Accepting request 655651 from security:tls

OBS-URL: https://build.opensuse.org/request/show/655651
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libnettle?expand=0&rev=30

libnettle.changes

@@ -1,3 +1,63 @@
+-------------------------------------------------------------------
+Thu Dec  6 12:56:30 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
+
+- Adjust SRPM group.
+
+-------------------------------------------------------------------
+Tue Dec  4 13:43:17 UTC 2018 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
+
+- libnettle 3.4.1rc1: [bsc#1118086, CVE-2018-16869]
+  * pkcs1-decrypt.c (pkcs1_decrypt): Rewrite as a wrapper around
+    _pkcs1_sec_decrypt_variable. Improves side-channel silence of the
+    only caller, rsa_decrypt.
+  * rsa-sec-compute-root.c (sec_mul, sec_mod_mul, sec_powm): New
+    local helper functions, with their own itch functions.
+    (_rsa_sec_compute_root_itch, _rsa_sec_compute_root): Rewrote to
+    use helpers, for clarity.
+  * rsa-decrypt-tr.c (rsa_decrypt_tr): Use NETTLE_OCTET_SIZE_TO_LIMB_SIZE.
+  * rsa-sec-compute-root.c (_rsa_sec_compute_root): Avoid calls to
+    mpz_sizeinbase, since that potentially leaks most significant bits
+    of private key parameters a and b.
+  * rsa-sign.c (rsa_compute_root) [!NETTLE_USE_MINI_GMP]: Use
+    _rsa_sec_compute_root.
+  * testsuite/rsa-sec-compute-root-test.c: Add more tests for new
+    side-channel silent functions.
+  * rsa-sign.c (rsa_private_key_prepare): Check that qn + cn >= pn,
+    since that is required for one of the GMP calls in
+    _rsa_sec_compute_root.
+  * rsa-decrypt-tr.c: Switch to use side-channel silent functions.
+  * pkcs1-sec-decrypt.c (_pkcs1_sec_decrypt_variable): New private
+    function. Variable size version for backwards compatibility.
+  * testsuite/rsa-sec-decrypt-test.c: Adds more tests.
+  * rsa-sec-decrypt.c (rsa_sec_decrypt): New function.
+    Fixed length side-channel silent version of rsa-decrypt.
+  * testsuite/rsa-encrypt-test.c: add tests for the new fucntion.
+  * testsuite/pkcs1-sec-decrypt-test.c: Adds tests for _pkcs1_sec_decrypt.
+  * gmp-glue.c (mpn_get_base256): New function.
+  * pkcs1-sec-decrypt.c (_pkcs1_sec_decrypt): New private function.
+    Fixed length side-channel silent version of pkcs1-decrypt.
+  * cnd-memcpy.c (cnd_memcpy): New function.
+  * testsuite/cnd-memcpy-test.c: New test case.
+  * rsa-sign-tr.c (rsa_sec_compute_root_tr): New function that uses
+    _rsa_sec_compute_root, as well as side-channel silent RSA blinding.
+    (rsa_compute_root_tr) Rewritten as a wrapper around	rsa_sec_compute_root_tr.
+    (rsa_sec_blind, rsa_sec_unblind, sec_equal, rsa_sec_check_root)
+    (cnd_mpn_zero): New helper functions.
+    (rsa_sec_compute_root_tr) [NETTLE_USE_MINI_GMP]: Defined as a not
+    side-channel silent wrapper around rsa_compute_root_tr, and the
+    latter function left unchanged.
+  * rsa-sec-compute-root.c (_rsa_sec_compute_root_itch)
+    (_rsa_sec_compute_root): New file, new private functions.
+    Side-channel silent version of rsa_compute_root.
+  * rsa-internal.h: New header file with declarations.
+  * gmp-glue.h (NETTLE_OCTET_SIZE_TO_LIMB_SIZE): New macro.
+  * tools/pkcs1-conv.c (convert_file): Add missing break statements.
+  * nettle-internal.c (des_set_key_wrapper, des3_set_key_wrapper)
+    (blowfish128_set_key_wrapper): Wrapper functions, to avoid cast
+    between incompatible function types (which gcc-8 warns about).
+    Wrappers are expected to compile to a single jmp instruction.
+  * des-compat.c (des_compat_des3_decrypt): Change length argument type to size_t.
+
 -------------------------------------------------------------------
 Thu Feb 22 15:10:37 UTC 2018 - fvogt@suse.com
 

