diff options
| author | Jack Lloyd <[email protected]> | 2016-02-01 07:35:38 -0500 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2016-02-01 12:07:36 -0500 |
| commit | 43462f8d24880c42ce66ea45a76c7611fdab25cd (patch) | |
| tree | 2dad293afaaf62433014173a7b17501ab6c9e413 | |
| parent | cb61a694258ea74c27b169eafb6add7e764402ee (diff) | |
Fix ressol and point multiplication bugs1.10.11
Infinite loop during modular square root with invalid inputs.
CVE-2016-2194
Heap overflow in ECC point. CVE-2016-2195
Update version to 1.10.11
| -rw-r--r-- | botan_version.py | 2 | ||||
| -rw-r--r-- | doc/log.txt | 11 | ||||
| -rw-r--r-- | src/math/ec_gfp/point_gfp.cpp | 12 | ||||
| -rw-r--r-- | src/math/mp/mp_karat.cpp | 5 | ||||
| -rw-r--r-- | src/math/numbertheory/ressol.cpp | 6 |
5 files changed, 30 insertions, 6 deletions
diff --git a/botan_version.py b/botan_version.py index 0f26ed671..7f3eccaa5 100644 --- a/botan_version.py +++ b/botan_version.py @@ -1,7 +1,7 @@ release_major = 1 release_minor = 10 -release_patch = 10 +release_patch = 11 release_so_abi_rev = 1 diff --git a/doc/log.txt b/doc/log.txt index a7d014500..14430a3ed 100644 --- a/doc/log.txt +++ b/doc/log.txt @@ -7,6 +7,17 @@ Release Notes Series 1.10 ---------------------------------------- +Version 1.10.11, 2016-02-01 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Resolve heap overflow in ECC point decoding. CVE-2016-2915 + +* Resolve infinite loop in modular square root algorithm. + CVE-2016-2194 + +* Correct BigInt::to_u32bit to not fail on integers of exactly 32 bits. + GH #239 + Version 1.10.10, 2015-08-03 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/src/math/ec_gfp/point_gfp.cpp b/src/math/ec_gfp/point_gfp.cpp index 7ac6b4141..afd3b9d32 100644 --- a/src/math/ec_gfp/point_gfp.cpp +++ b/src/math/ec_gfp/point_gfp.cpp @@ -11,6 +11,7 @@ #include <botan/numthry.h> #include <botan/reducer.h> #include <botan/internal/mp_core.h> +#include <botan/internal/assert.h> namespace Botan { @@ -25,6 +26,10 @@ PointGFp::PointGFp(const CurveGFp& curve) : PointGFp::PointGFp(const CurveGFp& curve, const BigInt& x, const BigInt& y) : curve(curve), ws(2 * (curve.get_p_words() + 2)) { + if(x <= 0 || x >= curve.get_p()) + throw Invalid_Argument("Invalid PointGFp x"); + if(x <= 0 || x >= curve.get_p()) + throw Invalid_Argument("Invalid PointGFp y"); coord_x = monty_mult(x, curve.get_r2()); coord_y = monty_mult(y, curve.get_r2()); coord_z = monty_mult(1, curve.get_r2()); @@ -68,15 +73,18 @@ void PointGFp::monty_sqr(BigInt& z, const BigInt& x) const } const BigInt& p = curve.get_p(); - const size_t p_size = curve.get_p_words(); const word p_dash = curve.get_p_dash(); + const size_t p_size = curve.get_p_words(); + + const size_t x_sw = x.sig_words(); + BOTAN_ASSERT(x_sw <= p_size, "x value in range"); SecureVector<word>& z_reg = z.get_reg(); z_reg.resize(2*p_size+1); zeroise(z_reg); bigint_monty_sqr(&z_reg[0], z_reg.size(), - x.data(), x.size(), x.sig_words(), + x.data(), x.size(), x_sw, p.data(), p_size, p_dash, &ws[0]); } diff --git a/src/math/mp/mp_karat.cpp b/src/math/mp/mp_karat.cpp index 945b3b61a..b25d60637 100644 --- a/src/math/mp/mp_karat.cpp +++ b/src/math/mp/mp_karat.cpp @@ -7,6 +7,7 @@ #include <botan/internal/mp_core.h> #include <botan/internal/mp_asmi.h> +#include <botan/internal/assert.h> #include <botan/mem_ops.h> namespace Botan { @@ -249,6 +250,8 @@ void bigint_mul(word z[], size_t z_size, word workspace[], const word x[], size_t x_size, size_t x_sw, const word y[], size_t y_size, size_t y_sw) { + BOTAN_ASSERT(z_size > x_sw && z_size > y_sw && z_size - x_sw >= y_sw, "Sufficient output size"); + if(x_sw == 1) { bigint_linmul3(z, y, y_sw, x[0]); @@ -303,6 +306,8 @@ void bigint_mul(word z[], size_t z_size, word workspace[], void bigint_sqr(word z[], size_t z_size, word workspace[], const word x[], size_t x_size, size_t x_sw) { + BOTAN_ASSERT(z_size/2 >= x_sw, "Sufficient output size"); + if(x_sw == 1) { bigint_linmul3(z, x, x_sw, x[0]); diff --git a/src/math/numbertheory/ressol.cpp b/src/math/numbertheory/ressol.cpp index 2e01406f8..adacd27f7 100644 --- a/src/math/numbertheory/ressol.cpp +++ b/src/math/numbertheory/ressol.cpp @@ -63,10 +63,10 @@ BigInt ressol(const BigInt& a, const BigInt& p) { q = mod_p.square(q); ++i; - } - if(s <= i) - return -BigInt(1); + if(i >= s) + return -BigInt(1); + } c = power_mod(c, BigInt(BigInt::Power2, s-i-1), p); r = mod_p.multiply(r, c); |