libgcrypt-1.9.4-1
This commit is contained in:
parent
21fe8b5f71
commit
ef01d2c6d0
1
.gitignore
vendored
1
.gitignore
vendored
@ -27,3 +27,4 @@ libgcrypt-1.4.5-hobbled.tar.bz2
|
||||
/libgcrypt-1.9.1-hobbled.tar.xz
|
||||
/libgcrypt-1.9.2-hobbled.tar.xz
|
||||
/libgcrypt-1.9.3-hobbled.tar.xz
|
||||
/libgcrypt-1.9.4-hobbled.tar.xz
|
||||
|
133
curves.c
133
curves.c
@ -33,7 +33,7 @@
|
||||
#include "t-common.h"
|
||||
|
||||
/* Number of curves defined in ../cipger/ecc-curves.c */
|
||||
#define N_CURVES 19
|
||||
#define N_CURVES 20
|
||||
|
||||
/* A real world sample public key. */
|
||||
static char const sample_key_1[] =
|
||||
@ -99,6 +99,119 @@ check_matching (void)
|
||||
static void
|
||||
check_get_params (void)
|
||||
{
|
||||
static struct {
|
||||
int algo;
|
||||
const char *name;
|
||||
int error_expected;
|
||||
} tv[] =
|
||||
{
|
||||
{ GCRY_PK_ECC, "Ed25519" },
|
||||
{ GCRY_PK_ECC, "1.3.6.1.4.1.11591.15.1" },
|
||||
{ GCRY_PK_ECC, "1.3.101.112" },
|
||||
|
||||
{ GCRY_PK_ECC, "Curve25519" },
|
||||
{ GCRY_PK_ECC, "1.3.6.1.4.1.3029.1.5.1" },
|
||||
{ GCRY_PK_ECC, "1.3.101.110" },
|
||||
{ GCRY_PK_ECC, "X25519" },
|
||||
|
||||
{ GCRY_PK_ECC, "Ed448" },
|
||||
{ GCRY_PK_ECC, "X448" },
|
||||
{ GCRY_PK_ECC, "1.3.101.113" },
|
||||
{ GCRY_PK_ECC, "1.3.101.111" },
|
||||
|
||||
{ GCRY_PK_ECC, "NIST P-192" },
|
||||
{ GCRY_PK_ECC, "1.2.840.10045.3.1.1" },
|
||||
{ GCRY_PK_ECC, "prime192v1" },
|
||||
{ GCRY_PK_ECC, "secp192r1" },
|
||||
{ GCRY_PK_ECC, "nistp192" },
|
||||
|
||||
{ GCRY_PK_ECC, "NIST P-224" },
|
||||
{ GCRY_PK_ECC, "secp224r1" },
|
||||
{ GCRY_PK_ECC, "1.3.132.0.33" },
|
||||
{ GCRY_PK_ECC, "nistp224" },
|
||||
|
||||
{ GCRY_PK_ECC, "NIST P-256" },
|
||||
{ GCRY_PK_ECC, "1.2.840.10045.3.1.7" },
|
||||
{ GCRY_PK_ECC, "prime256v1" },
|
||||
{ GCRY_PK_ECC, "secp256r1" },
|
||||
{ GCRY_PK_ECC, "nistp256" },
|
||||
|
||||
{ GCRY_PK_ECC, "NIST P-384" },
|
||||
{ GCRY_PK_ECC, "secp384r1" },
|
||||
{ GCRY_PK_ECC, "1.3.132.0.34" },
|
||||
{ GCRY_PK_ECC, "nistp384" },
|
||||
|
||||
{ GCRY_PK_ECC, "NIST P-521" },
|
||||
{ GCRY_PK_ECC, "secp521r1" },
|
||||
{ GCRY_PK_ECC, "1.3.132.0.35" },
|
||||
{ GCRY_PK_ECC, "nistp521" },
|
||||
|
||||
{ GCRY_PK_ECC, "GOST2001-test" },
|
||||
{ GCRY_PK_ECC, "1.2.643.2.2.35.0" },
|
||||
{ GCRY_PK_ECC, "GOST2001-CryptoPro-A" },
|
||||
{ GCRY_PK_ECC, "1.2.643.2.2.35.1" },
|
