Happy to help! 🙂 🙂 I really appreciate you taking time to express gratitude.
Thanks & Regards, Saloni Jain ________________________________ From: Steve Sakoman <st...@sakoman.com> Sent: Monday, September 13, 2021 9:03 PM To: Saloni Jain <jainsaloni0...@gmail.com> Cc: Patches and discussions about the oe-core layer <openembedded-core@lists.openembedded.org>; Khem Raj <raj.k...@gmail.com>; Nisha Parrakat <nisha.parra...@kpit.com>; Saloni Jain <saloni.j...@kpit.com> Subject: Re: [OE-core] [poky][dunfell][PATCH] libxcrypt: Add fix for CVE-2021-33560 Caution: This email originated from outside of the KPIT. Do not click links or open attachments unless you recognize the sender and know the content is safe. On Mon, Sep 13, 2021 at 3:16 AM Saloni Jain <jainsaloni0...@gmail.com> wrote: > > From: Saloni Jain <salo...@kpit.com> > > Add fix for below CVE: > CVE-2021-33560 Armin submitted a patch for this CVE last week: https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.openembedded.org%2Fg%2Fopenembedded-core%2Fmessage%2F155935&data=04%7C01%7CSaloni.Jain%40kpit.com%7Cab35b176f5054ba2760408d976cbd354%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637671440110080648%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=drHkzkMi9PsPKXMK88kMxtc1tPfrCl72UfDLLYlx7yQ%3D&reserved=0 Thanks for helping with CVE's though, I appreciate the effort! Steve > Link: > [https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit.gnupg.org%2Fcgi-bin%2Fgitweb.cgi%3Fp%3Dlibgcrypt.git%3Ba%3Dpatch%3Bh%3D3462280f2e23e16adf3ed5176e0f2413d8861320&data=04%7C01%7CSaloni.Jain%40kpit.com%7Cab35b176f5054ba2760408d976cbd354%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637671440110080648%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=mxW8l7hc7mDiu3UKIXQegIMJsP6kWfWmJ%2FbkQEVL958%3D&reserved=0] > > Signed-off-by: Saloni Jain<jainsaloni0...@gmail.com> > --- > .../libgcrypt/files/CVE-2021-33560.patch | 108 ++++++++++++++++++ > .../libgcrypt/libgcrypt_1.8.5.bb | 1 + > 2 files changed, 109 insertions(+) > create mode 100644 meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch > > diff --git a/meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch > b/meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch > new file mode 100644 > index 0000000000..ba51af46b3 > --- /dev/null > +++ b/meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch > @@ -0,0 +1,108 @@ > +From 3462280f2e23e16adf3ed5176e0f2413d8861320 Mon Sep 17 00:00:00 2001 > +From: NIIBE Yutaka <gni...@fsij.org> > +Date: Fri, 21 May 2021 11:15:07 +0900 > +Subject: [PATCH] cipher: Fix ElGamal encryption for other implementations. > + > +* cipher/elgamal.c (gen_k): Remove support of smaller K. > +(do_encrypt): Never use smaller K. > +(sign): Folllow the change of gen_k. > + > +-- > + > +Cherry-pick master commit of: > + 632d80ef30e13de6926d503aa697f92b5dbfbc5e > + > +This change basically reverts encryption changes in two commits: > + > + 74386120dad6b3da62db37f7044267c8ef34689b > + 78531373a342aeb847950f404343a05e36022065 > + > +Use of smaller K for ephemeral key in ElGamal encryption is only good, > +when we can guarantee that recipient's key is generated by our > +implementation (or compatible). > + > +For detail, please see: > + > + Luca De Feo, Bertram Poettering, Alessandro Sorniotti, > + "On the (in)security of ElGamal in OpenPGP"; > + in the proceedings of CCS'2021. > + > +CVE: CVE-2021-33560 > +GnuPG-bug-id: 5328 > +Suggested-by: Luca De Feo, Bertram Poettering, Alessandro Sorniotti > +Signed-off-by: NIIBE Yutaka <gni...@fsij.org> > +Signed-off-by: Saloni Jain <jainsaloni0...