Bug#821834: marked as done (wheezy-pu: package libcrypto++/5.6.1-6+deb7u2)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Sat, 04 Jun 2016 14:54:37 +0100
with message-id <1465048477.7545.10.camel@adam-barratt.org.uk>
and subject line Closing bugs for fixed included in 7.11
has caused the Debian Bug report #821834,
regarding wheezy-pu: package libcrypto++/5.6.1-6+deb7u2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
821834: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=821834
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: wheezy-pu: package libcrypto++/5.6.1-6+deb7u2
• From: László Böszörményi (GCS) <gcs@debian.org>
• Date: Tue, 19 Apr 2016 19:19:30 +0200
• Message-id: <CAKjSHr2FjyYX0UC_yF2dXPtXWdpGTS6Aa-rkXtE65_DtdveV=w@mail.gmail.com>

Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian.org@packages.debian.org
Usertags: pu

Hi Release Team,

There's a vulnerability in Crypto++, the C++ class library of
cryptographic schemes.
It's CVE-2016-3995, bogus protection from timing attacks in AES
(Rijndael) cipher. GCC could optimize the protection out. The patch
(already in Sid + Stretch) prevents this. It's minor for a security
update, but can be enough for a normal package update.

Thanks for consideration,
Laszlo/GCS

diff -Nru libcrypto++-5.6.1/debian/changelog libcrypto++-5.6.1/debian/changelog
--- libcrypto++-5.6.1/debian/changelog	2015-06-28 13:58:22.000000000 +0000
+++ libcrypto++-5.6.1/debian/changelog	2016-04-11 16:16:30.000000000 +0000
@@ -1,3 +1,9 @@
+libcrypto++ (5.6.1-6+deb7u2) wheezy; urgency=medium
+
+  * Fix CVE-2016-3995, Rijndael timing attack counter measure.
+
+ -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Mon, 11 Apr 2016 16:13:54 +0000
+
 libcrypto++ (5.6.1-6+deb7u1) wheezy-security; urgency=high
 
   * Fix CVE-2015-2141, misuse of blinding technique that is aimed at
diff -Nru libcrypto++-5.6.1/debian/patches/CVE-2016-3995.patch libcrypto++-5.6.1/debian/patches/CVE-2016-3995.patch
--- libcrypto++-5.6.1/debian/patches/CVE-2016-3995.patch	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-5.6.1/debian/patches/CVE-2016-3995.patch	2016-04-16 11:38:13.000000000 +0000
@@ -0,0 +1,52 @@
+From 9f335d719ebc27f58251559240de0077ec42c583 Mon Sep 17 00:00:00 2001
+From: Pierre Lestringant <plt@amossys.fr>
+Date: Wed, 6 Apr 2016 15:51:17 +0200
+Subject: [PATCH] Fix the Rijndael timing attack counter measure
+
+---
+ rijndael.cpp | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/rijndael.cpp b/rijndael.cpp
+index f394960..92f9dea 100644
+--- a/rijndael.cpp
++++ b/rijndael.cpp
+@@ -372,10 +372,12 @@ void Rijndael::Enc::ProcessAndXorBlock(c
+ 	t3 = rk[7];
+ 	rk += 8;
+ 
+-	// timing attack countermeasure. see comments at top for more details
++	// timing attack countermeasure. see comments at top for more details.
++	// also see http://github.com/weidai11/cryptopp/issues/146
+ 	const int cacheLineSize = GetCacheLineSize();
+ 	unsigned int i;
+-	word32 u = 0;
++	volatile word32 _u = 0;
++	word32 u = _u;
+ #ifdef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS
+ 	for (i=0; i<2048; i+=cacheLineSize)
+ #else
+@@ -448,10 +450,12 @@ void Rijndael::Dec::ProcessAndXorBlock(c
+ 	t3 = rk[7];
+ 	rk += 8;
+ 
+-	// timing attack countermeasure. see comments at top for more details
++	// timing attack countermeasure. see comments at top for more details.
++	// also see http://github.com/weidai11/cryptopp/issues/146
+ 	const int cacheLineSize = GetCacheLineSize();
+ 	unsigned int i;
+-	word32 u = 0;
++	volatile word32 _u = 0;
++	word32 u = _u;
+ #ifdef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS
+ 	for (i=0; i<2048; i+=cacheLineSize)
+ #else
+@@ -491,7 +495,7 @@ void Rijndael::Dec::ProcessAndXorBlock(c
+ 	// timing attack countermeasure. see comments at top for more details
+ 	// If CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS is defined, 
+ 	// QUARTER_ROUND_LD will use Td, which is already preloaded.
+-	u = 0;
++	u = _u;
+ 	for (i=0; i<256; i+=cacheLineSize)
+ 		u &= *(const word32 *)(Sd+i);
+ 	u &= *(const word32 *)(Sd+252);
diff -Nru libcrypto++-5.6.1/debian/patches/series libcrypto++-5.6.1/debian/patches/series
--- libcrypto++-5.6.1/debian/patches/series	2015-06-28 13:58:08.000000000 +0000
+++ libcrypto++-5.6.1/debian/patches/series	2016-04-11 16:25:12.000000000 +0000
@@ -7,3 +7,4 @@
 salsa.patch
 gcc-4.7-ftbfs.diff
 CVE-2015-2141.patch
+CVE-2016-3995.patch

--- End Message ---

--- Begin Message ---

• To: 793986-done@bugs.debian.org, 818906-done@bugs.debian.org, 819282-done@bugs.debian.org, 819362-done@bugs.debian.org, 819499-done@bugs.debian.org, 819805-done@bugs.debian.org, 821044-done@bugs.debian.org, 821757-done@bugs.debian.org, 821834-done@bugs.debian.org, 822465-done@bugs.debian.org, 822853-done@bugs.debian.org
• Subject: Closing bugs for fixed included in 7.11
• From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
• Date: Sat, 04 Jun 2016 14:54:37 +0100
• Message-id: <1465048477.7545.10.camel@adam-barratt.org.uk>

Version: 7.11

Hi,

The fixes referred to in each of these bugs were included in today's
7.11 point release.

Regards,

Adam

--- End Message ---