||||
{ GCRY_PK_ECC, "GOST2001-CryptoPro-B" },
|
||||
{ GCRY_PK_ECC, "1.2.643.2.2.35.2" },
|
||||
{ GCRY_PK_ECC, "GOST2001-CryptoPro-C" },
|
||||
{ GCRY_PK_ECC, "1.2.643.2.2.35.3" },
|
||||
{ GCRY_PK_ECC, "GOST2001-CryptoPro-A" },
|
||||
{ GCRY_PK_ECC, "GOST2001-CryptoPro-XchA" },
|
||||
{ GCRY_PK_ECC, "GOST2001-CryptoPro-C" },
|
||||
{ GCRY_PK_ECC, "GOST2001-CryptoPro-XchB" },
|
||||
{ GCRY_PK_ECC, "GOST2001-CryptoPro-A" },
|
||||
{ GCRY_PK_ECC, "1.2.643.2.2.36.0" },
|
||||
{ GCRY_PK_ECC, "GOST2001-CryptoPro-C" },
|
||||
{ GCRY_PK_ECC, "1.2.643.2.2.36.1" },
|
||||
|
||||
/* Noet that GOST2012-256-tc26-A" is only in the curve alias
|
||||
* list but has no parameter entry. */
|
||||
{ GCRY_PK_ECC, "GOST2001-CryptoPro-A" },
|
||||
{ GCRY_PK_ECC, "1.2.643.7.1.2.1.1.2" },
|
||||
{ GCRY_PK_ECC, "GOST2001-CryptoPro-A" },
|
||||
{ GCRY_PK_ECC, "GOST2012-256-tc26-B" },
|
||||
{ GCRY_PK_ECC, "GOST2001-CryptoPro-B" },
|
||||
{ GCRY_PK_ECC, "1.2.643.7.1.2.1.1.3" },
|
||||
{ GCRY_PK_ECC, "GOST2001-CryptoPro-B" },
|
||||
{ GCRY_PK_ECC, "GOST2012-256-tc26-C" },
|
||||
{ GCRY_PK_ECC, "GOST2001-CryptoPro-C" },
|
||||
{ GCRY_PK_ECC, "1.2.643.7.1.2.1.1.4" },
|
||||
{ GCRY_PK_ECC, "GOST2001-CryptoPro-C" },
|
||||
{ GCRY_PK_ECC, "GOST2012-256-tc26-D" },
|
||||
|
||||
{ GCRY_PK_ECC, "GOST2012-512-test" },
|
||||
{ GCRY_PK_ECC, "GOST2012-test" },
|
||||
{ GCRY_PK_ECC, "GOST2012-512-test" },
|
||||
{ GCRY_PK_ECC, "1.2.643.7.1.2.1.2.0" },
|
||||
{ GCRY_PK_ECC, "GOST2012-512-tc26-A" },
|
||||
{ GCRY_PK_ECC, "GOST2012-tc26-A" },
|
||||
{ GCRY_PK_ECC, "GOST2012-512-tc26-B" },
|
||||
{ GCRY_PK_ECC, "GOST2012-tc26-B" },
|
||||
{ GCRY_PK_ECC, "GOST2012-512-tc26-A" },
|
||||
{ GCRY_PK_ECC, "1.2.643.7.1.2.1.2.1" },
|
||||
{ GCRY_PK_ECC, "GOST2012-512-tc26-B" },
|
||||
{ GCRY_PK_ECC, "1.2.643.7.1.2.1.2.2" },
|
||||
{ GCRY_PK_ECC, "GOST2012-512-tc26-C" },
|
||||
{ GCRY_PK_ECC, "1.2.643.7.1.2.1.2.3" },
|
||||
|
||||
{ GCRY_PK_ECC, "secp256k1" },
|
||||
{ GCRY_PK_ECC, "1.3.132.0.10" },
|
||||
|
||||
{ GCRY_PK_ECC, "sm2p256v1" },
|
||||
{ GCRY_PK_ECC, "1.2.156.10197.1.301" },
|
||||
|
||||
/* Check also the ECC algo mapping. */
|
||||
{ GCRY_PK_ECDSA, "Ed25519" },
|
||||
{ GCRY_PK_EDDSA, "Ed25519" },
|
||||
{ GCRY_PK_ECDH, "Ed25519" },
|
||||
{ GCRY_PK_ECDSA, "Curve25519" },
|
||||
{ GCRY_PK_EDDSA, "Curve25519" },
|
||||
{ GCRY_PK_ECDH, "Curve25519" },
|
||||
