diff options
author | nia <nia@pkgsrc.org> | 2019-07-09 11:20:58 +0000 |
---|---|---|
committer | nia <nia@pkgsrc.org> | 2019-07-09 11:20:58 +0000 |
commit | d94b38a99a8e11ccebc8da7fbe9fb91771923ded (patch) | |
tree | c66e36e4774bb503946b11765fe2c5b79b223aee /security | |
parent | e3b7511723d8c8913a77aeeae11503e8d76a9734 (diff) | |
download | pkgsrc-d94b38a99a8e11ccebc8da7fbe9fb91771923ded.tar.gz |
libtomcrypt: Update to 1.18.2
July 1st, 2018
v1.18.2
-- Fix Side Channel Based ECDSA Key Extraction (CVE-2018-12437) (PR #408)
-- Fix potential stack overflow when DER flexi-decoding (CVE-2018-0739) (PR #373)
-- Fix two-key 3DES (PR #390)
-- Fix accelerated CTR mode (PR #359)
-- Fix Fortuna PRNG (PR #363)
-- Fix compilation on platforms where cc doesn't point to gcc (PR #382)
-- Fix using the wrong environment variable LT instead of LIBTOOL (PR #392)
-- Fix build on platforms where the compiler provides __WCHAR_MAX__ but wchar.h is not available (PR #390)
-- Fix & re-factor crypt_list_all_sizes() and crypt_list_all_constants() (PR #414)
-- Minor fixes (PR's #350 #351 #375 #377 #378 #379)
January 22nd, 2018
v1.18.1
-- Fix wrong SHA3 blocksizes, thanks to Claus Fischer for reporting this via Mail (PR #329)
-- Fix NULL-pointer dereference in `ccm_memory()` with LTC_CLEAN_STACK enabled (PR #327)
-- Fix `ccm_process()` being unable to process input buffers longer than 256 bytes (PR #326)
-- Fix the `register_all_{ciphers,hashes,prngs}()` return values (PR #316)
-- Fix some typos, warnings and duplicate prototypes in code & doc (PR's #310 #320 #321 #335)
-- Fix possible undefined behavior with LTC_PTHREAD (PR #337)
-- Fix some DER bugs (PR #339)
-- Fix CTR-mode when accelerator is used (OP-TEE/optee_os #2086)
-- Fix installation procedure (Issue #340)
October 10th, 2017
v1.18.0
-- Bugfix multi2
-- Bugfix Noekeon
-- Bugfix XTEA
-- Bugfix rng_get_bytes() on windows where we could read from c:\dev\random
-- Fixed the Bleichbacher Signature attack in PKCS#1 v1.5 EMSA, thanks to Alex Dent
-- Fixed a potential cache-based timing attack in CCM, thanks to Sebastian Verschoor
-- Fix GCM counter reuse and potential timing attacks in EAX, OCB and OCBv3,
thanks to Raphaƫl Jamet
-- Implement hardened RSA operations when CRT is used
-- Enabled timing resistant calculations of ECC and RSA operations per default
-- Applied some patches from the OLPC project regarding PKCS#1 and preventing
the hash algorithms from overflowing
-- Larry Bugbee contributed the necessary stuff to more easily call libtomcrypt
from a dynamic language like Python, as shown in his pyTomCrypt
-- Nikos Mavrogiannopoulos contributed RSA blinding and export of RSA and DSA keys
in OpenSSL/GnuTLS compatible format
-- Patrick Pelletier contributed a smart volley of patches
-- Christopher Brown contributed some patches and additions to ASN.1/DER
-- Pascal Brand of STMicroelectronics contributed patches regarding CCM, the
XTS mode and RSA private key operations with keys without CRT parameters
-- RC2 now also works with smaller key-sizes
-- Improved/extended several tests & demos
-- Hardened DSA and RSA by testing (through Karel's perl-CryptX)
against Google's "Wycheproof" and Kudelski Security's "CDF"
-- Fixed all compiler warnings
-- Fixed several build issues on FreeBSD, NetBSD, Linux x32 ABI, HP-UX/IA64,
Mac OS X, Windows (32&64bit, Cygwin, MingW & MSVC) ...
