Accepting request 500599 from home:pmonrealgonzalez:branches:devel:libraries:c_c++

- Added libgcrypt-secure-EdDSA-session-key.patch [bsc#1042326] * Store the session key in secure memory to ensure that constant time point operations are used in the MPI library. OBS-URL: https://build.opensuse.org/request/show/500599 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=92
2017-06-03 18:51:04 +00:00 · 2017-06-03 18:51:04 +00:00 · ef71f17567
commit ef71f17567
parent fc34d37147
3 changed files with 44 additions and 0 deletions
--- a/libgcrypt-secure-EdDSA-session-key.patch
+++ b/libgcrypt-secure-EdDSA-session-key.patch
@ -0,0 +1,34 @@
+From 5a22de904a0a366ae79f03ff1e13a1232a89e26b Mon Sep 17 00:00:00 2001
+From: Jo Van Bulck <jo.vanbulck@cs.kuleuven.be>
+Date: Thu, 19 Jan 2017 17:00:15 +0100
+Subject: [PATCH] ecc: Store EdDSA session key in secure memory.
+
+* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_sign): use mpi_snew to allocate
+session key.
+--
+
+An attacker who learns the EdDSA session key from side-channel
+observation during the signing process, can easily revover the long-
+term secret key. Storing the session key in secure memory ensures that
+constant time point operations are used in the MPI library.
+
+Signed-off-by: Jo Van Bulck <jo.vanbulck@cs.kuleuven.be>
+---
+ cipher/ecc-eddsa.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/cipher/ecc-eddsa.c b/cipher/ecc-eddsa.c
+index f91f848..813e030 100644
+--- a/cipher/ecc-eddsa.c
+++ b/cipher/ecc-eddsa.c
+@@ -603,7 +603,7 @@ _gcry_ecc_eddsa_sign (gcry_mpi_t input, ECC_secret_key *skey,
+   a = mpi_snew (0);
+   x = mpi_new (0);
+   y = mpi_new (0);
+-  r = mpi_new (0);
+  r = mpi_snew (0);
+   ctx = _gcry_mpi_ec_p_internal_new (skey->E.model, skey->E.dialect, 0,
+                                      skey->E.p, skey->E.a, skey->E.b);
+   b = (ctx->nbits+7)/8;
+-- 
+2.8.0.rc3
--- a/libgcrypt.changes
+++ b/libgcrypt.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Fri Jun  2 10:05:18 UTC 2017 - pmonrealgonzalez@suse.com
+
+- Added libgcrypt-secure-EdDSA-session-key.patch [bsc#1042326]
+  * Store the session key in secure memory to ensure that constant
+    time point operations are used in the MPI library.
+
 -------------------------------------------------------------------
 Fri Jan 20 09:41:15 UTC 2017 - rmaliska@suse.com

--- a/libgcrypt.spec
+++ b/libgcrypt.spec
@ -56,6 +56,8 @@ Patch30:        drbg_test.patch
 #PATCH-FIX-SUSE run FIPS self-test from constructor
 Patch32:        libgcrypt-fips_run_selftest_at_constructor.patch
 Patch34:        libgcrypt-1.6.3-aliasing.patch
+#PATCH-FIX-UPSTREAM -- pmonrealgonzalez@suse.com bsc#1042326 timing attack on EdDSA session key
+Patch35:        libgcrypt-secure-EdDSA-session-key.patch
 BuildRequires:  automake >= 1.14
 BuildRequires:  fipscheck
 BuildRequires:  libgpg-error-devel >= 1.13
@ -153,6 +155,7 @@ understanding of applied cryptography is required to use Libgcrypt.
 %endif
 %patch13 -p1
 %patch14 -p1
+%patch35 -p1

 %build
 echo building with build_hmac256 set to %{build_hmac256}