Package: libgcrypt11 / 1.4.5-2+squeeze1

Metadata

Package Version Patches format
libgcrypt11 1.4.5-2+squeeze1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
12_lessdeps_libgcrypt config.diff | (download)

src/libgcrypt-config.in | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 
---
20_ftbfsmips.diff | (download)

mpi/longlong.h | 21 19 + 2 - 0 !
1 file changed, 19 insertions(+), 2 deletions(-)

 
 bug#561475: libgcrypt11/mips(el): ftbfs with gcc-4.4

Package: libgcrypt11
Version: 1.4.1-1
Severity: serious
Tags: patch
Justification: fails to build from source

mpfr fails to build on mips(el) with gcc-4.4. A full build log can be
found here:
https://buildd.debian.org/fetch.cgi?pkg=libgcrypt11&arch=mipsel&ver=1.4.5-1&stamp=1260977092&file=log&as=raw

This is due to a change in GCC 4.4, the h asm constraint is not 
supported anymore on mips. For more details please have a look at:
http://gcc.gnu.org/gcc-4.4/changes.html

The patch below fixes the problem by implementing the solution
recommended by the previous web page. With it libgcrypt11 builds 
successfully.
35_bug in mpi_powm for e 0.patch | (download)

mpi/mpi-pow.c | 9 7 + 2 - 0 !
1 file changed, 7 insertions(+), 2 deletions(-)

 
 [patch 1/2] fix a special case bug in mpi_powm for e==0.

* mpi/mpi-pow.c (gcry_mpi_powm): For a zero exponent, make sure that
the result has been allocated.
--

This code triggered the problem:

    modulus = gcry_mpi_set_ui(NULL, 100);
    generator = gcry_mpi_set_ui(NULL, 3);
    exponent = gcry_mpi_set_ui(NULL, 0);
    result = gcry_mpi_new(0);
    gcry_mpi_powm(result, generator, exponent, modulus);

gcry_mpi_new(0) does not allocate the limb space thus it is not
possible to write even into the first limb.  Workaround was to use
gcry_mpi_new (1) but a real fix is better.

Reported-by: Ian Goldberg
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 6e1adb05d290aeeb1c230c763970695f4a538526)
36_Mitigate flush reload cache attack on RSA.patch | (download)

mpi/mpi-pow.c | 12 11 + 1 - 0 !
1 file changed, 11 insertions(+), 1 deletion(-)

 
 [patch 2/2] mitigate a flush+reload cache attack on rsa secret
 exponents.

* mpi/mpi-pow.c (gcry_mpi_powm): Always perfrom the mpi_mul for
exponents in secure memory.
--

The attack is published as http://eprint.iacr.org/2013/448 :

Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel
Attack by Yuval Yarom and Katrina Falkner. 18 July 2013.

  Flush+Reload is a cache side-channel attack that monitors access to
  data in shared pages. In this paper we demonstrate how to use the
  attack to extract private encryption keys from GnuPG.  The high
  resolution and low noise of the Flush+Reload attack enables a spy
  program to recover over 98% of the bits of the private key in a
  single decryption or signing round. Unlike previous attacks, the
  attack targets the last level L3 cache. Consequently, the spy
  program and the victim do not need to share the execution core of
  the CPU. The attack is not limited to a traditional OS and can be
  used in a virtualised environment, where it can attack programs