-- Re-worked all makefiles
-- Re-worked most PRNG's
-- The code is now verified by a linter, thanks to Francois Perrad
-- Documentation (crypt.pdf) is now built deterministically, thanks to Michael Stapelberg
-- Add Adler32 and CRC32 checksum algorithms
-- Add Base64-URL de-/encoding and some strict variants
-- Add Blake2b & Blake2s (hash & mac), thanks to Kelvin Sherlock
-- Add Camellia block cipher
-- Add ChaCha (stream cipher), Poly1305 (mac), ChaCha20Poly1305 (encauth)
-- Add constant-time mem-compare mem_neq()
-- Add DER GeneralizedTime de-/encoding
-- Add DSA and ECC key generation FIPS-186-4 compliance
-- Add HKDF, thanks to RyanC (especially for also providing documentation :-) )
-- Add OCBv3
-- Add PKCS#1 v1.5 mode of SSL3.0
-- Add PKCS#1 testvectors from RSA
-- Add PKCS#8 & X.509 import for RSA keys
-- Add stream cipher API
-- Add SHA3 & SHAKE
-- Add SHA512/256 and SHA512/224
-- Add Triple-DES 2-key mode, thanks to Paul Howarth
-- Brought back Diffie-Hellman
Diffstat (limited to 'security')
-rw-r--r-- | security/libtomcrypt/Makefile | 19 | ||||
-rw-r--r-- | security/libtomcrypt/PLIST | 6 | ||||
-rw-r--r-- | security/libtomcrypt/distinfo | 16 | ||||
-rw-r--r-- | security/libtomcrypt/patches/patch-aa | 39 | ||||
-rw-r--r-- | security/libtomcrypt/patches/patch-ab | 97 | ||||
-rw-r--r-- | security/libtomcrypt/patches/patch-ac | 25 | ||||
-rw-r--r-- | security/libtomcrypt/patches/patch-src_headers_tomcrypt__macros.h | 25 | ||||
-rw-r--r-- | security/libtomcrypt/patches/patch-src_pk_rsa_rsa__verify__hash.c | 33 |
8 files changed, 30 insertions, 230 deletions
diff --git a/security/libtomcrypt/Makefile b/security/libtomcrypt/Makefile index b84b220911a..521c62d40e9 100644 --- a/security/libtomcrypt/Makefile +++ b/security/libtomcrypt/Makefile @@ -1,11 +1,11 @@ -# $NetBSD: Makefile,v 1.7 2017/05/16 21:55:50 snj Exp $ +# $NetBSD: Makefile,v 1.8 2019/07/09 11:20:58 nia Exp $ -DISTNAME= crypt-1.17 +DISTNAME= crypt-1.18.2 PKGNAME= libtom${DISTNAME} -PKGREVISION= 3 CATEGORIES= security -MASTER_SITES= http://libtom.org/files/ -EXTRACT_SUFX= .tar.bz2 +MASTER_SITES= ${MASTER_SITE_GITHUB:=libtom/} +GITHUB_RELEASE= v${PKGVERSION_NOREV} +EXTRACT_SUFX= .tar.xz MAINTAINER= agc@NetBSD.org HOMEPAGE= https://github.com/libtom/libtomcrypt @@ -16,11 +16,12 @@ WRKSRC= ${WRKDIR}/${PKGNAME_NOREV} USE_LIBTOOL= yes USE_TOOLS+= gmake MAKE_FILE= makefile.shared -MAKE_ENV+= CFLAGS_OPTS="-DUSE_LTM -DLTM_DESC" -BUILD_TARGET= default -AUTO_MKDIRS= yes +# This disables funrolling the loops. +MAKE_FLAGS+= IGNORE_SPEED=1 +MAKE_FLAGS+= EXTRALIBS="-ltommath" -.include "../../math/ltm/buildlink3.mk" +CPPFLAGS+= -DUSE_LTM -DLTM_DESC +.include "../../math/ltm/buildlink3.mk" .include "../../mk/bsd.pkg.mk" diff --git a/security/libtomcrypt/PLIST b/security/libtomcrypt/PLIST index 3d51b272674..29909a4c756 100644 --- a/security/libtomcrypt/PLIST +++ b/security/libtomcrypt/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.2 2011/03/10 10:02:34 drochner Exp $ +@comment $NetBSD: PLIST,v 1.3 2019/07/09 11:20:58 nia Exp $ include/tomcrypt.h include/tomcrypt_argchk.h include/tomcrypt_cfg.h @@ -12,7 +12,5 @@ include/tomcrypt_misc.h