CVE-2019-14318 (https://nvd.nist.gov/vuln/detail/CVE-2019-14318): Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because scalar multiplication in ecp.cpp (prime field curves, small leakage) and algebra.cpp (binary field curves, large leakage) is not constant time and leaks the bit length of the scalar among other information.
Based on https://github.com/weidai11/cryptopp/issues/869#issuecomment-568790184, it seems it is not appropriate to apply any patches until a release is made.
8.3 is out now! Adopted the package. I'll work on the bump later.
ppc done
arm64 done
Unable to check for sanity: > package masked: dev-libs/crypto++-8.3.0
~hppa is fine
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=98694720dc1c5c4e9d194d3c6fe01a4faac442b1 commit 98694720dc1c5c4e9d194d3c6fe01a4faac442b1 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-01-02 07:08:41 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-01-02 07:08:41 +0000 dev-libs/crypto++: bump to 8.4.0 Notes: * This increments the subslot to 8.4 because of the (unintentional) ABI breakage in 8.3. * The CVE is no longer fixed as the change had to be reverted upstream. Bug: https://bugs.gentoo.org/702930 Closes: https://bugs.gentoo.org/762241 Package-Manager: Portage-3.0.12, Repoman-3.0.2 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/crypto++/Manifest | 2 +- dev-libs/crypto++/{crypto++-8.3.0.ebuild => crypto++-8.4.0.ebuild} | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-)
Crypto++ is tracking that damn timing leak at https://github.com/weidai11/cryptopp/issues/994. The 994 issue triggered the revert of the constant-time code that was defective. And for completeness, CVE-2019-14318 is active again and being worked under Issue 994.
