Hello community, here is the log from the commit of package Botan for openSUSE:Factory checked in at 2016-02-11 12:32:24 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/Botan (Old) and /work/SRC/openSUSE:Factory/.Botan.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "Botan" Changes: -------- --- /work/SRC/openSUSE:Factory/Botan/Botan.changes 2015-12-27 01:58:47.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.Botan.new/Botan.changes 2016-02-11 12:32:25.000000000 +0100 @@ -1,0 +2,20 @@ +Wed Feb 3 10:52:19 UTC 2016 - [email protected] + +- Update to 1.10.12 + +- Version 1.10.12, 2016-02-03 + * In 1.10.11, the check in PointGFp intended to check the affine y + argument actually checked the affine x again. Reported by Remi Gacogne + * The CVE-2016-2195 overflow is not exploitable in 1.10.11 due to an + additional check in the multiplication function itself which was also + added in that release, so there are no security implications from the + missed check. However to avoid confusion the change was pushed in a new + release immediately. + * The 1.10.11 release notes incorrectly identified CVE-2016-2195 as + CVE-2016-2915 +- Version 1.10.11, 2016-02-01 + * Resolve heap overflow in ECC point decoding. CVE-2016-2195 + Resolve infinite loop in modular square root algorithm. CVE-2016-2194 + Correct BigInt::to_u32bit to not fail on integers of exactly 32 bits. GH #239 + +------------------------------------------------------------------- Old: ---- Botan-1.10.10.tgz Botan-1.10.10.tgz.asc New: ---- Botan-1.10.12.tgz Botan-1.10.12.tgz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ Botan.spec ++++++ --- /var/tmp/diff_new_pack.9gjhMo/_old 2016-02-11 12:32:26.000000000 +0100 +++ /var/tmp/diff_new_pack.9gjhMo/_new 2016-02-11 12:32:26.000000000 +0100 @@ -19,7 +19,7 @@ %define version_suffix 1_10-1 %define short_version 1.10 Name: Botan -Version: 1.10.10 +Version: 1.10.12 Release: 0 Summary: A C++ Crypto Library License: BSD-2-Clause ++++++ Botan-1.10.10.tgz -> Botan-1.10.12.tgz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Botan-1.10.10/botan_version.py new/Botan-1.10.12/botan_version.py --- old/Botan-1.10.10/botan_version.py 2015-08-03 06:37:55.000000000 +0200 +++ new/Botan-1.10.12/botan_version.py 2016-02-03 09:05:05.000000000 +0100 @@ -1,11 +1,11 @@ release_major = 1 release_minor = 10 -release_patch = 10 +release_patch = 12 release_so_abi_rev = 1 # These are set by the distribution script -release_vc_rev = 'git:077c55bac2503fa3c9f8f8b13204f41af1b5c6e6' -release_datestamp = 20150803 +release_vc_rev = 'git:94a3fa8ae0dc4df67f6e9ba780427e651baa9dfd' +release_datestamp = 20160203 release_type = 'released' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Botan-1.10.10/checks/ec_tests.cpp new/Botan-1.10.12/checks/ec_tests.cpp --- old/Botan-1.10.10/checks/ec_tests.cpp 2015-08-03 06:36:03.000000000 +0200 +++ new/Botan-1.10.12/checks/ec_tests.cpp 2016-02-03 08:57:06.000000000 +0100 @@ -784,6 +784,49 @@ CurveGFp curve(dom_pars.get_curve()); } +size_t test_cve_2016_2195() + { + EC_Group dom_pars("secp256r1"); + CurveGFp curve(dom_pars.get_curve()); + + size_t fail = 0; + + const BigInt p = curve.get_p(); + + try { + PointGFp point(curve, p, p - 1); + std::cout << "Accepted PointGFp x == p\n"; + ++fail; + } + catch(...) {} + + try { + PointGFp point(curve, p + 1, p - 1); + std::cout << "Accepted PointGFp x > p\n"; + ++fail; + } + catch(...) {} + + try { + PointGFp point(curve, p - 1, p); + std::cout << "Accepted PointGFp y == p\n"; + ++fail; + } + catch(...) {} + + try { + PointGFp point(curve, p - 1, p + 1); + std::cout << "Accepted PointGFp y > p\n"; + ++fail; + } + catch(...) {} + + // this is allowed (though not on the curve) + PointGFp point(curve, p - 1, p - 1); + + return fail; + } + } void do_ec_tests(RandomNumberGenerator& rng) @@ -814,6 +857,7 @@ test_point_swap(rng); test_mult_sec_mass(rng); test_curve_cp_ctor(); + test_cve_2016_2195(); std::cout << std::endl; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Botan-1.10.10/doc/log.txt new/Botan-1.10.12/doc/log.txt --- old/Botan-1.10.10/doc/log.txt 2015-08-03 06:36:03.000000000 +0200 +++ new/Botan-1.10.12/doc/log.txt 2016-02-03 08:57:06.000000000 +0100 @@ -7,6 +7,31 @@ Series 1.10 ---------------------------------------- +Version 1.10.12, 2016-02-03 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* In 