From 65734d50fd747781bd2cb8b87a1211756fb1a031f8b7fe3491a5720d71b6a0d3 Mon Sep 17 00:00:00 2001
From: Dominique Leuenberger <dleuenberger@suse.com>
Date: Tue, 11 Dec 2018 14:44:35 +0000
Subject: [PATCH] Accepting request 655651 from security:tls

OBS-URL: https://build.opensuse.org/request/show/655651
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libnettle?expand=0&rev=30
---
 libnettle.changes          |  60 +++++++++++++++++++++++++++++++++++++
 libnettle.spec             |  32 +++++++++++---------
 nettle-3.4.1rc1.tar.gz     |   3 ++
 nettle-3.4.1rc1.tar.gz.sig | Bin 0 -> 374 bytes
 nettle-3.4.tar.gz          |   3 --
 nettle-3.4.tar.gz.sig      | Bin 374 -> 0 bytes
 6 files changed, 81 insertions(+), 17 deletions(-)
 create mode 100644 nettle-3.4.1rc1.tar.gz
 create mode 100644 nettle-3.4.1rc1.tar.gz.sig
 delete mode 100644 nettle-3.4.tar.gz
 delete mode 100644 nettle-3.4.tar.gz.sig

diff --git a/libnettle.changes b/libnettle.changes
index 577f978..4ed495a 100644
--- a/libnettle.changes
+++ b/libnettle.changes
@@ -1,3 +1,63 @@
+-------------------------------------------------------------------
+Thu Dec  6 12:56:30 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
+
+- Adjust SRPM group.
+
+-------------------------------------------------------------------
+Tue Dec  4 13:43:17 UTC 2018 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
+
+- libnettle 3.4.1rc1: [bsc#1118086, CVE-2018-16869]
+  * pkcs1-decrypt.c (pkcs1_decrypt): Rewrite as a wrapper around
+    _pkcs1_sec_decrypt_variable. Improves side-channel silence of the
+    only caller, rsa_decrypt.
+  * rsa-sec-compute-root.c (sec_mul, sec_mod_mul, sec_powm): New
+    local helper functions, with their own itch functions.
+    (_rsa_sec_compute_root_itch, _rsa_sec_compute_root): Rewrote to
+    use helpers, for clarity.
+  * rsa-decrypt-tr.c (rsa_decrypt_tr): Use NETTLE_OCTET_SIZE_TO_LIMB_SIZE.
+  * rsa-sec-compute-root.c (_rsa_sec_compute_root): Avoid calls to
+    mpz_sizeinbase, since that potentially leaks most significant bits
+    of private key parameters a and b.
+  * rsa-sign.c (rsa_compute_root) [!NETTLE_USE_MINI_GMP]: Use
+    _rsa_sec_compute_root.
+  * testsuite/rsa-sec-compute-root-test.c: Add more tests for new
+    side-channel silent functions.
+  * rsa-sign.c (rsa_private_key_prepare): Check that qn + cn >= pn,
+    since that is required for one of the GMP calls in
+    _rsa_sec_compute_root.
+  * rsa-decrypt-tr.c: Switch to use side-channel silent functions.
+  * pkcs1-sec-decrypt.c (_pkcs1_sec_decrypt_variable): New private
+    function. Variable size version for backwards compatibility.
+  * testsuite/rsa-sec-decrypt-test.c: Adds more tests.
+  * rsa-sec-decrypt.c (rsa_sec_decrypt): New function.
+    Fixed length side-channel silent version of rsa-decrypt.
+  * testsuite/rsa-encrypt-test.c: add tests for the new fucntion.
+  * testsuite/pkcs1-sec-decrypt-test.c: Adds tests for _pkcs1_sec_decrypt.
+  * gmp-glue.c (mpn_get_base256): New function.
+  * pkcs1-sec-decrypt.c (_pkcs1_sec_decrypt): New private function.
+    Fixed length side-channel silent version of pkcs1-decrypt.
+  * cnd-memcpy.c (cnd_memcpy): New function.
+  * testsuite/cnd-memcpy-test.c: New test case.
+  * rsa-sign-tr.c (rsa_sec_compute_root_tr): New function that uses
+    _rsa_sec_compute_root, as well as side-channel silent RSA blinding.
+    (rsa_compute_root_tr) Rewritten as a wrapper around	rsa_sec_compute_root_tr.
+    (rsa_sec_blind, rsa_sec_unblind, sec_equal, rsa_sec_check_root)
+    (cnd_mpn_zero): New helper functions.
+    (rsa_sec_compute_root_tr) [NETTLE_USE_MINI_GMP]: Defined as a not
+    side-channel silent wrapper around rsa_compute_root_tr, and the
+    latter function left unchanged.
+  * rsa-sec-compute-root.c (_rsa_sec_compute_root_itch)
+    (_rsa_sec_compute_root): New file, new private functions.
+    Side-channel silent version of rsa_compute_root.
+  * rsa-internal.h: New header file with declarations.
+  * gmp-glue.h (NETTLE_OCTET_SIZE_TO_LIMB_SIZE): New macro.
+  * tools/pkcs1-conv.c (convert_file): Add missing break statements.
+  * nettle-internal.c (des_set_key_wrapper, des3_set_key_wrapper)
+    (blowfish128_set_key_wrapper): Wrapper functions, to avoid cast
+    between incompatible function types (which gcc-8 warns about).
+    Wrappers are expected to compile to a single jmp instruction.
+  * des-compat.c (des_compat_des3_decrypt): Change length argument type to size_t.
+
 -------------------------------------------------------------------
 Thu Feb 22 15:10:37 UTC 2018 - fvogt@suse.com
 
