pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/security/nettle



Module Name:    pkgsrc
Committed By:   leot
Date:           Sun Dec  9 20:11:40 UTC 2018

Modified Files:
        pkgsrc/security/nettle: Makefile buildlink3.mk distinfo

Log Message:
nettle: Update security/nettle to 3.4.1

Changes:
3.4.1
-----
This release fixes a few bugs, and makes the RSA private key
operations side channel silent. The RSA improvements are
contributed by Simo Sorce and Red Hat, and include one new
public function, rsa_sec_decrypt, see below.

All functions using RSA private keys are now side-channel
silent, meaning that they try hard to avoid any branches or
memory accesses depending on secret data. This applies both to
the bignum calculations, which now use GMP's mpn_sec_* family
of functions, and the processing of PKCS#1 padding needed for
RSA decryption.

Nettle's ECC functions were already side-channel silent, while
the DSA functions still aren't. There's also one caveat
regarding the improved RSA functions: due to small table
lookups in relevant mpn_sec_* functions in GMP-6.1.2, the
lowest and highest few bits of the secret factors p and q may
still leak. I'm not aware of any attacks on RSA where knowing
a few bits of the factors makes a significant difference. This
leak will likely be plugged in later GMP versions.

Changes in behavior:

* The functions rsa_decrypt and rsa_decrypt_tr may now clobber
  all of the provided message buffer, independent of the
  actual message length. They are side-channel silent, in that
  branches and memory accesses don't depend on the validity or
  length of the message. Side-channel leakage from the
  caller's use of length and return value may still provide an
  oracle useable for a Bleichenbacher-style chosen ciphertext
  attack. Which is why the new function rsa_sec_decrypt is
  recommended.

New features:

* A new function rsa_sec_decrypt. It differs from
  rsa_decrypt_tr in that the length of the decrypted message
  is given a priori, and PKCS#1 padding indicating a different
  length is treated as an error. For applications that may be
  subject to chosen ciphertext attacks, it is recommended to
  initialize the message area with random data, call this
  function, and ignore the return value. This applies in
  particular to RSA-based key exchange in the TLS protocol.

Bug fixes:

* Fix bug in pkcs1-conv, missing break statements in the
  parsing of PEM input files.

* Fix link error on the pss-mgf1-test test, affecting builds
  without public key support.

Performance regression:

* All RSA private key operations employing RSA blinding, i.e.,
  rsa_decrypt_tr, rsa_*_sign_tr, the new rsa_sec_decrypt, and
  rsa_compute_root_tr, are significantly slower. This is
  because (i) RSA blinding now use side-channel silent
  operations, (ii) blinding includes a modular inversion, and
  (iii) side-channel silent modular inversion, implemented as
  mpn_sec_invert, is very expensive. A 60% slowdown for
  2048-bit RSA keys have been measured.

Miscellaneous:

* Building the public key support of nettle now requires GMP
  version 6.0 or later (unless --enable-mini-gmp is used).

The shared library names are libnettle.so.6.5 and
libhogweed.so.4.5, with sonames still libnettle.so.6 and
libhogweed.so.4. It is intended to be fully binary compatible
with nettle-3.1.


To generate a diff of this commit:
cvs rdiff -u -r1.19 -r1.20 pkgsrc/security/nettle/Makefile
cvs rdiff -u -r1.6 -r1.7 pkgsrc/security/nettle/buildlink3.mk
cvs rdiff -u -r1.16 -r1.17 pkgsrc/security/nettle/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/nettle/Makefile
diff -u pkgsrc/security/nettle/Makefile:1.19 pkgsrc/security/nettle/Makefile:1.20
--- pkgsrc/security/nettle/Makefile:1.19        Tue Nov 28 14:06:12 2017
+++ pkgsrc/security/nettle/Makefile     Sun Dec  9 20:11:40 2018
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.19 2017/11/28 14:06:12 wiz Exp $
+# $NetBSD: Makefile,v 1.20 2018/12/09 20:11:40 leot Exp $
 
