aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeo <thinkabit.ukim@gmail.com>2019-11-20 14:44:18 +0100
committerLeo <thinkabit.ukim@gmail.com>2019-11-20 14:51:16 +0100
commit1c4658e647d8946733688266ebe9784f71859fb6 (patch)
tree09bda24d721cea5eebc8a790706ce13a609bec76
parentc22e88769db71ba0fed2cd3d6c33f3eab2c2e0de (diff)
downloadaports-1c4658e647d8946733688266ebe9784f71859fb6.tar.gz
aports-1c4658e647d8946733688266ebe9784f71859fb6.tar.bz2
aports-1c4658e647d8946733688266ebe9784f71859fb6.tar.xz
main/libgcrypt: fix CVE-2019-13627
ref #10823
-rw-r--r--main/libgcrypt/APKBUILD8
-rw-r--r--main/libgcrypt/CVE-2019-13627.patch103
2 files changed, 109 insertions, 2 deletions
diff --git a/main/libgcrypt/APKBUILD b/main/libgcrypt/APKBUILD
index 626f933c50..1cac74a1f2 100644
--- a/main/libgcrypt/APKBUILD
+++ b/main/libgcrypt/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libgcrypt
pkgver=1.8.3
-pkgrel=1
+pkgrel=2
pkgdesc="general purpose crypto library based on the code used in GnuPG"
url="http://www.gnupg.org"
arch="all"
@@ -13,12 +13,15 @@ subpackages="$pkgname-dev $pkgname-doc"
source="https://www.gnupg.org/ftp/gcrypt/libgcrypt/$pkgname-$pkgver.tar.bz2
random-Fix-hang-of-_gcry_rndjent_get_version.patch
CVE-2019-12904.patch
+ CVE-2019-13627.patch
"
builddir="$srcdir"/$pkgname-$pkgver
options="!checkroot"
# secfixes:
# 1.8.3-r1:
+# - CVE-2019-13527
+# 1.8.3-r1:
# - CVE-2019-12904
# 1.8.3-r0:
# - CVE-2018-0495
@@ -65,4 +68,5 @@ package() {
sha512sums="8c873204303f173dd3f49817a81035c1d504b2fc885965c9bc074a6e3fb108ceb6dca366d85e840a40712a6890fc325018ea9b8c1b7b8804c51c44b296cb96a0 libgcrypt-1.8.3.tar.bz2
a717d40702c8ffdd40a7bffc563bf7aecf01640514a2d07c7eb5e40d742473ba297779fc0fea64576b254214011711a010de0cf306f88c5617fd06214a9fd30e random-Fix-hang-of-_gcry_rndjent_get_version.patch
-36f5f7f99e2c4f28207f91a7a500c3bca81044027b6d37ed0399e395a36638b37c0dff3145854a6caa2e9383722862b37a82bde1af520f06a9f4b327df1ec0af CVE-2019-12904.patch"
+36f5f7f99e2c4f28207f91a7a500c3bca81044027b6d37ed0399e395a36638b37c0dff3145854a6caa2e9383722862b37a82bde1af520f06a9f4b327df1ec0af CVE-2019-12904.patch
+3368e1b09d527f225dc800c26cda5448d592665baa726147784f7648ec0a9cd96309042988c7155b65ac2ddb7af4e5cb635eef561a95723b8f81c672bf773764 CVE-2019-13627.patch"
diff --git a/main/libgcrypt/CVE-2019-13627.patch b/main/libgcrypt/CVE-2019-13627.patch
new file mode 100644
index 0000000000..4399507340
--- /dev/null
+++ b/main/libgcrypt/CVE-2019-13627.patch
@@ -0,0 +1,103 @@
+diff --git a/cipher/dsa-common.c b/cipher/dsa-common.c
+index 6f2c2f9..647639c 100644
+--- a/cipher/dsa-common.c
++++ b/cipher/dsa-common.c
+@@ -29,6 +29,30 @@
+ #include "pubkey-internal.h"
+
+
++/*
++ * Modify K, so that computation time difference can be small,
++ * by making K large enough.
++ *
++ * Originally, (EC)DSA computation requires k where 0 < k < q. Here,
++ * we add q (the order), to keep k in a range: q < k < 2*q (or,
++ * addming more q, to keep k in a range: 2*q < k < 3*q), so that
++ * timing difference of the EC multiply (or exponentiation) operation
++ * can be small. The result of (EC)DSA computation is same.
