snailed
/
void-packages
2
0
Fork 0
Code Issues 1 Pull Requests 2 Actions 1 Activity

botan: update to 2.8.0 

Signed-off-by: Jürgen Buchmüller <pullmoll@t-online.de>
This commit is contained in:
Jürgen Buchmüller 2018-12-03 17:57:25 +01:00
parent d3c1e1f54d
commit d30965d762
No known key found for this signature in database
GPG Key ID: 6764EC32352D0647
4 changed files with 6 additions and 407 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
common/shlibs
View File

@ -2691,7 +2691,7 @@ libKDb3.so.4 kdb-3.1.0_1
libKPropertyWidgets3.so.4 kproperty-3.1.0_1 libKPropertyWidgets3.so.4 kproperty-3.1.0_1
libKPropertyCore3.so.4 kproperty-3.1.0_1 libKPropertyCore3.so.4 kproperty-3.1.0_1
libKReport3.so.4 kreport-3.1.0_1 libKReport3.so.4 kreport-3.1.0_1
libbotan-2.so.5 botan-2.6.0_1 libbotan-2.so.8 botan-2.8.0_1
libswipl.so.7.6 swi-prolog-7.6.0_1 libswipl.so.7.6 swi-prolog-7.6.0_1
libpcre2-16.so.0 libpcre2-10.22_1 libpcre2-16.so.0 libpcre2-10.22_1
libpcre2-32.so.0 libpcre2-10.22_1 libpcre2-32.so.0 libpcre2-10.22_1

