packages/botan2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!15 Fix CVE-2024-50382

Browse Source 
From: @li_ning_jie 
Reviewed-by: @misaka00251 
Signed-off-by: @misaka00251
This commit is contained in:
openeuler-ci-bot 2024-10-28 02:23:26 +00:00 committed by Gitee
commit cfa3d2a3f5
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 69 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
backport-CVE-2024-50382.patch Normal file
View File

@ -0,0 +1,64 @@
From 53b0cfde580e86b03d0d27a488b6c134f662e957 Mon Sep 17 00:00:00 2001
From: Jack Lloyd <jack@randombit.net>
Date: Sat, 19 Oct 2024 07:43:18 -0400
Subject: [PATCH] Add more value barriers to avoid compiler induced side
channels
The paper https://arxiv.org/pdf/2410.13489 claims that on specific
architectures Clang and GCC may introduce jumps here. The donna128
issues only affect 32-bit processors, which explains why we would not
see it in the x86-64 valgrind runs.
The GHASH leak would seem to be generic but the authors only observed
it on RISC-V.
---
src/lib/utils/donna128.h | 5 +++--
src/lib/utils/ghash/ghash.cpp | 2 +-
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/lib/utils/donna128.h b/src/lib/utils/donna128.h
index ff57190..1cbf060 100644
--- a/src/lib/utils/donna128.h
+++ b/src/lib/utils/donna128.h
@@ -8,6 +8,7 @@
#ifndef BOTAN_CURVE25519_DONNA128_H_
#define BOTAN_CURVE25519_DONNA128_H_
+#include <botan/internal/ct_utils.h>
#include <botan/mul128.h>
namespace Botan {
@@ -61,7 +62,7 @@ class donna128 final
l += x.l;
h += x.h;
- const uint64_t carry = (l < x.l);
+ const uint64_t carry = CT::Mask<uint64_t>::is_lt(l, x.l).if_set_return(1);
h += carry;
return *this;
}
@@ -69,7 +70,7 @@ class donna128 final
donna128& operator+=(uint64_t x)
{
l += x;
- const uint64_t carry = (l < x);
+ const uint64_t carry = CT::Mask<uint64_t>::is_lt(l, x).if_set_return(1);
h += carry;
return *this;
}
diff --git a/src/lib/utils/ghash/ghash.cpp b/src/lib/utils/ghash/ghash.cpp
index e24f5e0..8f0afa7 100644
--- a/src/lib/utils/ghash/ghash.cpp
+++ b/src/lib/utils/ghash/ghash.cpp
@@ -139,7 +139,7 @@ void GHASH::key_schedule(const uint8_t key[], size_t length)
m_HM[4*j+2*i+1] = H1;
// GCM's bit ops are reversed so we carry out of the bottom
- const uint64_t carry = R * (H1 & 1);
+ const uint64_t carry = CT::Mask<uint64_t>::expand(H1 & 1).if_set_return(R);
H1 = (H1 >> 1) | (H0 << 63);
H0 = (H0 >> 1) ^ carry;
}
--
2.33.0

6
botan2.spec
View File

@ -2,7 +2,7 @@
Name: botan2 Name: botan2
Version: 2.19.3 Version: 2.19.3
Release: 3 Release: 4
Summary: Crypto and TLS for C++11 Summary: Crypto and TLS for C++11
License: BSD License: BSD
@ -11,6 +11,7 @@ Source0: %{url}/releases/Botan-%{version}.tar.xz
Patch01: Backport-CVE-2024-34703-When-decoding-an-arbi.patch Patch01: Backport-CVE-2024-34703-When-decoding-an-arbi.patch
Patch02: backport-CVE-2024-39312.patch Patch02: backport-CVE-2024-39312.patch
Patch03: backport-CVE-2024-50382.patch
BuildRequires: gcc-c++ python3 python3-devel python3-sphinx python-docutils BuildRequires: gcc-c++ python3 python3-devel python3-sphinx python-docutils
BuildRequires: bzip2-devel zlib-devel make BuildRequires: bzip2-devel zlib-devel make
@ -127,6 +128,9 @@ LD_LIBRARY_PATH=%{buildroot}%{_libdir} ./botan-test
%changelog %changelog
* Fri Oct 25 2024 liningjie <liningjie@xfusion.com> - 2.19.3-4
- Fix CVE-2024-50382
* Wed Jul 10 2024 liweigang <liweiganga@uniontech.com> - 2.19.3-3 * Wed Jul 10 2024 liweigang <liweiganga@uniontech.com> - 2.19.3-3
- fix CVE-2024-39312 - fix CVE-2024-39312
- fix CVE-2024-34702 - fix CVE-2024-34702