Compare commits
2 Commits
| Author | SHA256 | Date | |
|---|---|---|---|
| cb807dc2af | |||
| 40db48778c |
@@ -4,23 +4,23 @@ Date: Wed May 28 16:17:10 2025 +0300
|
||||
|
||||
Fix ElGamal side channel issue
|
||||
|
||||
Index: cryptopp-CRYPTOPP_8_9_0/pubkey.h
|
||||
===================================================================
|
||||
--- cryptopp-CRYPTOPP_8_9_0.orig/pubkey.h
|
||||
+++ cryptopp-CRYPTOPP_8_9_0/pubkey.h
|
||||
@@ -1855,7 +1855,14 @@ public:
|
||||
diff --git a/pubkey.h b/pubkey.h
|
||||
index 31e00a33..b12ef458 100644
|
||||
--- a/pubkey.h
|
||||
+++ b/pubkey.h
|
||||
@@ -1854,8 +1854,13 @@ public:
|
||||
|
||||
SecByteBlock derivedKey(encAlg.GetSymmetricKeyLength(encAlg.GetMaxSymmetricPlaintextLength(ciphertextLength)));
|
||||
derivAlg.Derive(params, derivedKey, derivedKey.size(), z, q, parameters);
|
||||
|
||||
-
|
||||
- return encAlg.SymmetricDecrypt(derivedKey, ciphertext, ciphertextLength, plaintext, parameters);
|
||||
+ DecodingResult res = encAlg.SymmetricDecrypt(derivedKey, ciphertext, ciphertextLength, plaintext, parameters);
|
||||
+ Element z2 = agreeAlg.AgreeWithStaticPrivateKey(params, q, true, key.GetPrivateExponent());
|
||||
+ if (z == z2) {
|
||||
+ } else {
|
||||
+ return DecodingResult();
|
||||
+ }
|
||||
+ return res;
|
||||
+
|
||||
+ DecodingResult res = encAlg.SymmetricDecrypt(derivedKey, ciphertext, ciphertextLength, plaintext, parameters);
|
||||
+ Element z2 = agreeAlg.AgreeWithStaticPrivateKey(params, q, true, key.GetPrivateExponent());
|
||||
+ if (z == z2) {
|
||||
+ } else {
|
||||
+ return DecodingResult();
|
||||
+ }
|
||||
+ return res;
|
||||
}
|
||||
catch (DL_BadElement &)
|
||||
{
|
||||
|
||||
@@ -1,18 +1,13 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 14 09:08:04 UTC 2026 - Angel Yankov <angel.yankov@suse.com>
|
||||
Fri Jan 9 14:49:05 UTC 2026 - Angel Yankov <angel.yankov@suse.com>
|
||||
|
||||
- Security fix [bsc#1218217, CVE-2023-50979]
|
||||
Security fix [bsc#1218217, CVE-2023-50979]
|
||||
* Fix side-channel leakage during decryption with PKCS#1v1.5 padding
|
||||
* Added patch libcryptopp-CVE-2023-50979.patch
|
||||
* https://github.com/Coralesoft/cryptopp/commit/0923d82f5c3ac8cf6c99108be2ad9260f2a61f6c
|
||||
* https://github.com/Coralesoft/cryptopp/commit/0923d82f5c3ac8cf6c99108be2ad9260f2a61f6c
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Oct 24 06:59:04 UTC 2025 - Guillaume GARDET <guillaume.gardet@opensuse.org>
|
||||
|
||||
- Fix build on aarch64
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 7 07:56:39 UTC 2025 - Angel Yankov <angel.yankov@suse.com>
|
||||
Thu May 29 10:56:35 UTC 2025 - Angel Yankov <angel.yankov@suse.com>
|
||||
|
||||
- Security fix [bsc#1224280, CVE-2024-28285]
|
||||
* potential leak of secret key of ElGamal encryption via fault injection
|
||||
|
||||
@@ -1,24 +1,6 @@
|
||||
#
|
||||
# spec file for package libcryptopp
|
||||
#
|
||||
# Copyright (c) 2026 SUSE LLC and contributors
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
# upon. The license for this file, and modifications and additions to the
|
||||
# file, is the same license as for the pristine package itself (unless the
|
||||
# license for the pristine package is not an Open Source License, in which
|
||||
# case the license is the MIT License). An "Open Source License" is a
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
|
||||
#
|
||||
# spec file for package libcryptopp
|
||||
#
|
||||
# Copyright (c) 2024 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
@@ -33,6 +15,7 @@
|
||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
|
||||
%define major 8
|
||||
%define minor 9
|
||||
%define patchlevel 0
|
||||
@@ -57,10 +40,10 @@ Patch1: libcryptopp-shared.patch
|
||||
Patch2: libcryptopp-CVE-2023-50980.patch
|
||||
# CVE-2023-50981 [bsc#1218222], issue on ModularSquareRoot function leads to potential DoS
|
||||
Patch3: libcryptopp-CVE-2023-50981.patch
|
||||
# PATCH-FIX-SUSE: [bsc#1224280] CVE-2024-28285 potential leak of secret key of ElGamal encryption via fault injection
|
||||
Patch4: libcryptopp-CVE-2024-28285.patch
|
||||
# PATCH-FIX-SUSE: [bsc#1224280] CVE-2024-28285 potential leak of secret key of ElGamal encryption via fault injection
|
||||
Patch4: libcryptopp-CVE-2024-28285.patch
|
||||
# PATCH-FIX-UPSTREAM: [bsc#1218217, CVE-2023-50979] side-channel leakage during decryption with PKCS#1v1.5 padding (marvin )
|
||||
Patch5: libcryptopp-CVE-2023-50979.patch
|
||||
Patch5: libcryptopp-CVE-2023-50979.patch
|
||||
BuildRequires: dos2unix
|
||||
BuildRequires: gcc-c++
|
||||
BuildRequires: pkgconfig
|
||||
@@ -121,8 +104,7 @@ CXXFLAGS="$CXXFLAGS -DCRYPTOPP_DISABLE_ALTIVEC"
|
||||
%make_install \
|
||||
PREFIX="%{_prefix}" \
|
||||
LIB="%{_lib}" \
|
||||
LIBSUFFIX="-%{version}" \
|
||||
LDFLAGS="-pthread -lgomp"
|
||||
LIBSUFFIX="-%{version}"
|
||||
|
||||
rm -rf "%{buildroot}%{_bindir}" %{buildroot}%{_datadir}/cryptopp
|
||||
rm -rf %{buildroot}%{_libdir}/*.a
|
||||
|
||||
Reference in New Issue
Block a user