aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKevin Daudt <kdaudt@alpinelinux.org>2021-09-14 18:27:07 +0000
committerKevin Daudt <kdaudt@alpinelinux.org>2021-09-14 18:27:07 +0000
commit9bd4d592d2a2ac33da40572bc194fef31910b095 (patch)
treee9dd0217e879bc1134c69544128a3dfd445472b7
parent35420307c68cd62bfea46d2511a906cd19d9c130 (diff)
downloadaports-9bd4d592d2a2ac33da40572bc194fef31910b095.tar.gz
aports-9bd4d592d2a2ac33da40572bc194fef31910b095.tar.bz2
aports-9bd4d592d2a2ac33da40572bc194fef31910b095.tar.xz
main/libgcrypt: mitigate CVE-2021-40528
-rw-r--r--main/libgcrypt/APKBUILD9
-rw-r--r--main/libgcrypt/CVE-2021-40528.patch51
2 files changed, 58 insertions, 2 deletions
diff --git a/main/libgcrypt/APKBUILD b/main/libgcrypt/APKBUILD
index e578b56927..7aabd83c2b 100644
--- a/main/libgcrypt/APKBUILD
+++ b/main/libgcrypt/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libgcrypt
pkgver=1.8.8
-pkgrel=0
+pkgrel=1
pkgdesc="general purpose crypto library based on the code used in GnuPG"
url="https://www.gnupg.org/"
arch="all"
@@ -9,9 +9,13 @@ license="LGPL-2.1-or-later"
depends_dev="libgpg-error-dev"
makedepends="$depends_dev texinfo"
subpackages="$pkgname-static $pkgname-dev $pkgname-doc"
-source="https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-$pkgver.tar.bz2"
+source="https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-$pkgver.tar.bz2
+ CVE-2021-40528.patch
+ "
# secfixes:
+# 1.8.8-r1:
+# - CVE-2021-40528
# 1.8.8-r0:
# - CVE-2021-33560
# 1.8.5-r0:
@@ -65,4 +69,5 @@ static() {
sha512sums="
9861f3b5da3cb013eb79efbf2859864f8c2c11b41484b051c981c45cc0bf1569202838226da10ebddeb7a7b7f39ebd3a95f107b9bf6f908074ccc9a51ea94db8 libgcrypt-1.8.8.tar.bz2
+1af48fddb687aa68ff6db9e1c69d6870fbed2dc1e523d0174f6636f92d8b9a918c86a9e26696ca21ee9a3cb5ba38bb21009618343feb8a8fdaa753245113c0e3 CVE-2021-40528.patch
"
diff --git a/main/libgcrypt/CVE-2021-40528.patch b/main/libgcrypt/CVE-2021-40528.patch
new file mode 100644
index 0000000000..52a376f327
--- /dev/null
+++ b/main/libgcrypt/CVE-2021-40528.patch
@@ -0,0 +1,51 @@
+diff --git a/cipher/elgamal.c b/cipher/elgamal.c
+index ae7a631..eead450 100644
+--- a/cipher/elgamal.c
++++ b/cipher/elgamal.c
+@@ -510,8 +510,9 @@ do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey )
+ static void
+ decrypt (gcry_mpi_t output, gcry_mpi_t a, gcry_mpi_t b, ELG_secret_key *skey )
+ {
+- gcry_mpi_t t1, t2, r;
++ gcry_mpi_t t1, t2, r, r1, h;
+ unsigned int nbits = mpi_get_nbits (skey->p);
++ gcry_mpi_t x_blind;
+
+ mpi_normalize (a);
+ mpi_normalize (b);
+@@ -522,20 +523,33 @@ decrypt (gcry_mpi_t output, gcry_mpi_t a, gcry_mpi_t b, ELG_secret_key *skey )
+
+ t2 = mpi_snew (nbits);
+ r = mpi_new (nbits);
++ r1 = mpi_new (nbits);
++ h = mpi_new (nbits);
++ x_blind = mpi_snew (nbits);
+
+ /* We need a random number of about the prime size. The random
+ number merely needs to be unpredictable; thus we use level 0. */
+ _gcry_mpi_randomize (r, nbits, GCRY_WEAK_RANDOM);
+
++ /* Also, exponent blinding: x_blind = x + (p-1)*r1 */
++ _gcry_mpi_randomize (r1, nbits, GCRY_WEAK_RANDOM);
++ mpi_set_highbit (r1, nbits - 1);
++ mpi_sub_ui (h, skey->p, 1);
++ mpi_mul (x_blind, h, r1);
++ mpi_add (x_blind, skey->x, x_blind);
++
+ /* t1 = r^x mod p */
+- mpi_powm (t1, r, skey->x, skey->p);
++ mpi_powm (t1, r, x_blind, skey->p);
+ /* t2 = (a * r)^-x mod p */
+ mpi_mulm (t2, a, r, skey->p);
+- mpi_powm (t2, t2, skey->x, skey->p);
++ mpi_powm (t2, t2, x_blind, skey->p);
+ mpi_invm (t2, t2, skey->p);
+ /* t1 = (t1 * t2) mod p*/
+ mpi_mulm (t1, t1, t2, skey->p);
+
++ mpi_free (x_blind);
++ mpi_free (h);
++ mpi_free (r1);
+ mpi_free (r);
+ mpi_free (t2);
+