Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 702930 (CVE-2019-14318) - dev-libs/crypto++: vulnerable to private key recovery (CVE-2019-14318)
Summary: dev-libs/crypto++: vulnerable to private key recovery (CVE-2019-14318)
Status: IN_PROGRESS
Alias: CVE-2019-14318
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B4 [upstream cve]
Keywords:
Depends on: 762241
Blocks:
  Show dependency tree
 
Reported: 2019-12-14 21:38 UTC by GLSAMaker/CVETool Bot
Modified: 2021-01-02 22:47 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2019-12-14 21:38:12 UTC
CVE-2019-14318 (https://nvd.nist.gov/vuln/detail/CVE-2019-14318):
  Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature
  generation. This allows a local or remote attacker, able to measure the
  duration of hundreds to thousands of signing operations, to compute the
  private key used. The issue occurs because scalar multiplication in ecp.cpp
  (prime field curves, small leakage) and algebra.cpp (binary field curves,
  large leakage) is not constant time and leaks the bit length of the scalar
  among other information.
Comment 1 Sam James archtester gentoo-dev Security 2020-05-20 02:51:28 UTC
Based on https://github.com/weidai11/cryptopp/issues/869#issuecomment-568790184, it seems it is not appropriate to apply any patches until a release is made.
Comment 2 Sam James archtester gentoo-dev Security 2020-12-20 11:30:49 UTC
8.3 is out now! Adopted the package. I'll work on the bump later.
Comment 3 Sam James archtester gentoo-dev Security 2020-12-27 23:56:03 UTC
ppc done
Comment 4 Sam James archtester gentoo-dev Security 2020-12-28 08:17:22 UTC
arm64 done
Comment 5 NATTkA bot gentoo-dev 2020-12-29 07:49:12 UTC
Unable to check for sanity:

> package masked: dev-libs/crypto++-8.3.0
Comment 6 Rolf Eike Beer archtester 2020-12-29 20:06:53 UTC
~hppa is fine
Comment 7 Larry the Git Cow gentoo-dev 2021-01-02 07:12:45 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=98694720dc1c5c4e9d194d3c6fe01a4faac442b1

commit 98694720dc1c5c4e9d194d3c6fe01a4faac442b1
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-01-02 07:08:41 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-01-02 07:08:41 +0000

    dev-libs/crypto++: bump to 8.4.0
    
    Notes:
    * This increments the subslot to 8.4 because of
      the (unintentional) ABI breakage in 8.3.
    
    * The CVE is no longer fixed as the change
      had to be reverted upstream.
    
    Bug: https://bugs.gentoo.org/702930
    Closes: https://bugs.gentoo.org/762241
    Package-Manager: Portage-3.0.12, Repoman-3.0.2
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-libs/crypto++/Manifest                                         | 2 +-
 dev-libs/crypto++/{crypto++-8.3.0.ebuild => crypto++-8.4.0.ebuild} | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)
Comment 8 Jeffrey Walton 2021-01-02 07:24:00 UTC
Crypto++ is tracking that damn timing leak at https://github.com/weidai11/cryptopp/issues/994. The 994 issue triggered the revert of the constant-time code that was defective.

And for completeness, CVE-2019-14318 is active again and being worked under Issue 994.