* [poky][dunfell][PATCH] libxcrypt: Add fix for CVE-2021-33560
@ 2021-09-13 13:16 Saloni Jain
2021-09-13 15:33 ` [OE-core] " Steve Sakoman
0 siblings, 1 reply; 3+ messages in thread
From: Saloni Jain @ 2021-09-13 13:16 UTC (permalink / raw)
To: openembedded-core, raj.khem; +Cc: nisha.parrakat, Saloni Jain, Saloni Jain
From: Saloni Jain <salonij@kpit.com>
Add fix for below CVE:
CVE-2021-33560
Link: [https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=patch;h=3462280f2e23e16adf3ed5176e0f2413d8861320]
Signed-off-by: Saloni Jain<jainsaloni0918@gmail.com>
---
.../libgcrypt/files/CVE-2021-33560.patch | 108 ++++++++++++++++++
.../libgcrypt/libgcrypt_1.8.5.bb | 1 +
2 files changed, 109 insertions(+)
create mode 100644 meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch
diff --git a/meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch b/meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch
new file mode 100644
index 0000000000..ba51af46b3
--- /dev/null
+++ b/meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch
@@ -0,0 +1,108 @@
+From 3462280f2e23e16adf3ed5176e0f2413d8861320 Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Fri, 21 May 2021 11:15:07 +0900
+Subject: [PATCH] cipher: Fix ElGamal encryption for other implementations.
+
+* cipher/elgamal.c (gen_k): Remove support of smaller K.
+(do_encrypt): Never use smaller K.
+(sign): Folllow the change of gen_k.
+
+--
+
+Cherry-pick master commit of:
+ 632d80ef30e13de6926d503aa697f92b5dbfbc5e
+
+This change basically reverts encryption changes in two commits:
+
+ 74386120dad6b3da62db37f7044267c8ef34689b
+ 78531373a342aeb847950f404343a05e36022065
+
+Use of smaller K for ephemeral key in ElGamal encryption is only good,
+when we can guarantee that recipient's key is generated by our
+implementation (or compatible).
+
+For detail, please see:
+
+ Luca De Feo, Bertram Poettering, Alessandro Sorniotti,
+ "On the (in)security of ElGamal in OpenPGP";
+ in the proceedings of CCS'2021.
+
+CVE: CVE-2021-33560
+GnuPG-bug-id: 5328
+Suggested-by: Luca De Feo, Bertram Poettering, Alessandro Sorniotti
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+Signed-off-by: Saloni Jain <jainsaloni0918@gmail.com>
+
+Upstream-Status: Backport [https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=patch;h=3462280f2e23e16adf3ed5176e0f2413d8861320]
+Comment: No changes/refreshing done.
+---
+ cipher/elgamal.c | 24 ++++++------------------
+ 1 file changed, 6 insertions(+), 18 deletions(-)
+
+diff --git a/cipher/elgamal.c b/cipher/elgamal.c
+index 9835122f..eead4502 100644
+--- a/cipher/elgamal.c
++++ b/cipher/elgamal.c
+@@ -66,7 +66,7 @@ static const char *elg_names[] =
+
+
+ static int test_keys (ELG_secret_key *sk, unsigned int nbits, int nodie);
+-static gcry_mpi_t gen_k (gcry_mpi_t p, int small_k);
++static gcry_mpi_t gen_k (gcry_mpi_t p);
+ static gcry_err_code_t generate (ELG_secret_key *sk, unsigned nbits,
+ gcry_mpi_t **factors);
+ static int check_secret_key (ELG_secret_key *sk);
+@@ -189,11 +189,10 @@ test_keys ( ELG_secret_key *sk, unsigned int nbits, int nodie )
+
+ /****************
+ * Generate a random secret exponent k from prime p, so that k is
+- * relatively prime to p-1. With SMALL_K set, k will be selected for
+- * better encryption performance - this must never be used signing!
++ * relatively prime to p-1.
+ */
+ static gcry_mpi_t
+-gen_k( gcry_mpi_t p, int small_k )
++gen_k( gcry_mpi_t p )
+ {
+ gcry_mpi_t k = mpi_alloc_secure( 0 );
+ gcry_mpi_t temp = mpi_alloc( mpi_get_nlimbs(p) );
+@@ -202,18 +201,7 @@ gen_k( gcry_mpi_t p, int small_k )
+ unsigned int nbits, nbytes;
+ char *rndbuf = NULL;
+
+- if (small_k)
+- {
+- /* Using a k much lesser than p is sufficient for encryption and
+- * it greatly improves the encryption performance. We use
+- * Wiener's table and add a large safety margin. */
+- nbits = wiener_map( orig_nbits ) * 3 / 2;
+- if( nbits >= orig_nbits )
+- BUG();
+- }
+- else
+- nbits = orig_nbits;
+-
++ nbits = orig_nbits;
+
+ nbytes = (nbits+7)/8;
+ if( DBG_CIPHER )
+@@ -492,7 +480,7 @@ do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey )
+ * error code.
