Package: p7zip
Version: 9.20.1~dfsg.1-4.1+deb8u3
Severity: normal
Tags: security patch
-- System Information:
Distributor ID: Raspbian
Description:Raspbian GNU/Linux 8.0 (jessie)
Release:8.0
Codename: jessie
Architecture: armv6l
Kernel: Linux 4.14.90+
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages p7zip depends on:
ii libc6 2.19-18+deb8u10
ii libgcc1 1:4.9.2-10+deb8u2
ii libstdc++6 4.9.2-10+deb8u2
p7zip recommends no packages.
Versions of packages p7zip suggests:
pn p7zip-full
-- no debconf information
>From eb9809b3236084fbfbdcdd4f7c5b7fe0fcd6524c Mon Sep 17 00:00:00 2001
From: Michal Stanek
Date: Tue, 12 Feb 2019 23:54:51 +0100
Subject: [PATCH] Fix cryptography weaknesses in KDF and the RNG used for AES
IV.
Mix in OS randomness for RNG seed. Increase KDF iterations from 1000 to 1 to get it closer to modern standards.
Use full 16 bytes for AES IV instead of just 8.
---
CPP/7zip/Crypto/7zAes.cpp | 2 +-
CPP/7zip/Crypto/RandGen.cpp | 9 +
CPP/7zip/Crypto/WzAes.cpp | 2 +-
3 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/CPP/7zip/Crypto/7zAes.cpp b/CPP/7zip/Crypto/7zAes.cpp
index d33b562..64fe7b6 100644
--- a/CPP/7zip/Crypto/7zAes.cpp
+++ b/CPP/7zip/Crypto/7zAes.cpp
@@ -164,7 +164,7 @@ STDMETHODIMP CEncoder::ResetInitVector()
{
for (unsigned i = 0; i < sizeof(_iv); i++)
_iv[i] = 0;
- _ivSize = 8;
+ _ivSize = 16;
g_RandomGenerator.Generate(_iv, _ivSize);
return S_OK;
}
diff --git a/CPP/7zip/Crypto/RandGen.cpp b/CPP/7zip/Crypto/RandGen.cpp
index f5ea31f..c141806 100644
--- a/CPP/7zip/Crypto/RandGen.cpp
+++ b/CPP/7zip/Crypto/RandGen.cpp
@@ -10,6 +10,8 @@
#ifndef _WIN32
#include
+#include
+#include
#define USE_POSIX_TIME
#define USE_POSIX_TIME2
#endif
@@ -58,6 +60,13 @@ void CRandomGenerator::Init()
LARGE_INTEGER v;
if (::QueryPerformanceCounter())
HASH_UPD(v.QuadPart);
+#else
+// get real randomness from the OS and mix it in
+uint64_t randbytes;
+ssize_t rv = 0;
+while (rv != sizeof(randbytes))
+ rv = getrandom((void *), sizeof(randbytes), 0);
+HASH_UPD(randbytes);
#endif
#ifdef USE_POSIX_TIME
diff --git a/CPP/7zip/Crypto/WzAes.cpp b/CPP/7zip/Crypto/WzAes.cpp
index 4572f06..db81a39 100644
--- a/CPP/7zip/Crypto/WzAes.cpp
+++ b/CPP/7zip/Crypto/WzAes.cpp
@@ -24,7 +24,7 @@ namespace NWzAes {
const unsigned kAesKeySizeMax = 32;
-static const UInt32 kNumKeyGenIterations = 1000;
+static const UInt32 kNumKeyGenIterations = 1;
STDMETHODIMP CBaseCoder::CryptoSetPassword(const Byte *data, UInt32 size)
{
--
2.17.1
>From eb9809b3236084fbfbdcdd4f7c5b7fe0fcd6524c Mon Sep 17 00:00:00 2001
From: Michal Stanek
Date: Tue, 12 Feb 2019 23:54:51 +0100
Subject: [PATCH] Fix cryptography weaknesses in KDF and the RNG used for AES
IV.
Mix in OS randomness for RNG seed. Increase KDF iterations from 1000 to 1 to get it closer to modern standards.
Use full 16 bytes for AES IV instead of just 8.
---
CPP/7zip/Crypto/7zAes.cpp | 2 +-
CPP/7zip/Crypto/RandGen.cpp | 9 +
CPP/7zip/Crypto/WzAes.cpp | 2 +-
3 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/CPP/7zip/Crypto/7zAes.cpp b/CPP/7zip/Crypto/7zAes.cpp
index d33b562..64fe7b6 100644
--- a/CPP/7zip/Crypto/7zAes.cpp
+++ b/CPP/7zip/Crypto/7zAes.cpp
@@ -164,7 +164,7 @@ STDMETHODIMP CEncoder::ResetInitVector()
{
for (unsigned i = 0; i < sizeof(_iv); i++)
_iv[i] = 0;
- _ivSize = 8;
+ _ivSize = 16;
g_RandomGenerator.Generate(_iv, _ivSize);
return S_OK;
}
diff --git a/CPP/7zip/Crypto/RandGen.cpp b/CPP/7zip/Crypto/RandGen.cpp
index f5ea31f..c141806 100644
--- a/CPP/7zip/Crypto/RandGen.cpp
+++ b/CPP/7zip/Crypto/RandGen.cpp
@@ -10,6 +10,8 @@
#ifndef _WIN32
#include
+#include
+#include
#define USE_POSIX_TIME
#define USE_POSIX_TIME2
#endif
@@ -58,6 +60,13 @@ void CRandomGenerator::Init()
LARGE_INTEGER v;
if (::QueryPerformanceCounter())
HASH_UPD(v.QuadPart);
+#else
+// get real randomness from the OS and mix it in
+uint64_t randbytes;
+ssize_t rv = 0;
+while (rv != sizeof(randbytes))
+ rv = getrandom((void *), sizeof(randbytes), 0);
+HASH_UPD(randbytes);
#endif
#ifdef USE_POSIX_TIME
diff --git a/CPP/7zip/Crypto/WzAes.cpp b/CPP/7zip/Crypto/WzAes.cpp
index 4572f06..db81a39 100644
--- a/CPP/7zip/Crypto/WzAes.cpp
+++ b/CPP/7zip/Crypto/WzAes.cpp
@@ -24,7 +24,7 @@ namespace NWzAes {
const unsigned kAesKeySizeMax = 32;
-static const UInt32 kNumKeyGenIterations = 1000;
+static const UInt32 kNumKeyGenIterations = 1;
STDMETHODIMP CBaseCoder::CryptoSetPassword(const Byte *data, UInt32 size)
{
--
2.17.1
>From eb9809b3236084fbfbdcdd4f7c5b7fe0fcd6524c Mon Sep 17 00:00:00 2001
From: Michal Stanek
Date: Tue, 12 Feb 2019 23:54:51 +0100
Subject: [PATCH] Fix cryptography weaknesses in KDF and the RNG