Fix CVE-2026-41989: Denial of Service and buffer overflow via crafted ECDH ciphertext
Resolves: RHEL-182708
This commit is contained in:
parent
1db96206dd
commit
da9a6807d6
151
libgcrypt-1.8.5-montgomery-zeroes.patch
Normal file
151
libgcrypt-1.8.5-montgomery-zeroes.patch
Normal file
@ -0,0 +1,151 @@
|
||||
From: NIIBE Yutaka <gniibe@fsij.org>
|
||||
Date: Tue, 27 Apr 2021 17:24:16 +0900
|
||||
Subject: [PATCH] ecc: Check the input length for the point.
|
||||
|
||||
* cipher/ecc-misc.c (_gcry_ecc_mont_decodepoint): Check the length
|
||||
of valid point representation.
|
||||
|
||||
--
|
||||
|
||||
Backport the commit of master:
|
||||
|
||||
060c378c050e7ec6206358c681a313d6e1967dcf
|
||||
|
||||
In the use case of GnuPG, ECDH decryption for anonymous recipient may
|
||||
try to decrypt with different curves. When the input data of
|
||||
ephemeral key does not match one of the private key, it should return
|
||||
GPG_ERR_INV_OBJ.
|
||||
|
||||
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
||||
---
|
||||
cipher/ecc-misc.c | 18 ++++++++++++++----
|
||||
1 file changed, 14 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/cipher/ecc-misc.c b/cipher/ecc-misc.c
|
||||
index 34dd6804..b89dcfa6 100644
|
||||
--- a/cipher/ecc-misc.c
|
||||
+++ b/cipher/ecc-misc.c
|
||||
@@ -294,6 +294,7 @@ _gcry_ecc_mont_decodepoint (gcry_mpi_t pk, mpi_ec_t ctx, mpi_point_t result)
|
||||
{
|
||||
unsigned char *rawmpi;
|
||||
unsigned int rawmpilen;
|
||||
+ unsigned int nbytes = (ctx->nbits+7)/8;
|
||||
|
||||
if (mpi_is_opaque (pk))
|
||||
{
|
||||
@@ -305,27 +306,36 @@ _gcry_ecc_mont_decodepoint (gcry_mpi_t pk, mpi_ec_t ctx, mpi_point_t result)
|
||||
return GPG_ERR_INV_OBJ;
|
||||
rawmpilen = (rawmpilen + 7)/8;
|
||||
|
||||
- if (rawmpilen > 1 && (rawmpilen%2) && buf[0] == 0x40)
|
||||
+ if (rawmpilen == nbytes + 1
|
||||
+ && (buf[0] == 0x00 || buf[0] == 0x40))
|
||||
{
|
||||
rawmpilen--;
|
||||
buf++;
|
||||
}
|
||||
+ else if (rawmpilen > nbytes)
|
||||
+ return GPG_ERR_INV_OBJ;
|
||||
|
||||
- rawmpi = xtrymalloc (rawmpilen? rawmpilen:1);
|
||||
+ rawmpi = xtrymalloc (nbytes);
|
||||
if (!rawmpi)
|
||||
return gpg_err_code_from_syserror ();
|
||||
|
||||
p = rawmpi + rawmpilen;
|
||||
while (p > rawmpi)
|
||||
*--p = *buf++;
|
||||
+
|
||||
+ if (rawmpilen < nbytes)
|
||||
+ memset (rawmpi + nbytes - rawmpilen, 0, nbytes - rawmpilen);
|
||||
}
|
||||
else
|
||||
{
|
||||
- unsigned int nbytes = (ctx->nbits+7)/8;
|
||||
-
|
||||
rawmpi = _gcry_mpi_get_buffer (pk, nbytes, &rawmpilen, NULL);
|
||||
if (!rawmpi)
|
||||
return gpg_err_code_from_syserror ();
|
||||
+ if (rawmpilen > nbytes + 1)
|
||||
+ {
|
||||
+ xfree (rawmpi);
|
||||
+ return GPG_ERR_INV_OBJ;
|
||||
+ }
|
||||
/*
|
||||
* It is not reliable to assume that 0x40 means the prefix.
|
||||
*
|
||||
--
|
||||
2.54.0
|
||||
|
||||
From bd662c090bd4a45cc830de9e42e96dd0f8e1f702 Mon Sep 17 00:00:00 2001
|
||||
From: NIIBE Yutaka <gniibe@fsij.org>
|
||||
Date: Thu, 6 May 2021 12:35:19 +0900
|
||||
Subject: [PATCH] ecc: Fix the previous commit.
