SLFO-pool/libcryptopp
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:Main libcryptopp revision 53d74db9a0fe9583a00b955e672adc0f

Browse Source
This commit is contained in:
Adrian Schröter 2024-06-07 18:39:31 +02:00
parent 6b02a38927
commit eae0163c41
8 changed files with 183 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
CRYPTOPP_8_8_0.tar.gz (Stored with Git LFS)
View File

Binary file not shown.

BIN
CRYPTOPP_8_9_0.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

2
baselibs.conf
View File

@ -1 +1 @@
libcryptopp8_8_0 libcryptopp8_9_0

104
libcryptopp-CVE-2023-50980.patch Normal file
View File

@ -0,0 +1,104 @@
diff --git a/gf2n.cpp b/gf2n.cpp
index 452e6982..8993baae 100644
--- a/gf2n.cpp
+++ b/gf2n.cpp
@@ -135,6 +135,9 @@ PolynomialMod2 PolynomialMod2::Monomial(size_t i)
PolynomialMod2 PolynomialMod2::Trinomial(size_t t0, size_t t1, size_t t2)
{
+ CRYPTOPP_ASSERT(t0 > t1);
+ CRYPTOPP_ASSERT(t1 > t2);
+
PolynomialMod2 r((word)0, t0+1);
r.SetBit(t0);
r.SetBit(t1);
@@ -144,6 +147,11 @@ PolynomialMod2 PolynomialMod2::Trinomial(size_t t0, size_t t1, size_t t2)
PolynomialMod2 PolynomialMod2::Pentanomial(size_t t0, size_t t1, size_t t2, size_t t3, size_t t4)
{
+ CRYPTOPP_ASSERT(t0 > t1);
+ CRYPTOPP_ASSERT(t1 > t2);
+ CRYPTOPP_ASSERT(t2 > t3);
+ CRYPTOPP_ASSERT(t3 > t4);
+
PolynomialMod2 r((word)0, t0+1);
r.SetBit(t0);
r.SetBit(t1);
diff --git a/gf2n.h b/gf2n.h
index 4aef31ee..38e2a910 100644
--- a/gf2n.h
+++ b/gf2n.h
@@ -69,9 +69,11 @@ public:
static PolynomialMod2 CRYPTOPP_API Monomial(size_t i);
/// \brief Provides x^t0 + x^t1 + x^t2
/// \return x^t0 + x^t1 + x^t2
+ /// \pre The coefficients should be provided in descending order. That is, <pre>t0 > t1 > t2<pre>.
static PolynomialMod2 CRYPTOPP_API Trinomial(size_t t0, size_t t1, size_t t2);
/// \brief Provides x^t0 + x^t1 + x^t2 + x^t3 + x^t4
/// \return x^t0 + x^t1 + x^t2 + x^t3 + x^t4
+ /// \pre The coefficients should be provided in descending order. That is, <pre>t0 > t1 > t2 > t3 > t4<pre>.
static PolynomialMod2 CRYPTOPP_API Pentanomial(size_t t0, size_t t1, size_t t2, size_t t3, size_t t4);
/// \brief Provides x^(n-1) + ... + x + 1
/// \return x^(n-1) + ... + x + 1
diff --git a/gf2n.cpp b/gf2n.cpp
index 8993baae..87d9961b 100644
--- a/gf2n.cpp
+++ b/gf2n.cpp
@@ -135,9 +135,14 @@ PolynomialMod2 PolynomialMod2::Monomial(size_t i)
PolynomialMod2 PolynomialMod2::Trinomial(size_t t0, size_t t1, size_t t2)
{
+ // Asserts and checks due to Bing Shi
CRYPTOPP_ASSERT(t0 > t1);
CRYPTOPP_ASSERT(t1 > t2);
+ // The test is odd because of ECIES<EC2N>. The basis is t0, but the other coefficients are not in descending order.
+ if (t1 > t0 || t2 > t0)
+ throw InvalidArgument("PolynomialMod2: coefficients must be in descending order");
+
PolynomialMod2 r((word)0, t0+1);
r.SetBit(t0);
r.SetBit(t1);
@@ -147,11 +152,16 @@ PolynomialMod2 PolynomialMod2::Trinomial(size_t t0, size_t t1, size_t t2)
PolynomialMod2 PolynomialMod2::Pentanomial(size_t t0, size_t t1, size_t t2, size_t t3, size_t t4)
{
+ // Asserts and checks due to Bing Shi
CRYPTOPP_ASSERT(t0 > t1);
CRYPTOPP_ASSERT(t1 > t2);
CRYPTOPP_ASSERT(t2 > t3);
CRYPTOPP_ASSERT(t3 > t4);
+ // The test is odd because of ECIES<EC2N>. The basis is t0, but the other coefficients are not in descending order.
+ if (t1 > t0 || t2 > t0 || t3 > t0 || t4 > t0)
+ throw InvalidArgument("PolynomialMod2: coefficients must be in descending order");
+
PolynomialMod2 r((word)0, t0+1);
r.SetBit(t0);
r.SetBit(t1);
@@ -663,7 +673,12 @@ GF2NT::GF2NT(unsigned int c0, unsigned int c1, unsigned int c2)
, t0(c0), t1(c1)
, result((word)0, m)
{
+ // Asserts and checks due to Bing Shi
CRYPTOPP_ASSERT(c0 > c1 && c1 > c2 && c2==0);
+
+ // The test is odd because of ECIES<EC2N>. The basis is c0, but the other coefficients are not in descending order.
+ if (c1 > c0 || c2 > c0)
+ throw InvalidArgument("GF2NT: coefficients must be in descending order");
}
const GF2NT::Element& GF2NT::MultiplicativeInverse(const Element &a) const
@@ -972,7 +987,12 @@ GF2NP * BERDecodeGF2NP(BufferedTransformation &bt)
GF2NT233::GF2NT233(unsigned int c0, unsigned int c1, unsigned int c2)
: GF2NT(c0, c1, c2)
{
+ // Asserts and checks due to Bing Shi
CRYPTOPP_ASSERT(c0 > c1 && c1 > c2 && c2==0);
+
+ // The test is odd because of ECIES<EC2N>. The basis is c0, but the other coefficients are not in descending order.
+ if (c1 > c0 || c2 > c0)
+ throw InvalidArgument("GF2NT: coefficients must be in descending order");
}
const GF2NT::Element& GF2NT233::Multiply(const Element &a, const Element &b) const