{ GCRY_PK_ECC, "NoSuchCurve", 1 },
|
||||
{ GCRY_PK_RSA, "rsa", 1 },
|
||||
{ GCRY_PK_ELG, "elg", 1 },
|
||||
{ GCRY_PK_DSA, "dsa", 1 }
|
||||
};
|
||||
int idx;
|
||||
gcry_sexp_t param;
|
||||
const char *name;
|
||||
|
||||
@ -114,6 +227,24 @@ check_get_params (void)
|
||||
sample_key_1_curve, name);
|
||||
|
||||
gcry_sexp_release (param);
|
||||
|
||||
/* Some simple tests */
|
||||
for (idx=0; idx < DIM (tv); idx++)
|
||||
{
|
||||
param = gcry_pk_get_param (tv[idx].algo, tv[idx].name);
|
||||
if (!param)
|
||||
{
|
||||
if (!tv[idx].error_expected)
|
||||
fail ("get_param: test %d (%s) failed\n", idx, tv[idx].name);
|
||||
}
|
||||
else
|
||||
{
|
||||
if (tv[idx].error_expected)
|
||||
fail ("get_param: test %d (%s) failed (error expected)\n",
|
||||
idx, tv[idx].name);
|
||||
}
|
||||
gcry_sexp_release (param);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
60
ecc-curves.c
60
ecc-curves.c
@ -55,6 +55,11 @@ static const struct
|
||||
{ "Ed448", "1.3.101.113" }, /* rfc8410 */
|
||||
{ "X448", "1.3.101.111" }, /* rfc8410 */
|
||||
|
||||
{ "NIST P-192", "1.2.840.10045.3.1.1" }, /* X9.62 OID */
|
||||
{ "NIST P-192", "prime192v1" }, /* X9.62 name. */
|
||||
{ "NIST P-192", "secp192r1" }, /* SECP name. */
|
||||
{ "NIST P-192", "nistp192" }, /* rfc5656. */
|
||||
|
||||
{ "NIST P-224", "secp224r1" },
|
||||
{ "NIST P-224", "1.3.132.0.33" }, /* SECP OID. */
|
||||
{ "NIST P-224", "nistp224" }, /* rfc5656. */
|
||||
@ -194,6 +199,35 @@ static const ecc_domain_parms_t domain_parms[] =
|
||||
"8DF3F6EDB8027E2346430D211312C4B150677AF76FD7223D457B5B1A",
|
||||
4,
|
||||
},
|
||||
#if 0 /* No real specs yet found. */
|
||||
{
|
||||
/* x^2 + y^2 = 1 + 3617x^2y^2 mod 2^414 - 17 */
|
||||
"Curve3617",
|
||||
"0x3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
|
||||
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF",
|
||||
MPI_EC_EDWARDS, 0,
|
||||
"0x01",
|
||||
"0x0e21",
|
||||
"0x07FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEB3CC92414CF"
|
||||
"706022B36F1C0338AD63CF181B0E71A5E106AF79",
|
||||
"0x1A334905141443300218C0631C326E5FCD46369F44C03EC7F57FF35498A4AB4D"
|
||||
"6D6BA111301A73FAA8537C64C4FD3812F3CBC595",
|
||||
"0x22",
|
||||
8
|
||||
},
|
||||
#endif /*0*/
|
||||
{
|
||||
"NIST P-192", 192, 0,
|
||||
MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD,
|
||||
"0xfffffffffffffffffffffffffffffffeffffffffffffffff",