132
srcpkgs/botan/patches/CVE-2018-12435_part1.patch
View File

@ -1,132 +0,0 @@
From 2cfa191a940b7b884f24d23d94227ff382c672b4 Mon Sep 17 00:00:00 2001
From: Jack Lloyd <jack@randombit.net>
Date: Tue, 17 Apr 2018 18:06:34 -0400
Subject: [PATCH] Add EC_Group::inverse_mod_order
Centralizing this logic allows curve specific implementations such
as using a precomputed ladder for exponentiating by p - 2
GH #1479
---
src/lib/pubkey/ec_group/ec_group.cpp | 10 ++++++++++
src/lib/pubkey/ec_group/ec_group.h | 5 +++++
src/lib/pubkey/ecdh/ecdh.cpp | 2 +-
src/lib/pubkey/ecdsa/ecdsa.cpp | 4 ++--
src/lib/pubkey/ecgdsa/ecgdsa.cpp | 2 +-
src/lib/pubkey/sm2/sm2.cpp | 4 ++--
6 files changed, 21 insertions(+), 6 deletions(-)
diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp
index fc512b7332..ac23aa151e 100644
--- src/lib/pubkey/ec_group/ec_group.cpp
+++ src/lib/pubkey/ec_group/ec_group.cpp
@@ -87,6 +87,11 @@ class EC_Group_Data final
return m_mod_order.multiply(x, y);
}
+ BigInt inverse_mod_order(const BigInt& x) const
+ {
+ return inverse_mod(x, m_order);
+ }
+
PointGFp blinded_base_point_multiply(const BigInt& k,
RandomNumberGenerator& rng,
std::vector<BigInt>& ws) const
@@ -469,6 +476,11 @@ BigInt EC_Group::multiply_mod_order(const BigInt& x, const BigInt& y) const
return data().multiply_mod_order(x, y);
}
+BigInt EC_Group::inverse_mod_order(const BigInt& x) const
+ {
+ return data().inverse_mod_order(x);
+ }
+
const OID& EC_Group::get_curve_oid() const
{
return data().oid();
diff --git a/src/lib/pubkey/ec_group/ec_group.h b/src/lib/pubkey/ec_group/ec_group.h
index 8bb1a30448..f273108d2b 100644
--- src/lib/pubkey/ec_group/ec_group.h
+++ src/lib/pubkey/ec_group/ec_group.h
@@ -193,6 +193,11 @@ class BOTAN_PUBLIC_API(2,0) EC_Group final
*/
BigInt mod_order(const BigInt& x) const;
+ /*
+ * Return inverse of x modulo the order
+ */
+ BigInt inverse_mod_order(const BigInt& x) const;
+
/*
* Reduce (x*y) modulo the order
*/
diff --git a/src/lib/pubkey/ecdh/ecdh.cpp b/src/lib/pubkey/ecdh/ecdh.cpp
index adadb27036..59f245a00c 100644
--- src/lib/pubkey/ecdh/ecdh.cpp
+++ src/lib/pubkey/ecdh/ecdh.cpp
@@ -31,7 +31,7 @@ class ECDH_KA_Operation final : public PK_Ops::Key_Agreement_with_KDF
m_group(key.domain()),
m_rng(rng)
{
- m_l_times_priv = inverse_mod(m_group.get_cofactor(), m_group.get_order()) * key.private_value();
+ m_l_times_priv = m_group.inverse_mod_order(m_group.get_cofactor()) * key.private_value();
}
secure_vector<uint8_t> raw_agree(const uint8_t w[], size_t w_len) override
diff --git a/src/lib/pubkey/ecdsa/ecdsa.cpp b/src/lib/pubkey/ecdsa/ecdsa.cpp
index 03f5e57ab6..6e104f1641 100644
--- src/lib/pubkey/ecdsa/ecdsa.cpp
+++ src/lib/pubkey/ecdsa/ecdsa.cpp
@@ -89,7 +89,7 @@ ECDSA_Signature_Operation::raw_sign(const uint8_t msg[], size_t msg_len,
const BigInt k = m_group.random_scalar(rng);
#endif
- const BigInt k_inv = inverse_mod(k, m_group.get_order());
+ const BigInt k_inv = m_group.inverse_mod_order(k);
const BigInt r = m_group.mod_order(
m_group.blinded_base_point_multiply_x(k, rng, m_ws));
@@ -142,7 +142,7 @@ bool ECDSA_Verification_Operation::verify(const uint8_t msg[], size_t msg_len,
if(r <= 0 || r >= m_group.get_order() || s <= 0 || s >= m_group.get_order())
return false;
- const BigInt w = inverse_mod(s, m_group.get_order());
+ const BigInt w = m_group.inverse_mod_order(s);
const BigInt u1 = m_group.multiply_mod_order(e, w);
const BigInt u2 = m_group.multiply_mod_order(r, w);
diff --git a/src/lib/pubkey/ecgdsa/ecgdsa.cpp b/src/lib/pubkey/ecgdsa/ecgdsa.cpp
index 192d999a8e..61b7ae0558 100644
--- src/lib/pubkey/ecgdsa/ecgdsa.cpp
+++ src/lib/pubkey/ecgdsa/ecgdsa.cpp
@@ -115,7 +115,7 @@ bool ECGDSA_Verification_Operation::verify(const uint8_t msg[], size_t msg_len,
if(r <= 0 || r >= m_group.get_order() || s <= 0 || s >= m_group.get_order())
return false;
- const BigInt w = inverse_mod(r, m_group.get_order());
+ const BigInt w = m_group.inverse_mod_order(r);
const BigInt u1 = m_group.multiply_mod_order(e, w);
const BigInt u2 = m_group.multiply_mod_order(s, w);
diff --git a/src/lib/pubkey/sm2/sm2.cpp b/src/lib/pubkey/sm2/sm2.cpp
index 95fe28f147..1096ea99f5 100644
--- src/lib/pubkey/sm2/sm2.cpp
+++ src/lib/pubkey/sm2/sm2.cpp
@@ -30,7 +30,7 @@ SM2_Signature_PrivateKey::SM2_Signature_PrivateKey(const AlgorithmIdentifier& al
const secure_vector<uint8_t>& key_bits) :
EC_PrivateKey(alg_id, key_bits)
{
- m_da_inv = inverse_mod(m_private_key + 1, domain().get_order());
+ m_da_inv = domain().inverse_mod_order(m_private_key + 1);
}
SM2_Signature_PrivateKey::SM2_Signature_PrivateKey(RandomNumberGenerator& rng,
@@ -38,7 +38,7 @@ SM2_Signature_PrivateKey::SM2_Signature_PrivateKey(RandomNumberGenerator& rng,
const BigInt& x) :
EC_PrivateKey(rng, domain, x)
{
- m_da_inv = inverse_mod(m_private_key + 1, domain.get_order());
+ m_da_inv = domain.inverse_mod_order(m_private_key + 1);
}
std::vector<uint8_t> sm2_compute_za(HashFunction& hash,

