current/SOURCES/nettle-3.0-CVE-2016-6489.patch

From 3fe1d6549765ecfb24f0b80b2ed086fdc818bff3 Mon Sep 17 00:00:00 2001
From: Niels Möller <nisse@lysator.liu.se>
Date: Mon, 20 Jun 2016 20:04:56 +0200
Subject: [PATCH] Use mpz_powm_sec.

---
 configure.ac  | 4 ++--
 dsa-sign.c    | 2 +-
 rsa-blind.c   | 2 +-
 rsa-sign.c    | 4 ++--
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/configure.ac b/configure.ac
index e1ee64c..92a3605 100644
--- a/configure.ac
+++ b/configure.ac
@@ -231,9 +231,9 @@
 # Checks for libraries
 if test "x$enable_public_key" = "xyes" ; then
   if test "x$enable_mini_gmp" = "xno" ; then
-    AC_CHECK_LIB(gmp, __gmpz_getlimbn,,
+    AC_CHECK_LIB(gmp, __gmpz_mpz_powm,,
         [AC_MSG_WARN(
-    [GNU MP not found, or not 3.1 or up, see http://gmplib.org/.
+    [GNU MP not found, or too old. GMP-5.0 or later is needed, see http://gmplib.org/.
     Support for public key algorithms will be unavailable.])]
         enable_public_key=no)
 
diff --git a/dsa-sign.c b/dsa-sign.c
index 62c7d4a..9d6bb18 100644
--- a/dsa-sign.c
+++ b/dsa-sign.c
@@ -65,7 +65,7 @@ dsa_sign(const struct dsa_params *params,
   mpz_add_ui(k, k, 1);
 
   /* Compute r = (g^k (mod p)) (mod q) */
-  mpz_powm(tmp, params->g, k, params->p);
+  mpz_powm_sec(tmp, params->g, k, params->p);
   mpz_fdiv_r(signature->r, tmp, params->q);
 
   /* Compute hash */
diff --git a/rsa-blind.c b/rsa-blind.c
index 7662f50..16b03d7 100644
--- a/rsa-blind.c
+++ b/rsa-blind.c
@@ -61,7 +61,7 @@ _rsa_blind (const struct rsa_public_key *pub,
   while (!mpz_invert (ri, r, pub->n));
 
   /* c = c*(r^e) mod n */
-  mpz_powm(r, r, pub->e, pub->n);
+  mpz_powm_sec(r, r, pub->e, pub->n);
   mpz_mul(c, c, r);
   mpz_fdiv_r(c, c, pub->n);
 
diff --git a/rsa-sign.c b/rsa-sign.c
index eba7388..4832352 100644
--- a/rsa-sign.c
+++ b/rsa-sign.c
@@ -96,11 +96,11 @@ rsa_compute_root(const struct rsa_private_key *key,
 
   /* Compute xq = m^d % q = (m%q)^b % q */
   mpz_fdiv_r(xq, m, key->q);
-  mpz_powm(xq, xq, key->b, key->q);
+  mpz_powm_sec(xq, xq, key->b, key->q);
 
   /* Compute xp = m^d % p = (m%p)^a % p */
   mpz_fdiv_r(xp, m, key->p);
-  mpz_powm(xp, xp, key->a, key->p);
+  mpz_powm_sec(xp, xp, key->a, key->p);
 
   /* Set xp' = (xp - xq) c % p. */
   mpz_sub(xp, xp, xq);
--
libgit2 0.24.0

1	From 3fe1d6549765ecfb24f0b80b2ed086fdc818bff3 Mon Sep 17 00:00:00 2001
2	From: Niels Möller <nisse@lysator.liu.se>
3	Date: Mon, 20 Jun 2016 20:04:56 +0200
4	Subject: [PATCH] Use mpz_powm_sec.
5
6	---
7	configure.ac \| 4 ++--
8	dsa-sign.c \| 2 +-
9	rsa-blind.c \| 2 +-
10	rsa-sign.c \| 4 ++--
11	4 files changed, 6 insertions(+), 6 deletions(-)
12
13	diff --git a/configure.ac b/configure.ac
14	index e1ee64c..92a3605 100644
15	--- a/configure.ac
16	+++ b/configure.ac
17	@@ -231,9 +231,9 @@
18	# Checks for libraries
19	if test "x$enable_public_key" = "xyes" ; then
20	if test "x$enable_mini_gmp" = "xno" ; then
21	- AC_CHECK_LIB(gmp, __gmpz_getlimbn,,
22	+ AC_CHECK_LIB(gmp, __gmpz_mpz_powm,,
23	[AC_MSG_WARN(
24	- [GNU MP not found, or not 3.1 or up, see http://gmplib.org/.
25	+ [GNU MP not found, or too old. GMP-5.0 or later is needed, see http://gmplib.org/.
26	Support for public key algorithms will be unavailable.])]
27	enable_public_key=no)
28
29	diff --git a/dsa-sign.c b/dsa-sign.c
30	index 62c7d4a..9d6bb18 100644
31	--- a/dsa-sign.c
32	+++ b/dsa-sign.c
33	@@ -65,7 +65,7 @@ dsa_sign(const struct dsa_params *params,
34	mpz_add_ui(k, k, 1);
35
36	/* Compute r = (g^k (mod p)) (mod q) */
37	- mpz_powm(tmp, params->g, k, params->p);
38	+ mpz_powm_sec(tmp, params->g, k, params->p);
39	mpz_fdiv_r(signature->r, tmp, params->q);
40
41	/* Compute hash */
42	diff --git a/rsa-blind.c b/rsa-blind.c
43	index 7662f50..16b03d7 100644
44	--- a/rsa-blind.c
45	+++ b/rsa-blind.c
46	@@ -61,7 +61,7 @@ _rsa_blind (const struct rsa_public_key *pub,
47	while (!mpz_invert (ri, r, pub->n));
48
49	/* c = c(r^e) mod n /
50	- mpz_powm(r, r, pub->e, pub->n);
51	+ mpz_powm_sec(r, r, pub->e, pub->n);
52	mpz_mul(c, c, r);
53	mpz_fdiv_r(c, c, pub->n);
54
55	diff --git a/rsa-sign.c b/rsa-sign.c
56	index eba7388..4832352 100644
57	--- a/rsa-sign.c
58	+++ b/rsa-sign.c
59	@@ -96,11 +96,11 @@ rsa_compute_root(const struct rsa_private_key *key,
60
61	/* Compute xq = m^d % q = (m%q)^b % q */
62	mpz_fdiv_r(xq, m, key->q);
63	- mpz_powm(xq, xq, key->b, key->q);
64	+ mpz_powm_sec(xq, xq, key->b, key->q);
65
66	/* Compute xp = m^d % p = (m%p)^a % p */
67	mpz_fdiv_r(xp, m, key->p);
68	- mpz_powm(xp, xp, key->a, key->p);
69	+ mpz_powm_sec(xp, xp, key->a, key->p);
70
71	/* Set xp' = (xp - xq) c % p. */
72	mpz_sub(xp, xp, xq);
73	--
74	libgit2 0.24.0
75