- GNU Nettle 3.7.3:
* Fix crash for zero input to rsa_sec_decrypt and
rsa_decrypt_tr. Potential denial of service vector.
* Ensure that all of rsa_decrypt_tr and rsa_sec_decrypt return
failure for out of range inputs, instead of either crashing,
or silently reducing input modulo n. Potential denial of
service vector.
* Ensure that rsa_decrypt returns failure for out of range
inputs, instead of silently reducing input modulo n.
* Ensure that rsa_sec_decrypt returns failure if the message
size is too large for the given key. Unlike the other bugs,
this would typically be triggered by invalid local
configuration, rather than by processing untrusted remote
data.
OBS-URL: https://build.opensuse.org/request/show/898784
OBS-URL: https://build.opensuse.org/package/show/security:tls/libnettle?expand=0&rev=21
- Update to 3.4.1 release
* Fix CVE-2018-16869 (bsc#1118086)
All functions using RSA private keys are now side-channel
silent, meaning that they try hard to avoid any branches or
memory accesses depending on secret data. This applies both to
the bignum calculations, which now use GMP's mpn_sec_* family
of functions, and the processing of PKCS#1 padding needed for
RSA decryption.
* Changes in behavior:
The functions rsa_decrypt and rsa_decrypt_tr may now clobber
all of the provided message buffer, independent of the
actual message length. They are side-channel silent, in that
branches and memory accesses don't depend on the validity or
length of the message. Side-channel leakage from the
caller's use of length and return value may still provide an
oracle useable for a Bleichenbacher-style chosen ciphertext
attack. Which is why the new function rsa_sec_decrypt is
recommended.
* New features:
A new function rsa_sec_decrypt.
* Bug fixes:
- Fix bug in pkcs1-conv, missing break statements in the
parsing of PEM input files.
- Fix link error on the pss-mgf1-test test, affecting builds
without public key support.
OBS-URL: https://build.opensuse.org/request/show/662469
OBS-URL: https://build.opensuse.org/package/show/security:tls/libnettle?expand=0&rev=5
- Version update to 3.2 release bnc#964849 CVE-2015-8805 bnc#964847
CVE-2015-8804 bnc#964845 CVE-2015-8803:
* New functions for RSA private key operations, identified by
the "_tr" suffix, with better resistance to side channel
attacks and to hardware or software failures which could
break the CRT optimization
* SHA3 implementation is updated according to the FIPS 202 standard
* New ARM Neon implementation of the chacha stream cipher
* Should be compatible binary with 3.1 series
- Add patch to fix build with cflags:
* nettle-respect-cflags.patch
OBS-URL: https://build.opensuse.org/request/show/357899
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libnettle?expand=0&rev=23
- Update to version 2.7
* Support for the GOST R 34.11-94 hash algorithm
* Support for SHA3
* Support for PKCS #5 PBKDF2
* Fixed a small memory leak in nettle_realloc and
nettle_xrealloc.
* x86_64 assembly for SHA256, SHA512, and SHA3
* ARM assembly code for several additional algorithms,
including AES, Salsa20, and the SHA family of hash
functions.
* Support for 12-round salsa20, "salsa20r12", as specified by
eSTREAM.
* Support for UMAC, including x86_64 and ARM assembly.
* Support for ECDSA signatures. Elliptic curve operations over
the following curves: secp192r1, secp224r1, secp256r1,
secp384r1 and secp521r1, including x86_64 and ARM assembly
for the most important primitives.
- Depend on makeinfo for info file generation.
- Don't disable static libs, they are needed at build time.
OBS-URL: https://build.opensuse.org/request/show/175855
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libnettle?expand=0&rev=12