+ */
+
+- k = gen_k( pkey->p, 1 );
++ k = gen_k( pkey->p );
+ mpi_powm (a, pkey->g, k, pkey->p);
+
+ /* b = (y^k * input) mod p
+@@ -608,7 +596,7 @@ sign(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_secret_key *skey )
+ *
+ */
+ mpi_sub_ui(p_1, p_1, 1);
+- k = gen_k( skey->p, 0 /* no small K ! */ );
++ k = gen_k( skey->p );
+ mpi_powm( a, skey->g, k, skey->p );
+ mpi_mul(t, skey->x, a );
+ mpi_subm(t, input, t, p_1 );
+--
+2.11.0
diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb b/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb
index 16a58ad9b8..174b087b24 100644
--- a/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb
+++ b/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb
@@ -28,6 +28,7 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \
file://0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch \
file://0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch \
file://determinism.patch \
+ file://CVE-2021-33560.patch \
"
SRC_URI[md5sum] = "348cc4601ca34307fc6cd6c945467743"
SRC_URI[sha256sum] = "3b4a2a94cb637eff5bdebbcaf46f4d95c4f25206f459809339cdada0eb577ac3"
--
2.17.1
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [OE-core] [poky][dunfell][PATCH] libxcrypt: Add fix for CVE-2021-33560
2021-09-13 13:16 [poky][dunfell][PATCH] libxcrypt: Add fix for CVE-2021-33560 Saloni Jain
@ 2021-09-13 15:33 ` Steve Sakoman
2021-09-13 15:50 ` saloni
0 siblings, 1 reply; 3+ messages in thread
From: Steve Sakoman @ 2021-09-13 15:33 UTC (permalink / raw)
To: Saloni Jain
Cc: Patches and discussions about the oe-core layer, Khem Raj,
Nisha Parrakat, Saloni Jain
On Mon, Sep 13, 2021 at 3:16 AM Saloni Jain <jainsaloni0918@gmail.com> wrote:
>
> From: Saloni Jain <salonij@kpit.com>
>
> Add fix for below CVE:
> CVE-2021-33560
Armin submitted a patch for this CVE last week:
https://lists.openembedded.org/g/openembedded-core/message/155935
Thanks for helping with CVE's though, I appreciate the effort!
Steve
> Link: [https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=patch;h=3462280f2e23e16adf3ed5176e0f2413d8861320]
>
> Signed-off-by: Saloni Jain<jainsaloni0918@gmail.com>
> ---
> .../libgcrypt/files/CVE-2021-33560.patch | 108 ++++++++++++++++++
> .../libgcrypt/libgcrypt_1.8.5.bb | 1 +
> 2 files changed, 109 insertions(+)
> create mode 100644 meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch
>
> diff --git a/meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch b/meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch
> new file mode 100644
> index 0000000000..ba51af46b3
> --- /dev/null
> +++ b/meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch
> @@ -0,0 +1,108 @@
> +From 3462280f2e23e16adf3ed5176e0f2413d8861320 Mon Sep 17 00:00:00 2001
> +From: NIIBE Yutaka <gniibe@fsij.org>
> +Date: Fri, 21 May 2021 11:15:07 +0900
> +Subject: [PATCH] cipher: Fix ElGamal encryption for other implementations.
> +
> +* cipher/elgamal.c (gen_k): Remove support of smaller K.
> +(do_encrypt): Never use smaller K.
> +(sign): Folllow the change of gen_k.
> +
> +--
> +
> +Cherry-pick master commit of:
> + 632d80ef30e13de6926d503aa697f92b5dbfbc5e
> +
> +This change basically reverts encryption changes in two commits:
> +
> + 74386120dad6b3da62db37f7044267c8ef34689b
> + 78531373a342aeb847950f404343a05e36022065
> +
> +Use of smaller K for ephemeral key in ElGamal encryption is only good,
> +when we can guarantee that recipient's key is generated by our
> +implementation (or compatible).
> +
> +For detail, please see:
> +
> + Luca De Feo, Bertram Poettering, Alessandro Sorniotti,
> + "On the (in)security of ElGamal in OpenPGP";
> + in the proceedings of CCS'2021.