269
srcpkgs/botan/patches/CVE-2018-12435_part2.patch
View File

@ -1,269 +0,0 @@
From 48fc8df51d99f9d8ba251219367b3d629cc848e3 Mon Sep 17 00:00:00 2001
From: Jack Lloyd <jack@randombit.net>
Date: Tue, 5 Jun 2018 18:40:14 -0400
Subject: [PATCH] Address DSA/ECDSA side channel
---
src/lib/pubkey/dsa/dsa.cpp | 38 ++++++++++++++++++++++++++----------
src/lib/pubkey/ec_group/ec_group.cpp | 20 +++++++++++++++++++
src/lib/pubkey/ec_group/ec_group.h | 10 ++++++++++
src/lib/pubkey/ecdsa/ecdsa.cpp | 29 ++++++++++++++++++++-------
4 files changed, 80 insertions(+), 17 deletions(-)
diff --git a/src/lib/pubkey/dsa/dsa.cpp b/src/lib/pubkey/dsa/dsa.cpp
index 1728049727..7142e47880 100644
--- src/lib/pubkey/dsa/dsa.cpp
+++ src/lib/pubkey/dsa/dsa.cpp
@@ -75,7 +75,9 @@ namespace {
class DSA_Signature_Operation final : public PK_Ops::Signature_with_EMSA
{
public:
- DSA_Signature_Operation(const DSA_PrivateKey& dsa, const std::string& emsa) :
+ DSA_Signature_Operation(const DSA_PrivateKey& dsa,
+ const std::string& emsa,
+ RandomNumberGenerator& rng) :
PK_Ops::Signature_with_EMSA(emsa),
m_group(dsa.get_group()),
m_x(dsa.get_x()),
@@ -84,6 +86,9 @@ class DSA_Signature_Operation final : public PK_Ops::Signature_with_EMSA
#if defined(BOTAN_HAS_RFC6979_GENERATOR)
m_rfc6979_hash = hash_for_emsa(emsa);
#endif
+
+ m_b = BigInt::random_integer(rng, 2, dsa.group_q());
+ m_b_inv = inverse_mod(m_b, dsa.group_q());
}
size_t max_input_bits() const override { return m_group.get_q().bits(); }
@@ -97,6 +102,8 @@ class DSA_Signature_Operation final : public PK_Ops::Signature_with_EMSA
#if defined(BOTAN_HAS_RFC6979_GENERATOR)
std::string m_rfc6979_hash;
#endif
+
+ BigInt m_b, m_b_inv;
};
secure_vector<uint8_t>
@@ -105,22 +112,32 @@ DSA_Signature_Operation::raw_sign(const uint8_t msg[], size_t msg_len,
{
const BigInt& q = m_group.get_q();
- BigInt i(msg, msg_len, q.bits());
+ BigInt m(msg, msg_len, q.bits());
- while(i >= q)
- i -= q;
+ while(m >= q)
+ m -= q;
#if defined(BOTAN_HAS_RFC6979_GENERATOR)
BOTAN_UNUSED(rng);
- const BigInt k = generate_rfc6979_nonce(m_x, q, i, m_rfc6979_hash);
+ const BigInt k = generate_rfc6979_nonce(m_x, q, m, m_rfc6979_hash);
#else
const BigInt k = BigInt::random_integer(rng, 1, q);
#endif
- BigInt s = inverse_mod(k, q);
+ const BigInt k_inv = inverse_mod(k, q);
+
const BigInt r = m_mod_q.reduce(m_group.power_g_p(k));
- s = m_mod_q.multiply(s, mul_add(m_x, r, i));
+ /*
+ * Blind the input message and compute x*r+m as (x*r*b + m*b)/b
+ */
+ m_b = m_mod_q.square(m_b);
+ m_b_inv = m_mod_q.square(m_b_inv);
+
+ m = m_mod_q.multiply(m_b, m);
+ const BigInt xr = m_mod_q.multiply(m_mod_q.multiply(m_x, m_b), r);
+
+ const BigInt s = m_mod_q.multiply(m_b_inv, m_mod_q.multiply(k_inv, xr + m));
// With overwhelming probability, a bug rather than actual zero r/s
if(r.is_zero() || s.is_zero())
@@ -141,7 +158,8 @@ class DSA_Verification_Operation final : public PK_Ops::Verification_with_EMSA
m_group(dsa.get_group()),
m_y(dsa.get_y()),
m_mod_q(dsa.group_q())
- {}
+ {
+ }
size_t max_input_bits() const override { return m_group.get_q().bits(); }
@@ -194,12 +212,12 @@ DSA_PublicKey::create_verification_op(const std::string& params,
}
std::unique_ptr<PK_Ops::Signature>
-DSA_PrivateKey::create_signature_op(RandomNumberGenerator& /*rng*/,
+DSA_PrivateKey::create_signature_op(RandomNumberGenerator& rng,
const std::string& params,
const std::string& provider) const
{
if(provider == "base" || provider.empty())
- return std::unique_ptr<PK_Ops::Signature>(new DSA_Signature_Operation(*this, params));
+ return std::unique_ptr<PK_Ops::Signature>(new DSA_Signature_Operation(*this, params, rng));
throw Provider_Not_Found(algo_name(), provider);
}
diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp
index 004708c7cc..2dfcdc0d94 100644
--- src/lib/pubkey/ec_group/ec_group.cpp
+++ src/lib/pubkey/ec_group/ec_group.cpp
@@ -82,11 +82,21 @@ class EC_Group_Data final
BigInt mod_order(const BigInt& x) const { return m_mod_order.reduce(x); }
+ BigInt square_mod_order(const BigInt& x) const
+ {
+ return m_mod_order.square(x);
+ }
+
BigInt multiply_mod_order(const BigInt& x, const BigInt& y) const
{
return m_mod_order.multiply(x, y);
}
+ BigInt multiply_mod_order(const BigInt& x, const BigInt& y, const BigInt& z) const
+ {
+ return m_mod_order.multiply(m_mod_order.multiply(x, y), z);
+ }
+
BigInt inverse_mod_order(const BigInt& x) const
