Package: release.debian.org Severity: normal Tags: wheezy User: release.debian....@packages.debian.org Usertags: pu
Hi Release Team, There's a vulnerability in Crypto++, the C++ class library of cryptographic schemes. It's CVE-2016-3995, bogus protection from timing attacks in AES (Rijndael) cipher. GCC could optimize the protection out. The patch (already in Sid + Stretch) prevents this. It's minor for a security update, but can be enough for a normal package update. Thanks for consideration, Laszlo/GCS
diff -Nru libcrypto++-5.6.1/debian/changelog libcrypto++-5.6.1/debian/changelog --- libcrypto++-5.6.1/debian/changelog 2015-06-28 13:58:22.000000000 +0000 +++ libcrypto++-5.6.1/debian/changelog 2016-04-11 16:16:30.000000000 +0000 @@ -1,3 +1,9 @@ +libcrypto++ (5.6.1-6+deb7u2) wheezy; urgency=medium + + * Fix CVE-2016-3995, Rijndael timing attack counter measure. + + -- Laszlo Boszormenyi (GCS) <g...@debian.org> Mon, 11 Apr 2016 16:13:54 +0000 + libcrypto++ (5.6.1-6+deb7u1) wheezy-security; urgency=high * Fix CVE-2015-2141, misuse of blinding technique that is aimed at diff -Nru libcrypto++-5.6.1/debian/patches/CVE-2016-3995.patch libcrypto++-5.6.1/debian/patches/CVE-2016-3995.patch --- libcrypto++-5.6.1/debian/patches/CVE-2016-3995.patch 1970-01-01 00:00:00.000000000 +0000 +++ libcrypto++-5.6.1/debian/patches/CVE-2016-3995.patch 2016-04-16 11:38:13.000000000 +0000 @@ -0,0 +1,52 @@ +From 9f335d719ebc27f58251559240de0077ec42c583 Mon Sep 17 00:00:00 2001 +From: Pierre Lestringant <p...@amossys.fr> +Date: Wed, 6 Apr 2016 15:51:17 +0200 +Subject: [PATCH] Fix the Rijndael timing attack counter measure + +--- + rijndael.cpp | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/rijndael.cpp b/rijndael.cpp +index f394960..92f9dea 100644 +--- a/rijndael.cpp ++++ b/rijndael.cpp +@@ -372,10 +372,12 @@ void Rijndael::Enc::ProcessAndXorBlock(c + t3 = rk[7]; + rk += 8; + +- // timing attack countermeasure. see comments at top for more details ++ // timing attack countermeasure. see comments at top for more details. ++ // also see http://github.com/weidai11/cryptopp/issues/146 + const int cacheLineSize = GetCacheLineSize(); + unsigned int i; +- word32 u = 0; ++ volatile word32 _u = 0; ++ word32 u = _u; + #ifdef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS + for (i=0; i<2048; i+=cacheLineSize) + #else +@@ -448,10 +450,12 @@ void Rijndael::Dec::ProcessAndXorBlock(c + t3 = rk[7]; + rk += 8; + +- // timing attack countermeasure. see comments at top for more details ++ // timing attack countermeasure. see comments at top for more details. ++ // also see http://github.com/weidai11/cryptopp/issues/146 + const int cacheLineSize = GetCacheLineSize(); + unsigned int i; +- word32 u = 0; ++ volatile word32 _u = 0; ++ word32 u = _u; + #ifdef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS + for (i=0; i<2048; i+=cacheLineSize) + #else +@@ -491,7 +495,7 @@ void Rijndael::Dec::ProcessAndXorBlock(c + // timing attack countermeasure. see comments at top for more details + // If CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS is defined, + // QUARTER_ROUND_LD will use Td, which is already preloaded. +- u = 0; ++ u = _u; + for (i=0; i<256; i+=cacheLineSize) + u &= *(const word32 *)(Sd+i); + u &= *(const word32 *)(Sd+252); diff -Nru libcrypto++-5.6.1/debian/patches/series libcrypto++-5.6.1/debian/patches/series --- libcrypto++-5.6.1/debian/patches/series 2015-06-28 13:58:08.000000000 +0000 +++ libcrypto++-5.6.1/debian/patches/series 2016-04-11 16:25:12.000000000 +0000 @@ -7,3 +7,4 @@ salsa.patch gcc-4.7-ftbfs.diff CVE-2015-2141.patch +CVE-2016-3995.patch
