import libgcrypt-1.8.5-6.el8
This commit is contained in:
		
							parent
							
								
									5898546e10
								
							
						
					
					
						commit
						560d09fcdf
					
				
							
								
								
									
										13
									
								
								SOURCES/libgcrypt-1.8.5-fips-hwfeatures.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										13
									
								
								SOURCES/libgcrypt-1.8.5-fips-hwfeatures.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,13 @@ | |||||||
|  | diff -up libgcrypt-1.8.5/src/hwfeatures.c.hw-fips libgcrypt-1.8.5/src/hwfeatures.c
 | ||||||
|  | --- libgcrypt-1.8.5/src/hwfeatures.c.hw-fips	2021-06-25 11:55:55.843819137 +0200
 | ||||||
|  | +++ libgcrypt-1.8.5/src/hwfeatures.c	2021-06-25 11:56:00.925895390 +0200
 | ||||||
|  | @@ -205,9 +205,6 @@ _gcry_detect_hw_features (void)
 | ||||||
|  |  { | ||||||
|  |    hw_features = 0; | ||||||
|  |   | ||||||
|  | -  if (fips_mode ())
 | ||||||
|  | -    return; /* Hardware support is not to be evaluated.  */
 | ||||||
|  | -
 | ||||||
|  |    parse_hwf_deny_file (); | ||||||
|  |   | ||||||
|  |  #if defined (HAVE_CPU_ARCH_X86) | ||||||
							
								
								
									
										3521
									
								
								SOURCES/libgcrypt-1.8.5-ppc-chacha20-poly1305.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										3521
									
								
								SOURCES/libgcrypt-1.8.5-ppc-chacha20-poly1305.patch
									
									
									
									
									
										Normal file
									
								
							
										
											
												File diff suppressed because it is too large
												Load Diff
											
										
									
								
							
							
								
								
									
										100
									
								
								SOURCES/libgcrypt-1.9.3-CVE-2021-33560.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										100
									
