diff options
Diffstat (limited to 'testing/crypto++/CVE-2015-2141.patch')
-rw-r--r-- | testing/crypto++/CVE-2015-2141.patch | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/testing/crypto++/CVE-2015-2141.patch b/testing/crypto++/CVE-2015-2141.patch new file mode 100644 index 0000000000..32c5164609 --- /dev/null +++ b/testing/crypto++/CVE-2015-2141.patch @@ -0,0 +1,32 @@ +From 9425e16437439e68c7d96abef922167d68fafaff Mon Sep 17 00:00:00 2001 +From: Jeffrey Walton <noloader@gmail.com> +Date: Sat, 27 Jun 2015 17:56:01 -0400 +Subject: [PATCH] Fix for CVE-2015-2141. Thanks to Evgeny Sidorov for + reporting. Squaring to satisfy Jacobi requirements suggested by JPM. + +--- + rw.cpp | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/rw.cpp b/rw.cpp +index cdd9f2d..0b9318b 100644 +--- a/rw.cpp ++++ b/rw.cpp +@@ -126,10 +126,16 @@ Integer InvertibleRWFunction::CalculateInverse(RandomNumberGenerator &rng, const + DoQuickSanityCheck(); + ModularArithmetic modn(m_n); + Integer r, rInv; +- do { // do this in a loop for people using small numbers for testing ++ ++ // do this in a loop for people using small numbers for testing ++ do { + r.Randomize(rng, Integer::One(), m_n - Integer::One()); ++ // Fix for CVE-2015-2141. Thanks to Evgeny Sidorov for reporting. ++ // Squaring to satisfy Jacobi requirements suggested by JPM. ++ r = modn.Square(r); + rInv = modn.MultiplicativeInverse(r); + } while (rInv.IsZero()); ++ + Integer re = modn.Square(r); + re = modn.Multiply(re, x); // blind + |