1. photon
  2. Commit 7a940f7a2445a9c7be622d506212913a97cb3182
Browse code

libgcrypt: Fix for CVE-2018-0495

Added a patch to fix CVE-2018-0495

Change-Id: I99a3e8704be45612b0c47768974c2fe2bda6c776
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/5577
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Sharath George

Ankit Jain authored on 2018/09/04 03:30:02
Showing 2 changed files
SPECS/libgcrypt/libgcrypt-CVE-2018-0495.patch
History View file @ 7a940f7
1 1 
new file mode 100644
... ... 
@@ -0,0 +1,72 @@
0 
+From 9010d1576e278a4274ad3f4aa15776c28f6ba965 Mon Sep 17 00:00:00 2001
1 
+From: NIIBE Yutaka <gniibe@fsij.org>
2 
+Date: Wed, 13 Jun 2018 15:28:58 +0900
3 
+Subject: [PATCH] ecc: Add blinding for ECDSA.
4 
+
5 
+* cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Blind secret D with
6 
+randomized nonce B.
7 
+
8 
+--
9 
+
10 
+Reported-by: Keegan Ryan <Keegan.Ryan@nccgroup.trust>
11 
+CVE-id: CVE-2018-0495
12 
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
13 
+---
14 
+ cipher/ecc-ecdsa.c | 20 ++++++++++++++++++--
15 
+ 1 file changed, 18 insertions(+), 2 deletions(-)
16 
+
17 
+diff --git a/cipher/ecc-ecdsa.c b/cipher/ecc-ecdsa.c
18 
+index 1484830..140e8c0 100644
19 
+--- a/cipher/ecc-ecdsa.c
20 
+@@ -50,6 +50,8 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input, ECC_secret_key *skey,
21 
+   const void *abuf;
22 
+   unsigned int abits, qbits;
23 
+   mpi_ec_t ctx;
24 
++  gcry_mpi_t b;                /* Random number needed for blinding.  */
25 
++  gcry_mpi_t bi;               /* multiplicative inverse of B.        */
26 
+
27 
+   if (DBG_CIPHER)
28 
+     log_mpidump ("ecdsa sign hash  ", input );
29 
+@@ -61,6 +63,15 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input, ECC_secret_key *skey,
30 
+   if (rc)
31 
+     return rc;
32 
+
33 
++  b  = mpi_snew (qbits);
34 
++  bi = mpi_snew (qbits);
35 
++  do
36 
++    {
37 
++      _gcry_mpi_randomize (b, qbits, GCRY_WEAK_RANDOM);
38 
++      mpi_mod (b, b, skey->E.n);
39 
++    }
40 
++  while (!mpi_invm (bi, b, skey->E.n));
41 
++
42 
+   k = NULL;
43 
+   dr = mpi_alloc (0);
44 
+   sum = mpi_alloc (0);
45 
+@@ -115,8 +126,11 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input, ECC_secret_key *skey,
46 
+         }
47 
+       while (!mpi_cmp_ui (r, 0));
48 
+
49 
+-      mpi_mulm (dr, skey->d, r, skey->E.n); /* dr = d*r mod n  */
50 
+-      mpi_addm (sum, hash, dr, skey->E.n);  /* sum = hash + (d*r) mod n  */
51 
++      mpi_mulm (dr, b, skey->d, skey->E.n);
52 
++      mpi_mulm (dr, dr, r, skey->E.n);      /* dr = d*r mod n (blinded with b) */
53 
++      mpi_mulm (sum, b, hash, skey->E.n);
54 
++      mpi_addm (sum, sum, dr, skey->E.n);   /* sum = hash + (d*r) mod n  (blinded with b) */
55 
++      mpi_mulm (sum, bi, sum, skey->E.n);   /* undo blinding by b^-1 */
56 
+       mpi_invm (k_1, k, skey->E.n);         /* k_1 = k^(-1) mod n  */
57 
+       mpi_mulm (s, k_1, sum, skey->E.n);    /* s = k^(-1)*(hash+(d*r)) mod n */
58 
+     }
59 
+@@ -129,6 +143,8 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input, ECC_secret_key *skey,
60 
+     }
61 
+
62 
+  leave:
63 
++  mpi_free (b);
64 
++  mpi_free (bi);
65 
+   _gcry_mpi_ec_free (ctx);
66 
+   point_free (&I);
67 
+   mpi_free (x);
68 
+--
69 
+2.7.4
70 
+
SPECS/libgcrypt/libgcrypt.spec
History View file @ 7a940f7
... ... 
@@ -1,13 +1,14 @@
1 1 
 Summary:        Crypto Libraries
2 2 
 Name:           libgcrypt
3 3 
 Version:        1.7.6
4 
-Release:        3%{?dist}
4 
+Release:        4%{?dist}
5 5 
 License:        GPLv2+ and LGPLv2+
6 6 
 URL:            http://www.gnu.org/software/libgcrypt/
7 7 
 Source0:        ftp://ftp.gnupg.org/gcrypt/libgcrypt/%{name}-%{version}.tar.bz2
8 8 
 %define sha1 libgcrypt=d2b9e0f413064cfc67188f80d3cbda887c755a62
9 9 
 Patch0:         CVE-2017-0379.patch
10 10 
 Patch1:         libgcrypt-CVE-2017-9526.patch
11 
+Patch2:         libgcrypt-CVE-2018-0495.patch
11 12 
 Group:          System Environment/Libraries
12 13 
 Vendor:         VMware, Inc.
13 14 
 BuildRequires:  libgpg-error
... ... 
@@ -31,6 +32,7 @@ that use libgcrypt.
31 31 
 %setup -q
32 32 
 %patch0 -p1
33 33 
 %patch1 -p1
34 
+%patch2 -p1
34 35 
 %build
35 36 
 ./configure \
36 37 
     --prefix=%{_prefix}
... ... 
@@ -60,6 +62,8 @@ make -k check |& tee %{_specdir}/%{name}-check-log || %{nocheck}
60 60 
 /usr/share/aclocal/libgcrypt.m4
61 61
62 62 
 %changelog
63 
+*   Mon Sep 03 2018 Ankit Jain <ankitja@vmware.com> 1.7.6-4
64 
+-   Fix for CVE-2018-0495
63 65 
 *   Thu Oct 19 2017 Xiaolin Li <xiaolinl@vmware.com> 1.7.6-3
64 66 
 -   Fix CVE-2017-9526
65 67 
 *   Tue Oct 17 2017 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 1.7.6-2