This update for libnettle to version 3.4.1 fixes the following issues:
Issues addressed and new features:
- Updated to 3.4.1 (fate#327114 and bsc#1129598)
- Fixed a missing break statements in the parsing of PEM input files in pkcs1-conv.
- Fixed a link error on the pss-mgf1-test which was affecting builds without public key support.
- All functions using RSA private keys are now side-channel silent. This applies both to the
bignum calculations, which now use GMP's mpn_sec_* family of functions, and the processing of
PKCS#1 padding needed for RSA decryption.
- Changes in behavior:
The functions rsa_decrypt and rsa_decrypt_tr may now clobber all of the provided message
buffer, independent of the actual message length. They are side-channel silent, in that
branches and memory accesses don't depend on the validity or length of the message.
Side-channel leakage from the caller's use of length and return value may still provide
an oracle useable for a Bleichenbacher-style chosen ciphertext attack.
Which is why the new function rsa_sec_decrypt is recommended.
This update was imported from the SUSE:SLE-15:Update update project.
- Submitted by Jason Sikes (jsikes)