import libgcrypt-1.8.5-7.el8_6

This commit is contained in:
CentOS Sources 2022-09-27 16:06:29 -04:00 committed by Stepan Oksanichenko
parent 77016c323b
commit baf5f31474
3 changed files with 78 additions and 5 deletions

View File

@ -0,0 +1,67 @@
commit e8b7f10be275bcedb5fc05ed4837a89bfd605c61
Author: NIIBE Yutaka <gniibe@fsij.org>
Date: Tue Apr 13 10:00:00 2021 +0900
cipher: Hardening ElGamal by introducing exponent blinding too.
* cipher/elgamal.c (do_encrypt): Also do exponent blinding.
--
Base blinding had been introduced with USE_BLINDING. This patch add
exponent blinding as well to mitigate side-channel attack on mpi_powm.
GnuPG-bug-id: 5328
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
diff --git a/cipher/elgamal.c b/cipher/elgamal.c
index 4eb52d62..9835122f 100644
--- a/cipher/elgamal.c
+++ b/cipher/elgamal.c
@@ -522,8 +522,9 @@ do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey )
static void
decrypt (gcry_mpi_t output, gcry_mpi_t a, gcry_mpi_t b, ELG_secret_key *skey )
{
- gcry_mpi_t t1, t2, r;
+ gcry_mpi_t t1, t2, r, r1, h;
unsigned int nbits = mpi_get_nbits (skey->p);
+ gcry_mpi_t x_blind;
mpi_normalize (a);
mpi_normalize (b);
@@ -534,20 +535,33 @@ decrypt (gcry_mpi_t output, gcry_mpi_t a, gcry_mpi_t b, ELG_secret_key *skey )
t2 = mpi_snew (nbits);
r = mpi_new (nbits);
+ r1 = mpi_new (nbits);
+ h = mpi_new (nbits);
+ x_blind = mpi_snew (nbits);
/* We need a random number of about the prime size. The random
number merely needs to be unpredictable; thus we use level 0. */
_gcry_mpi_randomize (r, nbits, GCRY_WEAK_RANDOM);
+ /* Also, exponent blinding: x_blind = x + (p-1)*r1 */
+ _gcry_mpi_randomize (r1, nbits, GCRY_WEAK_RANDOM);
+ mpi_set_highbit (r1, nbits - 1);
+ mpi_sub_ui (h, skey->p, 1);
+ mpi_mul (x_blind, h, r1);
+ mpi_add (x_blind, skey->x, x_blind);
+
/* t1 = r^x mod p */
- mpi_powm (t1, r, skey->x, skey->p);
+ mpi_powm (t1, r, x_blind, skey->p);
/* t2 = (a * r)^-x mod p */
mpi_mulm (t2, a, r, skey->p);
- mpi_powm (t2, t2, skey->x, skey->p);
+ mpi_powm (t2, t2, x_blind, skey->p);
mpi_invm (t2, t2, skey->p);
/* t1 = (t1 * t2) mod p*/
mpi_mulm (t1, t1, t2, skey->p);
+ mpi_free (x_blind);
+ mpi_free (h);
+ mpi_free (r1);
mpi_free (r);
mpi_free (t2);

View File

@ -1,6 +1,6 @@
Name: libgcrypt Name: libgcrypt
Version: 1.8.5 Version: 1.8.5
Release: 6%{?dist} Release: 7%{?dist}
URL: http://www.gnupg.org/ URL: http://www.gnupg.org/
Source0: libgcrypt-%{version}-hobbled.tar.xz Source0: libgcrypt-%{version}-hobbled.tar.xz
# The original libgcrypt sources now contain potentially patented ECC # The original libgcrypt sources now contain potentially patented ECC
@ -61,12 +61,14 @@ Patch34: libgcrypt-1.8.5-ppc-crc32.patch
Patch35: libgcrypt-1.8.5-ppc-bugfix.patch Patch35: libgcrypt-1.8.5-ppc-bugfix.patch
# ppc64 performance AES-GCM (#1855231) # ppc64 performance AES-GCM (#1855231)
Patch36: libgcrypt-1.8.5-ppc-aes-gcm.patch Patch36: libgcrypt-1.8.5-ppc-aes-gcm.patch
# ppc64 performance AES-GCM (#1855231) # Fix elgamal cross-configuration (CVE-2021-40528)
Patch37: libgcrypt-1.9.3-CVE-2021-33560.patch Patch37: libgcrypt-1.9.3-CVE-2021-40528.patch
# We can use HW optimizations in FIPS (#1976137) # We can use HW optimizations in FIPS (#1976137)
Patch38: libgcrypt-1.8.5-fips-hwfeatures.patch Patch38: libgcrypt-1.8.5-fips-hwfeatures.patch
# ppc64 performance chacha20 and poly1305 (#1855231) # ppc64 performance chacha20 and poly1305 (#1855231)
Patch39: libgcrypt-1.8.5-ppc-chacha20-poly1305.patch Patch39: libgcrypt-1.8.5-ppc-chacha20-poly1305.patch
# Fix CVE-2021-33560 (elgamal blinding)
Patch40: libgcrypt-1.8.5-elgamal-blinding.patch
%define gcrylibdir %{_libdir} %define gcrylibdir %{_libdir}
@ -124,9 +126,10 @@ applications using libgcrypt.
%patch34 -p1 -b .ppc-crc32 %patch34 -p1 -b .ppc-crc32
%patch35 -p1 -b .ppc-bugfix %patch35 -p1 -b .ppc-bugfix
%patch36 -p1 -b .ppc-aes-gcm %patch36 -p1 -b .ppc-aes-gcm
%patch37 -p1 -b .CVE-2021-33560 %patch37 -p1 -b .CVE-2021-40528
%patch38 -p1 -b .hw-fips %patch38 -p1 -b .hw-fips
%patch39 -p1 -b .ppc-chacha %patch39 -p1 -b .ppc-chacha
%patch40 -p1 -b .elgamal-blinding
cp %{SOURCE4} cipher/ cp %{SOURCE4} cipher/
cp %{SOURCE5} %{SOURCE6} tests/ cp %{SOURCE5} %{SOURCE6} tests/
@ -242,8 +245,11 @@ exit 0
%license COPYING %license COPYING
%changelog %changelog
* Tue Apr 05 2022 Jakub Jelen <jjelen@redhat.com> - 1.8.5-7
- Fix CVE-2021-33560 (#2018525)
* Mon Jun 28 2021 Jakub Jelen <jjelen@redhat.com> - 1.8.5-6 * Mon Jun 28 2021 Jakub Jelen <jjelen@redhat.com> - 1.8.5-6
- Fix for CVE-2021-33560 (#1971421) - Fix for CVE-2021-40528 (#1971421)
- Enable HW optimizations in FIPS (#1976137) - Enable HW optimizations in FIPS (#1976137)
- Performance enchancements for ChaCha20 and Poly1305 (#1855231) - Performance enchancements for ChaCha20 and Poly1305 (#1855231)