14
libcryptopp-CVE-2023-50981.patch Normal file
View File

@ -0,0 +1,14 @@
Index: cryptopp-CRYPTOPP_8_9_0/nbtheory.cpp
===================================================================
--- cryptopp-CRYPTOPP_8_9_0.orig/nbtheory.cpp
+++ cryptopp-CRYPTOPP_8_9_0/nbtheory.cpp
@@ -543,6 +543,9 @@ Integer CRT(const Integer &xp, const Int
Integer ModularSquareRoot(const Integer &a, const Integer &p)
{
+ if (!IsPrime(p))
+ throw InvalidArgument("ModularSquareRoot: p must be a prime");
+
if (p%4 == 3)
return a_exp_b_mod_c(a, (p+1)/4, p);

10
libcryptopp-shared.patch
View File

@ -1,8 +1,8 @@
Index: b/GNUmakefile Index: cryptopp-CRYPTOPP_8_9_0/GNUmakefile
=================================================================== ===================================================================
--- a/GNUmakefile --- cryptopp-CRYPTOPP_8_9_0.orig/GNUmakefile
+++ b/GNUmakefile +++ cryptopp-CRYPTOPP_8_9_0/GNUmakefile
@@ -173,7 +173,7 @@ else @@ -198,7 +198,7 @@ else
PC_PREFIX = $(PREFIX) PC_PREFIX = $(PREFIX)
endif endif
ifeq ($(LIBDIR),) ifeq ($(LIBDIR),)
@ -11,7 +11,7 @@ Index: b/GNUmakefile
PC_LIBDIR = $${prefix}/lib PC_LIBDIR = $${prefix}/lib
else else
PC_LIBDIR = $(LIBDIR) PC_LIBDIR = $(LIBDIR)
@@ -1128,7 +1128,7 @@ SOLIB_COMPAT_SUFFIX=.$(LIB_MAJOR) @@ -1151,7 +1151,7 @@ SOLIB_COMPAT_SUFFIX=.$(LIB_MAJOR)
ifneq ($(IS_LINUX)$(IS_HURD),00) ifneq ($(IS_LINUX)$(IS_HURD),00)
# Linux uses full version suffix for shared library # Linux uses full version suffix for shared library
SOLIB_VERSION_SUFFIX=.$(LIB_MAJOR).$(LIB_MINOR).$(LIB_PATCH) SOLIB_VERSION_SUFFIX=.$(LIB_MAJOR).$(LIB_MINOR).$(LIB_PATCH)

49
libcryptopp.changes
View File

@ -1,3 +1,52 @@
-------------------------------------------------------------------
Thu Jan 4 09:29:41 UTC 2024 - pgajdos@suse.com
- security update
- added patches
fix CVE-2023-50981 [bsc#1218222], issue on ModularSquareRoot function leads to potential DoS
https://github.com/weidai11/cryptopp/pull/1255
+ libcryptopp-CVE-2023-50981.patch
-------------------------------------------------------------------
Thu Dec 21 13:48:35 UTC 2023 - pgajdos@suse.com
- version update to 8.9.0
* Crypto++ 8.9 was released on October 1, 2023. The 8.9 release
was a minor, unplanned release. There were no CVEs and one
memory error.
* The 8.9 release was driven by the fix for `ProcessData`, and
the failures when `inString==outString`. Also see GH #1231,
Rabbit Produces null Keystream When inString == outString.
* Release notes
* ===========
* minor release, recompile of programs required
* expanded community input and support
* 88 unique contributors as of this release
* add additional tests to datatest.cpp
* fix SIMON128 Asan finding on POWER8
* fix AES/CFB and AES/CTR modes self test failures when using
Cryptogams AES on ARMv7
* fix ARIA/CTR mode self test failures when inString==outString
* fix HIGHT/CTR mode self test failures when
inString==outString
* fix Rabbit/CTR mode self test failures when
inString==outString
* fix HC128/CTR and HC256/CTR mode self test failures when
inString==outString
* fix Prime Table and dangling reference to a temporary
* fix Singleton::Ref() when using C++11 memory fences
* remove unneeded call to Crop() in Randomize()
- modified patches
% libcryptopp-shared.patch (refreshed)
- modified sources
% baselibs.conf
- added patches
fix CVE-2023-50980 [bsc#1218219], DoS via malformed DER public key file
+ libcryptopp-CVE-2023-50980.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Sun Jul 16 18:55:10 UTC 2023 - Dirk Müller <dmueller@suse.com> Sun Jul 16 18:55:10 UTC 2023 - Dirk Müller <dmueller@suse.com>

11
libcryptopp.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package libcryptopp # spec file for package libcryptopp
# #
# Copyright (c) 2023 SUSE LLC # Copyright (c) 2024 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -17,7 +17,7 @@
%define major 8 %define major 8
%define minor 8 %define minor 9
%define patch 0 %define patch 0
%define pkg_version %{major}%{minor}%patch %define pkg_version %{major}%{minor}%patch
# There is no upstream interface version information. # There is no upstream interface version information.
@ -36,6 +36,10 @@ Source1: precheckin_baselibs.sh
Source2: baselibs.conf Source2: baselibs.conf
# PATCH-FEATURE-OPENSUSE libcryptopp-shared.patch -- improve shared library creation # PATCH-FEATURE-OPENSUSE libcryptopp-shared.patch -- improve shared library creation
Patch1: libcryptopp-shared.patch Patch1: libcryptopp-shared.patch
# CVE-2023-50980 [bsc#1218219], DoS via malformed DER public key file
Patch2: libcryptopp-CVE-2023-50980.patch
# CVE-2023-50981 [bsc#1218222], issue on ModularSquareRoot function leads to potential DoS
Patch3: libcryptopp-CVE-2023-50981.patch
BuildRequires: dos2unix BuildRequires: dos2unix
BuildRequires: gcc-c++ BuildRequires: gcc-c++
BuildRequires: pkgconfig BuildRequires: pkgconfig
@ -68,8 +72,7 @@ codes, hash functions, PKI crypto, key agreement schemes and elliptic
curve crypto. This package is used for crypto++ development. curve crypto. This package is used for crypto++ development.
%prep %prep
%setup -q -n "cryptopp-CRYPTOPP_%{major}_%{minor}_%patch" %autosetup -p1 -n "cryptopp-CRYPTOPP_%{major}_%{minor}_%patch"
%autopatch -p1
%build %build
%ifarch %{arm} i586 %ifarch %{arm} i586