++ */
++void
++_gcry_dsa_modify_k (gcry_mpi_t k, gcry_mpi_t q, int qbits)
++{
++ gcry_mpi_t k1 = mpi_new (qbits+2);
++
++ mpi_resize (k, (qbits+2+BITS_PER_MPI_LIMB-1) / BITS_PER_MPI_LIMB);
++ k->nlimbs = k->alloced;
++ mpi_add (k, k, q);
++ mpi_add (k1, k, q);
++ mpi_set_cond (k, k1, !mpi_test_bit (k, qbits));
++
++ mpi_free (k1);
++}
++
+ /*
+ * Generate a random secret exponent K less than Q.
+ * Note that ECDSA uses this code also to generate D.
+diff --git a/cipher/dsa.c b/cipher/dsa.c
+index 22d8d78..24a5352 100644
+--- a/cipher/dsa.c
++++ b/cipher/dsa.c
+@@ -635,6 +635,8 @@ sign (gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t input, DSA_secret_key *skey,
+ k = _gcry_dsa_gen_k (skey->q, GCRY_STRONG_RANDOM);
+ }
+
++ _gcry_dsa_modify_k (k, skey->q, qbits);
++
+ /* r = (a^k mod p) mod q */
+ mpi_powm( r, skey->g, k, skey->p );
+ mpi_fdiv_r( r, r, skey->q );
+diff --git a/cipher/ecc-ecdsa.c b/cipher/ecc-ecdsa.c
+index 140e8c0..97966c3 100644
+--- a/cipher/ecc-ecdsa.c
++++ b/cipher/ecc-ecdsa.c
+@@ -114,6 +114,8 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input, ECC_secret_key *skey,
+ else
+ k = _gcry_dsa_gen_k (skey->E.n, GCRY_STRONG_RANDOM);
+
++ _gcry_dsa_modify_k (k, skey->E.n, qbits);
++
+ _gcry_mpi_ec_mul_point (&I, k, &skey->E.G, ctx);
+ if (_gcry_mpi_ec_get_affine (x, NULL, &I, ctx))
+ {
+diff --git a/cipher/ecc-gost.c b/cipher/ecc-gost.c
+index a34fa08..0362a6c 100644
+--- a/cipher/ecc-gost.c
++++ b/cipher/ecc-gost.c
+@@ -94,6 +94,8 @@ _gcry_ecc_gost_sign (gcry_mpi_t input, ECC_secret_key *skey,
+ mpi_free (k);
+ k = _gcry_dsa_gen_k (skey->E.n, GCRY_STRONG_RANDOM);
+
++ _gcry_dsa_modify_k (k, skey->E.n, qbits);
++
+ _gcry_mpi_ec_mul_point (&I, k, &skey->E.G, ctx);
+ if (_gcry_mpi_ec_get_affine (x, NULL, &I, ctx))
+ {
+diff --git a/cipher/pubkey-internal.h b/cipher/pubkey-internal.h
+index b8167c7..d31e26f 100644
+--- a/cipher/pubkey-internal.h
++++ b/cipher/pubkey-internal.h
+@@ -84,6 +84,7 @@ _gcry_rsa_pss_verify (gcry_mpi_t value, gcry_mpi_t encoded,
+
+
+ /*-- dsa-common.c --*/
++void _gcry_dsa_modify_k (gcry_mpi_t k, gcry_mpi_t q, int qbits);
+ gcry_mpi_t _gcry_dsa_gen_k (gcry_mpi_t q, int security_level);
+ gpg_err_code_t _gcry_dsa_gen_rfc6979_k (gcry_mpi_t *r_k,
+ gcry_mpi_t dsa_q, gcry_mpi_t dsa_x,
+diff --git a/mpi/ec.c b/mpi/ec.c
+index 89077cd..adb0260 100644
+--- a/mpi/ec.c
++++ b/mpi/ec.c
+@@ -1309,7 +1309,11 @@ _gcry_mpi_ec_mul_point (mpi_point_t result,
+ unsigned int nbits;
+ int j;
+
+- nbits = mpi_get_nbits (scalar);
++ if (mpi_cmp (scalar, ctx->p) >= 0)
++ nbits = mpi_get_nbits (scalar);
++ else
++ nbits = mpi_get_nbits (ctx->p);
++
+ if (ctx->model == MPI_EC_WEIERSTRASS)
+ {
+ mpi_set_ui (result->x, 1);