Accepting request 913968 from home:pmonrealgonzalez:branches:devel:libraries:c_c++

- Update to 1.9.4: * Bug fixes: - Fix Elgamal encryption for other implementations. [CVE-2021-33560] - Fix alignment problem on macOS. - Check the input length of the point in ECDH. - Fix an abort in gcry_pk_get_param for "Curve25519". * Other features: - Add GCM and CCM to OID mapping table for AES. * Upstream libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch - Remove not needed patch libgcrypt-sparcv9.diff - libgcrypt 1.9.3: - Fix for Apple iOS getentropy peculiarity. - Add VPMSUMD acceleration for GCM mode on PPC. - Fix rare assertion failure in gcry_prime_check. OBS-URL: https://build.opensuse.org/request/show/913968 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=150
2021-08-24 10:13:55 +00:00 · 2021-08-24 10:13:55 +00:00 · 00b6c7a408
commit 00b6c7a408
parent 79c721ab6b
8 changed files with 26 additions and 133 deletions
--- a/libgcrypt-1.9.3.tar.bz2
+++ b/libgcrypt-1.9.3.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:97ebe4f94e2f7e35b752194ce15a0f3c66324e0ff6af26659bbfb5ff2ec328fd
-size 3219061
--- a/libgcrypt-1.9.3.tar.bz2.sig
+++ b/libgcrypt-1.9.3.tar.bz2.sig
--- a/libgcrypt-1.9.4.tar.bz2
+++ b/libgcrypt-1.9.4.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ea849c83a72454e3ed4267697e8ca03390aee972ab421e7df69dfe42b65caaf7
+size 3239704
--- a/libgcrypt-1.9.4.tar.bz2.sig
+++ b/libgcrypt-1.9.4.tar.bz2.sig
--- a/libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch
+++ b/libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch
@ -1,99 +0,0 @@
-From: NIIBE Yutaka <gniibe@fsij.org>
-Date: Fri, 21 May 2021 02:15:07 +0000 (+0900)
-Subject: cipher: Fix ElGamal encryption for other implementations.
-X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff_plain;h=632d80ef30e13de6926d503aa697f92b5dbfbc5e
-
-cipher: Fix ElGamal encryption for other implementations.
-
-* cipher/elgamal.c (gen_k): Remove support of smaller K.
-(do_encrypt): Never use smaller K.
-(sign): Folllow the change of gen_k.
-
--
-
-This change basically reverts encryption changes in two commits:
-
-	74386120dad6b3da62db37f7044267c8ef34689b
-	78531373a342aeb847950f404343a05e36022065
-
-Use of smaller K for ephemeral key in ElGamal encryption is only good,
-when we can guarantee that recipient's key is generated by our
-implementation (or compatible).
-
-For detail, please see:
-
-    Luca De Feo, Bertram Poettering, Alessandro Sorniotti,
-    "On the (in)security of ElGamal in OpenPGP";
-    in the proceedings of  CCS'2021.
-
-CVE-id: CVE-2021-33560
-GnuPG-bug-id: 5328
-Suggested-by: Luca De Feo, Bertram Poettering, Alessandro Sorniotti
-Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
-
-diff --git a/cipher/elgamal.c b/cipher/elgamal.c
-index 9835122f..eead4502 100644
--- a/cipher/elgamal.c
-+++ b/cipher/elgamal.c
-@@ -66,7 +66,7 @@ static const char *elg_names[] =
- 
- 
- static int test_keys (ELG_secret_key *sk, unsigned int nbits, int nodie);
-static gcry_mpi_t gen_k (gcry_mpi_t p, int small_k);
-+static gcry_mpi_t gen_k (gcry_mpi_t p);
- static gcry_err_code_t generate (ELG_secret_key *sk, unsigned nbits,
-                                  gcry_mpi_t **factors);
- static int  check_secret_key (ELG_secret_key *sk);
-@@ -189,11 +189,10 @@ test_keys ( ELG_secret_key *sk, unsigned int nbits, int nodie )
- 
- /****************
-  * Generate a random secret exponent k from prime p, so that k is
- * relatively prime to p-1.  With SMALL_K set, k will be selected for
- * better encryption performance - this must never be used signing!
-+ * relatively prime to p-1.
-  */
- static gcry_mpi_t
-gen_k( gcry_mpi_t p, int small_k )
-+gen_k( gcry_mpi_t p )
- {
-   gcry_mpi_t k = mpi_alloc_secure( 0 );
-   gcry_mpi_t temp = mpi_alloc( mpi_get_nlimbs(p) );
-@@ -202,18 +201,7 @@ gen_k( gcry_mpi_t p, int small_k )
-   unsigned int nbits, nbytes;
-   char *rndbuf = NULL;
- 
-  if (small_k)
-    {
-      /* Using a k much lesser than p is sufficient for encryption and
-       * it greatly improves the encryption performance.  We use
-       * Wiener's table and add a large safety margin. */
-      nbits = wiener_map( orig_nbits ) * 3 / 2;
-      if( nbits >= orig_nbits )
-        BUG();
-    }
-  else
-    nbits = orig_nbits;
-
-+  nbits = orig_nbits;
- 
-   nbytes = (nbits+7)/8;
-   if( DBG_CIPHER )
-@@ -492,7 +480,7 @@ do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey )
-    * error code.
-    */
- 
-  k = gen_k( pkey->p, 1 );
-+  k = gen_k( pkey->p );
-   mpi_powm (a, pkey->g, k, pkey->p);
- 
-   /* b = (y^k * input) mod p
-@@ -608,7 +596,7 @@ sign(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_secret_key *skey )
-     *
-     */
-     mpi_sub_ui(p_1, p_1, 1);
-    k = gen_k( skey->p, 0 /* no small K ! */ );
-+    k = gen_k( skey->p );
-     mpi_powm( a, skey->g, k, skey->p );
-     mpi_mul(t, skey->x, a );
-     mpi_subm(t, input, t, p_1 );
--- a/libgcrypt-sparcv9.diff
+++ b/libgcrypt-sparcv9.diff
@ -1,23 +0,0 @@
-Avoid link-time error
-
-../src/.libs/libgcrypt.so: undefined reference to `__udiv_qrnnd'
-
-by choosing v8-like insns for 32-bit v9 mode too.
-
---
- mpi/longlong.h |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-Index: libgcrypt-1.7.2/mpi/longlong.h
-===================================================================
--- libgcrypt-1.7.2.orig/mpi/longlong.h
-+++ libgcrypt-1.7.2/mpi/longlong.h
-@@ -1293,7 +1293,7 @@ typedef unsigned int UTItype __attribute
- 	     "rJ" ((USItype)(al)),                                      \
- 	     "rI" ((USItype)(bl))                                       \
- 	   __CLOBBER_CC)
-# if defined (__sparc_v8__) || defined(__sparcv8)
-+# if defined (__sparc_v8__) || defined(__sparcv8) || defined(__space_v9__)
- /* Don't match immediate range because, 1) it is not often useful,
-    2) the 'I' flag thinks of the range as a 13 bit signed interval,
-    while we want to match a 13 bit interval, sign extended to 32 bits,
--- a/libgcrypt.changes
+++ b/libgcrypt.changes
@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Mon Aug 23 12:08:24 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 1.9.4:
+  * Bug fixes:
+    - Fix Elgamal encryption for other implementations. [CVE-2021-33560]
+    - Fix alignment problem on macOS.
+    - Check the input length of the point in ECDH.
+    - Fix an abort in gcry_pk_get_param for "Curve25519".
+  * Other features:
+    - Add GCM and CCM to OID mapping table for AES.
+  * Upstream libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch
+
+-------------------------------------------------------------------
+Mon Aug 23 10:11:55 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
+
+- Remove not needed patch libgcrypt-sparcv9.diff
+
 -------------------------------------------------------------------
 Fri Jun 11 13:17:54 UTC 2021 - Pedro Monreal <pmonreal@suse.com>

