rpm/libgcrypt
SHA256
1
0
Fork 0
forked from pool/libgcrypt
Code Pull Requests Activity

Accepting request 501007 from home:AndreasStieger:branches:devel:libraries:c_c++

Browse Source 
libgcrypt 1.7.7

OBS-URL: https://build.opensuse.org/request/show/501007
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=93
This commit is contained in:
Tomáš Chvátal 2017-06-05 07:34:40 +00:00 committed by Git OBS Bridge
parent ef71f17567
commit c785cdbe16
7 changed files with 13 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
libgcrypt-1.7.6.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:626aafee84af9d2ce253d2c143dc1c0902dda045780cc241f39970fc60be05bc
size 2897695

BIN
libgcrypt-1.7.6.tar.bz2.sig
View File

Binary file not shown.

3
libgcrypt-1.7.7.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b9b85eba0793ea3e6e66b896eb031fa05e1a4517277cc9ab10816b359254cd9a
size 2861190

BIN
libgcrypt-1.7.7.tar.bz2.sig Normal file
View File

Binary file not shown.

34
libgcrypt-secure-EdDSA-session-key.patch
View File

@ -1,34 +0,0 @@
From 5a22de904a0a366ae79f03ff1e13a1232a89e26b Mon Sep 17 00:00:00 2001
From: Jo Van Bulck <jo.vanbulck@cs.kuleuven.be>
Date: Thu, 19 Jan 2017 17:00:15 +0100
Subject: [PATCH] ecc: Store EdDSA session key in secure memory.
* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_sign): use mpi_snew to allocate
session key.
--
An attacker who learns the EdDSA session key from side-channel
observation during the signing process, can easily revover the long-
term secret key. Storing the session key in secure memory ensures that
constant time point operations are used in the MPI library.
Signed-off-by: Jo Van Bulck <jo.vanbulck@cs.kuleuven.be>
---
cipher/ecc-eddsa.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cipher/ecc-eddsa.c b/cipher/ecc-eddsa.c
index f91f848..813e030 100644
--- a/cipher/ecc-eddsa.c
+++ b/cipher/ecc-eddsa.c
@@ -603,7 +603,7 @@ _gcry_ecc_eddsa_sign (gcry_mpi_t input, ECC_secret_key *skey,
a = mpi_snew (0);
x = mpi_new (0);
y = mpi_new (0);
- r = mpi_new (0);
+ r = mpi_snew (0);
ctx = _gcry_mpi_ec_p_internal_new (skey->E.model, skey->E.dialect, 0,
skey->E.p, skey->E.a, skey->E.b);
b = (ctx->nbits+7)/8;
--
2.8.0.rc3

9
libgcrypt.changes
View File

@ -1,3 +1,12 @@
-------------------------------------------------------------------
Sun Jun 4 19:26:12 UTC 2017 - astieger@suse.com
- libgcrypt 1.7.7:
* Fix possible timing attack on EdDSA session key (previously
patched, drop libgcrypt-secure-EdDSA-session-key.patch)
* Fix long standing bug in secure memory implementation which
could lead to a segv on free
-------------------------------------------------------------------
Fri Jun 2 10:05:18 UTC 2017 - pmonrealgonzalez@suse.com

5
libgcrypt.spec
View File

@ -21,7 +21,7 @@
%define libsoname %{name}20
%define cavs_dir %{_libexecdir}/%{name}/cavs
Name: libgcrypt
Version: 1.7.6
Version: 1.7.7
Release: 0
Summary: The GNU Crypto Library
License: GPL-2.0+ and LGPL-2.1+ and GPL-3.0+
@ -56,8 +56,6 @@ Patch30: drbg_test.patch
#PATCH-FIX-SUSE run FIPS self-test from constructor
Patch32: libgcrypt-fips_run_selftest_at_constructor.patch
Patch34: libgcrypt-1.6.3-aliasing.patch
#PATCH-FIX-UPSTREAM -- pmonrealgonzalez@suse.com bsc#1042326 timing attack on EdDSA session key
Patch35: libgcrypt-secure-EdDSA-session-key.patch
BuildRequires: automake >= 1.14
BuildRequires: fipscheck
BuildRequires: libgpg-error-devel >= 1.13
@ -155,7 +153,6 @@ understanding of applied cryptography is required to use Libgcrypt.
%endif
%patch13 -p1
%patch14 -p1
%patch35 -p1
%build
echo building with build_hmac256 set to %{build_hmac256}