summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlon Bar-Lev <alonbl@gentoo.org>2017-04-11 09:48:19 +0300
committerAlon Bar-Lev <alonbl@gentoo.org>2017-04-11 09:49:27 +0300
commit9d90879749a22548cb21093842352e242226bd3e (patch)
tree87aac8e2a6fc0df1fb4b491ab753a849d251b9ad /dev-libs/libgcrypt/files
parentdev-libs/libksba: cleanup (diff)
downloadgentoo-9d90879749a22548cb21093842352e242226bd3e.tar.gz
gentoo-9d90879749a22548cb21093842352e242226bd3e.tar.bz2
gentoo-9d90879749a22548cb21093842352e242226bd3e.zip
dev-libs/libgcrypt: cleanup
Bug: 613232 Package-Manager: Portage-2.3.3, Repoman-2.3.1
Diffstat (limited to 'dev-libs/libgcrypt/files')
-rw-r--r--dev-libs/libgcrypt/files/libgcrypt-1.5.4-CVE-2015-7511.patch326
-rw-r--r--dev-libs/libgcrypt/files/libgcrypt-1.7.5-fix-nehalem.patch41
2 files changed, 0 insertions, 367 deletions
diff --git a/dev-libs/libgcrypt/files/libgcrypt-1.5.4-CVE-2015-7511.patch b/dev-libs/libgcrypt/files/libgcrypt-1.5.4-CVE-2015-7511.patch
deleted file mode 100644
index 9ab0b4c2e645..000000000000
--- a/dev-libs/libgcrypt/files/libgcrypt-1.5.4-CVE-2015-7511.patch
+++ /dev/null
@@ -1,326 +0,0 @@
-From fcbb9fcc2e6983ea61bf565b6ee2e29816b8cd57 Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <gniibe@fsij.org>
-Date: Wed, 10 Feb 2016 17:43:03 +0900
-Subject: [PATCH] ecc: Fix for chosen cipher text attacks.
-
-* src/mpi.h (_gcry_mpi_ec_curve_point): New internal function.
-* cipher/ecc.c (ecc_decrypt_raw): Validate input. Remove duplicated
-point_free.
-* mpi/ec.c (_gcry_mpi_ec_mul_point):Use simple left-to-right binary
-method for when SCALAR is secure.
-(_gcry_mpi_ec_curve_point): New.
-
---
-
-CVE-id: CVE-2015-7511
-
-Thanks to Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran
-Tromer. http://www.cs.tau.ac.IL/~tromer/ecdh/
-
-This could be an effective contermeasure to some chosen cipher text
-attacks.
-
-(backport from master
- commit 88e1358962e902ff1cbec8d53ba3eee46407851a)
-(backport from LIBGCRYPT-1-6-BRANCH
- commit 28eb424e4427b320ec1c9c4ce56af25d495230bd)
-
-Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
----
- cipher/ecc.c | 11 ++-
- mpi/ec.c | 226 +++++++++++++++++++++++++++++++++++------------------------
- src/mpi.h | 2 +-
- 3 files changed, 145 insertions(+), 94 deletions(-)
-
-diff --git a/cipher/ecc.c b/cipher/ecc.c
-index b8487dc..80b67ae 100644
---- a/cipher/ecc.c
-+++ b/cipher/ecc.c
-@@ -1535,12 +1535,19 @@ ecc_decrypt_raw (int algo, gcry_mpi_t *result, gcry_mpi_t *data,
-
- ctx = _gcry_mpi_ec_init (sk.E.p, sk.E.a);
-
-+ if (!_gcry_mpi_ec_curve_point (&kG, sk.E.b, ctx))
-+ {
-+ point_free (&kG);
-+ point_free (&sk.E.G);
-+ point_free (&sk.Q);
-+ _gcry_mpi_ec_free (ctx);
-+ return GPG_ERR_INV_DATA;
-+ }
-+
- /* R = dkG */
- point_init (&R);
- _gcry_mpi_ec_mul_point (&R, sk.d, &kG, ctx);
