Bug#814269: jessie-pu: package nettle/2.7.1-5

[Adam D. Barratt]

Control: tags -1 + pending

On Sun, 2016-02-21 at 12:18 +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Tue, 2016-02-09 at 20:59 +0100, Magnus Holmgren wrote:
> > OK to upload fix for https://bugs.debian.org/813679 (CVE-2015-8803
> > CVE-2015-8804 CVE-2015-8805), as suggested by (a member of) the
> > security team? (Security-related bugs but unlikely to be exploitable.)
> 
> Assuming that the resulting package has been tested on Jessie, please go
> ahead.

Uploaded and flagged for acceptance.

Regards,

Adam

Processed: Re: Bug#814269: jessie-pu: package nettle/2.7.1-5

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + pending
Bug #814269 [release.debian.org] jessie-pu: package nettle/2.7.1-5
Added tag(s) pending.

-- 
814269: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814269
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#814269: jessie-pu: package nettle/2.7.1-5

[Adam D. Barratt]

Control: tags -1 + confirmed

On Tue, 2016-02-09 at 20:59 +0100, Magnus Holmgren wrote:
> OK to upload fix for https://bugs.debian.org/813679 (CVE-2015-8803
> CVE-2015-8804 CVE-2015-8805), as suggested by (a member of) the
> security team? (Security-related bugs but unlikely to be exploitable.)

Assuming that the resulting package has been tested on Jessie, please go
ahead.

Regards,

Adam

Processed: Re: Bug#814269: jessie-pu: package nettle/2.7.1-5

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + confirmed
Bug #814269 [release.debian.org] jessie-pu: package nettle/2.7.1-5
Added tag(s) confirmed.

-- 
814269: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814269
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#814269: jessie-pu: package nettle/2.7.1-5

[Magnus Holmgren]

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

OK to upload fix for https://bugs.debian.org/813679 (CVE-2015-8803 
CVE-2015-8804 CVE-2015-8805), as
suggested by (a member of) the security team? (Security-related bugs but 
unlikely to be exploitable.)

-- 
Magnus Holmgren
Debian Developer

diff -Nru nettle-2.7.1/debian/changelog nettle-2.7.1/debian/changelog
--- nettle-2.7.1/debian/changelog   2015-01-11 20:27:22.0 +0100
+++ nettle-2.7.1/debian/changelog   2016-02-07 19:52:57.0 +0100
@@ -1,3 +1,9 @@
+nettle (2.7.1-5+deb8u1) stable; urgency=low
+
+  * Fix CVE-2015-8803, CVE-2015-8804, and CVE-2015-8805 (Closes: #813679).
+
+ -- Magnus Holmgren   Sat, 06 Feb 2016 20:01:37 +0100
+
 nettle (2.7.1-5) unstable; urgency=medium
 
