File CVE-2016-2195_fix.patch of Package Botan

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2016-2195_fix.patch of Package Botan

From 94a3fa8ae0dc4df67f6e9ba780427e651baa9dfd Mon Sep 17 00:00:00 2001
From: Jack Lloyd <lloyd@randombit.net>
Date: Wed, 3 Feb 2016 02:57:06 -0500
Subject: [PATCH 2/2] Correct the PointGFp check for CVE-2016-2195

Remi Gacogne pointed out that the check intended for the y coordinate
instead checks x again. The overflow is still avoided in 1.10.11
however, because of the size check in bigint_mul and bigint_sqr also
added in that release.
---
 botan_version.py              |  2 +-
 checks/ec_tests.cpp           | 44 +++++++++++++++++++++++++++++++++++++++++++
 doc/log.txt                   | 16 +++++++++++++++-
 src/math/ec_gfp/point_gfp.cpp |  2 +-
 4 files changed, 61 insertions(+), 3 deletions(-)

diff --git a/checks/ec_tests.cpp b/checks/ec_tests.cpp
index 8ed975603..2ffae7de6 100644
--- a/checks/ec_tests.cpp
+++ b/checks/ec_tests.cpp
@@ -784,6 +784,49 @@ void test_curve_cp_ctor()
    CurveGFp curve(dom_pars.get_curve());
    }
 
+size_t test_cve_2016_2195()
+   {
+   EC_Group dom_pars("secp256r1");
+   CurveGFp curve(dom_pars.get_curve());
+
+   size_t fail = 0;
+
+   const BigInt p = curve.get_p();
+
+   try {
+     PointGFp point(curve, p, p - 1);
+     std::cout << "Accepted PointGFp x == p\n";
+     ++fail;
+   }
+   catch(...) {}
+
+   try {
+     PointGFp point(curve, p + 1, p - 1);
+     std::cout << "Accepted PointGFp x > p\n";
+     ++fail;
+   }
+   catch(...) {}
+
+   try {
+     PointGFp point(curve, p - 1, p);
+     std::cout << "Accepted PointGFp y == p\n";
+     ++fail;
+   }
+   catch(...) {}
+
+   try {
+     PointGFp point(curve, p - 1, p + 1);
+     std::cout << "Accepted PointGFp y > p\n";
+     ++fail;
+   }
+   catch(...) {}
+
+   // this is allowed (though not on the curve)
+   PointGFp point(curve, p - 1, p - 1);
+
+   return fail;
+   }
+
 }
 
 void do_ec_tests(RandomNumberGenerator& rng)
@@ -814,6 +857,7 @@ void do_ec_tests(RandomNumberGenerator& rng)
    test_point_swap(rng);
    test_mult_sec_mass(rng);
    test_curve_cp_ctor();
+   test_cve_2016_2195();
 
    std::cout << std::endl;
    }
diff --git a/src/math/ec_gfp/point_gfp.cpp b/src/math/ec_gfp/point_gfp.cpp
index afd3b9d32..add1e43e9 100644
--- a/src/math/ec_gfp/point_gfp.cpp
+++ b/src/math/ec_gfp/point_gfp.cpp
@@ -28,7 +28,7 @@ PointGFp::PointGFp(const CurveGFp& curve, const BigInt& x, const BigInt& y) :
    {
    if(x <= 0 || x >= curve.get_p())
       throw Invalid_Argument("Invalid PointGFp x");
-   if(x <= 0 || x >= curve.get_p())
+   if(y <= 0 || y >= curve.get_p())
       throw Invalid_Argument("Invalid PointGFp y");
    coord_x = monty_mult(x, curve.get_r2());
    coord_y = monty_mult(y, curve.get_r2());
-- 
2.12.0

Places

File CVE-2016-2195_fix.patch of Package Botan

Places