> +
> +CVE: CVE-2021-33560
> +GnuPG-bug-id: 5328
> +Suggested-by: Luca De Feo, Bertram Poettering, Alessandro Sorniotti
> +Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
> +Signed-off-by: Saloni Jain <jainsaloni0918@gmail.com>
> +
> +Upstream-Status: Backport [https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=patch;h=3462280f2e23e16adf3ed5176e0f2413d8861320]
> +Comment: No changes/refreshing done.
> +---
> + cipher/elgamal.c | 24 ++++++------------------
> + 1 file changed, 6 insertions(+), 18 deletions(-)
> +
> +diff --git a/cipher/elgamal.c b/cipher/elgamal.c
> +index 9835122f..eead4502 100644
> +--- a/cipher/elgamal.c
> ++++ b/cipher/elgamal.c
> +@@ -66,7 +66,7 @@ static const char *elg_names[] =
> +
> +
> + static int test_keys (ELG_secret_key *sk, unsigned int nbits, int nodie);
> +-static gcry_mpi_t gen_k (gcry_mpi_t p, int small_k);
> ++static gcry_mpi_t gen_k (gcry_mpi_t p);
> + static gcry_err_code_t generate (ELG_secret_key *sk, unsigned nbits,
> + gcry_mpi_t **factors);
> + static int check_secret_key (ELG_secret_key *sk);
> +@@ -189,11 +189,10 @@ test_keys ( ELG_secret_key *sk, unsigned int nbits, int nodie )
> +
> + /****************
> + * Generate a random secret exponent k from prime p, so that k is
> +- * relatively prime to p-1. With SMALL_K set, k will be selected for
> +- * better encryption performance - this must never be used signing!
> ++ * relatively prime to p-1.
> + */
> + static gcry_mpi_t
> +-gen_k( gcry_mpi_t p, int small_k )
> ++gen_k( gcry_mpi_t p )
> + {
> + gcry_mpi_t k = mpi_alloc_secure( 0 );
> + gcry_mpi_t temp = mpi_alloc( mpi_get_nlimbs(p) );
> +@@ -202,18 +201,7 @@ gen_k( gcry_mpi_t p, int small_k )
> + unsigned int nbits, nbytes;
> + char *rndbuf = NULL;
> +
> +- if (small_k)
> +- {
> +- /* Using a k much lesser than p is sufficient for encryption and
> +- * it greatly improves the encryption performance. We use
> +- * Wiener's table and add a large safety margin. */
> +- nbits = wiener_map( orig_nbits ) * 3 / 2;
> +- if( nbits >= orig_nbits )
> +- BUG();
> +- }
> +- else
> +- nbits = orig_nbits;
> +-
> ++ nbits = orig_nbits;
> +
> + nbytes = (nbits+7)/8;
> + if( DBG_CIPHER )
> +@@ -492,7 +480,7 @@ do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey )
> + * error code.
> + */
> +
> +- k = gen_k( pkey->p, 1 );
> ++ k = gen_k( pkey->p );
> + mpi_powm (a, pkey->g, k, pkey->p);
> +
> + /* b = (y^k * input) mod p
> +@@ -608,7 +596,7 @@ sign(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_secret_key *skey )
> + *
> + */
> + mpi_sub_ui(p_1, p_1, 1);
> +- k = gen_k( skey->p, 0 /* no small K ! */ );
> ++ k = gen_k( skey->p );
> + mpi_powm( a, skey->g, k, skey->p );
> + mpi_mul(t, skey->x, a );
> + mpi_subm(t, input, t, p_1 );
> +--
> +2.11.0
> diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb b/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb
> index 16a58ad9b8..174b087b24 100644
> --- a/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb
> +++ b/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb
> @@ -28,6 +28,7 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \
> file://0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch \
> file://0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch \
> file://determinism.patch \
> + file://CVE-2021-33560.patch \
> "
> SRC_URI[md5sum] = "348cc4601ca34307fc6cd6c945467743"
> SRC_URI[sha256sum] = "3b4a2a94cb637eff5bdebbcaf46f4d95c4f25206f459809339cdada0eb577ac3"
> --
> 2.17.1
>
>
>
>
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [OE-core] [poky][dunfell][PATCH] libxcrypt: Add fix for CVE-2021-33560
2021-09-13 15:33 ` [OE-core] " Steve Sakoman
@ 2021-09-13 15:50 ` saloni
0 siblings, 0 replies; 3+ messages in thread
From: saloni @ 2021-09-13 15:50 UTC (permalink / raw)
To: Steve Sakoman, Saloni Jain
Cc: Patches and discussions about the oe-core layer, Khem Raj,
Nisha Parrakat
[-- Attachment #1: Type: text/plain, Size: 8350 bytes --]
Happy to help! 🙂 🙂
I really appreciate you taking time to express gratitude.
