components/library/libgcrypt/patches/03-CVE-2017-7526-2.patch

   1 From 0e6788517eac6f508fa32ec5d5c1cada7fb980bc Mon Sep 17 00:00:00 2001
   2 From: NIIBE Yutaka <gniibe@fsij.org>
   3 Date: Sat, 24 Jun 2017 20:46:20 +0900
   4 Subject: [PATCH] Same computation for square and multiply.
   5
   6 * mpi/mpi-pow.c (_gcry_mpi_powm): Compare msize for max_u_size.  Move
   7 the assignment to base_u into the loop.  Copy content refered by RP to
   8 BASE_U except the last of the loop.
   9
  10 --
  11
  12 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
  13 (backport from master commit:
  14 78130828e9a140a9de4dafadbc844dbb64cb709a)
  15 ---
  16  mpi/mpi-pow.c | 50 +++++++++++++++++++++++++++++---------------------
  17  1 file changed, 29 insertions(+), 21 deletions(-)
  18
  19 Index: libgcrypt20-1.6.5/mpi/mpi-pow.c
  20 ===================================================================
  21 --- libgcrypt20-1.6.5.orig/mpi/mpi-pow.c        2017-07-03 08:16:12.941489654 -0400
  22 +++ libgcrypt20-1.6.5/mpi/mpi-pow.c     2017-07-03 08:16:12.937489654 -0400
  23 @@ -577,6 +577,8 @@ _gcry_mpi_powm (gcry_mpi_t res,
  24          MPN_COPY (precomp[i], rp, rsize);
  25        }
  26
  27 +    if (msize > max_u_size)
  28 +      max_u_size = msize;
  29      base_u = mpi_alloc_limb_space (max_u_size, esec);
  30      MPN_ZERO (base_u, max_u_size);
  31
  32 @@ -623,6 +625,10 @@ _gcry_mpi_powm (gcry_mpi_t res,
  33          {
  34            int c0;
  35            mpi_limb_t e0;
  36 +          struct gcry_mpi w, u;
  37 +          w.sign = u.sign = 0;
  38 +          w.flags = u.flags = 0;
  39 +          w.d = base_u;
  40
  41            count_leading_zeros (c0, e);
  42            e = (e << c0);
  43 @@ -656,29 +662,31 @@ _gcry_mpi_powm (gcry_mpi_t res,
  44            count_trailing_zeros (c0, e0);
  45            e0 = (e0 >> c0) >> 1;
  46
  47 -          /*
  48 -           *  base_u <= precomp[e0]
  49 -           *  base_u_size <= precomp_size[e0]
  50 -           */
  51 -          base_u_size = 0;
  52 -          for (k = 0; k < (1<< (W - 1)); k++)
  53 +          for (j += W - c0; j >= 0; j--)
  54              {
  55 -              struct gcry_mpi w, u;
  56 -              w.alloced = w.nlimbs = precomp_size[k];
  57 -              u.alloced = u.nlimbs = precomp_size[k];
  58 -              w.sign = u.sign = 0;
  59 -              w.flags = u.flags = 0;
  60 -              w.d = base_u;
  61 -              u.d = precomp[k];
  62
  63 -              mpi_set_cond (&w, &u, k == e0);
  64 -              base_u_size |= ( precomp_size[k] & ((mpi_size_t)0 - (k == e0)) );
  65 -            }
  66 +              /*
  67 +               *  base_u <= precomp[e0]
  68 +               *  base_u_size <= precomp_size[e0]
  69 +               */
  70 +              base_u_size = 0;
  71 +              for (k = 0; k < (1<< (W - 1)); k++)
  72 +                {
  73 +                  w.alloced = w.nlimbs = precomp_size[k];
  74 +                  u.alloced = u.nlimbs = precomp_size[k];
  75 +                  u.d = precomp[k];
  76
  77 -          for (j += W - c0; j >= 0; j--)
  78 -            {
  79 -              mul_mod (xp, &xsize, rp, rsize,
  80 -                       j == 0 ? base_u : rp, j == 0 ? base_u_size : rsize,
  81 +                  mpi_set_cond (&w, &u, k == e0);
  82 +                  base_u_size |= ( precomp_size[k] & (0UL - (k == e0)) );
  83 +                }
  84 +
  85 +              w.alloced = w.nlimbs = rsize;
  86 +              u.alloced = u.nlimbs = rsize;
  87 +              u.d = rp;
  88 +              mpi_set_cond (&w, &u, j != 0);
  89 +              base_u_size ^= ((base_u_size ^ rsize)  & (0UL - (j != 0)));
  90 +
  91 +              mul_mod (xp, &xsize, rp, rsize, base_u, base_u_size,
  92                         mp, msize, &karactx);
  93                tp = rp; rp = xp; xp = tp;
  94                rsize = xsize;