@ -10,19 +28,19 @@ Fri Jun 11 13:17:54 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
 -------------------------------------------------------------------
 Tue Apr 20 08:46:11 UTC 2021 - Paolo Stivanin <info@paolostivanin.com>

- libgcrypt 1.9.3: 
+- libgcrypt 1.9.3:
  * Bug fixes:
    - Fix build problems on i386 using gcc-4.7.
    - Fix checksum calculation in OCB decryption for AES on s390.
    - Fix a regression in gcry_mpi_ec_add related to certain usages
      of curve 25519.
    - Fix a symbol not found problem on Apple M1.
-    - Fix for Apple iOS getentropy peculiarity.  
+    - Fix for Apple iOS getentropy peculiarity.
    - Make keygrip computation work for compressed points.
  * Performance:
    - Add x86_64 VAES/AVX2 accelerated implementation of Camellia.
    - Add x86_64 VAES/AVX2 accelerated implementation of AES.
-    - Add VPMSUMD acceleration for GCM mode on PPC. 
+    - Add VPMSUMD acceleration for GCM mode on PPC.
  * Internal changes.
    - Harden MPI conditional code against EM leakage.
    - Harden Elgamal by introducing exponent blinding.
@ -411,7 +429,7 @@ Wed Jun 13 10:46:33 UTC 2018 - kbabioch@suse.com
  - Fix incorrect output of AES-keywrap mode for in-place encryption
    on some platforms.
  - Fix the gcry_mpi_ec_curve_point point validation function.
-  - Fix rare assertion failure in gcry_prime_check. 
+  - Fix rare assertion failure in gcry_prime_check.
 - Applied spec-cleaner

 -------------------------------------------------------------------
--- a/libgcrypt.spec
+++ b/libgcrypt.spec
@ -22,7 +22,7 @@
 %define libsoname %{name}%{libsover}
 %define cavs_dir %{_libexecdir}/%{name}/cavs
 Name:           libgcrypt
-Version:        1.9.3
+Version:        1.9.4
 Release:        0
 Summary:        The GNU Crypto Library
 License:        GPL-2.0-or-later AND LGPL-2.1-or-later AND GPL-3.0-or-later
@ -39,7 +39,6 @@ Source5:        cavs-test.sh
 Source6:        cavs_driver.pl
 Source99:       libgcrypt.changes
 Patch1:         libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch
-Patch2:         libgcrypt-sparcv9.diff
 Patch3:         libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
 Patch4:         libgcrypt-1.6.1-use-fipscheck.patch
 Patch5:         libgcrypt-1.6.1-fips-cavs.patch
@ -76,8 +75,6 @@ Patch26:        libgcrypt-PCT-RSA.patch
 Patch27:        libgcrypt-PCT-DSA.patch
 Patch28:        libgcrypt-PCT-ECC.patch
 Patch29:        libgcrypt-fips_selftest_trigger_file.patch
-#PATCH-FIX-UPSTREAM bsc#1187212 CVE-2021-33560 ElGamal encryption lacks exponent blinding
-Patch30:        libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch
 BuildRequires:  automake >= 1.14
 BuildRequires:  fipscheck
 BuildRequires:  libgpg-error-devel >= 1.27