Bug#821834: wheezy-pu: package libcrypto++/5.6.1-6+deb7u2

2016-04-22 Thread Adam D. Barratt 
Control: tags -1 + pending

On Tue, 2016-04-19 at 22:03 +0200, László Böszörményi wrote:
> On Tue, Apr 19, 2016 at 9:27 PM, Adam D. Barratt
>  wrote:
> > Control: tags -1 + confirmed
> >
> > On Tue, 2016-04-19 at 19:19 +0200, László Böszörményi wrote:
> >> There's a vulnerability in Crypto++, the C++ class library of
> >> cryptographic schemes.
> [...]
> > Please go ahead.
>  Thanks, just uploaded.

Flagged for acceptance.

Regards,

Adam

Bug#821834: wheezy-pu: package libcrypto++/5.6.1-6+deb7u2

2016-04-19 Thread GCS 
On Tue, Apr 19, 2016 at 9:27 PM, Adam D. Barratt
 wrote:
> Control: tags -1 + confirmed
>
> On Tue, 2016-04-19 at 19:19 +0200, László Böszörményi wrote:
>> There's a vulnerability in Crypto++, the C++ class library of
>> cryptographic schemes.
[...]
> Please go ahead.
 Thanks, just uploaded.

Cheers,
Laszlo/GCS

Bug#821834: wheezy-pu: package libcrypto++/5.6.1-6+deb7u2

2016-04-19 Thread Adam D. Barratt 
Control: tags -1 + confirmed

On Tue, 2016-04-19 at 19:19 +0200, László Böszörményi wrote:
> There's a vulnerability in Crypto++, the C++ class library of
> cryptographic schemes.
> It's CVE-2016-3995, bogus protection from timing attacks in AES
> (Rijndael) cipher. GCC could optimize the protection out. The patch
> (already in Sid + Stretch) prevents this. It's minor for a security
> update, but can be enough for a normal package update.

Please go ahead.

Regards,

Adam

Bug#821834: wheezy-pu: package libcrypto++/5.6.1-6+deb7u2

2016-04-19 Thread GCS 
Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian@packages.debian.org
Usertags: pu

Hi Release Team,

There's a vulnerability in Crypto++, the C++ class library of
cryptographic schemes.
It's CVE-2016-3995, bogus protection from timing attacks in AES
(Rijndael) cipher. GCC could optimize the protection out. The patch
(already in Sid + Stretch) prevents this. It's minor for a security
update, but can be enough for a normal package update.

Thanks for consideration,
Laszlo/GCS
diff -Nru libcrypto++-5.6.1/debian/changelog libcrypto++-5.6.1/debian/changelog
--- libcrypto++-5.6.1/debian/changelog	2015-06-28 13:58:22.0 +
+++ libcrypto++-5.6.1/debian/changelog	2016-04-11 16:16:30.0 +
@@ -1,3 +1,9 @@
+libcrypto++ (5.6.1-6+deb7u2) wheezy; urgency=medium
+
+  * Fix CVE-2016-3995, Rijndael timing attack counter measure.
+
+ -- Laszlo Boszormenyi (GCS)   Mon, 11 Apr 2016 16:13:54 +
+
 libcrypto++ (5.6.1-6+deb7u1) wheezy-security; urgency=high
 
   * Fix CVE-2015-2141, misuse of blinding technique that is aimed at
diff -Nru libcrypto++-5.6.1/debian/patches/CVE-2016-3995.patch libcrypto++-5.6.1/debian/patches/CVE-2016-3995.patch
--- libcrypto++-5.6.1/debian/patches/CVE-2016-3995.patch	1970-01-01 00:00:00.0 +
+++ libcrypto++-5.6.1/debian/patches/CVE-2016-3995.patch	2016-04-16 11:38:13.0 +
@@ -0,0 +1,52 @@
+From 9f335d719ebc27f58251559240de0077ec42c583 Mon Sep 17 00:00:00 2001
+From: Pierre Lestringant 
+Date: Wed, 6 Apr 2016 15:51:17 +0200
+Subject: [PATCH] Fix the Rijndael timing attack counter measure
+
+---
+ rijndael.cpp | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/rijndael.cpp b/rijndael.cpp
+index f394960..92f9dea 100644
+--- a/rijndael.cpp
 b/rijndael.cpp
+@@ -372,10 +372,12 @@ void Rijndael::Enc::ProcessAndXorBlock(c
+ 	t3 = rk[7];
+ 	rk += 8;
+ 
+-	// timing attack countermeasure. see comments at top for more details
++	// timing attack countermeasure. see comments at top for more details.
++	// also see http://github.com/weidai11/cryptopp/issues/146
+ 	const int cacheLineSize = GetCacheLineSize();
+ 	unsigned int i;
+-	word32 u = 0;
++	volatile word32 _u = 0;
++	word32 u = _u;
+ #ifdef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS
+ 	for (i=0; i<2048; i+=cacheLineSize)
+ #else
+@@ -448,10 +450,12 @@ void Rijndael::Dec::ProcessAndXorBlock(c
+ 	t3 = rk[7];
+ 	rk += 8;
+ 
+-	// timing attack countermeasure. see comments at top for more details
++	// timing attack countermeasure. see comments at top for more details.
++	// also see http://github.com/weidai11/cryptopp/issues/146
+ 	const int cacheLineSize = GetCacheLineSize();
+ 	unsigned int i;
+-	word32 u = 0;
++	volatile word32 _u = 0;
++	word32 u = _u;
+ #ifdef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS
+ 	for (i=0; i<2048; i+=cacheLineSize)
+ #else
+@@ -491,7 +495,7 @@ void Rijndael::Dec::ProcessAndXorBlock(c
+ 	// timing attack countermeasure. see comments at top for more details
+ 	// If CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS is defined, 
+ 	// QUARTER_ROUND_LD will use Td, which is already preloaded.
+-	u = 0;
++	u = _u;
+ 	for (i=0; i<256; i+=cacheLineSize)
+ 		u &= *(const word32 *)(Sd+i);
+ 	u &= *(const word32 *)(Sd+252);
diff -Nru libcrypto++-5.6.1/debian/patches/series libcrypto++-5.6.1/debian/patches/series
--- libcrypto++-5.6.1/debian/patches/series	2015-06-28 13:58:08.0 +
+++ libcrypto++-5.6.1/debian/patches/series	2016-04-11 16:25:12.0 +
@@ -7,3 +7,4 @@
 salsa.patch
 gcc-4.7-ftbfs.diff
 CVE-2015-2141.patch
+CVE-2016-3995.patch