Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 11 Apr 2016 00:40:52 -0400 (EDT)
From: cve-assign@...re.org
To: matthias@...lons.info
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: libcrypto++ - Timing Attack Counter Measure

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://github.com/weidai11/cryptopp/issues/146

>> This counter measure seems to be removed by the compiler.

>> security bug

For "removed by the compiler" issues, sometimes the CVE is associated
with the upstream source code, and sometimes the CVE is associated
with a specific binary package that chose to compile in a way that was
unintended by the source-code authors. We feel that the former is the
best choice here.
https://github.com/weidai11/cryptopp/blob/master/Readme.txt says "The
following compilers are supported for this release ... GCC 3.3 - 5.2."
https://github.com/weidai11/cryptopp/blob/master/GNUmakefile mentions
the possibility of gcc -O3:

  # Aligned access required at -O3 for GCC
  ...
  ifeq ($(findstring -O3,$(CXXFLAGS)),-O3

issues/146 mentions "Debian compiles Crypto++ with the following
flags: -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 ...."

The gcc man page mentions:

  -O3 Optimize yet more.  -O3 turns on all optimizations specified by -O2

Thus, roughly speaking, it seems that all of Crypto++ had an
expectation of working with any recent version of gcc, even if (for
example) -O2 or -O3 is used. The "code to avoid timing attacks"
doesn't meet this expectation, and thus it's a vulnerability in
Crypto++. (It is not a vulnerability in the packaging within Debian or
any other distribution, and it is not a vulnerability in gcc.)

Use CVE-2016-3995 for this Crypto++ vulnerability.

(As a side note, Crypto++ is packaged for Fedora in the
cryptopp package, e.g., see the
http://pkgs.fedoraproject.org/cgit/rpms/cryptopp.git/tree/cryptopp.spec
page.)

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXCykdAAoJEL54rhJi8gl5gbMQAJzlqJxGZuh3bjUZSgxAdDOz
J7N+b2+vrYGHWqyEaxjjrfetLA5XNKcUKrLuT66Y1Zm0JrFg2pcEM35/dzjl81A0
KnLED6Q+q7LP+GXkuRh0LWYc8eUvmdlhjbY0Xb8NqkOSZD1uBkf6z2FNUr6yyoHF
m+HnSN4RYOXSwpROAY+JfKAmPzcJpDpziJA24y4tLMgKvK6Jbx08mGQjJCYMoZ3l
zX/KDQsmORPXwFbSNLIy20I5D6TTf8mNH18wkDFYKaiqSej7L+wXTOSEKkicnWtD
JQPkQzWq/6rb8uCtddg1GCSHk27OS54NxQMD18ETSXLPIjcsYzGzFAiKWXE44nGu
PckfsBzFTWuyjDKdjspE7RUIq+S3tpyUHjgbTgolK+q6RSvAvPFCXvCjn0SAhBzO
NPQecA9nXCV1oWd0d7a/OGrOaYGhnN8msDEamAVVIheyuQD6ySKCbrZjhPd9LQ/+
mPdZr5o7bW9121hB9nfcbHB6q/RTQusX91aa7R5sypPxIox7TG/TjAfSzp2fFIIk
dwhSZxbgDIyFceSw3Ne9yLRKJlegfwdHxlnhmO7/0X3GPSjG2b7clbhYieoirGrY
xhblDTjW49BikosQPEbc2LGP/9Awp5uokQBJ11BjAvEz9Qz+hqUQ1FWPcVwahlcg
URJpnBTtEN+FY6/u3+0W
=ztqN
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.