								
								SOURCES/libgcrypt-1.9.3-CVE-2021-33560.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,100 @@ | |||||||
|  | commit 3462280f2e23e16adf3ed5176e0f2413d8861320 | ||||||
|  | Author: NIIBE Yutaka <gniibe@fsij.org> | ||||||
|  | Date:   Fri May 21 11:15:07 2021 +0900 | ||||||
|  | 
 | ||||||
|  |     cipher: Fix ElGamal encryption for other implementations. | ||||||
|  |      | ||||||
|  |     * cipher/elgamal.c (gen_k): Remove support of smaller K. | ||||||
|  |     (do_encrypt): Never use smaller K. | ||||||
|  |     (sign): Folllow the change of gen_k. | ||||||
|  |      | ||||||
|  |     -- | ||||||
|  |      | ||||||
|  |     Cherry-pick master commit of: | ||||||
|  |             632d80ef30e13de6926d503aa697f92b5dbfbc5e | ||||||
|  |      | ||||||
|  |     This change basically reverts encryption changes in two commits: | ||||||
|  |      | ||||||
|  |             74386120dad6b3da62db37f7044267c8ef34689b | ||||||
|  |             78531373a342aeb847950f404343a05e36022065 | ||||||
|  |      | ||||||
|  |     Use of smaller K for ephemeral key in ElGamal encryption is only good, | ||||||
|  |     when we can guarantee that recipient's key is generated by our | ||||||
|  |     implementation (or compatible). | ||||||
|  |      | ||||||
|  |     For detail, please see: | ||||||
|  |      | ||||||
|  |         Luca De Feo, Bertram Poettering, Alessandro Sorniotti, | ||||||
|  |         "On the (in)security of ElGamal in OpenPGP"; | ||||||
|  |         in the proceedings of  CCS'2021. | ||||||
|  |      | ||||||
|  |     CVE-id: CVE-2021-33560 | ||||||
|  |     GnuPG-bug-id: 5328 | ||||||
|  |     Suggested-by: Luca De Feo, Bertram Poettering, Alessandro Sorniotti | ||||||
|  |     Signed-off-by: NIIBE Yutaka <gniibe@fsij.org> | ||||||
|  | 
 | ||||||
|  | diff --git a/cipher/elgamal.c b/cipher/elgamal.c
 | ||||||
|  | index 9835122f..eead4502 100644
 | ||||||
|  | --- a/cipher/elgamal.c
 | ||||||
|  | +++ b/cipher/elgamal.c
 | ||||||
|  | @@ -66,7 +66,7 @@ static const char *elg_names[] =
 | ||||||
|  |   | ||||||
|  |   | ||||||
|  |  static int test_keys (ELG_secret_key *sk, unsigned int nbits, int nodie); | ||||||
|  | -static gcry_mpi_t gen_k (gcry_mpi_t p, int small_k);
 | ||||||
|  | +static gcry_mpi_t gen_k (gcry_mpi_t p);
 | ||||||
|  |  static gcry_err_code_t generate (ELG_secret_key *sk, unsigned nbits, | ||||||
|  |                                   gcry_mpi_t **factors); | ||||||
|  |  static int  check_secret_key (ELG_secret_key *sk); | ||||||
|  | @@ -189,11 +189,10 @@ test_keys ( ELG_secret_key *sk, unsigned int nbits, int nodie )
 | ||||||
|  |   | ||||||
|  |  /**************** | ||||||
|  |   * Generate a random secret exponent k from prime p, so that k is | ||||||
|  | - * relatively prime to p-1.  With SMALL_K set, k will be selected for
 | ||||||
|  | - * better encryption performance - this must never be used signing!
 | ||||||
|  | + * relatively prime to p-1.
 | ||||||
|  |   */ | ||||||
|  |  static gcry_mpi_t | ||||||
|  | -gen_k( gcry_mpi_t p, int small_k )
 | ||||||
|  | +gen_k( gcry_mpi_t p )
 | ||||||
|  |  { | ||||||
|  |    gcry_mpi_t k = mpi_alloc_secure( 0 ); | ||||||
|  |    gcry_mpi_t temp = mpi_alloc( mpi_get_nlimbs(p) ); | ||||||
|  | @@ -202,18 +201,7 @@ gen_k( gcry_mpi_t p, int small_k )
 | ||||||
|  |    unsigned int nbits, nbytes; | ||||||
|  |    char *rndbuf = NULL; | ||||||
|  |   | ||||||
|  | -  if (small_k)
 | ||||||
|  | -    {
 | ||||||
|  | -      /* Using a k much lesser than p is sufficient for encryption and
 | ||||||
|  | -       * it greatly improves the encryption performance.  We use
 | ||||||
|  | -       * Wiener's table and add a large safety margin. */
 | ||||||
|  | -      nbits = wiener_map( orig_nbits ) * 3 / 2;
