Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
libgcrypt.20076
libgcrypt-CVE-2019-13627.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libgcrypt-CVE-2019-13627.patch of Package libgcrypt.20076
diff -Puri libgcrypt-1.8.2-orig/cipher/dsa.c libgcrypt-1.8.2/cipher/dsa.c --- libgcrypt-1.8.2-orig/cipher/dsa.c 2017-11-23 19:16:58.000000000 +0100 +++ libgcrypt-1.8.2/cipher/dsa.c 2019-09-02 14:03:22.957673105 +0200 @@ -635,6 +635,8 @@ k = _gcry_dsa_gen_k (skey->q, GCRY_STRONG_RANDOM); } + _gcry_dsa_modify_k (k, skey->q, qbits); + /* r = (a^k mod p) mod q */ mpi_powm( r, skey->g, k, skey->p ); mpi_fdiv_r( r, r, skey->q ); diff -Puri libgcrypt-1.8.2-orig/cipher/dsa-common.c libgcrypt-1.8.2/cipher/dsa-common.c --- libgcrypt-1.8.2-orig/cipher/dsa-common.c 2017-11-23 19:16:58.000000000 +0100 +++ libgcrypt-1.8.2/cipher/dsa-common.c 2019-09-02 14:03:22.957673105 +0200 @@ -30,6 +30,30 @@ /* + * Modify K, so that computation time difference can be small, + * by making K large enough. + * + * Originally, (EC)DSA computation requires k where 0 < k < q. Here, + * we add q (the order), to keep k in a range: q < k < 2*q (or, + * addming more q, to keep k in a range: 2*q < k < 3*q), so that + * timing difference of the EC multiply (or exponentiation) operation + * can be small. The result of (EC)DSA computation is same. + */ +void +_gcry_dsa_modify_k (gcry_mpi_t k, gcry_mpi_t q, int qbits) +{ + gcry_mpi_t k1 = mpi_new (qbits+2); + + mpi_resize (k, (qbits+2+BITS_PER_MPI_LIMB-1) / BITS_PER_MPI_LIMB); + k->nlimbs = k->alloced; + mpi_add (k, k, q); + mpi_add (k1, k, q); + mpi_set_cond (k, k1, !mpi_test_bit (k, qbits)); + + mpi_free (k1); +} + +/* * Generate a random secret exponent K less than Q. * Note that ECDSA uses this code also to generate D. */ diff -Puri libgcrypt-1.8.2-orig/cipher/ecc-ecdsa.c libgcrypt-1.8.2/cipher/ecc-ecdsa.c --- libgcrypt-1.8.2-orig/cipher/ecc-ecdsa.c 2019-09-02 14:02:42.193185589 +0200 +++ libgcrypt-1.8.2/cipher/ecc-ecdsa.c 2019-09-02 14:03:22.957673105 +0200 @@ -114,6 +114,8 @@ else k = _gcry_dsa_gen_k (skey->E.n, GCRY_STRONG_RANDOM); + _gcry_dsa_modify_k (k, skey->E.n, qbits); + _gcry_mpi_ec_mul_point (&I, k, &skey->E.G, ctx); if (_gcry_mpi_ec_get_affine (x, NULL, &I, ctx)) { diff -Puri libgcrypt-1.8.2-orig/cipher/ecc-gost.c libgcrypt-1.8.2/cipher/ecc-gost.c --- libgcrypt-1.8.2-orig/cipher/ecc-gost.c 2017-11-23 19:16:58.000000000 +0100 +++ libgcrypt-1.8.2/cipher/ecc-gost.c 2019-09-02 14:03:22.961673154 +0200 @@ -94,6 +94,8 @@ mpi_free (k); k = _gcry_dsa_gen_k (skey->E.n, GCRY_STRONG_RANDOM); + _gcry_dsa_modify_k (k, skey->E.n, qbits); + _gcry_mpi_ec_mul_point (&I, k, &skey->E.G, ctx); if (_gcry_mpi_ec_get_affine (x, NULL, &I, ctx)) { diff -Puri libgcrypt-1.8.2-orig/cipher/pubkey-internal.h libgcrypt-1.8.2/cipher/pubkey-internal.h --- libgcrypt-1.8.2-orig/cipher/pubkey-internal.h 2017-11-23 19:16:58.000000000 +0100 +++ libgcrypt-1.8.2/cipher/pubkey-internal.h 2019-09-02 14:03:22.961673154 +0200 @@ -84,6 +84,7 @@ /*-- dsa-common.c --*/ +void _gcry_dsa_modify_k (gcry_mpi_t k, gcry_mpi_t q, int qbits); gcry_mpi_t _gcry_dsa_gen_k (gcry_mpi_t q, int security_level); gpg_err_code_t _gcry_dsa_gen_rfc6979_k (gcry_mpi_t *r_k, gcry_mpi_t dsa_q, gcry_mpi_t dsa_x, diff -Puri libgcrypt-1.8.2-orig/mpi/ec.c libgcrypt-1.8.2/mpi/ec.c --- libgcrypt-1.8.2-orig/mpi/ec.c 2017-11-23 19:16:58.000000000 +0100 +++ libgcrypt-1.8.2/mpi/ec.c 2019-09-02 14:03:22.945672961 +0200 @@ -1309,7 +1309,11 @@ unsigned int nbits; int j; - nbits = mpi_get_nbits (scalar); + if (mpi_cmp (scalar, ctx->p) >= 0) + nbits = mpi_get_nbits (scalar); + else + nbits = mpi_get_nbits (ctx->p); + if (ctx->model == MPI_EC_WEIERSTRASS) { mpi_set_ui (result->x, 1);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor