From 144343043bcdd54e379e437ab9907620a68a8b99274398cc1447be9c6aaf100c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= <tchvatal@suse.com>
Date: Wed, 2 Jan 2019 14:12:03 +0000
Subject: [PATCH] Accepting request 662469 from
 home:vitezslav_cizek:branches:security:tls

- Update to 3.4.1 release
  * Fix CVE-2018-16869 (bsc#1118086)
    All functions using RSA private keys are now side-channel
    silent, meaning that they try hard to avoid any branches or
    memory accesses depending on secret data. This applies both to
    the bignum calculations, which now use GMP's mpn_sec_* family
    of functions, and the processing of PKCS#1 padding needed for
    RSA decryption.
  * Changes in behavior:
    The functions rsa_decrypt and rsa_decrypt_tr may now clobber
    all of the provided message buffer, independent of the
    actual message length. They are side-channel silent, in that
    branches and memory accesses don't depend on the validity or
    length of the message. Side-channel leakage from the
    caller's use of length and return value may still provide an
    oracle useable for a Bleichenbacher-style chosen ciphertext
    attack. Which is why the new function rsa_sec_decrypt is
    recommended.
  * New features:
    A new function rsa_sec_decrypt.
  * Bug fixes:
    - Fix bug in pkcs1-conv, missing break statements in the
      parsing of PEM input files.
    - Fix link error on the pss-mgf1-test test, affecting builds
      without public key support.

OBS-URL: https://build.opensuse.org/request/show/662469
OBS-URL: https://build.opensuse.org/package/show/security:tls/libnettle?expand=0&rev=5
---
 libnettle.changes          |  29 +++++++++++++++++++++++++++++
 libnettle.spec             |  12 +++++-------
 nettle-3.4.1.tar.gz        |   3 +++
 nettle-3.4.1.tar.gz.sig    | Bin 0 -> 374 bytes
 nettle-3.4.1rc1.tar.gz     |   3 ---
 nettle-3.4.1rc1.tar.gz.sig | Bin 374 -> 0 bytes
 6 files changed, 37 insertions(+), 10 deletions(-)
 create mode 100644 nettle-3.4.1.tar.gz
 create mode 100644 nettle-3.4.1.tar.gz.sig
 delete mode 100644 nettle-3.4.1rc1.tar.gz
 delete mode 100644 nettle-3.4.1rc1.tar.gz.sig

diff --git a/libnettle.changes b/libnettle.changes
index 4ed495a..b43a826 100644
--- a/libnettle.changes
+++ b/libnettle.changes
@@ -1,3 +1,32 @@
+-------------------------------------------------------------------
+Wed Jan  2 13:48:54 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
+
+- Update to 3.4.1 release
+  * Fix CVE-2018-16869 (bsc#1118086)
+    All functions using RSA private keys are now side-channel
+    silent, meaning that they try hard to avoid any branches or
+    memory accesses depending on secret data. This applies both to
+    the bignum calculations, which now use GMP's mpn_sec_* family
+    of functions, and the processing of PKCS#1 padding needed for
+    RSA decryption.
+  * Changes in behavior:
+    The functions rsa_decrypt and rsa_decrypt_tr may now clobber
+    all of the provided message buffer, independent of the
+    actual message length. They are side-channel silent, in that
+    branches and memory accesses don't depend on the validity or
+    length of the message. Side-channel leakage from the
+    caller's use of length and return value may still provide an
+    oracle useable for a Bleichenbacher-style chosen ciphertext
+    attack. Which is why the new function rsa_sec_decrypt is
+    recommended.
+  * New features:
+    A new function rsa_sec_decrypt.
+  * Bug fixes:
+    - Fix bug in pkcs1-conv, missing break statements in the
+      parsing of PEM input files.
+    - Fix link error on the pss-mgf1-test test, affecting builds
+      without public key support.
+
 -------------------------------------------------------------------
 Thu Dec  6 12:56:30 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
 
diff --git a/libnettle.spec b/libnettle.spec
index 516aca2..02d7fe8 100644
--- a/libnettle.spec
+++ b/libnettle.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package libnettle
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -18,17 +18,15 @@
 
 %define soname 6
 %define hogweed_soname 4
-%define realversion 3.4.1rc1
-%define shortversion 3.4.1
 Name:           libnettle
-Version:        3.4.1~rc1
+Version:        3.4.1
 Release:        0
 Summary:        Cryptographic Library
 License:        LGPL-2.1-or-later AND GPL-2.0-or-later
 Group:          Development/Libraries/C and C++
 URL:            https://www.lysator.liu.se/~nisse/nettle/
-Source0:        https://www.lysator.liu.se/~nisse/archive/nettle-%{realversion}.tar.gz
-Source1:        https://www.lysator.liu.se/~nisse/archive/nettle-%{realversion}.tar.gz.sig
+Source0:        https://www.lysator.liu.se/~nisse/archive/nettle-%{version}.tar.gz
+Source1:        https://www.lysator.liu.se/~nisse/archive/nettle-%{version}.tar.gz.sig
 Source2:        %{name}.keyring
 Source3:        baselibs.conf
 # PATCH-FIX-UPSTREAM respect cflags while building
@@ -95,7 +93,7 @@ This package contains a few command-line tools to perform cryptographic
 operations using the nettle library.
 