|
||||
"0xfffffffffffffffffffffffffffffffefffffffffffffffc",
|
||||
"0x64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1",
|
||||
"0xffffffffffffffffffffffff99def836146bc9b1b4d22831",
|
||||
|
||||
"0x188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012",
|
||||
"0x07192b95ffc8da78631011ed6b24cdd573f977a11e794811",
|
||||
1
|
||||
},
|
||||
{
|
||||
"NIST P-224", 224, 1,
|
||||
MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD,
|
||||
@ -1243,45 +1277,27 @@ _gcry_mpi_ec_new (gcry_ctx_t *r_ctx,
|
||||
gcry_sexp_t
|
||||
_gcry_ecc_get_param_sexp (const char *name)
|
||||
{
|
||||
unsigned int nbits;
|
||||
elliptic_curve_t E;
|
||||
mpi_ec_t ctx;
|
||||
gcry_mpi_t g_x, g_y;
|
||||
gcry_mpi_t pkey[5];
|
||||
gcry_sexp_t result;
|
||||
int i;
|
||||
|
||||
memset (&E, 0, sizeof E);
|
||||
if (_gcry_ecc_fill_in_curve (0, name, &E, &nbits))
|
||||
if (_gcry_ecc_fill_in_curve (0, name, &E, NULL))
|
||||
return NULL;
|
||||
|
||||
g_x = mpi_new (0);
|
||||
g_y = mpi_new (0);
|
||||
ctx = _gcry_mpi_ec_p_internal_new (E.model,
|
||||
E.dialect,
|
||||
0,
|
||||
E.p, E.a, E.b);
|
||||
if (_gcry_mpi_ec_get_affine (g_x, g_y, &E.G, ctx))
|
||||
log_fatal ("ecc get param: Failed to get affine coordinates\n");
|
||||
_gcry_mpi_ec_free (ctx);
|
||||
_gcry_mpi_point_free_parts (&E.G);
|
||||
|
||||
pkey[0] = E.p;
|
||||
pkey[1] = E.a;
|
||||
pkey[2] = E.b;
|
||||
pkey[3] = _gcry_ecc_ec2os (g_x, g_y, E.p);
|
||||
pkey[3] = _gcry_ecc_ec2os (E.G.x, E.G.y, E.p);
|
||||
pkey[4] = E.n;
|
||||
|
||||
mpi_free (g_x);
|
||||
mpi_free (g_y);
|
||||
|
||||
if (sexp_build (&result, NULL,
|
||||
"(public-key(ecc(p%m)(a%m)(b%m)(g%m)(n%m)(h%u)))",
|
||||
pkey[0], pkey[1], pkey[2], pkey[3], pkey[4], E.h))
|
||||
result = NULL;
|
||||
|
||||
for (i=0; i < DIM (pkey); i++)
|
||||
_gcry_mpi_release (pkey[i]);
|
||||
_gcry_ecc_curve_free (&E);
|
||||
_gcry_mpi_release (pkey[3]);
|
||||
|
||||
return result;
|
||||
}
|
||||
|
@ -8,5 +8,4 @@ set -e -x
|
||||
|
||||
rm -f cipher/ecc-curves.c
|
||||
rm -f tests/curves.c
|
||||
rm -f tests/t-mpi-point.c
|
||||
rm -f tests/keygrip.c
|
||||
|
@ -1,100 +0,0 @@
|
||||
commit 3462280f2e23e16adf3ed5176e0f2413d8861320
|
||||
Author: NIIBE Yutaka <gniibe@fsij.org>
|
||||
Date: Fri May 21 11:15:07 2021 +0900
|
||||
|
||||
cipher: Fix ElGamal encryption for other implementations.