{
return inverse_mod(x, m_order);
@@ -469,11 +479,21 @@ BigInt EC_Group::mod_order(const BigInt& k) const
return data().mod_order(k);
}
+BigInt EC_Group::square_mod_order(const BigInt& x) const
+ {
+ return data().square_mod_order(x);
+ }
+
BigInt EC_Group::multiply_mod_order(const BigInt& x, const BigInt& y) const
{
return data().multiply_mod_order(x, y);
}
+BigInt EC_Group::multiply_mod_order(const BigInt& x, const BigInt& y, const BigInt& z) const
+ {
+ return data().multiply_mod_order(x, y, z);
+ }
+
BigInt EC_Group::inverse_mod_order(const BigInt& x) const
{
return data().inverse_mod_order(x);
diff --git a/src/lib/pubkey/ec_group/ec_group.h b/src/lib/pubkey/ec_group/ec_group.h
index f273108d2b..f8c1c1a123 100644
--- src/lib/pubkey/ec_group/ec_group.h
+++ src/lib/pubkey/ec_group/ec_group.h
@@ -198,11 +198,21 @@ class BOTAN_PUBLIC_API(2,0) EC_Group final
*/
BigInt inverse_mod_order(const BigInt& x) const;
+ /*
+ * Reduce (x*x) modulo the order
+ */
+ BigInt square_mod_order(const BigInt& x) const;
+
/*
* Reduce (x*y) modulo the order
*/
BigInt multiply_mod_order(const BigInt& x, const BigInt& y) const;
+ /*
+ * Reduce (x*y*z) modulo the order
+ */
+ BigInt multiply_mod_order(const BigInt& x, const BigInt& y, const BigInt& z) const;
+
/**
* Return the cofactor
* @result the cofactor
diff --git a/src/lib/pubkey/ecdsa/ecdsa.cpp b/src/lib/pubkey/ecdsa/ecdsa.cpp
index 6e104f1641..2409d8f0d2 100644
--- src/lib/pubkey/ecdsa/ecdsa.cpp
+++ src/lib/pubkey/ecdsa/ecdsa.cpp
@@ -51,7 +51,8 @@ class ECDSA_Signature_Operation final : public PK_Ops::Signature_with_EMSA
public:
ECDSA_Signature_Operation(const ECDSA_PrivateKey& ecdsa,
- const std::string& emsa) :
+ const std::string& emsa,
+ RandomNumberGenerator& rng) :
PK_Ops::Signature_with_EMSA(emsa),
m_group(ecdsa.domain()),
m_x(ecdsa.private_value())
@@ -59,6 +60,9 @@ class ECDSA_Signature_Operation final : public PK_Ops::Signature_with_EMSA
#if defined(BOTAN_HAS_RFC6979_GENERATOR)
m_rfc6979_hash = hash_for_emsa(emsa);
#endif
+
+ m_b = m_group.random_scalar(rng);
+ m_b_inv = m_group.inverse_mod_order(m_b);
}
size_t max_input_bits() const override { return m_group.get_order_bits(); }
@@ -75,6 +79,8 @@ class ECDSA_Signature_Operation final : public PK_Ops::Signature_with_EMSA
#endif
std::vector<BigInt> m_ws;
+
+ BigInt m_b, m_b_inv;
};
secure_vector<uint8_t>
@@ -89,12 +95,21 @@ ECDSA_Signature_Operation::raw_sign(const uint8_t msg[], size_t msg_len,
const BigInt k = m_group.random_scalar(rng);
#endif
- const BigInt k_inv = m_group.inverse_mod_order(k);
const BigInt r = m_group.mod_order(
m_group.blinded_base_point_multiply_x(k, rng, m_ws));
- const BigInt xrm = m_group.mod_order(m_group.multiply_mod_order(m_x, r) + m);
- const BigInt s = m_group.multiply_mod_order(k_inv, xrm);
+ const BigInt k_inv = m_group.inverse_mod_order(k);
+
+ /*
+ * Blind the input message and compute x*r+m as (x*r*b + m*b)/b
+ */
+ m_b = m_group.square_mod_order(m_b);
+ m_b_inv = m_group.square_mod_order(m_b_inv);
+
+ m = m_group.multiply_mod_order(m_b, m);
+ const BigInt xr = m_group.multiply_mod_order(m_x, m_b, r);
+
+ const BigInt s = m_group.multiply_mod_order(k_inv, xr + m, m_b_inv);
// With overwhelming probability, a bug rather than actual zero r/s
if(r.is_zero() || s.is_zero())
@@ -144,7 +159,7 @@ bool ECDSA_Verification_Operation::verify(const uint8_t msg[], size_t msg_len,
const BigInt w = m_group.inverse_mod_order(s);
- const BigInt u1 = m_group.multiply_mod_order(e, w);
+ const BigInt u1 = m_group.multiply_mod_order(m_group.mod_order(e), w);
const BigInt u2 = m_group.multiply_mod_order(r, w);
const PointGFp R = m_gy_mul.multi_exp(u1, u2);
@@ -198,7 +213,7 @@ ECDSA_PublicKey::create_verification_op(const std::string& params,
}
std::unique_ptr<PK_Ops::Signature>
-ECDSA_PrivateKey::create_signature_op(RandomNumberGenerator& /*rng*/,
+ECDSA_PrivateKey::create_signature_op(RandomNumberGenerator& rng,
const std::string& params,
const std::string& provider) const
{
@@ -233,7 +248,7 @@ ECDSA_PrivateKey::create_signature_op(RandomNumberGenerator& /*rng*/,
#endif
if(provider == "base" || provider.empty())
- return std::unique_ptr<PK_Ops::Signature>(new ECDSA_Signature_Operation(*this, params));
+ return std::unique_ptr<PK_Ops::Signature>(new ECDSA_Signature_Operation(*this, params, rng));
throw Provider_Not_Found(algo_name(), provider);
}