-
-- point_free (&kG);
--
- /* The following is false: assert( mpi_cmp_ui( R.x, 1 )==0 );, so: */
- {
- gcry_mpi_t x, y;
-diff --git a/mpi/ec.c b/mpi/ec.c
-index fa00818..bdb155a 100644
---- a/mpi/ec.c
-+++ b/mpi/ec.c
-@@ -612,110 +612,154 @@ _gcry_mpi_ec_mul_point (mpi_point_t *result,
- gcry_mpi_t scalar, mpi_point_t *point,
- mpi_ec_t ctx)
- {
--#if 0
-- /* Simple left to right binary method. GECC Algorithm 3.27 */
-- unsigned int nbits;
-- int i;
--
-- nbits = mpi_get_nbits (scalar);
-- mpi_set_ui (result->x, 1);
-- mpi_set_ui (result->y, 1);
-- mpi_set_ui (result->z, 0);
--
-- for (i=nbits-1; i >= 0; i--)
-+ if (mpi_is_secure(scalar))
- {
-- _gcry_mpi_ec_dup_point (result, result, ctx);
-- if (mpi_test_bit (scalar, i) == 1)
-- _gcry_mpi_ec_add_points (result, result, point, ctx);
-- }
--
--#else
-- gcry_mpi_t x1, y1, z1, k, h, yy;
-- unsigned int i, loops;
-- mpi_point_t p1, p2, p1inv;
--
-- x1 = mpi_alloc_like (ctx->p);
-- y1 = mpi_alloc_like (ctx->p);
-- h = mpi_alloc_like (ctx->p);
-- k = mpi_copy (scalar);
-- yy = mpi_copy (point->y);
-+ /* Simple left to right binary method. GECC Algorithm 3.27 */
-+ unsigned int nbits;
-+ int i;
-+ mpi_point_t tmppnt;
-
-- if ( mpi_is_neg (k) )
-- {
-- k->sign = 0;
-- ec_invm (yy, yy, ctx);
-- }
-+ nbits = mpi_get_nbits (scalar);
-+ mpi_set_ui (result->x, 1);
-+ mpi_set_ui (result->y, 1);
-+ mpi_set_ui (result->z, 0);
-
-- if (!mpi_cmp_ui (point->z, 1))
-- {
-- mpi_set (x1, point->x);
-- mpi_set (y1, yy);
-+ point_init (&tmppnt);
-+ for (i=nbits-1; i >= 0; i--)
-+ {
-+ _gcry_mpi_ec_dup_point (result, result, ctx);
-+ _gcry_mpi_ec_add_points (&tmppnt, result, point, ctx);
-+ if (mpi_test_bit (scalar, i) == 1)
-+ point_set (result, &tmppnt);
-+ }
-+ point_free (&tmppnt);
- }
- else
- {
-- gcry_mpi_t z2, z3;
--
-- z2 = mpi_alloc_like (ctx->p);
-- z3 = mpi_alloc_like (ctx->p);
-- ec_mulm (z2, point->z, point->z, ctx);
-- ec_mulm (z3, point->z, z2, ctx);
-- ec_invm (z2, z2, ctx);
-- ec_mulm (x1, point->x, z2, ctx);
-- ec_invm (z3, z3, ctx);
-- ec_mulm (y1, yy, z3, ctx);
-- mpi_free (z2);
-- mpi_free (z3);
-- }
-- z1 = mpi_copy (ctx->one);
-+ gcry_mpi_t x1, y1, z1, k, h, yy;
-+ unsigned int i, loops;
-+ mpi_point_t p1, p2, p1inv;
-
-- mpi_mul (h, k, ctx->three); /* h = 3k */
-- loops = mpi_get_nbits (h);
-- if (loops < 2)
-- {
-- /* If SCALAR is zero, the above mpi_mul sets H to zero and thus
-- LOOPs will be zero. To avoid an underflow of I in the main
-- loop we set LOOP to 2 and the result to (0,0,0). */
-- loops = 2;
-- mpi_clear (result->x);
-- mpi_clear (result->y);
-- mpi_clear (result->z);
-- }
-- else
-- {
-- mpi_set (result->x, point->x);
-- mpi_set (result->y, yy);
-- mpi_set (result->z, point->z);
-- }
-- mpi_free (yy); yy = NULL;
-+ x1 = mpi_alloc_like (ctx->p);
