summaryrefslogtreecommitdiff
path: root/dev-libs
diff options
context:
space:
mode:
authorKristian Fiskerstrand <k_f@gentoo.org>2016-02-11 00:02:11 +0100
committerKristian Fiskerstrand <k_f@gentoo.org>2016-02-11 00:03:10 +0100
commit5715a323e4f467888f71be6ddc6bbbc8873fd914 (patch)
treed9ae7c7a08b9a4614f2441b1ef859177abfe93ce /dev-libs
parent893faca2e40334a99263620c855d56131c29f174 (diff)
downloadgentoo-5715a323e4f467888f71be6ddc6bbbc8873fd914.tar.gz
gentoo-5715a323e4f467888f71be6ddc6bbbc8873fd914.tar.xz
dev-libs/libgcrypt: Add backported 1.5-branch fix for CVE-2015-7511
Package-Manager: portage-2.2.27
Diffstat (limited to 'dev-libs')
-rw-r--r--dev-libs/libgcrypt/files/libgcrypt-1.5.4-CVE-2015-7511.patch326
-rw-r--r--dev-libs/libgcrypt/libgcrypt-1.5.4-r101.ebuild59
-rw-r--r--dev-libs/libgcrypt/libgcrypt-1.5.4-r2.ebuild58
3 files changed, 443 insertions, 0 deletions
diff --git a/dev-libs/libgcrypt/files/libgcrypt-1.5.4-CVE-2015-7511.patch b/dev-libs/libgcrypt/files/libgcrypt-1.5.4-CVE-2015-7511.patch
new file mode 100644
index 00000000000..9ab0b4c2e64
--- /dev/null
+++ b/dev-libs/libgcrypt/files/libgcrypt-1.5.4-CVE-2015-7511.patch
@@ -0,0 +1,326 @@
+From fcbb9fcc2e6983ea61bf565b6ee2e29816b8cd57 Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Wed, 10 Feb 2016 17:43:03 +0900
+Subject: [PATCH] ecc: Fix for chosen cipher text attacks.
+
+* src/mpi.h (_gcry_mpi_ec_curve_point): New internal function.
+* cipher/ecc.c (ecc_decrypt_raw): Validate input. Remove duplicated
+point_free.
+* mpi/ec.c (_gcry_mpi_ec_mul_point):Use simple left-to-right binary
+method for when SCALAR is secure.
+(_gcry_mpi_ec_curve_point): New.
+
+--
+
+CVE-id: CVE-2015-7511
+
+Thanks to Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran
+Tromer. http://www.cs.tau.ac.IL/~tromer/ecdh/
+
+This could be an effective contermeasure to some chosen cipher text
+attacks.
+
+(backport from master
+ commit 88e1358962e902ff1cbec8d53ba3eee46407851a)
+(backport from LIBGCRYPT-1-6-BRANCH
+ commit 28eb424e4427b320ec1c9c4ce56af25d495230bd)
+
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+---
+ cipher/ecc.c | 11 ++-
+ mpi/ec.c | 226 +++++++++++++++++++++++++++++++++++------------------------
+ src/mpi.h | 2 +-
+ 3 files changed, 145 insertions(+), 94 deletions(-)
+
+diff --git a/cipher/ecc.c b/cipher/ecc.c
+index b8487dc..80b67ae 100644
+--- a/cipher/ecc.c
++++ b/cipher/ecc.c
+@@ -1535,12 +1535,19 @@ ecc_decrypt_raw (int algo, gcry_mpi_t *result, gcry_mpi_t *data,
+
+ ctx = _gcry_mpi_ec_init (sk.E.p, sk.E.a);
+
++ if (!_gcry_mpi_ec_curve_point (&kG, sk.E.b, ctx))
++ {
++ point_free (&kG);
++ point_free (&sk.E.G);
++ point_free (&sk.Q);
++ _gcry_mpi_ec_free (ctx);
++ return GPG_ERR_INV_DATA;
++ }
++
+ /* R = dkG */
+ point_init (&R);
+ _gcry_mpi_ec_mul_point (&R, sk.d, &kG, ctx);
+
+- point_free (&kG);
+-
+ /* The following is false: assert( mpi_cmp_ui( R.x, 1 )==0 );, so: */
+ {
+ gcry_mpi_t x, y;
+diff --git a/mpi/ec.c b/mpi/ec.c
+index fa00818..bdb155a 100644
+--- a/mpi/ec.c
++++ b/mpi/ec.c
+@@ -612,110 +612,154 @@ _gcry_mpi_ec_mul_point (mpi_point_t *result,
+ gcry_mpi_t scalar, mpi_point_t *point,
+ mpi_ec_t ctx)
+ {
+-#if 0
+- /* Simple left to right binary method. GECC Algorithm 3.27 */
+- unsigned int nbits;