include/tomcrypt_pk.h include/tomcrypt_pkcs.h include/tomcrypt_prng.h -include/tomcrypt_test.h lib/libtomcrypt.la -lib/libtomcrypt_prof.la -share/doc/libtomcrypt/crypt.pdf +lib/pkgconfig/libtomcrypt.pc diff --git a/security/libtomcrypt/distinfo b/security/libtomcrypt/distinfo index 98c1b75b139..30b193c91d1 100644 --- a/security/libtomcrypt/distinfo +++ b/security/libtomcrypt/distinfo @@ -1,11 +1,7 @@ -$NetBSD: distinfo,v 1.7 2017/07/15 17:23:03 wiz Exp $ +$NetBSD: distinfo,v 1.8 2019/07/09 11:20:58 nia Exp $ -SHA1 (crypt-1.17.tar.bz2) = 9c746822c84e4276e432b64964f94d1d5ddd13ad -RMD160 (crypt-1.17.tar.bz2) = 742d72d82fea2e6a9865d8c682c10cbaba69ea2f -SHA512 (crypt-1.17.tar.bz2) = 9335df5ae0a2c8e33e8f03ced0cfb0a8d1ac4bccd007b74818228c3b8b232446b4425356f304a08320b75542a537a46b305b92c3011dee76dfd636497bf57af2 -Size (crypt-1.17.tar.bz2) = 1599215 bytes -SHA1 (patch-aa) = a2385cf0543a19b1555d4370a10c012c5141b48a -SHA1 (patch-ab) = 9ccfd1f43607c4b781f31f2ddd53500db5c94efd -SHA1 (patch-ac) = f3beb2d6ffc2db483891b61d1fe53db38434fe38 -SHA1 (patch-src_headers_tomcrypt__macros.h) = 4aa1e0773a11c32fca83e7de82e12d44fdbb8202 -SHA1 (patch-src_pk_rsa_rsa__verify__hash.c) = 0bc2467fa3fc0a372baafbfea4c7b328422f8adb +SHA1 (crypt-1.18.2.tar.xz) = 55bd8c2015f39bba73aca13b5e4e37f44a292b3f +RMD160 (crypt-1.18.2.tar.xz) = 484fa6695e84448270d45851123249276d8add8d +SHA512 (crypt-1.18.2.tar.xz) = f6117a12a42b07f8de4a8aedbccf6ff4ee94b4b81cb7263af99627c32eae646ca8ead7d3063737918db4aa118673001fcf2cfa8e4ca8b528fb00045fda7cc893 +Size (crypt-1.18.2.tar.xz) = 2638064 bytes +SHA1 (patch-ab) = 8c3750217ec90663a90f2b871e8eb8a940fe2fb0 diff --git a/security/libtomcrypt/patches/patch-aa b/security/libtomcrypt/patches/patch-aa deleted file mode 100644 index eb774e422bd..00000000000 --- a/security/libtomcrypt/patches/patch-aa +++ /dev/null @@ -1,39 +0,0 @@ -$NetBSD: patch-aa,v 1.1.1.1 2010/11/27 06:11:57 agc Exp $ - -Use pkgsrc defs to install things - -Install the documentation - ---- makefile.unix 2010/11/24 08:46:20 1.1 -+++ makefile.unix 2010/11/24 08:53:23 -@@ -29,9 +29,9 @@ - #LIBPATH-The directory for libtomcrypt to be installed to. - #INCPATH-The directory to install the header files for libtomcrypt. - #DATAPATH-The directory to install the pdf docs. --LIBPATH=/usr/local/lib --INCPATH=/usr/local/include --DATAPATH=/usr/local/share/doc/libtomcrypt/pdf -+LIBPATH=${PREFIX}/lib -+INCPATH=${PREFIX}/include -+DATAPATH=${PREFIX}/share/doc/libtomcrypt/ - - #Who do we install as? - USER=root -@@ -226,11 +226,12 @@ - #as root in order to have a high enough permission to write to the correct - #directories and to set the owner and group to root. - install: library -- install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(LIBPATH) -- install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(INCPATH) -- install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(DATAPATH) -- install -g $(GROUP) -o $(USER) $(LIBNAME) $(DESTDIR)$(LIBPATH) -- install -g $(GROUP) -o $(USER) $(HEADERS) $(DESTDIR)$(INCPATH) -+ ${BSD_INSTALL_LIB_DIR} $(DESTDIR)$(LIBPATH) -+ ${BSD_INSTALL_DATA_DIR} $(DESTDIR)$(INCPATH) -+ ${BSD_INSTALL_DATA_DIR} $(DESTDIR)$(DATAPATH) -+ ${BSD_INSTALL_LIB} $(LIBNAME) $(DESTDIR)$(LIBPATH) -+ ${BSD_INSTALL_DATA} $(HEADERS) $(DESTDIR)$(INCPATH) -+ ${BSD_INSTALL_DATA} doc/crypt.pdf $(DESTDIR)$(DATAPATH) - - install_test: testprof/$(LIBTEST) - install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(LIBPATH) diff --git a/security/libtomcrypt/patches/patch-ab b/security/libtomcrypt/patches/patch-ab index f29a653bdde..8e5db25a496 100644 --- a/security/libtomcrypt/patches/patch-ab +++ b/security/libtomcrypt/patches/patch-ab @@ -1,90 +1,17 @@ -$NetBSD: patch-ab,v 1.3 2017/07/15 17:23:04 wiz Exp $ +$NetBSD: patch-ab,v 1.4 2019/07/09 11:20:58 nia Exp $ ---- makefile.shared.orig 2007-05-12 14:46:25.000000000 +0000 +Use pkgsrc install command. + +--- makefile.shared.orig 2018-07-01 20:49:01.000000000 +0000 +++ makefile.shared -@@ -9,7 +9,7 @@ - VERSION=0:117 - - # Compiler and Linker Names --CC=libtool --mode=compile --tag=CC gcc -+#CC=libtool --mode=compile --tag=CC gcc - - # ranlib tools - ifndef RANLIB -@@ -17,7 +17,7 @@ ifndef RANLIB - endif - - # Compilation flags. Note the += does not write over the user's CFLAGS! --CFLAGS += -c -I./src/headers/ -Wall -Wsign-compare -W -Wshadow -DLTC_SOURCE -+CFLAGS += -c -I./src/headers/ -Wall -Wsign-compare -W -Wshadow -DLTC_SOURCE ${CFLAGS_OPTS} - - # additional warnings (newer GCC 3.4 and higher) - ifdef GCC_34 -@@ -75,13 +75,13 @@ ifndef DESTDIR - DESTDIR= - endif - ifndef LIBPATH -- LIBPATH=/usr/lib -+ LIBPATH=${PREFIX}/lib - endif - ifndef INCPATH -- INCPATH=/usr/include -+ INCPATH=${PREFIX}/include - endif - ifndef DATAPATH -- DATAPATH=/usr/share/doc/libtomcrypt/pdf -+ DATAPATH=${PREFIX}/share/doc/libtomcrypt/ - endif - - #Who do we install as? -@@ -230,33 +230,38 @@ TIMINGS=demos/timing.o - default:library - - #ciphers come in two flavours... enc+dec and enc --src/ciphers/aes/aes_enc.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c -- $(CC) $(CFLAGS) -DENCRYPT_ONLY -c src/ciphers/aes/aes.c -o src/ciphers/aes/aes_enc.o -+src/ciphers/aes/aes_enc.lo: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c -+ ${LIBTOOL} --mode=compile $(CC) $(CFLAGS) -DENCRYPT_ONLY -c src/ciphers/aes/aes.c -o src/ciphers/aes/aes_enc.lo - - #These are the rules to make certain object files. --src/ciphers/aes/aes.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c --src/ciphers/twofish/twofish.o: src/ciphers/twofish/twofish.c src/ciphers/twofish/twofish_tab.c --src/hashes/whirl/whirl.o: src/hashes/whirl/whirl.c src/hashes/whirl/whirltab.c --src/hashes/sha2/sha512.o: src/hashes/sha2/sha512.c src/hashes/sha2/sha384.c --src/hashes/sha2/sha256.o: src/hashes/sha2/sha256.c src/hashes/sha2/sha224.c -+src/ciphers/aes/aes.lo: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c -+src/ciphers/twofish/twofish.lo: src/ciphers/twofish/twofish.c src/ciphers/twofish/twofish_tab.c -+src/hashes/whirl/whirl.lo: src/hashes/whirl/whirl.c src/hashes/whirl/whirltab.c -+src/hashes/sha2/sha512.lo: src/hashes/sha2/sha512.c src/hashes/sha2/sha384.c -+src/hashes/sha2/sha256.lo: src/hashes/sha2/sha256.c src/hashes/sha2/sha224.c - - #This rule makes the libtomcrypt library. - library: $(LIBNAME) - -+.SUFFIXES: .lo -+.c.lo: -+ ${LIBTOOL} --mode=compile ${CC} -c ${CFLAGS} $< -o $@ -+ - testprof/$(LIBTEST): - cd testprof ; CFLAGS="$(CFLAGS)" GROUP=$(GROUP) USER=$(USER) VERSION=$(VERSION) LIBPATH=$(LIBPATH) LIBTEST=$(LIBTEST) LIBTEST_S=$(LIBTEST_S) make -f makefile.shared - - objs: $(OBJECTS) +@@ -64,8 +64,8 @@ $(foreach demo, $(strip $(DEMOS)), $(eva --$(LIBNAME): $(OBJECTS) testprof/$(LIBTEST) -- libtool --silent --mode=link gcc $(CFLAGS) `find . -type f | grep "[.]lo" | grep "src/" | xargs` $(EXTRALIBS) -o $(LIBNAME) -rpath $(LIBPATH) -version-info $(VERSION) -+$(LIBNAME): $(OBJECTS:.o=.lo) testprof/$(LIBTEST) -+ libtool --silent --mode=link ${CC} $(CFLAGS) $(LDFLAGS) `find . -type f | grep "[.]lo" | grep "src/" | xargs` $(EXTRALIBS) -o $(LIBNAME) -rpath $(LIBPATH) -version-info $(VERSION) + install: $(call print-help,install,Installs the library + headers + pkg-config file) .common_install + sed -e 's,^prefix=.*,prefix=$(PREFIX),' -e 's,^Version:.*,Version: $(VERSION_PC),' libtomcrypt.pc.in > libtomcrypt.pc +- install -p -d $(DESTDIR)$(LIBPATH)/pkgconfig +- install -p -m 644 libtomcrypt.pc $(DESTDIR)$(LIBPATH)/pkgconfig/ ++ $(BSD_INSTALL_DATA_DIR) $(DESTDIR)$(LIBPATH)/pkgconfig ++ $(BSD_INSTALL_DATA) libtomcrypt.pc $(DESTDIR)$(LIBPATH)/pkgconfig/ - install: $(LIBNAME) -- install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(LIBPATH) -+ ${BSD_INSTALL_LIB_DIR} $(DESTDIR)$(LIBPATH) - cd testprof ; CFLAGS="$(CFLAGS)" GROUP=$(GROUP) USER=$(USER) VERSION=$(VERSION) LIBPATH=$(LIBPATH) LIBTEST=$(LIBTEST) LIBTEST_S=$(LIBTEST_S) DESTDIR=$(DESTDIR) make -f makefile.shared install - libtool --silent --mode=install install -c libtomcrypt.la $(DESTDIR)$(LIBPATH)/libtomcrypt.la -- install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(INCPATH) -- install -g $(GROUP) -o $(USER) $(HEADERS) $(DESTDIR)$(INCPATH) -+ ${BSD_INSTALL_DATA_DIR} $(DESTDIR)$(INCPATH) -+ ${BSD_INSTALL_DATA} $(HEADERS) $(DESTDIR)$(INCPATH) -+ ${BSD_INSTALL_DATA} doc/crypt.pdf $(DESTDIR)$(DATAPATH) + install_bins: $(call print-help,install_bins,Installs the useful demos ($(USEFUL_DEMOS))) .common_install_bins - #This rule makes the hash program included with libtomcrypt - hashsum: library diff --git a/security/libtomcrypt/patches/patch-ac b/security/libtomcrypt/patches/patch-ac deleted file mode 100644 index 356ed690ff8..00000000000 --- a/security/libtomcrypt/patches/patch-ac +++ /dev/null @@ -1,25 +0,0 @@ -$NetBSD: patch-ac,v 1.2 2017/07/15 17:23:04 wiz Exp $ - ---- testprof/makefile.shared.orig 2007-05-12 14:46:25.000000000 +0000 -+++ testprof/makefile.shared -@@ -1,4 +1,4 @@ --CC=libtool --mode=compile gcc -+#CC=libtool --mode=compile gcc - - CFLAGS += -I../src/headers -I./ -Wall -W - -@@ -17,8 +17,12 @@ endif - - default: $(LIBTEST) - --$(LIBTEST): $(OBJECTS) -- libtool --silent --mode=link gcc $(CFLAGS) `find . -type f | grep "[.]lo" | xargs` -o $@ -rpath $(LIBPATH) -version-info $(VERSION) -+.SUFFIXES: .lo -+.c.lo: -+ ${LIBTOOL} --mode=compile ${CC} -c ${CFLAGS} $< -o $@ -+ -+$(LIBTEST): $(OBJECTS:.o=.lo) -+ libtool --silent --mode=link ${CC} $(CFLAGS) $(LDFLAGS) `find . -type f | grep "[.]lo" | xargs` -o $@ -rpath $(LIBPATH) -version-info $(VERSION) - - install: $(LIBTEST) - libtool --silent --mode=install install -c $(LIBTEST) $(DESTDIR)$(LIBPATH)/$(LIBTEST) diff --git a/security/libtomcrypt/patches/patch-src_headers_tomcrypt__macros.h b/security/libtomcrypt/patches/patch-src_headers_tomcrypt__macros.h deleted file mode 100644 index b676a3c3ebf..00000000000 --- a/security/libtomcrypt/patches/patch-src_headers_tomcrypt__macros.h +++ /dev/null @@ -1,25 +0,0 @@ -$NetBSD: patch-src_headers_tomcrypt__macros.h,v 1.1 2015/01/25 13:13:51 joerg Exp $ - -clang doesn't allow non-constant arguments for "I" constraints. -Just use the C version, it will get optimised to rotate anyway. - ---- src/headers/tomcrypt_macros.h.orig 2015-01-24 16:35:36.000000000 +0000 -+++ src/headers/tomcrypt_macros.h -@@ -242,7 +242,7 @@ asm __volatile__ ( \ - #define RORc(x,n) _lrotr(x,n) - #define ROLc(x,n) _lrotl(x,n) - --#elif !defined(__STRICT_ANSI__) && defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__)) && !defined(INTEL_CC) && !defined(LTC_NO_ASM) -+#elif !defined(__STRICT_ANSI__) && defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__)) && !defined(INTEL_CC) && !defined(LTC_NO_ASM) && !defined(__clang__) - - static inline unsigned ROL(unsigned word, int i) - { -@@ -341,7 +341,7 @@ static inline unsigned RORc(unsigned wor - - - /* 64-bit Rotates */ --#if !defined(__STRICT_ANSI__) && defined(__GNUC__) && defined(__x86_64__) && !defined(LTC_NO_ASM) -+#if !defined(__STRICT_ANSI__) && defined(__GNUC__) && defined(__x86_64__) && !defined(LTC_NO_ASM) && !defined(__clang__) - - static inline unsigned long ROL64(unsigned long word, int i) - { diff --git a/security/libtomcrypt/patches/patch-src_pk_rsa_rsa__verify__hash.c b/security/libtomcrypt/patches/patch-src_pk_rsa_rsa__verify__hash.c deleted file mode 100644 index 6a74b930236..00000000000 --- a/security/libtomcrypt/patches/patch-src_pk_rsa_rsa__verify__hash.c +++ /dev/null @@ -1,33 +0,0 @@ -$NetBSD: patch-src_pk_rsa_rsa__verify__hash.c,v 1.1 2017/05/16 21:55:50 snj Exp $ - -Fix for CVE-2016-6129. - -Source: https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd09 - ---- src/pk/rsa/rsa_verify_hash.c.orig 2007-05-12 07:46:25.000000000 -0700 -+++ src/pk/rsa/rsa_verify_hash.c 2017-05-16 13:42:46.762259864 -0700 -@@ -96,7 +96,7 @@ int rsa_verify_hash_ex(const unsigned ch - } else { - /* LTC_PKCS #1 v1.5 decode it */ - unsigned char *out; -- unsigned long outlen, loid[16]; -+ unsigned long outlen, loid[16], reallen; - int decoded; - ltc_asn1_list digestinfo[2], siginfo[2]; - -@@ -138,8 +138,14 @@ int rsa_verify_hash_ex(const unsigned ch - goto bail_2; - } - -+ if ((err = der_length_sequence(siginfo, 2, &reallen)) != CRYPT_OK) { -+ XFREE(out); -+ goto bail_2; -+ } -+ - /* test OID */ -- if ((digestinfo[0].size == hash_descriptor[hash_idx].OIDlen) && -+ if ((reallen == outlen) && -+ (digestinfo[0].size == hash_descriptor[hash_idx].OIDlen) && - (XMEMCMP(digestinfo[0].data, hash_descriptor[hash_idx].OID, sizeof(unsigned long) * hash_descriptor[hash_idx].OIDlen) == 0) && - (siginfo[1].size == hashlen) && - (XMEMCMP(siginfo[1].data, hash, hashlen) == 0)) { |