[Buildroot] [git commit] package/botan: security bump to version 2.18.2

Peter Korsgaard peter at korsgaard.com
Thu Nov 4 12:31:08 UTC 2021


commit: https://git.buildroot.net/buildroot/commit/?id=47fa16dffa6c6a72b2f76984f6d492f4f352a52b
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master

- Fix a low risk OAEP decryption side channel (GH #2797)
- Drop patch (already in version)

https://github.com/randombit/botan/blob/2.18.2/news.rst

Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
 ...-Avoid-using-short-exponents-with-ElGamal.patch | 38 ----------------------
 package/botan/botan.hash                           |  2 +-
 package/botan/botan.mk                             |  5 +--
 3 files changed, 2 insertions(+), 43 deletions(-)

diff --git a/package/botan/0001-Avoid-using-short-exponents-with-ElGamal.patch b/package/botan/0001-Avoid-using-short-exponents-with-ElGamal.patch
deleted file mode 100644
index e2570cd5ff..0000000000
--- a/package/botan/0001-Avoid-using-short-exponents-with-ElGamal.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 9a23e4e3bc3966340531f2ff608fa9d33b5185a2 Mon Sep 17 00:00:00 2001
-From: Jack Lloyd <jack at randombit.net>
-Date: Tue, 3 Aug 2021 18:20:29 -0400
-Subject: [PATCH] Avoid using short exponents with ElGamal
-
-Some off-brand PGP implementation generates keys where p - 1 is
-smooth, as a result short exponents can leak enough information about
-k to allow decryption.
-
-Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
-[Peter: Drop tests, CVE-2021-40529]
----
- src/lib/pubkey/elgamal/elgamal.cpp        |  8 +++-
- 1 file changed, 1 insertions(+), 1 deletions(-)
-
-diff --git a/src/lib/pubkey/elgamal/elgamal.cpp b/src/lib/pubkey/elgamal/elgamal.cpp
-index b3ec6df2c..0e33c2ca5 100644
---- a/src/lib/pubkey/elgamal/elgamal.cpp
-+++ b/src/lib/pubkey/elgamal/elgamal.cpp
-@@ -113,8 +113,12 @@ ElGamal_Encryption_Operation::raw_encrypt(const uint8_t msg[], size_t msg_len,
-    if(m >= m_group.get_p())
-       throw Invalid_Argument("ElGamal encryption: Input is too large");
- 
--   const size_t k_bits = m_group.exponent_bits();
--   const BigInt k(rng, k_bits);
-+   /*
-+   Some ElGamal implementations foolishly use prime fields where p - 1 is
-+   smooth, as a result it is unsafe to use short exponents.
-+   */
-+   const size_t k_bits = m_group.p_bits() - 1;
-+   const BigInt k(rng, k_bits, false);
- 
-    const BigInt a = m_group.power_g_p(k, k_bits);
-    const BigInt b = m_group.multiply_mod_p(m, monty_execute(*m_monty_y_p, k, k_bits));
--
--- 
-2.20.1
-
diff --git a/package/botan/botan.hash b/package/botan/botan.hash
index b7804ce9d7..91e1bf741a 100644
--- a/package/botan/botan.hash
+++ b/package/botan/botan.hash
@@ -1,4 +1,4 @@
 # From https://botan.randombit.net/releases/sha256sums.txt
-sha256  f8c7b46222a857168a754a5cc329bb780504122b270018dda5304c98db28ae29  Botan-2.18.1.tar.xz
+sha256  541a3b13f1b9d30f977c6c1ae4c7bfdfda763cda6e44de807369dce79f42307e  Botan-2.18.2.tar.xz
 # Locally computed
 sha256  fb7f0322d36fba55ca17d77bc203a9f09a40daa8a249b75cf8887aba36cec9d0  license.txt
diff --git a/package/botan/botan.mk b/package/botan/botan.mk
index 36aca6d93e..ebff1343b1 100644
--- a/package/botan/botan.mk
+++ b/package/botan/botan.mk
@@ -4,16 +4,13 @@
 #
 ################################################################################
 
-BOTAN_VERSION = 2.18.1
+BOTAN_VERSION = 2.18.2
 BOTAN_SOURCE = Botan-$(BOTAN_VERSION).tar.xz
 BOTAN_SITE = http://botan.randombit.net/releases
 BOTAN_LICENSE = BSD-2-Clause
 BOTAN_LICENSE_FILES = license.txt
 BOTAN_CPE_ID_VENDOR = botan_project
 
-# 0001-Avoid-using-short-exponents-with-ElGamal.patch
-BOTAN_IGNORE_CVES += CVE-2021-40529
-
 BOTAN_INSTALL_STAGING = YES
 
 BOTAN_CONF_OPTS = \


More information about the buildroot mailing list