Thanks & Regards,
Saloni Jain
________________________________
From: Steve Sakoman <steve@sakoman.com>
Sent: Monday, September 13, 2021 9:03 PM
To: Saloni Jain <jainsaloni0918@gmail.com>
Cc: Patches and discussions about the oe-core layer <openembedded-core@lists.openembedded.org>; Khem Raj <raj.khem@gmail.com>; Nisha Parrakat <Nisha.Parrakat@kpit.com>; Saloni Jain <Saloni.Jain@kpit.com>
Subject: Re: [OE-core] [poky][dunfell][PATCH] libxcrypt: Add fix for CVE-2021-33560
Caution: This email originated from outside of the KPIT. Do not click links or open attachments unless you recognize the sender and know the content is safe.
On Mon, Sep 13, 2021 at 3:16 AM Saloni Jain <jainsaloni0918@gmail.com> wrote:
>
> From: Saloni Jain <salonij@kpit.com>
>
> Add fix for below CVE:
> CVE-2021-33560
Armin submitted a patch for this CVE last week:
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.openembedded.org%2Fg%2Fopenembedded-core%2Fmessage%2F155935&data=04%7C01%7CSaloni.Jain%40kpit.com%7Cab35b176f5054ba2760408d976cbd354%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637671440110080648%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=drHkzkMi9PsPKXMK88kMxtc1tPfrCl72UfDLLYlx7yQ%3D&reserved=0
Thanks for helping with CVE's though, I appreciate the effort!
Steve
> Link: [https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit.gnupg.org%2Fcgi-bin%2Fgitweb.cgi%3Fp%3Dlibgcrypt.git%3Ba%3Dpatch%3Bh%3D3462280f2e23e16adf3ed5176e0f2413d8861320&data=04%7C01%7CSaloni.Jain%40kpit.com%7Cab35b176f5054ba2760408d976cbd354%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637671440110080648%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=mxW8l7hc7mDiu3UKIXQegIMJsP6kWfWmJ%2FbkQEVL958%3D&reserved=0]
>
> Signed-off-by: Saloni Jain<jainsaloni0918@gmail.com>
> ---
> .../libgcrypt/files/CVE-2021-33560.patch | 108 ++++++++++++++++++
> .../libgcrypt/libgcrypt_1.8.5.bb | 1 +
> 2 files changed, 109 insertions(+)
> create mode 100644 meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch
>
> diff --git a/meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch b/meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch
> new file mode 100644
> index 0000000000..ba51af46b3
> --- /dev/null
> +++ b/meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch
> @@ -0,0 +1,108 @@
> +From 3462280f2e23e16adf3ed5176e0f2413d8861320 Mon Sep 17 00:00:00 2001
> +From: NIIBE Yutaka <gniibe@fsij.org>
> +Date: Fri, 21 May 2021 11:15:07 +0900
> +Subject: [PATCH] cipher: Fix ElGamal encryption for other implementations.
> +
> +* cipher/elgamal.c (gen_k): Remove support of smaller K.
> +(do_encrypt): Never use smaller K.
> +(sign): Folllow the change of gen_k.
> +
> +--
> +
> +Cherry-pick master commit of:
> + 632d80ef30e13de6926d503aa697f92b5dbfbc5e
> +
> +This change basically reverts encryption changes in two commits:
> +
> + 74386120dad6b3da62db37f7044267c8ef34689b
> + 78531373a342aeb847950f404343a05e36022065
> +
> +Use of smaller K for ephemeral key in ElGamal encryption is only good,
> +when we can guarantee that recipient's key is generated by our
> +implementation (or compatible).
> +
> +For detail, please see:
> +
> + Luca De Feo, Bertram Poettering, Alessandro Sorniotti,
> + "On the (in)security of ElGamal in OpenPGP";
> + in the proceedings of CCS'2021.
