Merge branch 'release/1.18.2'

Author: sjaeckel

changes

@@ -1,3 +1,16 @@
+July 1st, 2018
+v1.18.2
+      -- Fix Side Channel Based ECDSA Key Extraction (CVE-2018-12437) (PR #408)
+      -- Fix potential stack overflow when DER flexi-decoding (CVE-2018-0739) (PR #373)
+      -- Fix two-key 3DES (PR #390)
+      -- Fix accelerated CTR mode (PR #359)
+      -- Fix Fortuna PRNG (PR #363)
+      -- Fix compilation on platforms where cc doesn't point to gcc (PR #382)
+      -- Fix using the wrong environment variable LT instead of LIBTOOL (PR #392)
+      -- Fix build on platforms where the compiler provides __WCHAR_MAX__ but wchar.h is not available (PR #390)
+      -- Fix & re-factor crypt_list_all_sizes() and crypt_list_all_constants() (PR #414)
+      -- Minor fixes (PR's #350 #351 #375 #377 #378 #379)
+
 January 22nd, 2018
 v1.18.1
       -- Fix wrong SHA3 blocksizes, thanks to Claus Fischer for reporting this via Mail (PR #329)

demos/constants.c

@@ -65,9 +65,10 @@ int main(int argc, char **argv)
          /* get and print the length of the names (and values) list */
          if (crypt_list_all_constants(NULL, &names_list_len) != 0) exit(EXIT_FAILURE);
          /* get and print the names (and values) list */
-         names_list = malloc(names_list_len);
+         if ((names_list = malloc(names_list_len)) == NULL) exit(EXIT_FAILURE);
          if (crypt_list_all_constants(names_list, &names_list_len) != 0) exit(EXIT_FAILURE);
          printf("%s\n", names_list);
+         free(names_list);
       }
    } else if (argc == 3) {
       if (strcmp(argv[1], "-s") == 0) {

demos/sizes.c

@@ -42,9 +42,10 @@ int main(int argc, char **argv)
       printf("  need to allocate %u bytes \n\n", sizes_list_len);
 
       /* get and print the names (and sizes) list */
-      sizes_list = malloc(sizes_list_len);
+      if ((sizes_list = malloc(sizes_list_len)) == NULL) exit(EXIT_FAILURE);
       if (crypt_list_all_sizes(sizes_list, &sizes_list_len) != 0) exit(EXIT_FAILURE);
       printf("  supported sizes:\n\n%s\n\n", sizes_list);
+      free(sizes_list);
    } else if (argc == 2) {
       if (strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0) {
          char* base = strdup(basename(argv[0]));
@@ -60,9 +61,10 @@ int main(int argc, char **argv)
          /* get and print the length of the names (and sizes) list */
          if (crypt_list_all_sizes(NULL, &sizes_list_len) != 0) exit(EXIT_FAILURE);
          /* get and print the names (and sizes) list */
-         sizes_list = malloc(sizes_list_len);
+         if ((sizes_list = malloc(sizes_list_len)) == NULL) exit(EXIT_FAILURE);
          if (crypt_list_all_sizes(sizes_list, &sizes_list_len) != 0) exit(EXIT_FAILURE);
          printf("%s\n", sizes_list);
+         free(sizes_list);
       }
    } else if (argc == 3) {
       if (strcmp(argv[1], "-s") == 0) {

demos/timing.c

@@ -466,7 +466,7 @@ static void time_cipher_lrw(void)
    tally_results(1);
 }
 #else
-static void time_cipher_lrw(void) { fprintf(stderr, "NO LRW\n"); return 0; }
+static void time_cipher_lrw(void) { fprintf(stderr, "NO LRW\n"); }
 #endif
 
 

demos/tv_gen.c

@@ -78,7 +78,7 @@ void cipher_gen(void)
             printf("keysize error: %s\n", error_to_string(err));
             exit(EXIT_FAILURE);
          }
-         if (kl == lastkl) break;
+         if (kl == lastkl) continue;
          lastkl = kl;
          fprintf(out, "Key Size: %d bytes\n", kl);
 

doc/Doxyfile

@@ -38,7 +38,7 @@ PROJECT_NAME           = LibTomCrypt
 # could be handy for archiving the generated documentation or if some version
 # control system is used.
 
-PROJECT_NUMBER=1.18.1
+PROJECT_NUMBER=1.18.2
 
 # Using the PROJECT_BRIEF tag one can provide an optional one line description
 # for a project that appears at the top of each page and should give viewer a

doc/crypt.tex

@@ -3666,11 +3666,15 @@ \subsubsection{Fortuna}
 it has been fixed to those choices.
 
 Fortuna is more secure than Yarrow in the sense that attackers who learn parts of the entropy being
-added to the PRNG learn far less about the state than that of Yarrow.  Without getting into to many
+added to the PRNG learn far less about the state than that of Yarrow.  Without getting into too many
 details Fortuna has the ability to recover from state determination attacks where the attacker starts
 to learn information from the PRNGs output about the internal state.  Yarrow on the other hand, cannot
 recover from that problem until new entropy is added to the pool and put to use through the ready() function.
 
+For detailed information on how the algorithm works and what you have to do to maintain the secure state
+get a copy of the book\footnote{Niels Ferguson and Bruce Schneier, Practical Cryptography. ISBN 0-471-22357-3.} or
+read the paper online\footnote{\url{https://www.schneier.com/academic/paperfiles/fortuna.pdf} [Accessed on 7th Dec. 2017]}.
+
 \subsubsection{RC4}
 
 RC4 is an old stream cipher that can also double duty as a PRNG in a pinch.  You key RC4 by

makefile

@@ -69,7 +69,7 @@ $(1): $(call print-help,$(1),Builds the library and the '$(1)' demo) demos/$(1).
 ifneq ($V,1)
 	@echo "   * $${CC} $$@"
 endif
-	$${silent} $$(CC) $$(LTC_CFLAGS) $$< $$(LIB_PRE) $$(LIBNAME) $$(LIB_POST) $$(EXTRALIBS) -o $(1)
+	$${silent} $$(CC) $$< $$(LIB_PRE) $$(LIBNAME) $$(LIB_POST) $$(EXTRALIBS) -o $(1)
 endef
 
 $(foreach demo, $(strip $(DEMOS)), $(eval $(call DEMO_template,$(demo))))

makefile.mingw

@@ -27,7 +27,7 @@ EXTRALIBS = -L../libtommath -ltommath
 #Compilation flags
 LTC_CFLAGS  = -Isrc/headers -Itests -DLTC_SOURCE $(CFLAGS)
 LTC_LDFLAGS = $(LDFLAGS) $(EXTRALIBS)
-VERSION=1.18.1
+VERSION=1.18.2
 
 #Libraries to be created
 LIBMAIN_S =libtomcrypt.a

makefile.msvc

@@ -22,7 +22,7 @@ EXTRALIBS = ../libtommath/tommath.lib
 #Compilation flags
 LTC_CFLAGS  = /nologo /Isrc/headers/ /Itests/ /D_CRT_SECURE_NO_WARNINGS /D_CRT_NONSTDC_NO_DEPRECATE /DLTC_SOURCE /W3 $(CFLAGS)
 LTC_LDFLAGS = advapi32.lib $(EXTRALIBS)
-VERSION=1.18.1
+VERSION=1.18.2
 
 #Libraries to be created (this makefile builds only static libraries)
 LIBMAIN_S =tomcrypt.lib