c_cpp/libcryptopp
SHA256
8
0
Fork 0
forked from pool/libcryptopp
Code Pull Requests Activity

Compare commits

merge into: c_cpp:main
Branches Tags
c_cpp:main c_cpp:factory c_cpp:devel pool:slfo-1.2 pool:slfo-main pool:factory pool:devel
...
pull from: pool:slfo-main
Branches Tags
pool:slfo-1.2 pool:slfo-main pool:factory pool:devel c_cpp:main c_cpp:factory c_cpp:devel

1 Commits
main ... slfo-main

Author SHA256 Message Date
Adrian Schröter
40db48778c Sync changes to SLFO-1.2 branch 2025-08-20 09:36:20 +02:00
3 changed files with 36 additions and 0 deletions
Expand all files Collapse all files

26
libcryptopp-CVE-2024-28285.patch Normal file
View File

@@ -0,0 +1,26 @@
commit 2472be710f8518caab1f62999c50970b475f162f
Author: Angel Yankov <angel.yankov@suse.com>
Date: Wed May 28 16:17:10 2025 +0300
Fix ElGamal side channel issue
diff --git a/pubkey.h b/pubkey.h
index 31e00a33..b12ef458 100644
--- a/pubkey.h
+++ b/pubkey.h
@@ -1854,8 +1854,13 @@ public:
SecByteBlock derivedKey(encAlg.GetSymmetricKeyLength(encAlg.GetMaxSymmetricPlaintextLength(ciphertextLength)));
derivAlg.Derive(params, derivedKey, derivedKey.size(), z, q, parameters);
-
- return encAlg.SymmetricDecrypt(derivedKey, ciphertext, ciphertextLength, plaintext, parameters);
+ DecodingResult res = encAlg.SymmetricDecrypt(derivedKey, ciphertext, ciphertextLength, plaintext, parameters);
+ Element z2 = agreeAlg.AgreeWithStaticPrivateKey(params, q, true, key.GetPrivateExponent());
+ if (z == z2) {
+ } else {
+ return DecodingResult();
+ }
+ return res;
}
catch (DL_BadElement &)
{

8
libcryptopp.changes
View File

@@ -1,3 +1,11 @@
-------------------------------------------------------------------
Thu May 29 10:56:35 UTC 2025 - Angel Yankov <angel.yankov@suse.com>
- Security fix [bsc#1224280, CVE-2024-28285]
* potential leak of secret key of ElGamal encryption via fault injection
* Added patch libcryptopp-CVE-2024-28285.patch
* https://github.com/weidai11/cryptopp/issues/1262
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Feb 3 09:09:55 UTC 2025 - Guillaume GARDET <guillaume.gardet@opensuse.org> Mon Feb 3 09:09:55 UTC 2025 - Guillaume GARDET <guillaume.gardet@opensuse.org>

2
libcryptopp.spec
View File

@@ -40,6 +40,8 @@ Patch1: libcryptopp-shared.patch
Patch2: libcryptopp-CVE-2023-50980.patch Patch2: libcryptopp-CVE-2023-50980.patch
# CVE-2023-50981 [bsc#1218222], issue on ModularSquareRoot function leads to potential DoS # CVE-2023-50981 [bsc#1218222], issue on ModularSquareRoot function leads to potential DoS
Patch3: libcryptopp-CVE-2023-50981.patch Patch3: libcryptopp-CVE-2023-50981.patch
# PATCH-FIX-SUSE: [bsc#1224280] CVE-2024-28285 potential leak of secret key of ElGamal encryption via fault injection
Patch4: libcryptopp-CVE-2024-28285.patch
BuildRequires: dos2unix BuildRequires: dos2unix
BuildRequires: gcc-c++ BuildRequires: gcc-c++
BuildRequires: pkgconfig BuildRequires: pkgconfig