 %prep
-%setup -q -n nettle-%{shortversion}
+%setup -q -n nettle-%{version}
 %patch0 -p1
 
 %build
diff --git a/nettle-3.4.1.tar.gz b/nettle-3.4.1.tar.gz
new file mode 100644
index 0000000..acf531c
--- /dev/null
+++ b/nettle-3.4.1.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f941cf1535cd5d1819be5ccae5babef01f6db611f9b5a777bae9c7604b8a92ad
+size 1947053
diff --git a/nettle-3.4.1.tar.gz.sig b/nettle-3.4.1.tar.gz.sig
new file mode 100644
index 0000000000000000000000000000000000000000000000000000000000000000..9607c33917368cd2a6f5243b7525d1ba1f3d4a100eb6bb18fdf68037d86c1826
GIT binary patch
literal 374
zcmV-+0g3*J0doWZ0SEvc79j*QJTLJ3?q0&}zVn&$S)ceQ#&Vbi0$c{_P5=rC5c64|
z_$bD5m^tGK|8%HqiLka<#8_A*^|YS5`K!SE89MSF6TeGdYTre@&<#;ruEZG1i&8NN
ztJ1g=tRZMV(l}TkKwihhEa9U;$@Q|iep|?-PKC>^onA2Fm0sTP3<)N&0Ve*L(Yw8r
zG5oOJ80!o2uP?mR%O3*o%va{n-Zs#eH65QsDjRV~zB67bndn6bLQ{_Dqn2YIE>Z@L
z<v6{%d@XI>zvk`a=JXB9?(##bp^dN)JPM3j4Q|ti!3ZZctYW2(pgMFS_+ANFLL2b;
zWcF`8PaTqN4QGBi+#lpW5KpFCNmm<AAU;_w=rcj@>EuSh1h*u7C9nW_^5AFSx?hnY
zm$mM`^_Ha8UBoAakHbIKCQ@)J=5|vD7Dy#;t0~?fKkyNQ*U9~rrHcl=;k5}bzIH=(
U$WVPH<O1m6luyyDjz8lBllt+tCIA2c

literal 0
HcmV?d00001

diff --git a/nettle-3.4.1rc1.tar.gz b/nettle-3.4.1rc1.tar.gz
deleted file mode 100644
index 10f0c72..0000000
--- a/nettle-3.4.1rc1.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5a380e9a7b5e4dde2c1aff4de090ed365500046c7c24c2de06933ed09262c1b5
-size 1946834
diff --git a/nettle-3.4.1rc1.tar.gz.sig b/nettle-3.4.1rc1.tar.gz.sig
deleted file mode 100644
index c3841b0087080f779947c26e8ec36be5e5acb3ce6a5e4f9eaccfebcbb007a7fd..0000000000000000000000000000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 374
zcmV-+0g3*J0doWZ0SEvc79j*QJTLJ3?q0&}zVn&$S)ceQ#&Vbi0$cwLW&jEa5c64|
z_$bD5nEl5I{TFY*T^ybJ$)wPAlarlM>XV^78a><U*4kLVJq9aFW+yL6Ik`iy$kgLF
zORS)YN_n!mp#@1$7e$Kv{)zJzFe2EU>lOui@#latTby`|gd0mc=3TOohb)?JDSXmC
z#*{DVebXN?9vkMEj5@d#3u>aKcv|1njaq^@TsV5Frqh~D%(rtPIvyw6$N?i_v^}f*
z_D%9m$Z>~9p<zpMggYC;+$*u+zyoy3k^u&mF2B*R`J*}hT2}({N^ehr5GQwpnC$p{
z0&eG4tGpAs$-@oF@#V4OY>9r3PR_m;P9i3dfJ=R=9E!!5zI^qq8vhW~j}|Z^6j259
z?&%NlOd{LOUp{}<obD;~=eFtLf<~p~{@uJ{)Y5Gg7=hZ92IIqRy0W6-LfS;@g|7^#
U^9KT8dU1;=XwpJ)B=BFdFPxmY{r~^~