Sophie

Sophie

distrib > Mageia > 6 > x86_64 > media > core-updates-src > by-pkgid > 75ee5635d6fdab9feb7fbf7c94711d97 > files > 3

libtomcrypt-1.17-11.1.mga6.src.rpm

Backported to ver. 1.17 from the original upstream commit plus rand_bn:

From f0a51bbdbd50e03a43914c9ee912c451b6ad82e5 Mon Sep 17 00:00:00 2001
From: Karel Miko <karel.miko@gmail.com>
Date: Sun, 17 Jun 2018 12:54:01 +0200
Subject: [PATCH] ecc_sign_hash blinding CVE-2018-12437

Index: libtomcrypt-1.17/src/pk/ecc/ecc_sign_hash.c
===================================================================
--- libtomcrypt-1.17/src/pk/ecc/ecc_sign_hash.c
+++ libtomcrypt-1.17/src/pk/ecc/ecc_sign_hash.c	2018-07-21 22:06:36.643264415 +0200
@@ -39,7 +39,7 @@
                         prng_state *prng, int wprng, ecc_key *key)
 {
    ecc_key       pubkey;
-   void          *r, *s, *e, *p;
+   void          *r, *s, *e, *p, *b;
    int           err;
 
    LTC_ARGCHK(in     != NULL);
@@ -63,7 +63,7 @@
 
    /* get the hash and load it as a bignum into 'e' */
    /* init the bignums */
-   if ((err = mp_init_multi(&r, &s, &p, &e, NULL)) != CRYPT_OK) { 
+   if ((err = mp_init_multi(&r, &s, &p, &e, &b, NULL)) != CRYPT_OK) { 
       return err;
    }
    if ((err = mp_read_radix(p, (char *)key->dp->order, 16)) != CRYPT_OK)                      { goto errnokey; }
@@ -81,12 +81,15 @@
       if (mp_iszero(r) == LTC_MP_YES) {
          ecc_free(&pubkey);
       } else { 
+        if ((err = rand_bn_upto(b, p, prng, wprng)) != CRYPT_OK)             { goto error; } /* b = blinding value */
         /* find s = (e + xr)/k */
-        if ((err = mp_invmod(pubkey.k, p, pubkey.k)) != CRYPT_OK)            { goto error; } /* k = 1/k */
+        if ((err = mp_mulmod(pubkey.k, b, p, pubkey.k)) != CRYPT_OK)         { goto error; } /* k = kb */
+        if ((err = mp_invmod(pubkey.k, p, pubkey.k)) != CRYPT_OK)            { goto error; } /* k = 1/kb */
         if ((err = mp_mulmod(key->k, r, p, s)) != CRYPT_OK)                  { goto error; } /* s = xr */
-        if ((err = mp_add(e, s, s)) != CRYPT_OK)                             { goto error; } /* s = e +  xr */
-        if ((err = mp_mod(s, p, s)) != CRYPT_OK)                             { goto error; } /* s = e +  xr */
-        if ((err = mp_mulmod(s, pubkey.k, p, s)) != CRYPT_OK)                { goto error; } /* s = (e + xr)/k */
+        if ((err = mp_mulmod(pubkey.k, s, p, s)) != CRYPT_OK)                { goto error; } /* s = xr/kb */
+        if ((err = mp_mulmod(pubkey.k, e, p, e)) != CRYPT_OK)                { goto error; } /* e = e/kb */
+        if ((err = mp_add(e, s, s)) != CRYPT_OK)                             { goto error; } /* s = e/kb + xr/kb */
+        if ((err = mp_mulmod(s, b, p, s)) != CRYPT_OK)                       { goto error; } /* s = b(e/kb + xr/kb) = (e + xr)/k */
         ecc_free(&pubkey);
         if (mp_iszero(s) == LTC_MP_NO) {
            break;
@@ -103,7 +106,7 @@
 error:
    ecc_free(&pubkey);
 errnokey:
-   mp_clear_multi(r, s, p, e, NULL);
+   mp_clear_multi(r, s, p, e, b, NULL);
    return err;   
 }
 
