Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Alon Bar-Lev (alonbl)" <alonbl@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in dev-libs/crypto++/files: crypto++-5.6.2-cve-2015-2141.patch
Date: Thu, 02 Jul 2015 19:13:56
Message-Id: 20150702191348.2AD06750@oystercatcher.gentoo.org
1 alonbl 15/07/02 19:13:48
2
3 Added: crypto++-5.6.2-cve-2015-2141.patch
4 Log:
5 Fix cve-2015-2141, bug#553808
6
7 (Portage version: 2.2.18/cvs/Linux x86_64, signed Manifest commit with key BF20DC51)
8
9 Revision Changes Path
10 1.1 dev-libs/crypto++/files/crypto++-5.6.2-cve-2015-2141.patch
11
12 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/crypto++/files/crypto++-5.6.2-cve-2015-2141.patch?rev=1.1&view=markup
13 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/crypto++/files/crypto++-5.6.2-cve-2015-2141.patch?rev=1.1&content-type=text/plain
14
15 Index: crypto++-5.6.2-cve-2015-2141.patch
16 ===================================================================
17 From 9425e16437439e68c7d96abef922167d68fafaff Mon Sep 17 00:00:00 2001
18 From: Jeffrey Walton <noloader@×××××.com>
19 Date: Sat, 27 Jun 2015 17:56:01 -0400
20 Subject: [PATCH] Fix for CVE-2015-2141. Thanks to Evgeny Sidorov for
21 reporting. Squaring to satisfy Jacobi requirements suggested by JPM.
22
23 ---
24 rw.cpp | 8 +++++++-
25 1 file changed, 7 insertions(+), 1 deletion(-)
26
27 diff --git a/rw.cpp b/rw.cpp
28 index cdd9f2d..0b9318b 100644
29 --- a/rw.cpp
30 +++ b/rw.cpp
31 @@ -126,10 +126,16 @@ Integer InvertibleRWFunction::CalculateInverse(RandomNumberGenerator &rng, const
32 DoQuickSanityCheck();
33 ModularArithmetic modn(m_n);
34 Integer r, rInv;
35 - do { // do this in a loop for people using small numbers for testing
36 +
37 + // do this in a loop for people using small numbers for testing
38 + do {
39 r.Randomize(rng, Integer::One(), m_n - Integer::One());
40 + // Fix for CVE-2015-2141. Thanks to Evgeny Sidorov for reporting.
41 + // Squaring to satisfy Jacobi requirements suggested by JPM.
42 + r = modn.Square(r);
43 rInv = modn.MultiplicativeInverse(r);
44 } while (rInv.IsZero());
45 +
46 Integer re = modn.Square(r);
47 re = modn.Multiply(re, x); // blind
Report Message
Find on MARC Find on Google Groups