File CVE-2016-2194+CVE-2016-2195.patch of Package Botan

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2016-2194+CVE-2016-2195.patch of Package Botan

From 43462f8d24880c42ce66ea45a76c7611fdab25cd Mon Sep 17 00:00:00 2001
From: Jack Lloyd <lloyd@randombit.net>
Date: Mon, 1 Feb 2016 07:35:38 -0500
Subject: [PATCH 1/2] Fix ressol and point multiplication bugs

Infinite loop during modular square root with invalid inputs.
CVE-2016-2194

Heap overflow in ECC point. CVE-2016-2195

Update version to 1.10.11
---
 botan_version.py                 |  2 +-
 doc/log.txt                      | 11 +++++++++++
 src/math/ec_gfp/point_gfp.cpp    | 12 ++++++++++--
 src/math/mp/mp_karat.cpp         |  5 +++++
 src/math/numbertheory/ressol.cpp |  6 +++---
 5 files changed, 30 insertions(+), 6 deletions(-)

diff --git a/src/math/ec_gfp/point_gfp.cpp b/src/math/ec_gfp/point_gfp.cpp
index 7ac6b4141..afd3b9d32 100644
--- a/src/math/ec_gfp/point_gfp.cpp
+++ b/src/math/ec_gfp/point_gfp.cpp
@@ -11,6 +11,7 @@
 #include <botan/numthry.h>
 #include <botan/reducer.h>
 #include <botan/internal/mp_core.h>
+#include <botan/internal/assert.h>
 
 namespace Botan {
 
@@ -25,6 +26,10 @@ PointGFp::PointGFp(const CurveGFp& curve) :
 PointGFp::PointGFp(const CurveGFp& curve, const BigInt& x, const BigInt& y) :
    curve(curve), ws(2 * (curve.get_p_words() + 2))
    {
+   if(x <= 0 || x >= curve.get_p())
+      throw Invalid_Argument("Invalid PointGFp x");
+   if(x <= 0 || x >= curve.get_p())
+      throw Invalid_Argument("Invalid PointGFp y");
    coord_x = monty_mult(x, curve.get_r2());
    coord_y = monty_mult(y, curve.get_r2());
    coord_z = monty_mult(1, curve.get_r2());
@@ -68,15 +73,18 @@ void PointGFp::monty_sqr(BigInt& z, const BigInt& x) const
       }
 
    const BigInt& p = curve.get_p();
-   const size_t p_size = curve.get_p_words();
    const word p_dash = curve.get_p_dash();
+   const size_t p_size = curve.get_p_words();
+
+   const size_t x_sw = x.sig_words();
+   BOTAN_ASSERT(x_sw <= p_size, "x value in range");
 
    SecureVector<word>& z_reg = z.get_reg();
    z_reg.resize(2*p_size+1);
    zeroise(z_reg);
 
    bigint_monty_sqr(&z_reg[0], z_reg.size(),
-                    x.data(), x.size(), x.sig_words(),
+                    x.data(), x.size(), x_sw,
                     p.data(), p_size, p_dash,
                     &ws[0]);
    }
diff --git a/src/math/mp/mp_karat.cpp b/src/math/mp/mp_karat.cpp
index 945b3b61a..b25d60637 100644
--- a/src/math/mp/mp_karat.cpp
+++ b/src/math/mp/mp_karat.cpp
@@ -7,6 +7,7 @@
 
 #include <botan/internal/mp_core.h>
 #include <botan/internal/mp_asmi.h>
+#include <botan/internal/assert.h>
 #include <botan/mem_ops.h>
 
 namespace Botan {
@@ -249,6 +250,8 @@ void bigint_mul(word z[], size_t z_size, word workspace[],
                 const word x[], size_t x_size, size_t x_sw,
                 const word y[], size_t y_size, size_t y_sw)
    {
+   BOTAN_ASSERT(z_size > x_sw && z_size > y_sw && z_size - x_sw >= y_sw, "Sufficient output size");
+
    if(x_sw == 1)
       {
       bigint_linmul3(z, y, y_sw, x[0]);
@@ -303,6 +306,8 @@ void bigint_mul(word z[], size_t z_size, word workspace[],
 void bigint_sqr(word z[], size_t z_size, word workspace[],
                 const word x[], size_t x_size, size_t x_sw)
    {
+   BOTAN_ASSERT(z_size/2 >= x_sw, "Sufficient output size");
+
    if(x_sw == 1)
       {
       bigint_linmul3(z, x, x_sw, x[0]);
diff --git a/src/math/numbertheory/ressol.cpp b/src/math/numbertheory/ressol.cpp
index 2e01406f8..adacd27f7 100644
--- a/src/math/numbertheory/ressol.cpp
+++ b/src/math/numbertheory/ressol.cpp
@@ -63,10 +63,10 @@ BigInt ressol(const BigInt& a, const BigInt& p)
          {
          q = mod_p.square(q);
          ++i;
-         }
 
-      if(s <= i)
-         return -BigInt(1);
+         if(i >= s)
+            return -BigInt(1);
+         }
 
       c = power_mod(c, BigInt(BigInt::Power2, s-i-1), p);
       r = mod_p.multiply(r, c);
-- 
2.12.0

Places

File CVE-2016-2194+CVE-2016-2195.patch of Package Botan

Places