|
||||
|
||||
* cipher/ecc-misc.c (_gcry_ecc_mont_decodepoint): Fix the condition.
|
||||
|
||||
--
|
||||
|
||||
GnuPG-bug-id: 5423
|
||||
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
||||
---
|
||||
cipher/ecc-misc.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/cipher/ecc-misc.c b/cipher/ecc-misc.c
|
||||
index b89dcfa6..0c387c27 100644
|
||||
--- a/cipher/ecc-misc.c
|
||||
+++ b/cipher/ecc-misc.c
|
||||
@@ -331,7 +331,7 @@ _gcry_ecc_mont_decodepoint (gcry_mpi_t pk, mpi_ec_t ctx, mpi_point_t result)
|
||||
rawmpi = _gcry_mpi_get_buffer (pk, nbytes, &rawmpilen, NULL);
|
||||
if (!rawmpi)
|
||||
return gpg_err_code_from_syserror ();
|
||||
- if (rawmpilen > nbytes + 1)
|
||||
+ if (rawmpilen > nbytes + BYTES_PER_MPI_LIMB)
|
||||
{
|
||||
xfree (rawmpi);
|
||||
return GPG_ERR_INV_OBJ;
|
||||
--
|
||||
2.54.0
|
||||
|
||||
|
||||
From 5ba63ec41a6e734c9ff82e20e4f84ac94c59ae27 Mon Sep 17 00:00:00 2001
|
||||
From: NIIBE Yutaka <gniibe@fsij.org>
|
||||
Date: Fri, 10 Apr 2026 16:58:57 +0900
|
||||
Subject: [PATCH] cipher:ecc: Fix decoding a point on Montgomery curve.
|
||||
|
||||
* cipher/ecc-misc.c (_gcry_ecc_mont_decodepoint): Fix the padding
|
||||
mistake and add updating RAWMPILEN.
|
||||
|
||||
--
|
||||
|
||||
Reported by Calif.io in collaboration with Claude and Anthropic
|
||||
Research.
|
||||
|
||||
GnuPG-bug-id: 8211
|
||||
Fixes-commit: bbe15758c893dbf546416c1a6bccdad1ab000ad7
|
||||
Suggested-by: Bronson Yen <bronson@calif.io>
|
||||
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
||||
---
|
||||
cipher/ecc-misc.c | 5 ++++-
|
||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/cipher/ecc-misc.c b/cipher/ecc-misc.c
|
||||
index 0c387c27..be4e2862 100644
|
||||
--- a/cipher/ecc-misc.c
|
||||
+++ b/cipher/ecc-misc.c
|
||||
@@ -324,7 +324,10 @@ _gcry_ecc_mont_decodepoint (gcry_mpi_t pk, mpi_ec_t ctx, mpi_point_t result)
|
||||
*--p = *buf++;
|
||||
|
||||
if (rawmpilen < nbytes)
|
||||
- memset (rawmpi + nbytes - rawmpilen, 0, nbytes - rawmpilen);
|
||||
+ {
|
||||
+ memset (rawmpi + rawmpilen, 0, nbytes - rawmpilen);
|
||||
+ rawmpilen = nbytes;
|
||||
+ }
|
||||
}
|
||||
else
|
||||
{
|
||||
--
|
||||
2.54.0
|
||||
|
||||
@ -69,6 +69,8 @@ Patch38: libgcrypt-1.8.5-fips-hwfeatures.patch
|
||||
Patch39: libgcrypt-1.8.5-ppc-chacha20-poly1305.patch
|
||||
# Fix CVE-2021-33560 (elgamal blinding)
|
||||
Patch40: libgcrypt-1.8.5-elgamal-blinding.patch
|
||||
# https://dev.gnupg.org/T8211.html
|
||||
Patch41: libgcrypt-1.8.5-montgomery-zeroes.patch
|
||||
|
||||
%define gcrylibdir %{_libdir}
|
||||
|
||||
@ -130,6 +132,7 @@ applications using libgcrypt.
|
||||
%patch38 -p1 -b .hw-fips
|
||||
%patch39 -p1 -b .ppc-chacha
|
||||
%patch40 -p1 -b .elgamal-blinding
|
||||
%patch41 -p1 -b .montgomery-zeroes
|
||||
|
||||
cp %{SOURCE4} cipher/
|
||||
cp %{SOURCE5} %{SOURCE6} tests/
|
||||
|
||||
Loading…
Reference in New Issue
Block a user