diff --git a/libnettle.spec b/libnettle.spec
index 0e0a75e..516aca2 100644
--- a/libnettle.spec
+++ b/libnettle.spec
@@ -12,21 +12,23 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
 %define soname 6
 %define hogweed_soname 4
+%define realversion 3.4.1rc1
+%define shortversion 3.4.1
 Name:           libnettle
-Version:        3.4
+Version:        3.4.1~rc1
 Release:        0
 Summary:        Cryptographic Library
-License:        LGPL-2.1+ AND GPL-2.0+
-Group:          System/Libraries
-Url:            http://www.lysator.liu.se/~nisse/nettle/
-Source0:        https://ftp.gnu.org/gnu/nettle/nettle-%{version}.tar.gz
-Source1:        https://ftp.gnu.org/gnu/nettle/nettle-%{version}.tar.gz.sig
+License:        LGPL-2.1-or-later AND GPL-2.0-or-later
+Group:          Development/Libraries/C and C++
+URL:            https://www.lysator.liu.se/~nisse/nettle/
+Source0:        https://www.lysator.liu.se/~nisse/archive/nettle-%{realversion}.tar.gz
+Source1:        https://www.lysator.liu.se/~nisse/archive/nettle-%{realversion}.tar.gz.sig
 Source2:        %{name}.keyring
 Source3:        baselibs.conf
 # PATCH-FIX-UPSTREAM respect cflags while building
@@ -35,6 +37,7 @@ BuildRequires:  gmp-devel
 BuildRequires:  m4
 BuildRequires:  makeinfo
 BuildRequires:  pkgconfig
+
 Requires(post): %{install_info_prereq}
 
 %description
@@ -44,7 +47,7 @@ Python, Pike, ...), in applications like LSH or GNUPG, or even in kernel space.
 
 %package -n libnettle%{soname}
 Summary:        Cryptographic Library
-License:        LGPL-2.1+
+License:        LGPL-2.1-or-later
 Group:          System/Libraries
 
 %description -n libnettle%{soname}
@@ -54,7 +57,7 @@ Python, Pike, ...), in applications like LSH or GNUPG, or even in kernel space.
 
 %package -n libhogweed%{hogweed_soname}
 Summary:        Cryptographic Library for Public Key Algorithms
-License:        LGPL-2.1+
+License:        LGPL-2.1-or-later
 Group:          System/Libraries
 
 %description -n libhogweed%{hogweed_soname}
@@ -66,7 +69,7 @@ The libhogweed library contains public key algorithms to use with libnettle.
 
 %package -n libnettle-devel
 Summary:        Cryptographic Library
-License:        LGPL-2.1+
+License:        LGPL-2.1-or-later
 Group:          Development/Libraries/C and C++
 Requires:       glibc-devel
 Requires:       gmp-devel
@@ -80,7 +83,7 @@ Python, Pike, ...), in applications like LSH or GNUPG, or even in kernel space.
 
 %package -n nettle
 Summary:        Cryptographic Tools
-License:        LGPL-2.1+ AND GPL-2.0+
+License:        LGPL-2.1-or-later AND GPL-2.0-or-later
 Group:          Productivity/Security
 
 %description -n nettle
@@ -92,7 +95,7 @@ This package contains a few command-line tools to perform cryptographic
 operations using the nettle library.
 
