433,19 +433,28 @@ grub_crypto_gcry_error (gcry_err_code_t in)
    25. 

  25.    return GRUB_ACCESS_DENIED;
    26. 

  26.  }
    27. 

  27. 

  28. +/*
    29. 

  29. + * Compare byte arrays of length LEN, return 1 if it's not same,
    30. 

  30. + * 0, otherwise.
    31. 

  31. + */
    32. 

  32.  int
    33. 

  33. -grub_crypto_memcmp (const void *a, const void *b, grub_size_t n)
    34. 

  34. +grub_crypto_memcmp (const void *b1, const void *b2, grub_size_t len)
    35. 

  35.  {
    36. 

  36. -  register grub_size_t counter = 0;
    37. 

  37. -  const grub_uint8_t *pa, *pb;
    38. 

  38. +  const grub_uint8_t *a = b1;
    39. 

  39. +  const grub_uint8_t *b = b2;
    40. 

  40. +  int ab, ba;
    41. 

  41. +  grub_size_t i;
    42. 

  42. 

  43. -  for (pa = a, pb = b; n; pa++, pb++, n--)
    44. 

  44. +  /* Constant-time compare. */
    45. 

  45. +  for (i = 0, ab = 0, ba = 0; i < len; i++)
    46. 

  46.      {
    47. 

  47. -      if (*pa != *pb)
    48. 

  48. -	counter++;
    49. 

  49. +      /* If a[i] != b[i], either ab or ba will be negative. */
    50. 

  50. +      ab |= a[i] - b[i];
    51. 

  51. +      ba |= b[i] - a[i];
    52. 

  52.      }
    53. 

  53. 

  54. -  return !!counter;
    55. 

  55. +  /* 'ab | ba' is negative when buffers are not equal, extract sign bit.  */
    56. 

  56. +  return ((unsigned int)(ab | ba) >> (sizeof(unsigned int) * 8 - 1)) & 1;
    57. 

  57.  }
    58. 

  58. 

  59.  #ifndef GRUB_UTIL
    60. 

  60. diff --git a/include/grub/crypto.h b/include/grub/crypto.h
    61. 

  61. index 31c87c302..20ad4c5f7 100644
    62. 

  62. --- a/include/grub/crypto.h
    63. 

  63. +++ b/include/grub/crypto.h
    64. 

  64. @@ -393,7 +393,7 @@ grub_crypto_pbkdf2 (const struct gcry_md_spec *md,
    65. 

  65. 		    grub_uint8_t *DK, grub_size_t dkLen);
    66. 

  66. 

  67.  int
    68. 

  68. -grub_crypto_memcmp (const void *a, const void *b, grub_size_t n);
    69. 

  69. +grub_crypto_memcmp (const void *b1, const void *b2, grub_size_t len);
    70. 

  70. 

  71.  int
    72. 

  72.  grub_password_get (char buf[], unsigned buf_size);
    73. 

  73. --
    74. 

  74. 2.43.0
    75.