libnettle.spec

@@ -12,21 +12,23 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
 %define soname 6
 %define hogweed_soname 4
+%define realversion 3.4.1rc1
+%define shortversion 3.4.1
 Name:           libnettle
-Version:        3.4
+Version:        3.4.1~rc1
 Release:        0
 Summary:        Cryptographic Library
-License:        LGPL-2.1+ AND GPL-2.0+
+License:        LGPL-2.1-or-later AND GPL-2.0-or-later
-Group:          System/Libraries
+Group:          Development/Libraries/C and C++
-Url:            http://www.lysator.liu.se/~nisse/nettle/
+URL:            https://www.lysator.liu.se/~nisse/nettle/
-Source0:        https://ftp.gnu.org/gnu/nettle/nettle-%{version}.tar.gz
+Source0:        https://www.lysator.liu.se/~nisse/archive/nettle-%{realversion}.tar.gz
-Source1:        https://ftp.gnu.org/gnu/nettle/nettle-%{version}.tar.gz.sig
+Source1:        https://www.lysator.liu.se/~nisse/archive/nettle-%{realversion}.tar.gz.sig
 Source2:        %{name}.keyring
 Source3:        baselibs.conf
 # PATCH-FIX-UPSTREAM respect cflags while building
@@ -35,6 +37,7 @@ BuildRequires:  gmp-devel
 BuildRequires:  m4
 BuildRequires:  makeinfo
 BuildRequires:  pkgconfig
+
 Requires(post): %{install_info_prereq}
 
 %description
@@ -44,7 +47,7 @@ Python, Pike, ...), in applications like LSH or GNUPG, or even in kernel space.
 
 %package -n libnettle%{soname}
 Summary:        Cryptographic Library
-License:        LGPL-2.1+
+License:        LGPL-2.1-or-later
 Group:          System/Libraries
 
 %description -n libnettle%{soname}
@@ -54,7 +57,7 @@ Python, Pike, ...), in applications like LSH or GNUPG, or even in kernel space.
 
 %package -n libhogweed%{hogweed_soname}
 Summary:        Cryptographic Library for Public Key Algorithms
-License:        LGPL-2.1+
+License:        LGPL-2.1-or-later
 Group:          System/Libraries
 
 %description -n libhogweed%{hogweed_soname}
@@ -66,7 +69,7 @@ The libhogweed library contains public key algorithms to use with libnettle.
 
 %package -n libnettle-devel
 Summary:        Cryptographic Library
-License:        LGPL-2.1+
+License:        LGPL-2.1-or-later
 Group:          Development/Libraries/C and C++
 Requires:       glibc-devel
 Requires:       gmp-devel
@@ -80,7 +83,7 @@ Python, Pike, ...), in applications like LSH or GNUPG, or even in kernel space.
 
 %package -n nettle
 Summary:        Cryptographic Tools
-License:        LGPL-2.1+ AND GPL-2.0+
+License:        LGPL-2.1-or-later AND GPL-2.0-or-later
 Group:          Productivity/Security
 
 %description -n nettle
@@ -92,7 +95,7 @@ This package contains a few command-line tools to perform cryptographic
 operations using the nettle library.
 
 %prep
-%setup -q -n nettle-%{version}
+%setup -q -n nettle-%{shortversion}
 %patch0 -p1
 
 %build
@@ -132,12 +135,13 @@ make check %{?_smp_mflags}
 %{_includedir}/nettle
 %{_libdir}/libnettle.so
 %{_libdir}/libhogweed.so
-%{_infodir}/nettle.info%{ext_info}
+%{_infodir}/nettle.info%{?ext_info}
 %{_libdir}/pkgconfig/hogweed.pc
 %{_libdir}/pkgconfig/nettle.pc
 
 %files -n nettle
-%doc AUTHORS ChangeLog COPYING* NEWS README TODO
+%license COPYING*
+%doc AUTHORS ChangeLog NEWS README TODO
 %{_bindir}/nettle-lfib-stream
 %{_bindir}/nettle-pbkdf2
 %{_bindir}/pkcs1-conv

nettle-3.4.1rc1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5a380e9a7b5e4dde2c1aff4de090ed365500046c7c24c2de06933ed09262c1b5
+size 1946834

nettle-3.4.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ae7a42df026550b85daca8389b6a60ba6313b0567f374392e54918588a411e94
-size 1935069