+- int i;
+-
+- nbits = mpi_get_nbits (scalar);
+- mpi_set_ui (result->x, 1);
+- mpi_set_ui (result->y, 1);
+- mpi_set_ui (result->z, 0);
+-
+- for (i=nbits-1; i >= 0; i--)
++ if (mpi_is_secure(scalar))
+ {
+- _gcry_mpi_ec_dup_point (result, result, ctx);
+- if (mpi_test_bit (scalar, i) == 1)
+- _gcry_mpi_ec_add_points (result, result, point, ctx);
+- }
+-
+-#else
+- gcry_mpi_t x1, y1, z1, k, h, yy;
+- unsigned int i, loops;
+- mpi_point_t p1, p2, p1inv;
+-
+- x1 = mpi_alloc_like (ctx->p);
+- y1 = mpi_alloc_like (ctx->p);
+- h = mpi_alloc_like (ctx->p);
+- k = mpi_copy (scalar);
+- yy = mpi_copy (point->y);
++ /* Simple left to right binary method. GECC Algorithm 3.27 */
++ unsigned int nbits;
++ int i;
++ mpi_point_t tmppnt;
+
+- if ( mpi_is_neg (k) )
+- {
+- k->sign = 0;
+- ec_invm (yy, yy, ctx);
+- }
++ nbits = mpi_get_nbits (scalar);
++ mpi_set_ui (result->x, 1);
++ mpi_set_ui (result->y, 1);
++ mpi_set_ui (result->z, 0);
+
+- if (!mpi_cmp_ui (point->z, 1))
+- {
+- mpi_set (x1, point->x);
+- mpi_set (y1, yy);
++ point_init (&tmppnt);
++ for (i=nbits-1; i >= 0; i--)
++ {
++ _gcry_mpi_ec_dup_point (result, result, ctx);
++ _gcry_mpi_ec_add_points (&tmppnt, result, point, ctx);
++ if (mpi_test_bit (scalar, i) == 1)
++ point_set (result, &tmppnt);
++ }
++ point_free (&tmppnt);
+ }
+ else
+ {
+- gcry_mpi_t z2, z3;
+-
+- z2 = mpi_alloc_like (ctx->p);
+- z3 = mpi_alloc_like (ctx->p);
+- ec_mulm (z2, point->z, point->z, ctx);
+- ec_mulm (z3, point->z, z2, ctx);
+- ec_invm (z2, z2, ctx);
+- ec_mulm (x1, point->x, z2, ctx);
+- ec_invm (z3, z3, ctx);
+- ec_mulm (y1, yy, z3, ctx);
+- mpi_free (z2);
+- mpi_free (z3);
+- }
+- z1 = mpi_copy (ctx->one);
++ gcry_mpi_t x1, y1, z1, k, h, yy;
++ unsigned int i, loops;
++ mpi_point_t p1, p2, p1inv;
+
+- mpi_mul (h, k, ctx->three); /* h = 3k */
+- loops = mpi_get_nbits (h);
+- if (loops < 2)
+- {
+- /* If SCALAR is zero, the above mpi_mul sets H to zero and thus
+- LOOPs will be zero. To avoid an underflow of I in the main
+- loop we set LOOP to 2 and the result to (0,0,0). */
+- loops = 2;
+- mpi_clear (result->x);
+- mpi_clear (result->y);
+- mpi_clear (result->z);
+- }
+- else
+- {
+- mpi_set (result->x, point->x);
+- mpi_set (result->y, yy);
+- mpi_set (result->z, point->z);
+- }
+- mpi_free (yy); yy = NULL;
++ x1 = mpi_alloc_like (ctx->p);
++ y1 = mpi_alloc_like (ctx->p);
++ h = mpi_alloc_like (ctx->p);
++ k = mpi_copy (scalar);
++ yy = mpi_copy (point->y);
+
+- p1.x = x1; x1 = NULL;
+- p1.y = y1; y1 = NULL;
+- p1.z = z1; z1 = NULL;
+- point_init (&p2);
+- point_init (&p1inv);
++ if ( mpi_is_neg (k) )
++ {
++ k->sign = 0;
++ ec_invm (yy, yy, ctx);
++ }
+
+- for (i=loops-2; i > 0; i--)
+- {
+- _gcry_mpi_ec_dup_point (result, result, ctx);
+- if (mpi_test_bit (h, i) == 1 && mpi_test_bit (k, i) == 0)
++ if (!mpi_cmp_ui (point->z, 1))
++ {
++ mpi_set (x1, point->x);
++ mpi_set (y1, yy);
++ }
++ else
+ {
+- point_set (&p2, result);
+- _gcry_mpi_ec_add_points (result, &p2, &p1, ctx);
++ gcry_mpi_t z2, z3;
++
++ z2 = mpi_alloc_like (ctx->p);
++ z3 = mpi_alloc_like (ctx->p);
++ ec_mulm (z2, point->z, point->z, ctx);
++ ec_mulm (z3, point->z, z2, ctx);
++ ec_invm (z2, z2, ctx);
++ ec_mulm (x1, point->x, z2, ctx);
++ ec_invm (z3, z3, ctx);
++ ec_mulm (y1, yy, z3, ctx);
