File mingw64-libnettle.changes of Package mingw64-libnettle
-------------------------------------------------------------------
Tue Nov 12 21:21:46 UTC 2024 - Ralf Habacker <ralf.habacker@freenet.de>
- Fix building on Tumblweed
- Add patches:
* fix-building-with-mingw-headers-12.patch
-------------------------------------------------------------------
Sun May 10 19:32:12 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de>
- GNU Nettle 3.6:
* removal of internal and undocumented poly1305 functions
* Support for Curve448 and ED448 signatures
* Support for SHAKE256, SIV-CMAC, CMAC64, "CryptoPro" variant of
the GOST hash (as gosthash94cp), GOST DSA signatures, including
GOST curves gc256b and gc512a
* Support for Intel CET in x86 and x86_64 assembly files, if
enabled via CFLAGS (gcc --fcf-protection=full)
* A few new functions to improve support for the Chacha
variant with 96-bit nonce and 32-bit block counter (the
existing functions use nonce and counter of 64-bit each),
and functions to set the counter.
* New interface, struct nettle_mac, for MAC (message
authentication code) algorithms. This abstraction is only
for MACs that don't require a per-message nonce. For HMAC,
the key size is fixed, and equal the digest size of the
underlying hash function
* multiple bug fixes
- Fix warning 'The package obsoletes itself'
-------------------------------------------------------------------
Thu Aug 1 10:26:28 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de>
- update to 3.5.1:
* correct upstream source packaging problems
- new in 3.5:
* gcm_crypt will now call the underlying block cipher to process
more than one block at a time
* Support for CFB8 (Cipher Feedback Mode, processing a single
octet per block cipher operation)
* Support for CMAC (RFC 4493)
* Support for XTS mode
* various improvements
-------------------------------------------------------------------
Wed Jan 2 13:48:54 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
- Update to 3.4.1 release
* Fix CVE-2018-16869 (bsc#1118086)
All functions using RSA private keys are now side-channel
silent, meaning that they try hard to avoid any branches or
memory accesses depending on secret data. This applies both to
the bignum calculations, which now use GMP's mpn_sec_* family
of functions, and the processing of PKCS#1 padding needed for
RSA decryption.
* Changes in behavior:
The functions rsa_decrypt and rsa_decrypt_tr may now clobber
all of the provided message buffer, independent of the
actual message length. They are side-channel silent, in that
branches and memory accesses don't depend on the validity or
length of the message. Side-channel leakage from the
caller's use of length and return value may still provide an
oracle useable for a Bleichenbacher-style chosen ciphertext
attack. Which is why the new function rsa_sec_decrypt is
recommended.
* New features:
A new function rsa_sec_decrypt.
* Bug fixes:
- Fix bug in pkcs1-conv, missing break statements in the
parsing of PEM input files.
- Fix link error on the pss-mgf1-test test, affecting builds
without public key support.
-------------------------------------------------------------------
Tue Dec 4 13:43:17 UTC 2018 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- libnettle 3.4.1rc1: [bsc#1118086, CVE-2018-16869]
* pkcs1-decrypt.c (pkcs1_decrypt): Rewrite as a wrapper around
_pkcs1_sec_decrypt_variable. Improves side-channel silence of the
only caller, rsa_decrypt.
* rsa-sec-compute-root.c (sec_mul, sec_mod_mul, sec_powm): New
local helper functions, with their own itch functions.
(_rsa_sec_compute_root_itch, _rsa_sec_compute_root): Rewrote to
use helpers, for clarity.
* rsa-decrypt-tr.c (rsa_decrypt_tr): Use NETTLE_OCTET_SIZE_TO_LIMB_SIZE.
* rsa-sec-compute-root.c (_rsa_sec_compute_root): Avoid calls to
mpz_sizeinbase, since that potentially leaks most significant bits
of private key parameters a and b.
* rsa-sign.c (rsa_compute_root) [!NETTLE_USE_MINI_GMP]: Use
_rsa_sec_compute_root.
* testsuite/rsa-sec-compute-root-test.c: Add more tests for new
side-channel silent functions.
* rsa-sign.c (rsa_private_key_prepare): Check that qn + cn >= pn,
since that is required for one of the GMP calls in
_rsa_sec_compute_root.
* rsa-decrypt-tr.c: Switch to use side-channel silent functions.
* pkcs1-sec-decrypt.c (_pkcs1_sec_decrypt_variable): New private
function. Variable size version for backwards compatibility.
* testsuite/rsa-sec-decrypt-test.c: Adds more tests.
* rsa-sec-decrypt.c (rsa_sec_decrypt): New function.
Fixed length side-channel silent version of rsa-decrypt.
* testsuite/rsa-encrypt-test.c: add tests for the new fucntion.
* testsuite/pkcs1-sec-decrypt-test.c: Adds tests for _pkcs1_sec_decrypt.
