pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/security/nettle



Module Name:    pkgsrc
Committed By:   adam
Date:           Sun Mar 21 20:03:09 UTC 2021

Modified Files:
        pkgsrc/security/nettle: Makefile distinfo

Log Message:
nettle: updated to 3.7.2

NEWS for the Nettle 3.7.2 release

This is a bugfix release, fixing a bug in ECDSA signature
verification that could lead to a denial of service attack
(via an assertion failure) or possibly incorrect results. It
also fixes a few related problems where scalars are required
to be canonically reduced modulo the ECC group order, but in
fact may be slightly larger.

Upgrading to the new version is strongly recommended.

Even when no assert is triggered in ecdsa_verify, ECC point
multiplication may get invalid intermediate values as input,
and produce incorrect results. It's trivial to construct
alleged signatures that result in invalid intermediate values.
It appears difficult to construct an alleged signature that
makes the function misbehave in such a way that an invalid
signature is accepted as valid, but such attacks can't be
ruled out without further analysis.

Thanks to Guido Vranken for setting up the fuzzer tests that
uncovered this problem.

The new version is intended to be fully source and binary
compatible with Nettle-3.6. The shared library names are
libnettle.so.8.3 and libhogweed.so.6.3, with sonames
libnettle.so.8 and libhogweed.so.6.

Bug fixes:

* Fixed bug in ecdsa_verify, and added a corresponding test
  case.

* Similar fixes to ecc_gostdsa_verify and gostdsa_vko.

* Similar fixes to eddsa signatures. The problem is less severe
  for these curves, because (i) the potentially out or range
  value is derived from output of a hash function, making it
  harder for the attacker to to hit the narrow range of
  problematic values, and (ii) the ecc operations are
  inherently more robust, and my current understanding is that
  unless the corresponding assert is hit, the verify
  operation should complete with a correct result.

* Fix to ecdsa_sign, which with a very low probability could
  return out of range signature values, which would be
  rejected immediately by a verifier.


To generate a diff of this commit:
cvs rdiff -u -r1.25 -r1.26 pkgsrc/security/nettle/Makefile
cvs rdiff -u -r1.20 -r1.21 pkgsrc/security/nettle/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/nettle/Makefile
diff -u pkgsrc/security/nettle/Makefile:1.25 pkgsrc/security/nettle/Makefile:1.26
--- pkgsrc/security/nettle/Makefile:1.25        Thu Feb 18 10:59:09 2021
+++ pkgsrc/security/nettle/Makefile     Sun Mar 21 20:03:09 2021
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.25 2021/02/18 10:59:09 adam Exp $
+# $NetBSD: Makefile,v 1.26 2021/03/21 20:03:09 adam Exp $
 
-DISTNAME=      nettle-3.7.1
+DISTNAME=      nettle-3.7.2
 CATEGORIES=    devel security
 MASTER_SITES=  http://www.lysator.liu.se/~nisse/archive/
 MASTER_SITES+= ftp://ftp.lysator.liu.se/pub/security/lsh/

Index: pkgsrc/security/nettle/distinfo
diff -u pkgsrc/security/nettle/distinfo:1.20 pkgsrc/security/nettle/distinfo:1.21
--- pkgsrc/security/nettle/distinfo:1.20        Thu Feb 18 10:59:09 2021
+++ pkgsrc/security/nettle/distinfo     Sun Mar 21 20:03:09 2021
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.20 2021/02/18 10:59:09 adam Exp $
+$NetBSD: distinfo,v 1.21 2021/03/21 20:03:09 adam Exp $
 
-SHA1 (nettle-3.7.1.tar.gz) = 2113e52ef6755a68097732080b738fcacfac8797
-RMD160 (nettle-3.7.1.tar.gz) = fcb350221e21d7bb2c22f90a3b020df669ff34a7
-SHA512 (nettle-3.7.1.tar.gz) = 25567c0546b68851a03741ea69a2959b07cab660a723b193a9043faf1fd9eb4cd7aea72de150bb0717fd2db28e417f03ad31b14e98aec40ad316f1bcf0caf50b
-Size (nettle-3.7.1.tar.gz) = 2380974 bytes
+SHA1 (nettle-3.7.2.tar.gz) = d617fbcf8d301dfd887129c3883629d4d097c579
+RMD160 (nettle-3.7.2.tar.gz) = 78dced3b71dbcb531f0b0a27c8f9c858d1cbe47b
+SHA512 (nettle-3.7.2.tar.gz) = 5f6edcc24ff620885b24394b31e55b494418c35dd63e6ece222ddabc58e793c44a82155051cc5759896ed5f014a8efd547f0aef6736a131e41651c5cab7c7211
+Size (nettle-3.7.2.tar.gz) = 2382309 bytes
 SHA1 (patch-Makefile.in) = ddc92dc4343df2723fbbfd1ef1afc01f1d576b09
 SHA1 (patch-aa) = 2332668b077a6e3a1add603c87f60167755554ec
 SHA1 (patch-config.make.in) = 708fb3cac9c44825e0d231541cbecade2239c850



Home | Main Index | Thread Index | Old Index