[git] GCRYPT - branch, master, updated. libgcrypt-1.7.3-116-ge235f6a

by Werner Koch cvs at cvs.gnupg.org
Thu Jul 6 10:31:13 CEST 2017


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  e235f6a62f6268538c784154c2d1470ff073b6a8 (commit)
       via  208aba6f9a0475ba049f5a66fe02cf9a6214a887 (commit)
      from  85a9a913da9ecc6b2cd6f743e90e49983251d706 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit e235f6a62f6268538c784154c2d1470ff073b6a8
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Jul 6 10:26:24 2017 +0200

    Update NEWS
    
    --
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/NEWS b/NEWS
index c97f425..b29bb89 100644
--- a/NEWS
+++ b/NEWS
@@ -63,6 +63,10 @@ Noteworthy changes in version 1.8.0 (unreleased)  [C21/A1/R_]
    - Fix long standing bug in secure memory implementation which could
      lead to a segv on free. [bug#3027] [also in 1.7.7]
 
+   - Mitigate a flush+reload side-channel attack on RSA secret keys
+     dubbed "Sliding right into disaster".  For details see
+     <https://eprint.iacr.org/2017/627>.  [CVE-2017-7526] [also in 1.7.8]
+
 
  * Interface changes relative to the 1.7.0 release:
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -73,6 +77,7 @@ Noteworthy changes in version 1.8.0 (unreleased)  [C21/A1/R_]
 
  * Release dates of 1.7.x versions:
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+   Version 1.7.8 (2017-06-29)  [C21/A1/R8]
    Version 1.7.7 (2017-06-02)  [C21/A1/R7]
    Version 1.7.6 (2017-01-18)  [C21/A1/R6]
    Version 1.7.5 (2016-12-15)  [C21/A1/R5]

commit 208aba6f9a0475ba049f5a66fe02cf9a6214a887
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Jun 29 08:31:27 2017 +0200

    rsa: Use modern MPI allocation function.
    
    * cipher/rsa.c (secret_core_crt): Use modern function _gcry_mpi_snew.
    --
    
    Eventually we want to get rid of the notion of limb sizes in mpi using
    code.  Thus it is better to use the modern function/macro.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/cipher/rsa.c b/cipher/rsa.c
index ce73f10..575ea94 100644
--- a/cipher/rsa.c
+++ b/cipher/rsa.c
@@ -1026,7 +1026,7 @@ secret_core_crt (gcry_mpi_t M, gcry_mpi_t C,
   r_nbits = mpi_get_nbits (P) / 4;
   if (r_nbits < 96)
     r_nbits = 96;
-  r = mpi_alloc_secure ( (r_nbits + BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB );
+  r = mpi_secure_new (r_nbits);
 
   /* d_blind = (d mod (p-1)) + (p-1) * r            */
   /* m1 = c ^ d_blind mod p */

-----------------------------------------------------------------------

Summary of changes:
 NEWS         | 5 +++++
 cipher/rsa.c | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org




More information about the Gnupg-commits mailing list