* gmp-glue.c (mpn_get_base256): New function.
* pkcs1-sec-decrypt.c (_pkcs1_sec_decrypt): New private function.
Fixed length side-channel silent version of pkcs1-decrypt.
* cnd-memcpy.c (cnd_memcpy): New function.
* testsuite/cnd-memcpy-test.c: New test case.
* rsa-sign-tr.c (rsa_sec_compute_root_tr): New function that uses
_rsa_sec_compute_root, as well as side-channel silent RSA blinding.
(rsa_compute_root_tr) Rewritten as a wrapper around rsa_sec_compute_root_tr.
(rsa_sec_blind, rsa_sec_unblind, sec_equal, rsa_sec_check_root)
(cnd_mpn_zero): New helper functions.
(rsa_sec_compute_root_tr) [NETTLE_USE_MINI_GMP]: Defined as a not
side-channel silent wrapper around rsa_compute_root_tr, and the
latter function left unchanged.
* rsa-sec-compute-root.c (_rsa_sec_compute_root_itch)
(_rsa_sec_compute_root): New file, new private functions.
Side-channel silent version of rsa_compute_root.
* rsa-internal.h: New header file with declarations.
* gmp-glue.h (NETTLE_OCTET_SIZE_TO_LIMB_SIZE): New macro.
* tools/pkcs1-conv.c (convert_file): Add missing break statements.
* nettle-internal.c (des_set_key_wrapper, des3_set_key_wrapper)
(blowfish128_set_key_wrapper): Wrapper functions, to avoid cast
between incompatible function types (which gcc-8 warns about).
Wrappers are expected to compile to a single jmp instruction.
* des-compat.c (des_compat_des3_decrypt): Change length argument type to size_t.
-------------------------------------------------------------------
Sun Nov 19 18:22:58 UTC 2017 - astieger@suse.com
- libnettle 3.4:
* Fixed an improper use of GMP mpn_mul, breaking curve2559 and
eddsa on certain platforms
* Fixed memory leak when handling invalid signatures in
ecdsa_verify. Fix contributed by Nikos Mavrogiannopoulos.
* Reorganized the way certain data items are made available:
Nettle header files now define the symbols
nettle_hashes, nettle_ciphers, and nettle_aeads, as
preprocessor macros invoking a corresponding accessor
function. For backwards ABI compatibility, the symbols are
still present in the compiled libraries, and with the same
sizes as in nettle-3.3.
* Support for RSA-PSS signatures
* Support for the HKDF key derivation function, defined by RFC
5869
* Support for the Cipher Feedback Mode (CFB)
* New accessor functions: nettle_get_hashes,
nettle_get_ciphers, nettle_get_aeads, nettle_get_secp_192r1,
nettle_get_secp_224r1, nettle_get_secp_256r1,
nettle_get_secp_384r1, nettle_get_secp_521r1.
Direct access to data items is deprecated going forward.
* The base16 and base64 functions now use the type char * for
ascii data, rather than uint8_t *. This eliminates the last
pointer-signedness warnings when building Nettle
* The contents of the header file nettle/version.h is now
architecture independent, except in --enable-mini-gmp
* Prevent data sizes from leaking into the ABI
-------------------------------------------------------------------
Fri Oct 28 13:20:46 UTC 2016 - astieger@suse.com
- libnettle 3.3:
* Invalid private RSA keys, with an even modulo, are now
rejected by rsa_private_key_prepare. (Earlier versions
allowed such keys, even if results of using them were bogus).
Nettle applications are required to call
rsa_private_key_prepare and check the return value, before
using any other RSA private key functions; failing to do so
may result in crashes for invalid private keys.
* Ignore bit 255 of the x coordinate of the input point to
curve25519_mul, as required by RFC 7748. To differentiate at
compile time, curve25519.h defines the constant
NETTLE_CURVE25519_RFC7748.
* RSA and DSA now use side-channel silent modular
exponentiation, to defend against attacks on the private key
from evil processes sharing the same processor cache. This
attack scenario is of particular relevance when running an
HTTPS server on a virtual machine, where you don't know who
you share the cache hardware with.
bsc#991464 CVE-2016-6489
* Fix sexp-conv crashes on invalid input
* Fix out-of-bounds read in des_weak_p
* Fix a couple of formally undefined shift operations
* Fix compilation with c89
* New function memeql_sec, for side-channel silent comparison
of two memory areas.
* Building the public key support of nettle now requires GMP
version 5.0 or later (unless --enable-mini-gmp is used).
-------------------------------------------------------------------
Mon Feb 8 12:25:15 UTC 2016 - jengelh@inai.de
- Update to new upstream release 3.2
-------------------------------------------------------------------
Fri Dec 18 15:11:35 UTC 2015 - jengelh@inai.de
- Update to new upstream release 3.1.1
- Drop nettle-2.7-shared.patch which no longer applies
(nor seems needed)