1.10.11, the check in PointGFp intended to check the affine y + argument actually checked the affine x again. Reported by Remi Gacogne + + The CVE-2016-2195 overflow is not exploitable in 1.10.11 due to an + additional check in the multiplication function itself which was + also added in that release, so there are no security implications + from the missed check. However to avoid confusion the change was + pushed in a new release immediately. + + The 1.10.11 release notes incorrectly identified CVE-2016-2195 as CVE-2016-2915 + +Version 1.10.11, 2016-02-01 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Resolve heap overflow in ECC point decoding. CVE-2016-2195 + +* Resolve infinite loop in modular square root algorithm. + CVE-2016-2194 + +* Correct BigInt::to_u32bit to not fail on integers of exactly 32 bits. + GH #239 + Version 1.10.10, 2015-08-03 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Botan-1.10.10/src/math/bigint/bigint.cpp new/Botan-1.10.12/src/math/bigint/bigint.cpp --- old/Botan-1.10.10/src/math/bigint/bigint.cpp 2015-08-03 06:36:03.000000000 +0200 +++ new/Botan-1.10.12/src/math/bigint/bigint.cpp 2016-02-03 08:57:06.000000000 +0100 @@ -190,7 +190,7 @@ { if(is_negative()) throw Encoding_Error("BigInt::to_u32bit: Number is negative"); - if(bits() >= 32) + if(bits() > 32) throw Encoding_Error("BigInt::to_u32bit: Number is too big to convert"); u32bit out = 0; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Botan-1.10.10/src/math/ec_gfp/point_gfp.cpp new/Botan-1.10.12/src/math/ec_gfp/point_gfp.cpp --- old/Botan-1.10.10/src/math/ec_gfp/point_gfp.cpp 2015-08-03 06:36:03.000000000 +0200 +++ new/Botan-1.10.12/src/math/ec_gfp/point_gfp.cpp 2016-02-03 08:57:06.000000000 +0100 @@ -11,6 +11,7 @@ #include <botan/numthry.h> #include <botan/reducer.h> #include <botan/internal/mp_core.h> +#include <botan/internal/assert.h> namespace Botan { @@ -25,6 +26,10 @@ PointGFp::PointGFp(const CurveGFp& curve, const BigInt& x, const BigInt& y) : curve(curve), ws(2 * (curve.get_p_words() + 2)) { + if(x <= 0 || x >= curve.get_p()) + throw Invalid_Argument("Invalid PointGFp x"); + if(y <= 0 || y >= curve.get_p()) + throw Invalid_Argument("Invalid PointGFp y"); coord_x = monty_mult(x, curve.get_r2()); coord_y = monty_mult(y, curve.get_r2()); coord_z = monty_mult(1, curve.get_r2()); @@ -68,15 +73,18 @@ } const BigInt& p = curve.get_p(); - const size_t p_size = curve.get_p_words(); const word p_dash = curve.get_p_dash(); + const size_t p_size = curve.get_p_words(); + + const size_t x_sw = x.sig_words(); + BOTAN_ASSERT(x_sw <= p_size, "x value in range"); SecureVector<word>& z_reg = z.get_reg(); z_reg.resize(2*p_size+1); zeroise(z_reg); bigint_monty_sqr(&z_reg[0], z_reg.size(), - x.data(), x.size(), x.sig_words(), + x.data(), x.size(), x_sw, p.data(), p_size, p_dash, &ws[0]); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Botan-1.10.10/src/math/mp/mp_karat.cpp new/Botan-1.10.12/src/math/mp/mp_karat.cpp --- old/Botan-1.10.10/src/math/mp/mp_karat.cpp 2015-08-03 06:36:03.000000000 +0200 +++ new/Botan-1.10.12/src/math/mp/mp_karat.cpp 2016-02-03 08:57:06.000000000 +0100 @@ -7,6 +7,7 @@ #include <botan/internal/mp_core.h> #include <botan/internal/mp_asmi.h> +#include <botan/internal/assert.h> #include <botan/mem_ops.h> namespace Botan { @@ -249,6 +250,8 @@ const word x[], size_t x_size, size_t x_sw, const word y[], size_t y_size, size_t y_sw) { + BOTAN_ASSERT(z_size > x_sw && z_size > y_sw && z_size - x_sw >= y_sw, "Sufficient output size"); + if(x_sw == 1) { bigint_linmul3(z, y, y_sw, x[0]); @@ -303,6 +306,8 @@ void bigint_sqr(word z[], size_t z_size, word workspace[], const word x[], size_t x_size, size_t x_sw) { + BOTAN_ASSERT(z_size/2 >= x_sw, "Sufficient output size"); + if(x_sw == 1) { bigint_linmul3(z, x, x_sw, x[0]); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Botan-1.10.10/src/math/numbertheory/ressol.cpp new/Botan-1.10.12/src/math/numbertheory/ressol.cpp --- old/Botan-1.10.10/src/math/numbertheory/ressol.cpp 2015-08-03 06:36:03.000000000 +0200 +++ new/Botan-1.10.12/src/math/numbertheory/ressol.cpp 2016-02-03 08:57:06.000000000 +0100 @@ -63,10 +63,10 @@ { q = mod_p.square(q); ++i; - } - if(s <= i) - return -BigInt(1); + if(i >= s) + return -BigInt(1); + } c = power_mod(c, BigInt(BigInt::Power2, s-i-1), p); r = mod_p.multiply(r, c);
