Skip to content
Snippets Groups Projects
Unverified Commit 8ebba235 authored by Matthias Schiffer's avatar Matthias Schiffer
Browse files

modules: update OpenWrt packages

948ea0e9c046 ecdsautils: update to v0.4.1
97333939dbcc hwdata: update to version 0.359
22c8efd9377c tor: bump to 0.4.7.7 stable
241e70f5fd84 etherwake-nfqueue: swap iptables for nftables dependency
61e0ee2e8e30 rclone: Update to 1.58.1
a8374c48e14f apfree-wifidog: fix compile error
2af08fe724f3 gst1-libav: fix compilation with ffmpeg5
419054a05f56 libtorrent-rasterbar: Update to 2.0.6

With the update to ecdsautils 0.4.1, we can remove the downstream patch
again.
parent f0e76390
No related branches found
No related tags found
No related merge requests found
......@@ -6,7 +6,7 @@ OPENWRT_COMMIT=5ff900e0ade775062bf888b447893aefa1a37146
PACKAGES_PACKAGES_REPO=https://github.com/openwrt/packages.git
PACKAGES_PACKAGES_BRANCH=openwrt-22.03
PACKAGES_PACKAGES_COMMIT=09da83968ef0846cd1b13bfa1b91c33a1f9985bb
PACKAGES_PACKAGES_COMMIT=948ea0e9c0465524de92268eea13b2a7ae10b484
PACKAGES_ROUTING_REPO=https://github.com/openwrt/routing.git
PACKAGES_ROUTING_BRANCH=openwrt-22.03
......
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Wed, 27 Apr 2022 19:01:39 +0200
Subject: ecdsautils: verify: fix signature verification (CVE-2022-24884)
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
diff --git a/utils/ecdsautils/Makefile b/utils/ecdsautils/Makefile
index e6f5a916e63e9914369ae7e47106230346f9322c..096827494befad193c5904e1748c4e6768bbb15e 100644
--- a/utils/ecdsautils/Makefile
+++ b/utils/ecdsautils/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=ecdsautils
PKG_VERSION:=0.3.2.20160630
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/freifunk-gluon/ecdsautils
diff --git a/utils/ecdsautils/patches/0001-verify-fix-signature-verification-CVE-2022-24884.patch b/utils/ecdsautils/patches/0001-verify-fix-signature-verification-CVE-2022-24884.patch
new file mode 100644
index 0000000000000000000000000000000000000000..34d80cc201c0e87ca654c3def4fbbbddf622b0ba
--- /dev/null
+++ b/utils/ecdsautils/patches/0001-verify-fix-signature-verification-CVE-2022-24884.patch
@@ -0,0 +1,48 @@
+From 1d4b091abdf15ad7b2312535b5b95ad70f6dbd08 Mon Sep 17 00:00:00 2001
+Message-Id: <1d4b091abdf15ad7b2312535b5b95ad70f6dbd08.1651078760.git.mschiffer@universe-factory.net>
+From: Matthias Schiffer <mschiffer@universe-factory.net>
+Date: Wed, 20 Apr 2022 22:04:07 +0200
+Subject: [PATCH] verify: fix signature verification (CVE-2022-24884)
+
+Verify that r and s are non-zero. Without these checks, an all-zero
+signature is always considered valid.
+
+While it would be nicer to error out in ecdsa_verify_prepare_legacy()
+already, that would require users of libecdsautil to check a return value
+of the prepare step. To be safe, implement the fix in an API/ABI-compatible
+way that doesn't need changes to the users.
+---
+ src/lib/ecdsa.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/lib/ecdsa.c b/src/lib/ecdsa.c
+index 8cd7722be8cd..a661b56bd7c8 100644
+--- a/src/lib/ecdsa.c
++++ b/src/lib/ecdsa.c
+@@ -135,6 +135,12 @@ regenerate:
+ void ecdsa_verify_prepare_legacy(ecdsa_verify_context_t *ctx, const ecc_int256_t *hash, const ecdsa_signature_t *signature) {
+ ecc_int256_t w, u1, tmp;
+
++ if (ecc_25519_gf_is_zero(&signature->s) || ecc_25519_gf_is_zero(&signature->r)) {
++ // Signature is invalid, mark by setting ctx->r to an invalid value
++ memset(&ctx->r, 0, sizeof(ctx->r));
++ return;
++ }
++
+ ctx->r = signature->r;
+
+ ecc_25519_gf_recip(&w, &signature->s);
+@@ -149,6 +155,10 @@ bool ecdsa_verify_legacy(const ecdsa_verify_context_t *ctx, const ecc_25519_work
+ ecc_25519_work_t s2, work;
+ ecc_int256_t w, tmp;
+
++ // Signature was detected as invalid in prepare step
++ if (ecc_25519_gf_is_zero(&ctx->r))
++ return false;
++
+ ecc_25519_scalarmult(&s2, &ctx->u2, pubkey);
+ ecc_25519_add(&work, &ctx->s1, &s2);
+ ecc_25519_store_xy_legacy(&w, NULL, &work);
+--
+2.36.0
+
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment