pool/libgcrypt
SHA256
2
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 913986 from devel:libraries:c_c++

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/913986
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=88
This commit is contained in:
Dominique Leuenberger 2021-08-28 20:31:04 +00:00 committed by Git OBS Bridge
commit 69de87215c
9 changed files with 48 additions and 133 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
libgcrypt-1.9.3.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:97ebe4f94e2f7e35b752194ce15a0f3c66324e0ff6af26659bbfb5ff2ec328fd
size 3219061

BIN
libgcrypt-1.9.3.tar.bz2.sig
View File

Binary file not shown.

3
libgcrypt-1.9.4.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ea849c83a72454e3ed4267697e8ca03390aee972ab421e7df69dfe42b65caaf7
size 3239704

BIN
libgcrypt-1.9.4.tar.bz2.sig Normal file
View File

Binary file not shown.

99
libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch
View File

@ -1,99 +0,0 @@
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Fri, 21 May 2021 02:15:07 +0000 (+0900)
Subject: cipher: Fix ElGamal encryption for other implementations.
X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff_plain;h=632d80ef30e13de6926d503aa697f92b5dbfbc5e
cipher: Fix ElGamal encryption for other implementations.
* cipher/elgamal.c (gen_k): Remove support of smaller K.
(do_encrypt): Never use smaller K.
(sign): Folllow the change of gen_k.
--
This change basically reverts encryption changes in two commits:
74386120dad6b3da62db37f7044267c8ef34689b
78531373a342aeb847950f404343a05e36022065
Use of smaller K for ephemeral key in ElGamal encryption is only good,
when we can guarantee that recipient's key is generated by our
implementation (or compatible).
For detail, please see:
Luca De Feo, Bertram Poettering, Alessandro Sorniotti,
"On the (in)security of ElGamal in OpenPGP";
in the proceedings of CCS'2021.
CVE-id: CVE-2021-33560
GnuPG-bug-id: 5328
Suggested-by: Luca De Feo, Bertram Poettering, Alessandro Sorniotti
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
diff --git a/cipher/elgamal.c b/cipher/elgamal.c
index 9835122f..eead4502 100644
--- a/cipher/elgamal.c
+++ b/cipher/elgamal.c
@@ -66,7 +66,7 @@ static const char *elg_names[] =
static int test_keys (ELG_secret_key *sk, unsigned int nbits, int nodie);
-static gcry_mpi_t gen_k (gcry_mpi_t p, int small_k);
+static gcry_mpi_t gen_k (gcry_mpi_t p);
static gcry_err_code_t generate (ELG_secret_key *sk, unsigned nbits,
gcry_mpi_t **factors);
static int check_secret_key (ELG_secret_key *sk);
@@ -189,11 +189,10 @@ test_keys ( ELG_secret_key *sk, unsigned int nbits, int nodie )
/****************
* Generate a random secret exponent k from prime p, so that k is
- * relatively prime to p-1. With SMALL_K set, k will be selected for
- * better encryption performance - this must never be used signing!
+ * relatively prime to p-1.
*/
static gcry_mpi_t
-gen_k( gcry_mpi_t p, int small_k )
+gen_k( gcry_mpi_t p )
{
gcry_mpi_t k = mpi_alloc_secure( 0 );
gcry_mpi_t temp = mpi_alloc( mpi_get_nlimbs(p) );
@@ -202,18 +201,7 @@ gen_k( gcry_mpi_t p, int small_k )
unsigned int nbits, nbytes;
char *rndbuf = NULL;
- if (small_k)
- {
- /* Using a k much lesser than p is sufficient for encryption and
- * it greatly improves the encryption performance. We use
- * Wiener's table and add a large safety margin. */
- nbits = wiener_map( orig_nbits ) * 3 / 2;
- if( nbits >= orig_nbits )
- BUG();
- }
- else
- nbits = orig_nbits;
-
+ nbits = orig_nbits;
nbytes = (nbits+7)/8;
if( DBG_CIPHER )
@@ -492,7 +480,7 @@ do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey )
* error code.
*/
- k = gen_k( pkey->p, 1 );
+ k = gen_k( pkey->p );
mpi_powm (a, pkey->g, k, pkey->p);
/* b = (y^k * input) mod p
@@ -608,7 +596,7 @@ sign(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_secret_key *skey )
*
*/
mpi_sub_ui(p_1, p_1, 1);
- k = gen_k( skey->p, 0 /* no small K ! */ );
+ k = gen_k( skey->p );
mpi_powm( a, skey->g, k, skey->p );
mpi_mul(t, skey->x, a );
mpi_subm(t, input, t, p_1 );

13
libgcrypt-pthread-in-t-lock-test.patch Normal file
View File

@ -0,0 +1,13 @@
Index: libgcrypt-1.9.3/tests/Makefile.am
===================================================================
--- libgcrypt-1.9.3.orig/tests/Makefile.am
+++ libgcrypt-1.9.3/tests/Makefile.am
@@ -74,7 +74,7 @@ prime_LDADD = $(standard_ldadd) @LDADD_F
t_mpi_bit_LDADD = $(standard_ldadd) @LDADD_FOR_TESTS_KLUDGE@
t_secmem_LDADD = $(standard_ldadd) @LDADD_FOR_TESTS_KLUDGE@
testapi_LDADD = $(standard_ldadd) @LDADD_FOR_TESTS_KLUDGE@
-t_lock_LDADD = $(standard_ldadd) $(GPG_ERROR_MT_LIBS) @LDADD_FOR_TESTS_KLUDGE@
+t_lock_LDADD = $(standard_ldadd) $(GPG_ERROR_MT_LIBS) -lpthread @LDADD_FOR_TESTS_KLUDGE@
t_lock_CFLAGS = $(GPG_ERROR_MT_CFLAGS)
testdrv_LDADD = $(LDADD_FOR_TESTS_KLUDGE)

23
libgcrypt-sparcv9.diff
View File

@ -1,23 +0,0 @@
Avoid link-time error
../src/.libs/libgcrypt.so: undefined reference to `__udiv_qrnnd'
by choosing v8-like insns for 32-bit v9 mode too.
---
mpi/longlong.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: libgcrypt-1.7.2/mpi/longlong.h
===================================================================
--- libgcrypt-1.7.2.orig/mpi/longlong.h
+++ libgcrypt-1.7.2/mpi/longlong.h
@@ -1293,7 +1293,7 @@ typedef unsigned int UTItype __attribute
"rJ" ((USItype)(al)), \
"rI" ((USItype)(bl)) \
__CLOBBER_CC)
-# if defined (__sparc_v8__) || defined(__sparcv8)
+# if defined (__sparc_v8__) || defined(__sparcv8) || defined(__space_v9__)
/* Don't match immediate range because, 1) it is not often useful,
2) the 'I' flag thinks of the range as a 13 bit signed interval,
while we want to match a 13 bit interval, sign extended to 32 bits,

25
libgcrypt.changes
View File

@ -1,3 +1,28 @@
-------------------------------------------------------------------
Mon Aug 23 12:08:24 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
- Update to 1.9.4:
* Bug fixes:
- Fix Elgamal encryption for other implementations. [CVE-2021-33560]
- Fix alignment problem on macOS.
- Check the input length of the point in ECDH.
- Fix an abort in gcry_pk_get_param for "Curve25519".
* Other features:
- Add GCM and CCM to OID mapping table for AES.
* Upstream libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch
-------------------------------------------------------------------
Mon Aug 23 10:11:55 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
- Remove not needed patch libgcrypt-sparcv9.diff
-------------------------------------------------------------------
Thu Jul 15 12:53:45 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
- Fix building test t-lock with pthread. [bsc#1189745]
* Explicitly add -lpthread to compile the t-lock test.
* Add libgcrypt-pthread-in-t-lock-test.patch
-------------------------------------------------------------------
Fri Jun 11 13:17:54 UTC 2021 - Pedro Monreal <pmonreal@suse.com>

7
libgcrypt.spec
View File

@ -22,7 +22,7 @@
%define libsoname %{name}%{libsover}
%define cavs_dir %{_libexecdir}/%{name}/cavs
Name: libgcrypt
Version: 1.9.3
Version: 1.9.4
Release: 0
Summary: The GNU Crypto Library
License: GPL-2.0-or-later AND LGPL-2.1-or-later AND GPL-3.0-or-later
@ -39,7 +39,6 @@ Source5: cavs-test.sh
Source6: cavs_driver.pl
Source99: libgcrypt.changes
Patch1: libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch
Patch2: libgcrypt-sparcv9.diff
Patch3: libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
Patch4: libgcrypt-1.6.1-use-fipscheck.patch
Patch5: libgcrypt-1.6.1-fips-cavs.patch
@ -76,8 +75,8 @@ Patch26: libgcrypt-PCT-RSA.patch
Patch27: libgcrypt-PCT-DSA.patch
Patch28: libgcrypt-PCT-ECC.patch
Patch29: libgcrypt-fips_selftest_trigger_file.patch
#PATCH-FIX-UPSTREAM bsc#1187212 CVE-2021-33560 ElGamal encryption lacks exponent blinding
Patch30: libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch
#PATCH-FIX-SUSE bsc#1189745 The t-lock test is not build with phtread in gcc7, works in gcc11
Patch30: libgcrypt-pthread-in-t-lock-test.patch
BuildRequires: automake >= 1.14
BuildRequires: fipscheck
BuildRequires: libgpg-error-devel >= 1.27