   * Add code to transition /usr/share/doc/nettle-dbg from directory to
diff -Nru nettle-2.7.1/debian/patches/cve-2015-8803_8805.patch 
nettle-2.7.1/debian/patches/cve-2015-8803_8805.patch
--- nettle-2.7.1/debian/patches/cve-2015-8803_8805.patch1970-01-01 
01:00:00.0 +0100
+++ nettle-2.7.1/debian/patches/cve-2015-8803_8805.patch2016-02-07 
19:40:25.0 +0100
@@ -0,0 +1,27 @@
+From: Niels Möller 
+Origin: upstream, 
https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e4550137209e3ce4d
+Subject: CVE-2015-8803 and CVE-2015-8805: Miscomputation bugs in secp-256r1 
modulo functions.
+
+--- a/ecc-256.c
 b/ecc-256.c
+@@ -108,7 +119,10 @@ ecc_256_modp (const struct ecc_curve *ec
+   u0 -= t;
+   t = (u1 < cy);
+   u1 -= cy;
+-  u1 += cnd_add_n (t, rp + n - 4, ecc->p, 3);
++
++  cy = cnd_add_n (t, rp + n - 4, ecc->p, 2);
++  u0 += cy;
++  u1 += (u0 < cy);
+   u1 -= (-t) & 0x;
+ }
+   rp[2] = u0;
+@@ -195,7 +209,7 @@ ecc_256_modq (const struct ecc_curve *ec
+ 
+   /* Conditional add of p */
+   u1 += t;
+-  u2 += (t<<32) + (u0 < t);
++  u2 += (t<<32) + (u1 < t);
+ 
+   t = cnd_add_n (t, rp + n - 4, ecc->q, 2);
+   u1 += t;
diff -Nru nettle-2.7.1/debian/patches/cve-2015-8804.patch 
nettle-2.7.1/debian/patches/cve-2015-8804.patch
--- nettle-2.7.1/debian/patches/cve-2015-8804.patch 1970-01-01 
01:00:00.0 +0100
+++ nettle-2.7.1/debian/patches/cve-2015-8804.patch 2016-02-06 
19:50:51.0 +0100
@@ -0,0 +1,252 @@
+Origin: upstream, 
https://git.lysator.liu.se/nettle/nettle/commit/fa269b6ad06dd13c901dbd84a12e52b918a09cd7
+From: Niels Möller 
+Subject: CVE-2015-8804: Carry folding bug in x86_64 ecc_384_modp.
+
+--- a/x86_64/ecc-384-modp.asm
 b/x86_64/ecc-384-modp.asm
+@@ -20,7 +20,7 @@ C MA 02111-1301, USA.
+   .file "ecc-384-modp.asm"
+ 
+ define(, <%rsi>)
+-define(, <%rax>)
++define(, <%rax>)
+ define(, <%rbx>)
+ define(, <%rcx>)
+ define(, <%rdx>)
+@@ -35,8 +35,8 @@ define(, <%r13>)
+ define(, <%r14>)
+ define(, <%r15>)
+ define(, H5)  C Overlap
+-define(, RP)  C Overlap
+-define(, H4) C Overlap
++define(, RP) C Overlap
++
+ 
+ PROLOGUE(nettle_ecc_384_modp)
+   W64_ENTRY(2, 0)
+@@ -48,34 +48,38 @@ PROLOGUE(nettle_ecc_384_modp)
+   push%r14
+   push%r15
+ 
+-  C First get top 2 limbs, which need folding twice
++  C First get top 2 limbs, which need folding twice.
++  C B^10 = B^6 + B^4 + 2^32 (B-1)B^4.
++  C We handle the terms as follow:
+   C
+-  C   H5 H4
+-  C -H5
+-  C  --
+-  C   H0 D4
++  C B^6: Folded immediatly.
+   C
+-  C Then shift right, (H1,H0,D4)  <--  (H0,D4) << 32
+-  C and add
++  C B^4: Delayed, added in in the next folding.
+   C
+-  C H5 H4
+-  C H1 H0
+-  C --
+-  C  C2 H1 H0
+-
+-  mov 80(RP), D4
+-  mov 88(RP), H0
+-  mov D4, H4
+-  mov H0, H5
+-  sub H0, D4
+-  sbb $0, H0
+-
+-  mov D4, T2
+-  mov H0, H1
+-  shl $32, H0
+-  shr $32, T2
++  C 2^32(B-1) B^4: Low half limb delayed until the next
++  C folding. Top 1.5 limbs subtracted and shifter now, resulting
++  C in 2.5 limbs. The low limb saved in D5, high 1.5 limbs added
++  C in.
++
++  mov 80(RP), H4
++  mov 88(RP), H5
++  C Shift right 32 bits, into H1, H0
++  mov H4, H0
++  mov H5, H1
++  mov H5, D5
+   shr $32, H1
+-  or  T2, H0
++  shl $32, D5
++  shr $32, H0
++  or  D5, H0
++
++  C   H1 H0
++  C   -  H1 H0
++  C   
++  C   H1 H0 D5
++  mov H0, D5
++  neg D5
++  sbb H1, H0
++  sbb $0, H1
+ 
+   xor C2, C2
+   add H4, H0
+@@ -114,118 +118,95 @@ PROLOGUE(nettle_ecc_384_modp)
+   adc H3, T5
+   adc $0, C0
+ 
+-  C   H3 H2 H1 H0  0
+-  C - H4 H3 H2 H1 H0
+-  C  ---
+-  C   H3 H2 H1