10
srcpkgs/botan/template
View File

@ -1,7 +1,7 @@
# Template file for 'botan' # Template file for 'botan'
pkgname=botan pkgname=botan
version=2.6.0 version=2.8.0
revision=5 revision=1
wrksrc="${pkgname^}-${version}" wrksrc="${pkgname^}-${version}"
build_style=gnu-makefile build_style=gnu-makefile
hostmakedepends="doxygen epstopdf python" hostmakedepends="doxygen epstopdf python"
@ -9,9 +9,9 @@ makedepends="libressl-devel bzip2-devel liblzma-devel sqlite-devel zlib-devel"
short_desc="Crypto library written in C++" short_desc="Crypto library written in C++"
maintainer="Jürgen Buchmüller <pullmoll@t-online.de>" maintainer="Jürgen Buchmüller <pullmoll@t-online.de>"
license="BSD-2-Clause" license="BSD-2-Clause"
homepage="http://botan.randombit.net/" homepage="https://botan.randombit.net/"
distfiles="http://botan.randombit.net/releases/Botan-${version}.tgz" distfiles="https://botan.randombit.net/releases/Botan-${version}.tgz"
checksum=c1f261555bba702c73608dde7bd743ef2d6377a41a1c295915b25c5babaf5cc5 checksum=e7159b127e91e0c158245d61c638c50d443ec7b440b6b0161328c47b3aba3960
LDFLAGS="-pthread" LDFLAGS="-pthread"