03/04: gnu: Add crypto++.

[Ricardo Wurmus]

rekado pushed a commit to branch master
in repository guix.

commit de98f4ed55a8cd1bc77a63f251eb451d2ef8bbb0
Author: Pierre Langlois <address@hidden>
Date:   Sat Feb 18 18:01:13 2017 +0000

    gnu: Add crypto++.
    
    * gnu/packages/crypto.scm (crypto++): New variable.
    * gnu/packages/patches/crypto++-fix-dos-in-asn.1-decoders.patch: New file.
    * gnu/local.mk (dist_patch_DATA): Add it.
    
    Co-authored-by: Ricardo Wurmus <address@hidden>
---
 gnu/local.mk                                       |  1 +
 gnu/packages/crypto.scm                            | 32 +++++++++++
 .../crypto++-fix-dos-in-asn.1-decoders.patch       | 65 ++++++++++++++++++++++
 3 files changed, 98 insertions(+)

diff --git a/gnu/local.mk b/gnu/local.mk
index f2044c9..f318bcd 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -579,6 +579,7 @@ dist_patch_DATA =                                           
\
   %D%/packages/patches/crawl-upgrade-saves.patch               \
   %D%/packages/patches/crda-optional-gcrypt.patch              \
   %D%/packages/patches/crossmap-allow-system-pysam.patch       \
+  %D%/packages/patches/crypto++-fix-dos-in-asn.1-decoders.patch \
   %D%/packages/patches/clucene-contribs-lib.patch               \
   %D%/packages/patches/cube-nocheck.patch                      \
   %D%/packages/patches/cursynth-wave-rand.patch                        \
diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm
index 549955d..0021bee 100644
--- a/gnu/packages/crypto.scm
+++ b/gnu/packages/crypto.scm
@@ -6,6 +6,7 @@
 ;;; Copyright © 2016 Tobias Geerinckx-Rice <address@hidden>
 ;;; Copyright © 2016, 2017 ng0 <address@hidden>
 ;;; Copyright © 2016, 2017 Eric Bavier <address@hidden>
+;;; Copyright © 2017 Pierre Langlois <address@hidden>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -29,6 +30,7 @@
   #:use-module (gnu packages attr)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages boost)
+  #:use-module (gnu packages compression)
   #:use-module (gnu packages cryptsetup)
   #:use-module (gnu packages gettext)
   #:use-module (gnu packages gnupg)
@@ -632,3 +634,33 @@ data on your platform, so the seed itself will be as 
random as possible.
 Networking and Cryptography library.  These libraries have a stated goal
 of improving usability, security and speed.")
     (license license:asl2.0)))
+
+(define-public crypto++
+  (package
+    (name "crypto++")
+    (version "5.6.5")
+    (source (origin
+              (method url-fetch/zipbomb)
+              (uri (string-append "https://cryptopp.com/cryptopp";
+                                  (string-join (string-split version #\.) "")
+                                  ".zip"))
+              (sha256
+               (base32
+                "0d1cqdz369ivi082k59025wvxzywvkizw7i0pf5h0a1izs3g8pm7"))
+              (patches
+               (search-patches "crypto++-fix-dos-in-asn.1-decoders.patch"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:make-flags
+       (list (string-append "PREFIX=" (assoc-ref %outputs "out")))
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure))))
+    (native-inputs
+     `(("unzip" ,unzip)))
+    (home-page "https://cryptopp.com/";)
+    (synopsis "C++ class library of cryptographic schemes")
+    (description "Crypto++ is a C++ class library of cryptographic schemes.")
+    ;; The compilation is distributed under the Boost license; the individual
+    ;; files in the compilation are in the public domain.
+    (license (list license:boost1.0 license:public-domain))))
diff --git a/gnu/packages/patches/crypto++-fix-dos-in-asn.1-decoders.patch 
b/gnu/packages/patches/crypto++-fix-dos-in-asn.1-decoders.patch
new file mode 100644
index 0000000..88b2e7f
--- /dev/null
+++ b/gnu/packages/patches/crypto++-fix-dos-in-asn.1-decoders.patch
@@ -0,0 +1,65 @@
+From 3d9181d7bdd8e491f745dbc9e34bd20b6f6da069 Mon Sep 17 00:00:00 2001
+From: Gergely Nagy <address@hidden>
+Date: Wed, 14 Dec 2016 13:19:01 +0100
+Subject: [PATCH] Fix possible DoS in ASN.1 decoders (CVE-2016-9939)
+
+---
+ asn.cpp | 10 ++++++++++
+ asn.h   |  2 ++
+ 2 files changed, 12 insertions(+)
+
+diff --git a/asn.cpp b/asn.cpp
+index 297ff010..2e923ef7 100644
+--- a/asn.cpp
++++ b/asn.cpp
+@@ -123,6 +123,8 @@ size_t BERDecodeOctetString(BufferedTransformation &bt, 
SecByteBlock &str)
+       size_t bc;
+       if (!BERLengthDecode(bt, bc))
+               BERDecodeError();
++      if (bc > bt.MaxRetrievable())
++              BERDecodeError();
+ 
+       str.New(bc);
+       if (bc != bt.Get(str, bc))
+@@ -139,6 +141,8 @@ size_t BERDecodeOctetString(BufferedTransformation &bt, 
BufferedTransformation &
+       size_t bc;
+       if (!BERLengthDecode(bt, bc))
+               BERDecodeError();
++      if (bc > bt.MaxRetrievable())
++              BERDecodeError();
+ 
+       bt.TransferTo(str, bc);
+       return bc;
+@@ -161,6 +165,8 @@ size_t BERDecodeTextString(BufferedTransformation &bt, 
std::string &str, byte as
+       size_t bc;
+       if (!BERLengthDecode(bt, bc))
+               BERDecodeError();
++      if (bc > bt.MaxRetrievable())
++              BERDecodeError();
+ 
+       SecByteBlock temp(bc);
+       if (bc != bt.Get(temp, bc))
+@@ -188,6 +194,10 @@ size_t BERDecodeBitString(BufferedTransformation &bt, 
SecByteBlock &str, unsigne
+       size_t bc;
+       if (!BERLengthDecode(bt, bc))
+               BERDecodeError();
++      if (bc == 0)
++              BERDecodeError();
++      if (bc > bt.MaxRetrievable())
++              BERDecodeError();
+ 
+       byte unused;
+       if (!bt.Get(unused))
+diff --git a/asn.h b/asn.h
+index ed9de52c..33f0dd09 100644
+--- a/asn.h
++++ b/asn.h
+@@ -498,6 +498,8 @@ void BERDecodeUnsigned(BufferedTransformation &in, T &w, 
byte asnTag = INTEGER,
+       bool definite = BERLengthDecode(in, bc);
+       if (!definite)
+               BERDecodeError();
++      if (bc > in.MaxRetrievable())
++              BERDecodeError();
+ 
+       SecByteBlock buf(bc);
+