++ mpi_free (z2);
++ mpi_free (z3);
+ }
+- if (mpi_test_bit (h, i) == 0 && mpi_test_bit (k, i) == 1)
++ z1 = mpi_copy (ctx->one);
++
++ mpi_mul (h, k, ctx->three); /* h = 3k */
++ loops = mpi_get_nbits (h);
++ if (loops < 2)
+ {
+- point_set (&p2, result);
+- /* Invert point: y = p - y mod p */
+- point_set (&p1inv, &p1);
+- ec_subm (p1inv.y, ctx->p, p1inv.y, ctx);
+- _gcry_mpi_ec_add_points (result, &p2, &p1inv, ctx);
++ /* If SCALAR is zero, the above mpi_mul sets H to zero and thus
++ LOOPs will be zero. To avoid an underflow of I in the main
++ loop we set LOOP to 2 and the result to (0,0,0). */
++ loops = 2;
++ mpi_clear (result->x);
++ mpi_clear (result->y);
++ mpi_clear (result->z);
++ }
++ else
++ {
++ mpi_set (result->x, point->x);
++ mpi_set (result->y, yy);
++ mpi_set (result->z, point->z);
++ }
++ mpi_free (yy); yy = NULL;
++
++ p1.x = x1; x1 = NULL;
++ p1.y = y1; y1 = NULL;
++ p1.z = z1; z1 = NULL;
++ point_init (&p2);
++ point_init (&p1inv);
++
++ for (i=loops-2; i > 0; i--)
++ {
++ _gcry_mpi_ec_dup_point (result, result, ctx);
++ if (mpi_test_bit (h, i) == 1 && mpi_test_bit (k, i) == 0)
++ {
++ point_set (&p2, result);
++ _gcry_mpi_ec_add_points (result, &p2, &p1, ctx);
++ }
++ if (mpi_test_bit (h, i) == 0 && mpi_test_bit (k, i) == 1)
++ {
++ point_set (&p2, result);
++ /* Invert point: y = p - y mod p */
++ point_set (&p1inv, &p1);
++ ec_subm (p1inv.y, ctx->p, p1inv.y, ctx);
++ _gcry_mpi_ec_add_points (result, &p2, &p1inv, ctx);
++ }
+ }
++
++ point_free (&p1);
++ point_free (&p2);
++ point_free (&p1inv);
++ mpi_free (h);
++ mpi_free (k);
+ }
++}
++
++
++/* Return true if POINT is on the curve described by CTX. */
++int
++_gcry_mpi_ec_curve_point (mpi_point_t *point, gcry_mpi_t b, mpi_ec_t ctx)
++{
++ int res = 0;
++ gcry_mpi_t x, y, w;
++ gcry_mpi_t xxx;
++
++ x = mpi_new (0);
++ y = mpi_new (0);
++ w = mpi_new (0);
++ xxx = mpi_new (0);
++
++ if (_gcry_mpi_ec_get_affine (x, y, point, ctx))
++ goto leave;
++
++ /* y^2 == x^3 + a·x + b */
++ ec_mulm (y, y, y, ctx);
++
++ ec_mulm (xxx, x, x, ctx);
++ ec_mulm (xxx, xxx, x, ctx);
++ ec_mulm (w, ctx->a, x, ctx);
++ ec_addm (w, w, b, ctx);
++ ec_addm (w, w, xxx, ctx);
++
++ if (!mpi_cmp (y, w))
++ res = 1;
++
++ leave:
++ _gcry_mpi_release (xxx);
++ _gcry_mpi_release (w);
++ _gcry_mpi_release (x);
++ _gcry_mpi_release (y);
+
+- point_free (&p1);
+- point_free (&p2);
+- point_free (&p1inv);
+- mpi_free (h);
+- mpi_free (k);
+-#endif
++ return res;
+ }
+diff --git a/src/mpi.h b/src/mpi.h
+index 65a4f97..adc65e2 100644
+--- a/src/mpi.h
++++ b/src/mpi.h
+@@ -257,7 +257,7 @@ void _gcry_mpi_ec_add_points (mpi_point_t *result,
+ void _gcry_mpi_ec_mul_point (mpi_point_t *result,
+ gcry_mpi_t scalar, mpi_point_t *point,
+ mpi_ec_t ctx);
+-
++int _gcry_mpi_ec_curve_point (mpi_point_t *point, gcry_mpi_t b, mpi_ec_t ctx);
+
+
+ #endif /*G10_MPI_H*/
+--
+2.1.4
+
diff --git a/dev-libs/libgcrypt/libgcrypt-1.5.4-r101.ebuild b/dev-libs/libgcrypt/libgcrypt-1.5.4-r101.ebuild
new file mode 100644
index 00000000000..98486759e6e
--- /dev/null
+++ b/dev-libs/libgcrypt/libgcrypt-1.5.4-r101.ebuild
@@ -0,0 +1,59 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+AUTOTOOLS_AUTORECONF=1
+
+inherit autotools-multilib
+