Index: libtomcrypt-1.17/makefile.shared
===================================================================
--- libtomcrypt-1.17/makefile.shared
+++ libtomcrypt-1.17/makefile.shared	2018-07-21 22:23:37.341863922 +0200
@@ -133,6 +133,7 @@
 src/mac/xcbc/xcbc_file.o src/mac/xcbc/xcbc_init.o src/mac/xcbc/xcbc_memory.o \
 src/mac/xcbc/xcbc_memory_multi.o src/mac/xcbc/xcbc_process.o src/mac/xcbc/xcbc_test.o \
 src/math/fp/ltc_ecc_fp_mulmod.o src/math/gmp_desc.o src/math/ltm_desc.o src/math/multi.o \
+src/math/rand_bn.o \
 src/math/rand_prime.o src/math/tfm_desc.o src/misc/base64/base64_decode.o \
 src/misc/base64/base64_encode.o src/misc/burn_stack.o src/misc/crypt/crypt_argchk.o \
 src/misc/crypt/crypt.o src/misc/crypt/crypt_cipher_descriptor.o src/misc/crypt/crypt_cipher_is_valid.o \
Index: libtomcrypt-1.17/makefile.unix
===================================================================
--- libtomcrypt-1.17/makefile.unix
+++ libtomcrypt-1.17/makefile.unix	2018-07-21 22:23:44.607775742 +0200
@@ -74,6 +74,7 @@
 src/mac/xcbc/xcbc_file.o src/mac/xcbc/xcbc_init.o src/mac/xcbc/xcbc_memory.o \
 src/mac/xcbc/xcbc_memory_multi.o src/mac/xcbc/xcbc_process.o src/mac/xcbc/xcbc_test.o \
 src/math/fp/ltc_ecc_fp_mulmod.o src/math/gmp_desc.o src/math/ltm_desc.o src/math/multi.o \
+src/math/rand_bn.o \
 src/math/rand_prime.o src/math/tfm_desc.o src/misc/base64/base64_decode.o \
 src/misc/base64/base64_encode.o src/misc/burn_stack.o src/misc/crypt/crypt_argchk.o \
 src/misc/crypt/crypt.o src/misc/crypt/crypt_cipher_descriptor.o src/misc/crypt/crypt_cipher_is_valid.o \
Index: libtomcrypt-1.17/src/math/rand_bn.c
===================================================================
--- libtomcrypt-1.17/src/math/rand_bn.c
+++ libtomcrypt-1.17/src/math/rand_bn.c	2018-07-21 22:22:05.687976335 +0200
@@ -0,0 +1,75 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+#include "tomcrypt.h"
+
+#if defined(LTC_MDSA) || defined(LTC_MECC)
+/**
+  Generate a random number N with given bitlength (note: MSB can be 0)
+*/
+
+int rand_bn_bits(void *N, int bits, prng_state *prng, int wprng)
+{
+   int res, bytes;
+   unsigned char *buf, mask;
+
+   LTC_ARGCHK(N != NULL);
+   LTC_ARGCHK(bits > 1);
+
+   /* check PRNG */
+   if ((res = prng_is_valid(wprng)) != CRYPT_OK) return res;
+
+   bytes = (bits+7) >> 3;
+   mask = 0xff << (8 - bits % 8);
+
+   /* allocate buffer */
+   if ((buf = XCALLOC(1, bytes)) == NULL) return CRYPT_MEM;
+
+   /* generate random bytes */
+   if (prng_descriptor[wprng].read(buf, bytes, prng) != (unsigned long)bytes) {
+      res = CRYPT_ERROR_READPRNG;
+      goto cleanup;
+   }
+   /* mask bits */
+   buf[0] &= ~mask;
+   /* load value */
+   if ((res = mp_read_unsigned_bin(N, buf, bytes)) != CRYPT_OK) goto cleanup;
+
+   res = CRYPT_OK;
+
+cleanup:
+#ifdef LTC_CLEAN_STACK
+   zeromem(buf, bytes);
+#endif
+   XFREE(buf);
+   return res;
+}
+
+/**
+  Generate a random number N in a range: 1 <= N < limit
+*/
+int rand_bn_upto(void *N, void *limit, prng_state *prng, int wprng)
+{
+   int res, bits;
+
+   LTC_ARGCHK(N != NULL);
+   LTC_ARGCHK(limit != NULL);
+
+   bits = mp_count_bits(limit);
+   do {
+     res = rand_bn_bits(N, bits, prng, wprng);
+     if (res != CRYPT_OK) return res;
+   } while (mp_cmp_d(N, 0) != LTC_MP_GT || mp_cmp(N, limit) != LTC_MP_LT);
+
+   return CRYPT_OK;
+}
+#endif
+
+/* ref:         $Format:%D$ */
+/* git commit:  $Format:%H$ */
+/* commit time: $Format:%ai$ */
Index: libtomcrypt-1.17/src/headers/tomcrypt_pk.h
===================================================================
--- libtomcrypt-1.17/src/headers/tomcrypt_pk.h
+++ libtomcrypt-1.17/src/headers/tomcrypt_pk.h	2018-07-21 22:34:07.550243194 +0200
@@ -7,6 +7,9 @@
 
 int rand_prime(void *N, long len, prng_state *prng, int wprng);
 
+int rand_bn_bits(void *N, int bits, prng_state *prng, int wprng);
+int rand_bn_upto(void *N, void *limit, prng_state *prng, int wprng);
+
 /* ---- RSA ---- */
 #ifdef LTC_MRSA

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional