forked from pool/libgcrypt
Pedro Monreal Gonzalez
b5b243be7f
* Add --enable-marvin-workaround to spec to enable workaround * Fix timing based side-channel in RSA implementation ( Marvin attack ) * Add libgcrypt-CVE-2024-2236.patch OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=193
89 lines
2.6 KiB
Diff
89 lines
2.6 KiB
Diff
From 755e6dce727915249cbb1a98f22832d940b99c24 Mon Sep 17 00:00:00 2001
|
|
From: NIIBE Yutaka <gniibe@fsij.org>
|
|
Date: Thu, 6 Mar 2025 09:12:36 +0900
|
|
Subject: [PATCH 07/14] cipher,ecc: Fix for supplied K.
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
* cipher/ecc.c (ecc_sign): Check if it's under FIPS mode.
|
|
(ecc_verify): Supplied K does no sense for verification, but add
|
|
comment of clarification mark/reject-ing under FIPS mode.
|
|
|
|
--
|
|
|
|
GnuPG-bug-id: 7338
|
|
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
Signed-off-by: Lucas Mülling <lucas.mulling@suse.com>
|
|
---
|
|
cipher/ecc.c | 39 +++++++++++++++++++++++----------------
|
|
1 file changed, 23 insertions(+), 16 deletions(-)
|
|
|
|
diff --git a/cipher/ecc.c b/cipher/ecc.c
|
|
index 569e41f6..a165bb7a 100644
|
|
--- a/cipher/ecc.c
|
|
+++ b/cipher/ecc.c
|
|
@@ -962,17 +962,21 @@ ecc_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms)
|
|
|
|
if (ctx.label)
|
|
{
|
|
- if (fips_check_rejection (GCRY_FIPS_FLAG_REJECT_PK_ECC_K))
|
|
+ /* ECDSA signing can have supplied K (for testing, deterministic). */
|
|
+ if (fips_mode ())
|
|
{
|
|
- rc = GPG_ERR_INV_DATA;
|
|
- goto leave;
|
|
+ if (fips_check_rejection (GCRY_FIPS_FLAG_REJECT_PK_ECC_K))
|
|
+ {
|
|
+ rc = GPG_ERR_INV_DATA;
|
|
+ goto leave;
|
|
+ }
|
|
+ else
|
|
+ fips_service_indicator_mark_non_compliant ();
|
|
}
|
|
- else
|
|
- fips_service_indicator_mark_non_compliant ();
|
|
rc = _gcry_mpi_scan (&k, GCRYMPI_FMT_USG, ctx.label, ctx.labellen, NULL);
|
|
+ if (rc)
|
|
+ goto leave;
|
|
}
|
|
- if (rc)
|
|
- goto leave;
|
|
|
|
if (fips_mode ()
|
|
&& ((ctx.flags & PUBKEY_FLAG_GOST) || (ctx.flags & PUBKEY_FLAG_SM2)))
|
|
@@ -1128,18 +1132,21 @@ ecc_verify (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t s_keyparms)
|
|
if (rc)
|
|
goto leave;
|
|
|
|
- if (ctx.label)
|
|
+ /*
|
|
+ * ECDSA signing can have supplied K (for testing, deterministic),
|
|
+ * but it's non-compliant. For ECDSA signature verification, having
|
|
+ * K is irrelevant, but an application may use same flags as the one
|
|
+ * for signing.
|
|
+ */
|
|
+ if (ctx.label && fips_mode ())
|
|
{
|
|
- if (fips_mode ())
|
|
+ if (fips_check_rejection (GCRY_FIPS_FLAG_REJECT_PK_ECC_K))
|
|
{
|
|
- if(fips_check_rejection (GCRY_FIPS_FLAG_REJECT_PK_ECC_K))
|
|
- {
|
|
- rc = GPG_ERR_INV_DATA;
|
|
- goto leave;
|
|
- }
|
|
- else
|
|
- fips_service_indicator_mark_non_compliant ();
|
|
+ rc = GPG_ERR_INV_DATA;
|
|
+ goto leave;
|
|
}
|
|
+ else
|
|
+ fips_service_indicator_mark_non_compliant ();
|
|
}
|
|
|
|
if (DBG_CIPHER)
|
|
--
|
|
2.49.0
|
|
|