+DESCRIPTION="General purpose crypto library based on the code used in GnuPG"
+HOMEPAGE="http://www.gnupg.org/"
+SRC_URI="mirror://gnupg/${PN}/${P}.tar.bz2"
+
+LICENSE="LGPL-2.1 MIT"
+SLOT="11/11" # subslot = soname major version
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE=""
+
+RDEPEND=">=dev-libs/libgpg-error-1.12[${MULTILIB_USEDEP}]
+ !dev-libs/libgcrypt:0/11
+ abi_x86_32? (
+ !<=app-emulation/emul-linux-x86-baselibs-20131008-r19
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32]
+ )"
+DEPEND="${RDEPEND}"
+
+DOCS=( AUTHORS ChangeLog NEWS README THANKS TODO )
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-1.5.0-uscore.patch
+ "${FILESDIR}"/${PN}-multilib-syspath.patch
+ "${FILESDIR}"/${P}-clang-arm.patch
+ "${FILESDIR}"/${P}-CVE-2015-7511.patch
+)
+
+src_configure() {
+ local myeconfargs=(
+ --disable-padlock-support # bug 201917
+ --disable-dependency-tracking
+ --enable-noexecstack
+ --disable-O-flag-munging
+
+ # disabled due to various applications requiring privileges
+ # after libgcrypt drops them (bug #468616)
+ --without-capabilities
+
+ # http://trac.videolan.org/vlc/ticket/620
+ # causes bus-errors on sparc64-solaris
+ $([[ ${CHOST} == *86*-darwin* ]] && echo "--disable-asm")
+ $([[ ${CHOST} == sparcv9-*-solaris* ]] && echo "--disable-asm")
+ )
+ autotools-multilib_src_configure
+}
+
+src_install() {
+ autotools-multilib_src_install
+
+ rm -r "${ED%/}"/usr/{bin,include,lib*/*.so,share} || die
+}
diff --git a/dev-libs/libgcrypt/libgcrypt-1.5.4-r2.ebuild b/dev-libs/libgcrypt/libgcrypt-1.5.4-r2.ebuild
new file mode 100644
index 00000000000..afc1b200d61
--- /dev/null
+++ b/dev-libs/libgcrypt/libgcrypt-1.5.4-r2.ebuild
@@ -0,0 +1,58 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+AUTOTOOLS_AUTORECONF=1
+
+inherit autotools-multilib
+
+DESCRIPTION="General purpose crypto library based on the code used in GnuPG"
+HOMEPAGE="http://www.gnupg.org/"
+SRC_URI="mirror://gnupg/${PN}/${P}.tar.bz2"
+
+LICENSE="LGPL-2.1 MIT"
+SLOT="0/11" # subslot = soname major version
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="static-libs"
+
+RDEPEND=">=dev-libs/libgpg-error-1.12[${MULTILIB_USEDEP}]
+ !dev-libs/libgcrypt:11
+ abi_x86_32? (
+ !<=app-emulation/emul-linux-x86-baselibs-20131008-r19
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32]
+ )"
+DEPEND="${RDEPEND}"
+
+DOCS=( AUTHORS ChangeLog NEWS README THANKS TODO )
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-1.5.0-uscore.patch
+ "${FILESDIR}"/${PN}-multilib-syspath.patch
+ "${FILESDIR}"/${P}-clang-arm.patch
+ "${FILESDIR}"/${P}-CVE-2015-7511.patch
+)
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/libgcrypt-config
+)
+
+src_configure() {
+ local myeconfargs=(
+ --disable-padlock-support # bug 201917
+ --disable-dependency-tracking
+ --enable-noexecstack
+ --disable-O-flag-munging
+ $(use_enable static-libs static)
+
+ # disabled due to various applications requiring privileges
+ # after libgcrypt drops them (bug #468616)
+ --without-capabilities
+
+ # http://trac.videolan.org/vlc/ticket/620
+ # causes bus-errors on sparc64-solaris
+ $([[ ${CHOST} == *86*-darwin* ]] && echo "--disable-asm")
+ $([[ ${CHOST} == sparcv9-*-solaris* ]] && echo "--disable-asm")
+ )
+ autotools-multilib_src_configure
+}