-+ y1 = mpi_alloc_like (ctx->p);
-+ h = mpi_alloc_like (ctx->p);
-+ k = mpi_copy (scalar);
-+ yy = mpi_copy (point->y);
-
-- p1.x = x1; x1 = NULL;
-- p1.y = y1; y1 = NULL;
-- p1.z = z1; z1 = NULL;
-- point_init (&p2);
-- point_init (&p1inv);
-+ if ( mpi_is_neg (k) )
-+ {
-+ k->sign = 0;
-+ ec_invm (yy, yy, ctx);
-+ }
-
-- for (i=loops-2; i > 0; i--)
-- {
-- _gcry_mpi_ec_dup_point (result, result, ctx);
-- if (mpi_test_bit (h, i) == 1 && mpi_test_bit (k, i) == 0)
-+ if (!mpi_cmp_ui (point->z, 1))
-+ {
-+ mpi_set (x1, point->x);
-+ mpi_set (y1, yy);
-+ }
-+ else
- {
-- point_set (&p2, result);
-- _gcry_mpi_ec_add_points (result, &p2, &p1, ctx);
-+ gcry_mpi_t z2, z3;
-+
-+ z2 = mpi_alloc_like (ctx->p);
-+ z3 = mpi_alloc_like (ctx->p);
-+ ec_mulm (z2, point->z, point->z, ctx);
-+ ec_mulm (z3, point->z, z2, ctx);
-+ ec_invm (z2, z2, ctx);
-+ ec_mulm (x1, point->x, z2, ctx);
-+ ec_invm (z3, z3, ctx);
-+ ec_mulm (y1, yy, z3, ctx);
-+ mpi_free (z2);
-+ mpi_free (z3);
- }
-- if (mpi_test_bit (h, i) == 0 && mpi_test_bit (k, i) == 1)
-+ z1 = mpi_copy (ctx->one);
-+
-+ mpi_mul (h, k, ctx->three); /* h = 3k */
-+ loops = mpi_get_nbits (h);
-+ if (loops < 2)
- {
-- point_set (&p2, result);
-- /* Invert point: y = p - y mod p */
-- point_set (&p1inv, &p1);
-- ec_subm (p1inv.y, ctx->p, p1inv.y, ctx);
-- _gcry_mpi_ec_add_points (result, &p2, &p1inv, ctx);
-+ /* If SCALAR is zero, the above mpi_mul sets H to zero and thus
-+ LOOPs will be zero. To avoid an underflow of I in the main
-+ loop we set LOOP to 2 and the result to (0,0,0). */
-+ loops = 2;
-+ mpi_clear (result->x);
-+ mpi_clear (result->y);
-+ mpi_clear (result->z);
-+ }
-+ else
-+ {
-+ mpi_set (result->x, point->x);
-+ mpi_set (result->y, yy);
-+ mpi_set (result->z, point->z);
-+ }
-+ mpi_free (yy); yy = NULL;
-+
-+ p1.x = x1; x1 = NULL;
-+ p1.y = y1; y1 = NULL;
-+ p1.z = z1; z1 = NULL;
-+ point_init (&p2);
-+ point_init (&p1inv);
-+
-+ for (i=loops-2; i > 0; i--)
-+ {
-+ _gcry_mpi_ec_dup_point (result, result, ctx);
-+ if (mpi_test_bit (h, i) == 1 && mpi_test_bit (k, i) == 0)
-+ {
-+ point_set (&p2, result);
-+ _gcry_mpi_ec_add_points (result, &p2, &p1, ctx);
-+ }
-+ if (mpi_test_bit (h, i) == 0 && mpi_test_bit (k, i) == 1)
-+ {
-+ point_set (&p2, result);
-+ /* Invert point: y = p - y mod p */
-+ point_set (&p1inv, &p1);
-+ ec_subm (p1inv.y, ctx->p, p1inv.y, ctx);
-+ _gcry_mpi_ec_add_points (result, &p2, &p1inv, ctx);
-+ }
- }
-+
-+ point_free (&p1);
-+ point_free (&p2);
-+ point_free (&p1inv);
-+ mpi_free (h);
-+ mpi_free (k);
- }
-+}
-+
-+
-+/* Return true if POINT is on the curve described by CTX. */
-+int
-+_gcry_mpi_ec_curve_point (mpi_point_t *point, gcry_mpi_t b, mpi_ec_t ctx)
-+{
-+ int res = 0;
-+ gcry_mpi_t x, y, w;
-+ gcry_mpi_t xxx;
-+
-+ x = mpi_new (0);
