Package: libcrypto++ / 5.6.1-6+deb8u3

CVE-2016-3995.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
From 9f335d719ebc27f58251559240de0077ec42c583 Mon Sep 17 00:00:00 2001
From: Pierre Lestringant <plt@amossys.fr>
Date: Wed, 6 Apr 2016 15:51:17 +0200
Subject: [PATCH] Fix the Rijndael timing attack counter measure

---
 rijndael.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rijndael.cpp b/rijndael.cpp
index f394960..92f9dea 100644
--- a/rijndael.cpp
+++ b/rijndael.cpp
@@ -372,10 +372,12 @@ void Rijndael::Enc::ProcessAndXorBlock(c
 	t3 = rk[7];
 	rk += 8;
 
-	// timing attack countermeasure. see comments at top for more details
+	// timing attack countermeasure. see comments at top for more details.
+	// also see http://github.com/weidai11/cryptopp/issues/146
 	const int cacheLineSize = GetCacheLineSize();
 	unsigned int i;
-	word32 u = 0;
+	volatile word32 _u = 0;
+	word32 u = _u;
 #ifdef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS
 	for (i=0; i<2048; i+=cacheLineSize)
 #else
@@ -448,10 +450,12 @@ void Rijndael::Dec::ProcessAndXorBlock(c
 	t3 = rk[7];
 	rk += 8;
 
-	// timing attack countermeasure. see comments at top for more details
+	// timing attack countermeasure. see comments at top for more details.
+	// also see http://github.com/weidai11/cryptopp/issues/146
 	const int cacheLineSize = GetCacheLineSize();
 	unsigned int i;
-	word32 u = 0;
+	volatile word32 _u = 0;
+	word32 u = _u;
 #ifdef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS
 	for (i=0; i<2048; i+=cacheLineSize)
 #else
@@ -491,7 +495,7 @@ void Rijndael::Dec::ProcessAndXorBlock(c
 	// timing attack countermeasure. see comments at top for more details
 	// If CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS is defined, 
 	// QUARTER_ROUND_LD will use Td, which is already preloaded.
-	u = 0;
+	u = _u;
 	for (i=0; i<256; i+=cacheLineSize)
 		u &= *(const word32 *)(Sd+i);
 	u &= *(const word32 *)(Sd+252);