|
||||
|
||||
* cipher/elgamal.c (gen_k): Remove support of smaller K.
|
||||
(do_encrypt): Never use smaller K.
|
||||
(sign): Folllow the change of gen_k.
|
||||
|
||||
--
|
||||
|
||||
Cherry-pick master commit of:
|
||||
632d80ef30e13de6926d503aa697f92b5dbfbc5e
|
||||
|
||||
This change basically reverts encryption changes in two commits:
|
||||
|
||||
74386120dad6b3da62db37f7044267c8ef34689b
|
||||
78531373a342aeb847950f404343a05e36022065
|
||||
|
||||
Use of smaller K for ephemeral key in ElGamal encryption is only good,
|
||||
when we can guarantee that recipient's key is generated by our
|
||||
implementation (or compatible).
|
||||
|
||||
For detail, please see:
|
||||
|
||||
Luca De Feo, Bertram Poettering, Alessandro Sorniotti,
|
||||
"On the (in)security of ElGamal in OpenPGP";
|
||||
in the proceedings of CCS'2021.
|
||||
|
||||
CVE-id: CVE-2021-33560
|
||||
GnuPG-bug-id: 5328
|
||||
Suggested-by: Luca De Feo, Bertram Poettering, Alessandro Sorniotti
|
||||
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
||||
|
||||
diff --git a/cipher/elgamal.c b/cipher/elgamal.c
|
||||
index 9835122f..eead4502 100644
|
||||
--- a/cipher/elgamal.c
|
||||
+++ b/cipher/elgamal.c
|
||||
@@ -66,7 +66,7 @@ static const char *elg_names[] =
|
||||
|
||||
|
||||
static int test_keys (ELG_secret_key *sk, unsigned int nbits, int nodie);
|
||||
-static gcry_mpi_t gen_k (gcry_mpi_t p, int small_k);
|
||||
+static gcry_mpi_t gen_k (gcry_mpi_t p);
|
||||
static gcry_err_code_t generate (ELG_secret_key *sk, unsigned nbits,
|
||||
gcry_mpi_t **factors);
|
||||
static int check_secret_key (ELG_secret_key *sk);
|
||||
@@ -189,11 +189,10 @@ test_keys ( ELG_secret_key *sk, unsigned int nbits, int nodie )
|
||||
|
||||
/****************
|
||||
* Generate a random secret exponent k from prime p, so that k is
|
||||
- * relatively prime to p-1. With SMALL_K set, k will be selected for
|
||||
- * better encryption performance - this must never be used signing!
|
||||
+ * relatively prime to p-1.
|
||||
*/
|
||||
static gcry_mpi_t
|
||||
-gen_k( gcry_mpi_t p, int small_k )
|
||||
+gen_k( gcry_mpi_t p )
|
||||
{
|
||||
gcry_mpi_t k = mpi_alloc_secure( 0 );
|
||||
gcry_mpi_t temp = mpi_alloc( mpi_get_nlimbs(p) );
|
||||
@@ -202,18 +201,7 @@ gen_k( gcry_mpi_t p, int small_k )
|
||||
unsigned int nbits, nbytes;
|
||||
char *rndbuf = NULL;
|
||||
|
||||
- if (small_k)
|
||||
- {
|
||||
- /* Using a k much lesser than p is sufficient for encryption and
|
||||
- * it greatly improves the encryption performance. We use
|
||||
- * Wiener's table and add a large safety margin. */
|
||||
- nbits = wiener_map( orig_nbits ) * 3 / 2;
|
||||
- if( nbits >= orig_nbits )
|
||||
- BUG();
|
||||
- }
|
||||
- else
|
||||
- nbits = orig_nbits;
|
||||
-
|
||||
+ nbits = orig_nbits;
|
||||
|
||||
nbytes = (nbits+7)/8;
|
||||
if( DBG_CIPHER )
|
||||
@@ -492,7 +480,7 @@ do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey )
|
||||
* error code.
