aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKevin Daudt <kdaudt@alpinelinux.org>2021-09-14 18:27:07 +0000
committerAriadne Conill <ariadne@dereferenced.org>2021-09-14 20:36:51 -0600
commit778e25ccd2b81e80c04775539ee4840f264c0c14 (patch)
treedd384f7cfef0abfc70eb7cc59776accb83065bae
parentb57445067e3dc3cb5f92c2717d04136423328fa5 (diff)
downloadaports-778e25ccd2b81e80c04775539ee4840f264c0c14.tar.gz
aports-778e25ccd2b81e80c04775539ee4840f264c0c14.tar.bz2
aports-778e25ccd2b81e80c04775539ee4840f264c0c14.tar.xz
main/libgcrypt: mitigate CVE-2021-40528
-rw-r--r--main/libgcrypt/APKBUILD10
-rw-r--r--main/libgcrypt/CVE-2021-40528.patch51
2 files changed, 58 insertions, 3 deletions
diff --git a/main/libgcrypt/APKBUILD b/main/libgcrypt/APKBUILD
index d7fcc482dc..dc57273850 100644
--- a/main/libgcrypt/APKBUILD
+++ b/main/libgcrypt/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libgcrypt
pkgver=1.8.8
-pkgrel=0
+pkgrel=1
pkgdesc="general purpose crypto library based on the code used in GnuPG"
url="https://www.gnupg.org/"
arch="all"
@@ -9,10 +9,13 @@ license="LGPL-2.1-or-later"
depends_dev="libgpg-error-dev"
makedepends="$depends_dev texinfo"
subpackages="$pkgname-static $pkgname-dev $pkgname-doc"
-source="https://www.gnupg.org/ftp/gcrypt/libgcrypt/$pkgname-$pkgver.tar.bz2"
-options="!checkroot"
+source="https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-$pkgver.tar.bz2
+ CVE-2021-40528.patch
+ "
# secfixes:
+# 1.8.8-r1:
+# - CVE-2021-40528
# 1.8.8-r0:
# - CVE-2021-33560
# 1.8.5-r0:
@@ -70,4 +73,5 @@ static() {
sha512sums="
9861f3b5da3cb013eb79efbf2859864f8c2c11b41484b051c981c45cc0bf1569202838226da10ebddeb7a7b7f39ebd3a95f107b9bf6f908074ccc9a51ea94db8 libgcrypt-1.8.8.tar.bz2
+1af48fddb687aa68ff6db9e1c69d6870fbed2dc1e523d0174f6636f92d8b9a918c86a9e26696ca21ee9a3cb5ba38bb21009618343feb8a8fdaa753245113c0e3 CVE-2021-40528.patch
"
diff --git a/main/libgcrypt/CVE-2021-40528.patch b/main/libgcrypt/CVE-2021-40528.patch
new file mode 100644
index 0000000000..52a376f327
--- /dev/null
+++ b/main/libgcrypt/CVE-2021-40528.patch
@@ -0,0 +1,51 @@
+diff --git a/cipher/elgamal.c b/cipher/elgamal.c
+index ae7a631..eead450 100644
+--- a/cipher/elgamal.c
++++ b/cipher/elgamal.c
+@@ -510,8 +510,9 @@ do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey )
+ static void
+ decrypt (gcry_mpi_t output, gcry_mpi_t a, gcry_mpi_t b, ELG_secret_key *skey )
+ {
+- gcry_mpi_t t1, t2, r;
++ gcry_mpi_t t1, t2, r, r1, h;
+ unsigned int nbits = mpi_get_nbits (skey->p);
++ gcry_mpi_t x_blind;
+
+ mpi_normalize (a);
+ mpi_normalize (b);
+@@ -522,20 +523,33 @@ decrypt (gcry_mpi_t output, gcry_mpi_t a, gcry_mpi_t b, ELG_secret_key *skey )
+
+ t2 = mpi_snew (nbits);
+ r = mpi_new (nbits);
++ r1 = mpi_new (nbits);
++ h = mpi_new (nbits);
++ x_blind = mpi_snew (nbits);
+
+ /* We need a random number of about the prime size. The random
+ number merely needs to be unpredictable; thus we use level 0. */
+ _gcry_mpi_randomize (r, nbits, GCRY_WEAK_RANDOM);
+
++ /* Also, exponent blinding: x_blind = x + (p-1)*r1 */
++ _gcry_mpi_randomize (r1, nbits, GCRY_WEAK_RANDOM);
++ mpi_set_highbit (r1, nbits - 1);
++ mpi_sub_ui (h, skey->p, 1);
++ mpi_mul (x_blind, h, r1);
++ mpi_add (x_blind, skey->x, x_blind);
++
+ /* t1 = r^x mod p */
+- mpi_powm (t1, r, skey->x, skey->p);
++ mpi_powm (t1, r, x_blind, skey->p);
+ /* t2 = (a * r)^-x mod p */
+ mpi_mulm (t2, a, r, skey->p);
+- mpi_powm (t2, t2, skey->x, skey->p);
++ mpi_powm (t2, t2, x_blind, skey->p);
+ mpi_invm (t2, t2, skey->p);
+ /* t1 = (t1 * t2) mod p*/
+ mpi_mulm (t1, t1, t2, skey->p);
+
++ mpi_free (x_blind);
++ mpi_free (h);
++ mpi_free (r1);
+ mpi_free (r);
+ mpi_free (t2);
+