forked from pool/libgcrypt
9a7cde5372
- FIPS: libgcrypt: Double free in test_keys() on failed signature
verification [bsc#1169944]
* Use safer gcry_mpi_release() instead of mpi_free()
- Update patches:
* libgcrypt-PCT-DSA.patch
* libgcrypt-PCT-RSA.patch
* libgcrypt-PCT-ECC.patch
- Ship the FIPS checksum file in the shared library package and
create a separate trigger file for the FIPS selftests (bsc#1169569)
* add libgcrypt-fips_selftest_trigger_file.patch
* refresh libgcrypt-global_init-constructor.patch
- Remove libgcrypt-binary_integrity_in_non-FIPS.patch obsoleted
by libgcrypt-global_init-constructor.patch
- FIPS: Verify that the generated signature and the original input
differ in test_keys function for RSA, DSA and ECC: [bsc#1165539]
- Add zero-padding when qx and qy have different lengths when
assembling the Q point from affine coordinates.
- Refreshed patches:
* libgcrypt-PCT-DSA.patch
* libgcrypt-PCT-RSA.patch
* libgcrypt-PCT-ECC.patch
- FIPS: Switch the PCT to use the new signature operation [bsc#1165539]
* Patches for DSA, RSA and ECDSA test_keys functions:
- libgcrypt-PCT-DSA.patch
- libgcrypt-PCT-RSA.patch
- libgcrypt-PCT-ECC.patch
- Update patch: libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch
OBS-URL: https://build.opensuse.org/request/show/805624
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=134
93 lines
3.5 KiB
Diff
93 lines
3.5 KiB
Diff
--- libgcrypt-1.8.2.orig/cipher/rsa.c 2020-03-26 07:23:17.392861551 +0100
|
|
+++ libgcrypt-1.8.2.orig/cipher/rsa.c 2020-03-26 15:43:29.556282072 +0100
|
|
@@ -91,10 +91,16 @@ static const char sample_secret_key[] =
|
|
" 79C974A6FA69E4D52FE796650623DE70622862713932AA2FD9F2EC856EAEAA77"
|
|
" 88B4EA6084DC81C902F014829B18EA8B2666EC41586818E0589E18876065F97E"
|
|
" 8D22CE2DA53A05951EC132DCEF41E70A9C35F4ACC268FFAC2ADF54FA1DA110B919#)"
|
|
+"))";
|
|
+/* We need to get rid of the u value, in order to end in
|
|
+ * secret_core_std when called from secret. It's not used anyway. */
|
|
+
|
|
+/*
|
|
" (u #67CF0FD7635205DD80FA814EE9E9C267C17376BF3209FB5D1BC42890D2822A04"
|
|
" 479DAF4D5B6ED69D0F8D1AF94164D07F8CD52ECEFE880641FA0F41DDAB1785E4"
|
|
" A37A32F997A516480B4CD4F6482B9466A1765093ED95023CA32D5EDC1E34CEE9"
|
|
" AF595BC51FE43C4BF810FA225AF697FB473B83815966188A4312C048B885E3F7#)))";
|
|
+*/
|
|
|
|
/* A sample 2048 bit RSA key used for the selftests (public only). */
|
|
static const char sample_public_key[] =
|
|
@@ -1252,8 +1258,8 @@ rsa_check_secret_key (gcry_sexp_t keypar
|
|
RSA_secret_key sk = {NULL, NULL, NULL, NULL, NULL, NULL};
|
|
|
|
/* To check the key we need the optional parameters. */
|
|
- rc = sexp_extract_param (keyparms, NULL, "nedpqu",
|
|
- &sk.n, &sk.e, &sk.d, &sk.p, &sk.q, &sk.u,
|
|
+ rc = sexp_extract_param (keyparms, NULL, "npq",
|
|
+ &sk.n, &sk.p, &sk.q,
|
|
NULL);
|
|
if (rc)
|
|
goto leave;
|
|
@@ -1263,11 +1269,8 @@ rsa_check_secret_key (gcry_sexp_t keypar
|
|
|
|
leave:
|
|
_gcry_mpi_release (sk.n);
|
|
- _gcry_mpi_release (sk.e);
|
|
- _gcry_mpi_release (sk.d);
|
|
_gcry_mpi_release (sk.p);
|
|
_gcry_mpi_release (sk.q);
|
|
- _gcry_mpi_release (sk.u);
|
|
if (DBG_CIPHER)
|
|
log_debug ("rsa_testkey => %s\n", gpg_strerror (rc));
|
|
return rc;
|
|
@@ -1710,11 +1713,11 @@ static const char *
|
|
selftest_sign_2048 (gcry_sexp_t pkey, gcry_sexp_t skey)
|
|
{
|
|
static const char sample_data[] =
|
|
- "(data (flags pkcs1)"
|
|
+ "(data (flags pkcs1 no-blinding)"
|
|
" (hash sha256 #11223344556677889900aabbccddeeff"
|
|
/**/ "102030405060708090a0b0c0d0f01121#))";
|
|
static const char sample_data_bad[] =
|
|
- "(data (flags pkcs1)"
|
|
+ "(data (flags pkcs1 no-blinding)"
|
|
" (hash sha256 #11223344556677889900aabbccddeeff"
|
|
/**/ "802030405060708090a0b0c0d0f01121#))";
|
|
|
|
@@ -1857,7 +1860,7 @@ selftest_encr_2048 (gcry_sexp_t pkey, gc
|
|
gcry_mpi_t ref_mpi = NULL;
|
|
|
|
/* Put the plaintext into an S-expression. */
|
|
- err = sexp_build (&plain, NULL, "(data (flags raw) (value %s))", plaintext);
|
|
+ err = sexp_build (&plain, NULL, "(data (flags raw no-blinding) (value %s))", plaintext);
|
|
if (err)
|
|
{
|
|
errtxt = "converting data failed";
|
|
@@ -1897,6 +1900,26 @@ selftest_encr_2048 (gcry_sexp_t pkey, gc
|
|
goto leave;
|
|
}
|
|
|
|
+ /* This sexp trickery is to prevent the use of blinding.
|
|
+ * The flag doesn't get inherited by encr, so we have to
|
|
+ * derive a new sexp from the ciphertext */
|
|
+ char buf[1024];
|
|
+ memset(buf, 0, sizeof(buf));
|
|
+ err = _gcry_mpi_print (GCRYMPI_FMT_STD, buf, sizeof buf, NULL, ciphertext);
|
|
+ if (err)
|
|
+ {
|
|
+ errtxt = "Dumping ciphertext mpi to buffer failed";
|
|
+ goto leave;
|
|
+ }
|
|
+
|
|
+ sexp_release (encr);
|
|
+ err = sexp_build (&encr, NULL, "(enc-val (flags no-blinding) (rsa (a %s)))", buf);
|
|
+ if (err)
|
|
+ {
|
|
+ errtxt = "Adding no-blinding flag to ciphertext failed";
|
|
+ goto leave;
|
|
+ }
|
|
+
|
|
/* Decrypt. */
|
|
err = _gcry_pk_decrypt (&decr, encr, skey);
|
|
if (err)
|