-+ y = mpi_new (0);
-+ w = mpi_new (0);
-+ xxx = mpi_new (0);
-+
-+ if (_gcry_mpi_ec_get_affine (x, y, point, ctx))
-+ goto leave;
-+
-+ /* y^2 == x^3 + a·x + b */
-+ ec_mulm (y, y, y, ctx);
-+
-+ ec_mulm (xxx, x, x, ctx);
-+ ec_mulm (xxx, xxx, x, ctx);
-+ ec_mulm (w, ctx->a, x, ctx);
-+ ec_addm (w, w, b, ctx);
-+ ec_addm (w, w, xxx, ctx);
-+
-+ if (!mpi_cmp (y, w))
-+ res = 1;
-+
-+ leave:
-+ _gcry_mpi_release (xxx);
-+ _gcry_mpi_release (w);
-+ _gcry_mpi_release (x);
-+ _gcry_mpi_release (y);
-
-- point_free (&p1);
-- point_free (&p2);
-- point_free (&p1inv);
-- mpi_free (h);
-- mpi_free (k);
--#endif
-+ return res;
- }
-diff --git a/src/mpi.h b/src/mpi.h
-index 65a4f97..adc65e2 100644
---- a/src/mpi.h
-+++ b/src/mpi.h
-@@ -257,7 +257,7 @@ void _gcry_mpi_ec_add_points (mpi_point_t *result,
- void _gcry_mpi_ec_mul_point (mpi_point_t *result,
- gcry_mpi_t scalar, mpi_point_t *point,
- mpi_ec_t ctx);
--
-+int _gcry_mpi_ec_curve_point (mpi_point_t *point, gcry_mpi_t b, mpi_ec_t ctx);
-
-
- #endif /*G10_MPI_H*/
---
-2.1.4
-
diff --git a/dev-libs/libgcrypt/files/libgcrypt-1.7.5-fix-nehalem.patch b/dev-libs/libgcrypt/files/libgcrypt-1.7.5-fix-nehalem.patch
deleted file mode 100644
index 25633adae1ea..000000000000
--- a/dev-libs/libgcrypt/files/libgcrypt-1.7.5-fix-nehalem.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From aada604594fd42224d366d3cb98f67fd3b989cd6 Mon Sep 17 00:00:00 2001
-From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
-Date: Wed, 4 Jan 2017 12:02:36 +0200
-Subject: [PATCH 1/1] rijndael-ssse3: fix counter operand from read-only to
- read/write
-
-* cipher/rijndael-ssse3-amd64.c (_gcry_aes_ssse3_ctr_enc): Change
-'ctrlow' operand from read-only to read-write.
---
-
-With read-only operand, compiler is allowed to pass temporary
-register to assembly block and throw away any calculation that
-have been done on that register. On the other hand, compiler is
-also allowed to keep operand value permanently in one register
-as value is treated as read-only, and effectly operates as
-expected. Selection between these two depends on compiler
-version and used flags.
-
-Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
----
- cipher/rijndael-ssse3-amd64.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/cipher/rijndael-ssse3-amd64.c b/cipher/rijndael-ssse3-amd64.c
-index a8e89d4..2adb73f 100644
---- a/cipher/rijndael-ssse3-amd64.c
-+++ b/cipher/rijndael-ssse3-amd64.c
-@@ -387,8 +387,8 @@ _gcry_aes_ssse3_ctr_enc (RIJNDAEL_context *ctx, unsigned char *outbuf,
- ".Lno_carry%=:\n\t"
-
- "pshufb %%xmm6, %%xmm7\n\t"
-- :
-- : [ctr] "r" (ctr), [ctrlow] "r" (ctrlow)
-+ : [ctrlow] "+r" (ctrlow)
-+ : [ctr] "r" (ctr)
- : "cc", "memory");
-
- do_vpaes_ssse3_enc (ctx, nrounds, aes_const_ptr);
---
-2.8.0.rc3
-