 | ||||||
|  | -      if( nbits >= orig_nbits )
 | ||||||
|  | -        BUG();
 | ||||||
|  | -    }
 | ||||||
|  | -  else
 | ||||||
|  | -    nbits = orig_nbits;
 | ||||||
|  | -
 | ||||||
|  | +  nbits = orig_nbits;
 | ||||||
|  |   | ||||||
|  |    nbytes = (nbits+7)/8; | ||||||
|  |    if( DBG_CIPHER ) | ||||||
|  | @@ -492,7 +480,7 @@ do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey )
 | ||||||
|  |     * error code. | ||||||
|  |     */ | ||||||
|  |   | ||||||
|  | -  k = gen_k( pkey->p, 1 );
 | ||||||
|  | +  k = gen_k( pkey->p );
 | ||||||
|  |    mpi_powm (a, pkey->g, k, pkey->p); | ||||||
|  |   | ||||||
|  |    /* b = (y^k * input) mod p | ||||||
|  | @@ -608,7 +596,7 @@ sign(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_secret_key *skey )
 | ||||||
|  |      * | ||||||
|  |      */ | ||||||
|  |      mpi_sub_ui(p_1, p_1, 1); | ||||||
|  | -    k = gen_k( skey->p, 0 /* no small K ! */ );
 | ||||||
|  | +    k = gen_k( skey->p );
 | ||||||
|  |      mpi_powm( a, skey->g, k, skey->p ); | ||||||
|  |      mpi_mul(t, skey->x, a ); | ||||||
|  |      mpi_subm(t, input, t, p_1 ); | ||||||
| @ -1,6 +1,6 @@ | |||||||
| Name: libgcrypt | Name: libgcrypt | ||||||
| Version: 1.8.5 | Version: 1.8.5 | ||||||
| Release: 5%{?dist} | Release: 6%{?dist} | ||||||
| URL: http://www.gnupg.org/ | URL: http://www.gnupg.org/ | ||||||
| Source0: libgcrypt-%{version}-hobbled.tar.xz | Source0: libgcrypt-%{version}-hobbled.tar.xz | ||||||
| # The original libgcrypt sources now contain potentially patented ECC | # The original libgcrypt sources now contain potentially patented ECC | ||||||
| @ -61,6 +61,12 @@ Patch34: libgcrypt-1.8.5-ppc-crc32.patch | |||||||
| Patch35: libgcrypt-1.8.5-ppc-bugfix.patch | Patch35: libgcrypt-1.8.5-ppc-bugfix.patch | ||||||
| # ppc64 performance AES-GCM (#1855231) | # ppc64 performance AES-GCM (#1855231) | ||||||
| Patch36: libgcrypt-1.8.5-ppc-aes-gcm.patch | Patch36: libgcrypt-1.8.5-ppc-aes-gcm.patch | ||||||
|  | # ppc64 performance AES-GCM (#1855231) | ||||||
|  | Patch37: libgcrypt-1.9.3-CVE-2021-33560.patch | ||||||
|  | # We can use HW optimizations in FIPS (#1976137) | ||||||
|  | Patch38: libgcrypt-1.8.5-fips-hwfeatures.patch | ||||||
|  | # ppc64 performance chacha20 and poly1305 (#1855231) | ||||||
|  | Patch39: libgcrypt-1.8.5-ppc-chacha20-poly1305.patch | ||||||
| 
 | 
 | ||||||
| %define gcrylibdir %{_libdir} | %define gcrylibdir %{_libdir} | ||||||
| 
 | 
 | ||||||
| @ -118,6 +124,9 @@ applications using libgcrypt. | |||||||
| %patch34 -p1 -b .ppc-crc32 | %patch34 -p1 -b .ppc-crc32 | ||||||
| %patch35 -p1 -b .ppc-bugfix | %patch35 -p1 -b .ppc-bugfix | ||||||
| %patch36 -p1 -b .ppc-aes-gcm | %patch36 -p1 -b .ppc-aes-gcm | ||||||
|  | %patch37 -p1 -b .CVE-2021-33560 | ||||||
|  | %patch38 -p1 -b .hw-fips | ||||||
|  | %patch39 -p1 -b .ppc-chacha | ||||||
| 
 | 
 | ||||||
| cp %{SOURCE4} cipher/ | cp %{SOURCE4} cipher/ | ||||||
| cp %{SOURCE5} %{SOURCE6} tests/ | cp %{SOURCE5} %{SOURCE6} tests/ | ||||||
| @ -233,6 +242,11 @@ exit 0 | |||||||
| %license COPYING | %license COPYING | ||||||
| 
 | 
 | ||||||
| %changelog | %changelog | ||||||
|  | * Mon Jun 28 2021 Jakub Jelen <jjelen@redhat.com> - 1.8.5-6 | ||||||
|  | - Fix for CVE-2021-33560 (#1971421) | ||||||
|  | - Enable HW optimizations in FIPS (#1976137) | ||||||
|  | - Performance enchancements for ChaCha20 and Poly1305 (#1855231) | ||||||
|  | 
 | ||||||
| * Thu May 13 2021 Jakub Jelen <jjelen@redhat.com> - 1.8.5-5 | * Thu May 13 2021 Jakub Jelen <jjelen@redhat.com> - 1.8.5-5 | ||||||
| - Performance enchancements for AES-GCM, CRC32 and SHA2 (#1855231) | - Performance enchancements for AES-GCM, CRC32 and SHA2 (#1855231) | ||||||
| 
 | 
 | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user