|
||||
*/
|
||||
|
||||
- k = gen_k( pkey->p, 1 );
|
||||
+ k = gen_k( pkey->p );
|
||||
mpi_powm (a, pkey->g, k, pkey->p);
|
||||
|
||||
/* b = (y^k * input) mod p
|
||||
@@ -608,7 +596,7 @@ sign(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_secret_key *skey )
|
||||
*
|
||||
*/
|
||||
mpi_sub_ui(p_1, p_1, 1);
|
||||
- k = gen_k( skey->p, 0 /* no small K ! */ );
|
||||
+ k = gen_k( skey->p );
|
||||
mpi_powm( a, skey->g, k, skey->p );
|
||||
mpi_mul(t, skey->x, a );
|
||||
mpi_subm(t, input, t, p_1 );
|
@ -1,6 +1,6 @@
|
||||
Name: libgcrypt
|
||||
Version: 1.9.3
|
||||
Release: 4%{?dist}
|
||||
Version: 1.9.4
|
||||
Release: 1%{?dist}
|
||||
URL: https://www.gnupg.org/
|
||||
Source0: libgcrypt-%{version}-hobbled.tar.xz
|
||||
# The original libgcrypt sources now contain potentially patented ECC
|
||||
@ -18,7 +18,6 @@ Source3: hobble-libgcrypt
|
||||
# Approved ECC support
|
||||
Source4: ecc-curves.c
|
||||
Source5: curves.c
|
||||
Source6: t-mpi-point.c
|
||||
Source7: random.conf
|
||||
Source8: keygrip.c
|
||||
# make FIPS hmac compatible with fipscheck - non upstreamable
|
||||
@ -46,8 +45,6 @@ Patch27: libgcrypt-1.8.3-md-fips-enforce.patch
|
||||
Patch28: libgcrypt-1.8.5-intel-cet.patch
|
||||
# FIPS module is redefined a little bit (implicit by kernel FIPS mode)
|
||||
Patch30: libgcrypt-1.8.5-fips-module.patch
|
||||
# Fix for CVE-2021-33560
|
||||
Patch31: libgcrypt-1.9.3-CVE-2021-33560.patch
|
||||
|
||||
%global gcrylibdir %{_libdir}
|
||||
%global gcrysoname libgcrypt.so.20
|
||||
@ -96,10 +93,9 @@ applications using libgcrypt.
|
||||
%patch27 -p1 -b .fips-enforce
|
||||
%patch28 -p1 -b .intel-cet
|
||||
%patch30 -p1 -b .fips-module
|
||||
%patch31 -p1 -b .CVE-2021-33560
|
||||
|
||||
cp %{SOURCE4} cipher/
|
||||
cp %{SOURCE5} %{SOURCE6} %{SOURCE8} tests/
|
||||
cp %{SOURCE5} %{SOURCE8} tests/
|
||||
|
||||
%build
|
||||
# This package has a configure test which uses ASMs, but does not link the
|
||||
@ -206,6 +202,9 @@ install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/gcrypt/random.conf
|
||||
%license COPYING
|
||||
|
||||
%changelog
|
||||
* Mon Aug 23 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.4-1
|
||||
- New upstream release (#1996467)
|
||||
|
||||
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.3-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
||||
|
||||
|
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (libgcrypt-1.9.3-hobbled.tar.xz) = 5c6f3ee57ec496af6d82000979a79d220a5b9be7a3a9d064d727ff7e54cf107e5b398d9ec8d822594a7fe53bc0d4324e96a5b41d55a77f103109620b88c61f1a
|
||||
SHA512 (libgcrypt-1.9.4-hobbled.tar.xz) = 80b1b2159ec3c7795450037d76d81b737f2734f1cff72c8aa6ac8c1a5654ece4fce0aabfbed0cce99d123747831db135df0d040f67081052cb2363bf52f5d4e6
|
||||
|
1213
t-mpi-point.c
1213
t-mpi-point.c
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user