-DISTNAME=      nettle-3.4
+DISTNAME=      nettle-3.4.1
 CATEGORIES=    devel security
 MASTER_SITES=  http://www.lysator.liu.se/~nisse/archive/
 MASTER_SITES+= ftp://ftp.lysator.liu.se/pub/security/lsh/
@@ -28,6 +28,6 @@ TEST_TARGET=          check
 PKGCONFIG_OVERRIDE=    hogweed.pc.in
 PKGCONFIG_OVERRIDE+=   nettle.pc.in
 
-BUILDLINK_API_DEPENDS.gmp+=    gmp>=5.0
+BUILDLINK_API_DEPENDS.gmp+=    gmp>=6.0
 .include "../../devel/gmp/buildlink3.mk"
 .include "../../mk/bsd.pkg.mk"

Index: pkgsrc/security/nettle/buildlink3.mk
diff -u pkgsrc/security/nettle/buildlink3.mk:1.6 pkgsrc/security/nettle/buildlink3.mk:1.7
--- pkgsrc/security/nettle/buildlink3.mk:1.6    Sun Jan  7 13:04:29 2018
+++ pkgsrc/security/nettle/buildlink3.mk        Sun Dec  9 20:11:40 2018
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.6 2018/01/07 13:04:29 rillig Exp $
+# $NetBSD: buildlink3.mk,v 1.7 2018/12/09 20:11:40 leot Exp $
 
 BUILDLINK_TREE+=       nettle
 
@@ -6,9 +6,10 @@ BUILDLINK_TREE+=       nettle
 NETTLE_BUILDLINK3_MK:=
 
 BUILDLINK_API_DEPENDS.nettle+= nettle>=2.4
-BUILDLINK_ABI_DEPENDS.nettle?= nettle>=3.1.1
+BUILDLINK_ABI_DEPENDS.nettle+= nettle>=3.1.1
 BUILDLINK_PKGSRCDIR.nettle?=   ../../security/nettle
 
+BUILDLINK_API_DEPENDS.gmp+=    gmp>=6.0
 .include "../../devel/gmp/buildlink3.mk"
 .endif # NETTLE_BUILDLINK3_MK
 

Index: pkgsrc/security/nettle/distinfo
diff -u pkgsrc/security/nettle/distinfo:1.16 pkgsrc/security/nettle/distinfo:1.17
--- pkgsrc/security/nettle/distinfo:1.16        Tue Nov 28 14:06:12 2017
+++ pkgsrc/security/nettle/distinfo     Sun Dec  9 20:11:40 2018
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.16 2017/11/28 14:06:12 wiz Exp $
+$NetBSD: distinfo,v 1.17 2018/12/09 20:11:40 leot Exp $
 
-SHA1 (nettle-3.4.tar.gz) = f3c8495b7c43cba9cdd19503e7567095c680b490
-RMD160 (nettle-3.4.tar.gz) = 56c59906e4bec5c0859abdd96645d5d54a8f78c4
-SHA512 (nettle-3.4.tar.gz) = 3bea3aabd2c99cc42d084a94fd6b0b5dbdb24cd6c7020271a6ee87a81a904b21b21756f590cb1afdf2e85fd1cb59e5c3651c5c4032e30204e7ea6f8801d1ea3b
-Size (nettle-3.4.tar.gz) = 1935069 bytes
+SHA1 (nettle-3.4.1.tar.gz) = 56a81ed4a8d35489d8bddd99d5262fe3958a52b4
+RMD160 (nettle-3.4.1.tar.gz) = ecf0b73ffa9020037161fa10bc3d7e0e578e5b3e
+SHA512 (nettle-3.4.1.tar.gz) = 26aefbbe9927e90e28f271e56d2ba876611831222d0e1e1a58bdb75bbd50934fcd84418a4fe47b845f557e60a9786a72a4de2676c930447b104f2256aca7a54f
+Size (nettle-3.4.1.tar.gz) = 1947053 bytes
 SHA1 (patch-Makefile.in) = 96771c1fb195603d108717970eb32767d2c26799
 SHA1 (patch-aa) = 2332668b077a6e3a1add603c87f60167755554ec
 SHA1 (patch-config.make.in) = 708fb3cac9c44825e0d231541cbecade2239c850



Home | Main Index | Thread Index | Old Index