 %prep
-%setup -q -n nettle-%{version}
+%setup -q -n nettle-%{shortversion}
 %patch0 -p1
 
 %build
@@ -132,12 +135,13 @@ make check %{?_smp_mflags}
 %{_includedir}/nettle
 %{_libdir}/libnettle.so
 %{_libdir}/libhogweed.so
-%{_infodir}/nettle.info%{ext_info}
+%{_infodir}/nettle.info%{?ext_info}
 %{_libdir}/pkgconfig/hogweed.pc
 %{_libdir}/pkgconfig/nettle.pc
 
 %files -n nettle
-%doc AUTHORS ChangeLog COPYING* NEWS README TODO
+%license COPYING*
+%doc AUTHORS ChangeLog NEWS README TODO
 %{_bindir}/nettle-lfib-stream
 %{_bindir}/nettle-pbkdf2
 %{_bindir}/pkcs1-conv
diff --git a/nettle-3.4.1rc1.tar.gz b/nettle-3.4.1rc1.tar.gz
new file mode 100644
index 0000000..10f0c72
--- /dev/null
+++ b/nettle-3.4.1rc1.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5a380e9a7b5e4dde2c1aff4de090ed365500046c7c24c2de06933ed09262c1b5
+size 1946834
diff --git a/nettle-3.4.1rc1.tar.gz.sig b/nettle-3.4.1rc1.tar.gz.sig
new file mode 100644
index 0000000000000000000000000000000000000000000000000000000000000000..c3841b0087080f779947c26e8ec36be5e5acb3ce6a5e4f9eaccfebcbb007a7fd
GIT binary patch
literal 374
zcmV-+0g3*J0doWZ0SEvc79j*QJTLJ3?q0&}zVn&$S)ceQ#&Vbi0$cwLW&jEa5c64|
z_$bD5nEl5I{TFY*T^ybJ$)wPAlarlM>XV^78a><U*4kLVJq9aFW+yL6Ik`iy$kgLF
zORS)YN_n!mp#@1$7e$Kv{)zJzFe2EU>lOui@#latTby`|gd0mc=3TOohb)?JDSXmC
z#*{DVebXN?9vkMEj5@d#3u>aKcv|1njaq^@TsV5Frqh~D%(rtPIvyw6$N?i_v^}f*
z_D%9m$Z>~9p<zpMggYC;+$*u+zyoy3k^u&mF2B*R`J*}hT2}({N^ehr5GQwpnC$p{
z0&eG4tGpAs$-@oF@#V4OY>9r3PR_m;P9i3dfJ=R=9E!!5zI^qq8vhW~j}|Z^6j259
z?&%NlOd{LOUp{}<obD;~=eFtLf<~p~{@uJ{)Y5Gg7=hZ92IIqRy0W6-LfS;@g|7^#
U^9KT8dU1;=XwpJ)B=BFdFPxmY{r~^~

literal 0
HcmV?d00001

diff --git a/nettle-3.4.tar.gz b/nettle-3.4.tar.gz
deleted file mode 100644
index 47beec3..0000000
--- a/nettle-3.4.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ae7a42df026550b85daca8389b6a60ba6313b0567f374392e54918588a411e94
-size 1935069
diff --git a/nettle-3.4.tar.gz.sig b/nettle-3.4.tar.gz.sig
deleted file mode 100644
index 481bf98c2398023ece693c88cb0420d65e138dfd109ff599cf590183da2134d1..0000000000000000000000000000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 374
zcmV-+0g3*J0doWZ0SEvc79j*QJTLJ3?q0&}zVn&$S)ceQ#&Vbi0$LG@0{{vM5c64|
z_$bD5n8tDn0GME2Kwz%ND~5VuE&Vb6o;`NOcm6RPxuRcayRTF7wlE1{e6#`4kI4!J
z_pTM|m^Kq&vbsU|sLgk*4BYU9wS4?l66eJ8XWhrjV~ub?!u>0??<FJ0>bPs0ka~*@
zfi{jSBXGBR86{Cuur4DRCB{U`6|})9EGVscQ8@xdkxL#boozhB6||>Q@4oNm$RSl=
zZ87!)T$OVkgb$8+UE>Zh<`U3@#F*JUN4eH7N0nKHo1dLnQx?Nb??wI868Py+F8j8p
zjl?0>8Sx`8cQ}Glo+n|+om8;1Mj$ufEuKG%O{WA%lLif!trCTtbFy}^z-R1+Z%(=B
z(Wct9mD1KFX9J>pO`~;ZGoDHq*^857-(n4<szYo1Qr?ofzs};E6NlV#C+3KvKOk^@
U+>m9SL<s3rxlbZAYSjc9<(jFong9R*