package/botan: security bump to version 2.18.2
- Fix a low risk OAEP decryption side channel (GH #2797) - Drop patch (already in version) https://github.com/randombit/botan/blob/2.18.2/news.rst Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Fabrice Fontaine
Peter Korsgaard
parent
ee2311687b
commit
47fa16dffa
@ -1,38 +0,0 @@
|
||||
From 9a23e4e3bc3966340531f2ff608fa9d33b5185a2 Mon Sep 17 00:00:00 2001
|
||||
From: Jack Lloyd <jack@randombit.net>
|
||||
Date: Tue, 3 Aug 2021 18:20:29 -0400
|
||||
Subject: [PATCH] Avoid using short exponents with ElGamal
|
||||
|
||||
Some off-brand PGP implementation generates keys where p - 1 is
|
||||
smooth, as a result short exponents can leak enough information about
|
||||
k to allow decryption.
|
||||
|
||||
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
||||
[Peter: Drop tests, CVE-2021-40529]
|
||||
---
|
||||
src/lib/pubkey/elgamal/elgamal.cpp | 8 +++-
|
||||
1 file changed, 1 insertions(+), 1 deletions(-)
|
||||
|
||||
diff --git a/src/lib/pubkey/elgamal/elgamal.cpp b/src/lib/pubkey/elgamal/elgamal.cpp
|
||||
index b3ec6df2c..0e33c2ca5 100644
|
||||
--- a/src/lib/pubkey/elgamal/elgamal.cpp
|
||||
+++ b/src/lib/pubkey/elgamal/elgamal.cpp
|
||||
@@ -113,8 +113,12 @@ ElGamal_Encryption_Operation::raw_encrypt(const uint8_t msg[], size_t msg_len,
|
||||
if(m >= m_group.get_p())
|
||||
throw Invalid_Argument("ElGamal encryption: Input is too large");
|
||||
|
||||
- const size_t k_bits = m_group.exponent_bits();
|
||||
- const BigInt k(rng, k_bits);
|
||||
+ /*
|
||||
+ Some ElGamal implementations foolishly use prime fields where p - 1 is
|
||||
+ smooth, as a result it is unsafe to use short exponents.
|
||||
+ */
|
||||
+ const size_t k_bits = m_group.p_bits() - 1;
|
||||
+ const BigInt k(rng, k_bits, false);
|
||||
|
||||
const BigInt a = m_group.power_g_p(k, k_bits);
|
||||
const BigInt b = m_group.multiply_mod_p(m, monty_execute(*m_monty_y_p, k, k_bits));
|
||||
-
|
||||
--
|
||||
2.20.1
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
# From https://botan.randombit.net/releases/sha256sums.txt
|
||||
sha256 f8c7b46222a857168a754a5cc329bb780504122b270018dda5304c98db28ae29 Botan-2.18.1.tar.xz
|
||||
sha256 541a3b13f1b9d30f977c6c1ae4c7bfdfda763cda6e44de807369dce79f42307e Botan-2.18.2.tar.xz
|
||||
# Locally computed
|
||||
sha256 fb7f0322d36fba55ca17d77bc203a9f09a40daa8a249b75cf8887aba36cec9d0 license.txt
|
||||
|
||||
@ -4,16 +4,13 @@
|
||||
#
|
||||
################################################################################
|
||||
|
||||
BOTAN_VERSION = 2.18.1
|
||||
BOTAN_VERSION = 2.18.2
|
||||
BOTAN_SOURCE = Botan-$(BOTAN_VERSION).tar.xz
|
||||
BOTAN_SITE = http://botan.randombit.net/releases
|
||||
BOTAN_LICENSE = BSD-2-Clause
|
||||
BOTAN_LICENSE_FILES = license.txt
|
||||
BOTAN_CPE_ID_VENDOR = botan_project
|
||||
|
||||
# 0001-Avoid-using-short-exponents-with-ElGamal.patch
|
||||
BOTAN_IGNORE_CVES += CVE-2021-40529
|
||||
|
||||
BOTAN_INSTALL_STAGING = YES
|
||||
|
||||
BOTAN_CONF_OPTS = \
|
||||
|
||||
Loading…
Reference in New Issue
Block a user