Crypto++ and Patch for CVE-2015-2141 committed
Jeffrey Walton
noloader at gmail.com
Sun Jun 28 02:46:28 UTC 2015
Hello,
You are receiving this email because you are (or were) listed as a
package maintainer for Crypto++. Emails are also being sent to the
well known security@ address from RFC 2142. Please accept apologies if
you receive this email multiple times.
Crypto++ committed the patch for CVE-2015-2141 today. For SVN, the
commit of interest is r542. You can find it at
https://sourceforge.net/p/cryptopp/code/542/. For GitHub, the commit
of interest is 9425e16437439e68c7d96abef922167d68fafaff. You can find
it at https://github.com/weidai11/cryptopp/commit/9425e16437439e68c7d96abef922167d68fafaff.
***** CVE-2015-2141 Details *****
Evgeny Sidorov discovered he could recover the private key when using
Rabin-Williams signatures due to a bad interaction with the blinding
value used to mask private key operations. The bad interaction had to
do with the random value not meeting certain Jacobi requirements. The
full writeup can be found at https://eprint.iacr.org/2015/368.
Jean-Pierre Münch suggested a simple fix to avoid the bad interaction:
square the random value. Squaring the random value meant the value
satisfied the Jacobi requirements, and it avoid trial-and-error on
producing the random value in a loop. Avoiding trial-and-error saved
about 6-8 iterations of the loop, and about 12 Jacobi tests on
average.
***** Obtain the latest sources *****
To checkout from SVN, issue:
svn checkout https://svn.code.sf.net/p/cryptopp/code/trunk/c5 cryptopp
To clone from Wei Dai's GitHub, issue:
git clone https://github.com/weidai11/cryptopp.git cryptopp
The ZIP files from the website do *not* include the latest revisions.
You should not build a package based upon it.
***** DataDir patch *****
As a maintainer, you may be interested in the DataDir patch. The patch
ensures the self tests and benchmarks run after the library is
installed.
For the patch and a script to help integrate it, see
http://www.cryptopp.com/wiki/DataDir.
More information about the Ubuntu-devel-discuss
mailing list