> +
> +CVE: CVE-2021-33560
> +GnuPG-bug-id: 5328
> +Suggested-by: Luca De Feo, Bertram Poettering, Alessandro Sorniotti
> +Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
> +Signed-off-by: Saloni Jain <jainsaloni0918@gmail.com>
> +
> +Upstream-Status: Backport [https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit.gnupg.org%2Fcgi-bin%2Fgitweb.cgi%3Fp%3Dlibgcrypt.git%3Ba%3Dpatch%3Bh%3D3462280f2e23e16adf3ed5176e0f2413d8861320&data=04%7C01%7CSaloni.Jain%40kpit.com%7Cab35b176f5054ba2760408d976cbd354%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637671440110090650%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=XEr2AaiwglyGxJRihsQJmNwA5jqW5mO%2FHHNOtWgoI1o%3D&reserved=0]
> +Comment: No changes/refreshing done.
> +---
> + cipher/elgamal.c | 24 ++++++------------------
> + 1 file changed, 6 insertions(+), 18 deletions(-)
> +
> +diff --git a/cipher/elgamal.c b/cipher/elgamal.c
> +index 9835122f..eead4502 100644
> +--- a/cipher/elgamal.c
> ++++ b/cipher/elgamal.c
> +@@ -66,7 +66,7 @@ static const char *elg_names[] =
> +
> +
> + static int test_keys (ELG_secret_key *sk, unsigned int nbits, int nodie);
> +-static gcry_mpi_t gen_k (gcry_mpi_t p, int small_k);
> ++static gcry_mpi_t gen_k (gcry_mpi_t p);
> + static gcry_err_code_t generate (ELG_secret_key *sk, unsigned nbits,
> + gcry_mpi_t **factors);
> + static int check_secret_key (ELG_secret_key *sk);
> +@@ -189,11 +189,10 @@ test_keys ( ELG_secret_key *sk, unsigned int nbits, int nodie )
> +
> + /****************
> + * Generate a random secret exponent k from prime p, so that k is
> +- * relatively prime to p-1. With SMALL_K set, k will be selected for
> +- * better encryption performance - this must never be used signing!
> ++ * relatively prime to p-1.
> + */
> + static gcry_mpi_t
> +-gen_k( gcry_mpi_t p, int small_k )
> ++gen_k( gcry_mpi_t p )
> + {
> + gcry_mpi_t k = mpi_alloc_secure( 0 );
> + gcry_mpi_t temp = mpi_alloc( mpi_get_nlimbs(p) );
> +@@ -202,18 +201,7 @@ gen_k( gcry_mpi_t p, int small_k )
> + unsigned int nbits, nbytes;
> + char *rndbuf = NULL;
> +
> +- if (small_k)
> +- {
> +- /* Using a k much lesser than p is sufficient for encryption and
> +- * it greatly improves the encryption performance. We use
> +- * Wiener's table and add a large safety margin. */
> +- nbits = wiener_map( orig_nbits ) * 3 / 2;
> +- if( nbits >= orig_nbits )
> +- BUG();
> +- }
> +- else
> +- nbits = orig_nbits;
> +-
> ++ nbits = orig_nbits;
> +
> + nbytes = (nbits+7)/8;
> + if( DBG_CIPHER )
> +@@ -492,7 +480,7 @@ do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey )
> + * error code.
> + */
> +
> +- k = gen_k( pkey->p, 1 );
> ++ k = gen_k( pkey->p );
> + mpi_powm (a, pkey->g, k, pkey->p);
> +
> + /* b = (y^k * input) mod p
> +@@ -608,7 +596,7 @@ sign(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_secret_key *skey )
> + *
> + */
> + mpi_sub_ui(p_1, p_1, 1);
> +- k = gen_k( skey->p, 0 /* no small K ! */ );
> ++ k = gen_k( skey->p );
> + mpi_powm( a, skey->g, k, skey->p );
> + mpi_mul(t, skey->x, a );
> + mpi_subm(t, input, t, p_1 );
> +--
> +2.11.0
> diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb b/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb
> index 16a58ad9b8..174b087b24 100644
> --- a/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb
> +++ b/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb
> @@ -28,6 +28,7 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \
> file://0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch \
> file://0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch \
> file://determinism.patch \
> + file://CVE-2021-33560.patch \
> "
> SRC_URI[md5sum] = "348cc4601ca34307fc6cd6c945467743"
> SRC_URI[sha256sum] = "3b4a2a94cb637eff5bdebbcaf46f4d95c4f25206f459809339cdada0eb577ac3"
> --
> 2.17.1
>
>
>
>
This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.
[-- Attachment #2: Type: text/html, Size: 13458 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-09-13 15:50 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-13 13:16 [poky][dunfell][PATCH] libxcrypt: Add fix for CVE-2021-33560 Saloni Jain
2021-09-13 15:33 ` [OE-core] " Steve Sakoman
2021-09-13 15:50 ` saloni
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.