diff options
| author | Pierre Langlois <pierre.langlois@gmx.com> | 2017-02-18 18:01:13 +0000 |
|---|---|---|
| committer | Ricardo Wurmus <rekado@elephly.net> | 2017-10-25 14:54:13 +0200 |
| commit | de98f4ed55a8cd1bc77a63f251eb451d2ef8bbb0 (patch) | |
| tree | e95636f10fafeaa620d731a1ad7449b35177fc02 /gnu | |
| parent | 60b7ed9cb86e0990f6b94a2a9db24b3275070104 (diff) | |
| download | guix-de98f4ed55a8cd1bc77a63f251eb451d2ef8bbb0.tar.gz | |
gnu: Add crypto++.
* gnu/packages/crypto.scm (crypto++): New variable. * gnu/packages/patches/crypto++-fix-dos-in-asn.1-decoders.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. Co-authored-by: Ricardo Wurmus <rekado@elephly.net>
Diffstat (limited to 'gnu')
| -rw-r--r-- | gnu/local.mk | 1 | ||||
| -rw-r--r-- | gnu/packages/crypto.scm | 32 | ||||
| -rw-r--r-- | gnu/packages/patches/crypto++-fix-dos-in-asn.1-decoders.patch | 65 |
3 files changed, 98 insertions, 0 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index f2044c9857..f318bcd497 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -579,6 +579,7 @@ dist_patch_DATA = \ %D%/packages/patches/crawl-upgrade-saves.patch \ %D%/packages/patches/crda-optional-gcrypt.patch \ %D%/packages/patches/crossmap-allow-system-pysam.patch \ + %D%/packages/patches/crypto++-fix-dos-in-asn.1-decoders.patch \ %D%/packages/patches/clucene-contribs-lib.patch \ %D%/packages/patches/cube-nocheck.patch \ %D%/packages/patches/cursynth-wave-rand.patch \ diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm index 549955d7b4..0021bee7b4 100644 --- a/gnu/packages/crypto.scm +++ b/gnu/packages/crypto.scm @@ -6,6 +6,7 @@ ;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr> ;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org> ;;; Copyright © 2016, 2017 Eric Bavier <bavier@member.fsf.org> +;;; Copyright © 2017 Pierre Langlois <pierre.langlois@gmx.com> ;;; ;;; This file is part of GNU Guix. ;;; @@ -29,6 +30,7 @@ #:use-module (gnu packages attr) #:use-module (gnu packages autotools) #:use-module (gnu packages boost) + #:use-module (gnu packages compression) #:use-module (gnu packages cryptsetup) #:use-module (gnu packages gettext) #:use-module (gnu packages gnupg) @@ -632,3 +634,33 @@ data on your platform, so the seed itself will be as random as possible. Networking and Cryptography library. These libraries have a stated goal of improving usability, security and speed.") (license license:asl2.0))) + +(define-public crypto++ + (package + (name "crypto++") + (version "5.6.5") + (source (origin + (method url-fetch/zipbomb) + (uri (string-append "https://cryptopp.com/cryptopp" + (string-join (string-split version #\.) "") + ".zip")) + (sha256 + (base32 + "0d1cqdz369ivi082k59025wvxzywvkizw7i0pf5h0a1izs3g8pm7")) + (patches + (search-patches "crypto++-fix-dos-in-asn.1-decoders.patch")))) + (build-system gnu-build-system) + (arguments + `(#:make-flags + (list (string-append "PREFIX=" (assoc-ref %outputs "out"))) + #:phases + (modify-phases %standard-phases + (delete 'configure)))) + (native-inputs + `(("unzip" ,unzip))) + (home-page "https://cryptopp.com/") + (synopsis "C++ class library of cryptographic schemes") + (description "Crypto++ is a C++ class library of cryptographic schemes.") + ;; The compilation is distributed under the Boost license; the individual + ;; files in the compilation are in the public domain. + (license (list license:boost1.0 license:public-domain)))) diff --git a/gnu/packages/patches/crypto++-fix-dos-in-asn.1-decoders.patch b/gnu/packages/patches/crypto++-fix-dos-in-asn.1-decoders.patch new file mode 100644 index 0000000000..88b2e7f25a --- /dev/null +++ b/gnu/packages/patches/crypto++-fix-dos-in-asn.1-decoders.patch @@ -0,0 +1,65 @@ +From 3d9181d7bdd8e491f745dbc9e34bd20b6f6da069 Mon Sep 17 00:00:00 2001 +From: Gergely Nagy <ngg@tresorit.com> +Date: Wed, 14 Dec 2016 13:19:01 +0100 +Subject: [PATCH] Fix possible DoS in ASN.1 decoders (CVE-2016-9939) + +--- + asn.cpp | 10 ++++++++++ + asn.h | 2 ++ + 2 files changed, 12 insertions(+) + +diff --git a/asn.cpp b/asn.cpp +index 297ff010..2e923ef7 100644 +--- a/asn.cpp ++++ b/asn.cpp +@@ -123,6 +123,8 @@ size_t BERDecodeOctetString(BufferedTransformation &bt, SecByteBlock &str) + size_t bc; + if (!BERLengthDecode(bt, bc)) + BERDecodeError(); ++ if (bc > bt.MaxRetrievable()) ++ BERDecodeError(); + + str.New(bc); + if (bc != bt.Get(str, bc)) +@@ -139,6 +141,8 @@ size_t BERDecodeOctetString(BufferedTransformation &bt, BufferedTransformation & + size_t bc; + if (!BERLengthDecode(bt, bc)) + BERDecodeError(); ++ if (bc > bt.MaxRetrievable()) ++ BERDecodeError(); + + bt.TransferTo(str, bc); + return bc; +@@ -161,6 +165,8 @@ size_t BERDecodeTextString(BufferedTransformation &bt, std::string &str, byte as + size_t bc; + if (!BERLengthDecode(bt, bc)) + BERDecodeError(); ++ if (bc > bt.MaxRetrievable()) ++ BERDecodeError(); + + SecByteBlock temp(bc); + if (bc != bt.Get(temp, bc)) +@@ -188,6 +194,10 @@ size_t BERDecodeBitString(BufferedTransformation &bt, SecByteBlock &str, unsigne + size_t bc; + if (!BERLengthDecode(bt, bc)) + BERDecodeError(); ++ if (bc == 0) ++ BERDecodeError(); ++ if (bc > bt.MaxRetrievable()) ++ BERDecodeError(); + + byte unused; + if (!bt.Get(unused)) +diff --git a/asn.h b/asn.h +index ed9de52c..33f0dd09 100644 +--- a/asn.h ++++ b/asn.h +@@ -498,6 +498,8 @@ void BERDecodeUnsigned(BufferedTransformation &in, T &w, byte asnTag = INTEGER, + bool definite = BERLengthDecode(in, bc); + if (!definite) + BERDecodeError(); ++ if (bc > in.MaxRetrievable()) ++ BERDecodeError(); + + SecByteBlock buf(bc); + |