@gmail.com> > + > +Upstream-Status: Backport > [https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit.gnupg.org%2Fcgi-bin%2Fgitweb.cgi%3Fp%3Dlibgcrypt.git%3Ba%3Dpatch%3Bh%3D3462280f2e23e16adf3ed5176e0f2413d8861320&data=04%7C01%7CSaloni.Jain%40kpit.com%7Cab35b176f5054ba2760408d976cbd354%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637671440110090650%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=XEr2AaiwglyGxJRihsQJmNwA5jqW5mO%2FHHNOtWgoI1o%3D&reserved=0] > +Comment: No changes/refreshing done. > +--- > + cipher/elgamal.c | 24 ++++++------------------ > + 1 file changed, 6 insertions(+), 18 deletions(-) > + > +diff --git a/cipher/elgamal.c b/cipher/elgamal.c > +index 9835122f..eead4502 100644 > +--- a/cipher/elgamal.c > ++++ b/cipher/elgamal.c > +@@ -66,7 +66,7 @@ static const char *elg_names[] = > + > + > + static int test_keys (ELG_secret_key *sk, unsigned int nbits, int nodie); > +-static gcry_mpi_t gen_k (gcry_mpi_t p, int small_k); > ++static gcry_mpi_t gen_k (gcry_mpi_t p); > + static gcry_err_code_t generate (ELG_secret_key *sk, unsigned nbits, > + gcry_mpi_t **factors); > + static int check_secret_key (ELG_secret_key *sk); > +@@ -189,11 +189,10 @@ test_keys ( ELG_secret_key *sk, unsigned int nbits, > int nodie ) > + > + /**************** > + * Generate a random secret exponent k from prime p, so that k is > +- * relatively prime to p-1. With SMALL_K set, k will be selected for > +- * better encryption performance - this must never be used signing! > ++ * relatively prime to p-1. > + */ > + static gcry_mpi_t > +-gen_k( gcry_mpi_t p, int small_k ) > ++gen_k( gcry_mpi_t p ) > + { > + gcry_mpi_t k = mpi_alloc_secure( 0 ); > + gcry_mpi_t temp = mpi_alloc( mpi_get_nlimbs(p) ); > +@@ -202,18 +201,7 @@ gen_k( gcry_mpi_t p, int small_k ) > + unsigned int nbits, nbytes; > + char *rndbuf = NULL; > + > +- if (small_k) > +- { > +- /* Using a k much lesser than p is sufficient for encryption and > +- * it greatly improves the encryption performance. We use > +- * Wiener's table and add a large safety margin. */ > +- nbits = wiener_map( orig_nbits ) * 3 / 2; > +- if( nbits >= orig_nbits ) > +- BUG(); > +- } > +- else > +- nbits = orig_nbits; > +- > ++ nbits = orig_nbits; > + > + nbytes = (nbits+7)/8; > + if( DBG_CIPHER ) > +@@ -492,7 +480,7 @@ do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, > ELG_public_key *pkey ) > + * error code. > + */ > + > +- k = gen_k( pkey->p, 1 ); > ++ k = gen_k( pkey->p ); > + mpi_powm (a, pkey->g, k, pkey->p); > + > + /* b = (y^k * input) mod p > +@@ -608,7 +596,7 @@ sign(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, > ELG_secret_key *skey ) > + * > + */ > + mpi_sub_ui(p_1, p_1, 1); > +- k = gen_k( skey->p, 0 /* no small K ! */ ); > ++ k = gen_k( skey->p ); > + mpi_powm( a, skey->g, k, skey->p ); > + mpi_mul(t, skey->x, a ); > + mpi_subm(t, input, t, p_1 ); > +-- > +2.11.0 > diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb > b/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb > index 16a58ad9b8..174b087b24 100644 > --- a/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb > +++ b/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb > @@ -28,6 +28,7 @@ SRC_URI = > "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \ > > file://0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch \ > > file://0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch \ > file://determinism.patch \ > + file://CVE-2021-33560.patch \ > " > SRC_URI[md5sum] = "348cc4601ca34307fc6cd6c945467743" > SRC_URI[sha256sum] = > "3b4a2a94cb637eff5bdebbcaf46f4d95c4f25206f459809339cdada0eb577ac3" > -- > 2.17.1 > > > > This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155983): https://lists.openembedded.org/g/openembedded-core/message/155983 Mute This Topic: https://lists.openembedded.org/mt/85574604/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
