diff --git a/.gitignore b/.gitignore index 7527596..423c59d 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -/nettle-3.2-hobbled.tar.xz +/nettle-3.3-hobbled.tar.xz diff --git a/mingw-nettle.spec b/mingw-nettle.spec index 409c977..bbf2690 100644 --- a/mingw-nettle.spec +++ b/mingw-nettle.spec @@ -1,7 +1,7 @@ %{?mingw_package_header} Name: mingw-nettle -Version: 3.2 +Version: 3.3 Release: 1%{?dist} Summary: MinGW package for nettle cryptographic library @@ -10,7 +10,7 @@ Group: Development/Libraries URL: http://www.lysator.liu.se/~nisse/nettle/ # http://www.lysator.liu.se/~nisse/archive/nettle-%{version}.tar.gz Source: nettle-%{version}-hobbled.tar.xz -Patch0: nettle-3.1.1-remove-ecc-testsuite.patch +Patch0: nettle-3.3-remove-ecc-testsuite.patch Patch1: nettle-3.2-version-h.patch BuildArch: noarch @@ -97,8 +97,8 @@ rm -rf $RPM_BUILD_ROOT%{mingw64_infodir}/ %{mingw32_bindir}/nettle-pbkdf2.exe %{mingw32_bindir}/pkcs1-conv.exe %{mingw32_bindir}/sexp-conv.exe -%{mingw32_bindir}/libnettle-6-2.dll -%{mingw32_bindir}/libhogweed-4-2.dll +%{mingw32_bindir}/libnettle-6.dll +%{mingw32_bindir}/libhogweed-4.dll %{mingw32_libdir}/libnettle.dll.a %{mingw32_libdir}/libhogweed.dll.a %{mingw32_libdir}/pkgconfig/nettle.pc @@ -116,8 +116,8 @@ rm -rf $RPM_BUILD_ROOT%{mingw64_infodir}/ %{mingw64_bindir}/nettle-pbkdf2.exe %{mingw64_bindir}/pkcs1-conv.exe %{mingw64_bindir}/sexp-conv.exe -%{mingw64_bindir}/libnettle-6-2.dll -%{mingw64_bindir}/libhogweed-4-2.dll +%{mingw64_bindir}/libnettle-6.dll +%{mingw64_bindir}/libhogweed-4.dll %{mingw64_libdir}/libnettle.dll.a %{mingw64_libdir}/libhogweed.dll.a %{mingw64_libdir}/pkgconfig/nettle.pc @@ -127,6 +127,10 @@ rm -rf $RPM_BUILD_ROOT%{mingw64_infodir}/ %changelog +* Thu Nov 03 2016 Michael Cronenworth - 3.3-1 +- New upstream release +- Fixed CVE-2016-6489 (#1362018) + * Wed Feb 03 2016 Michael Cronenworth - 3.2-1 - New upstream release - Fixed CVE-2015-8803 secp256r1 calculation bug (#1304305) diff --git a/nettle-3.1.1-remove-ecc-testsuite.patch b/nettle-3.1.1-remove-ecc-testsuite.patch deleted file mode 100644 index 75673bb..0000000 --- a/nettle-3.1.1-remove-ecc-testsuite.patch +++ /dev/null @@ -1,180 +0,0 @@ -diff --git a/examples/ecc-benchmark.c b/examples/ecc-benchmark.c -index 15df4c7..18eaae7 100644 ---- a/examples/ecc-benchmark.c -+++ b/examples/ecc-benchmark.c -@@ -341,8 +341,6 @@ bench_curve (const struct ecc_curve *ecc) - } - - const struct ecc_curve * const curves[] = { -- &nettle_secp_192r1, -- &nettle_secp_224r1, - &_nettle_curve25519, - &nettle_secp_256r1, - &nettle_secp_384r1, -diff --git a/examples/hogweed-benchmark.c b/examples/hogweed-benchmark.c -index 444d7aa..24c023e 100644 ---- a/examples/hogweed-benchmark.c -+++ b/examples/hogweed-benchmark.c -@@ -394,23 +394,6 @@ bench_ecdsa_init (unsigned size) - - switch (size) - { -- case 192: -- ecc = &nettle_secp_192r1; -- xs = "8e8e07360350fb6b7ad8370cfd32fa8c6bba785e6e200599"; -- ys = "7f82ddb58a43d59ff8dc66053002b918b99bd01bd68d6736"; -- zs = "f2e620e086d658b4b507996988480917640e4dc107808bdd"; -- ctx->digest = hash_string (&nettle_sha1, 3, "abc"); -- ctx->digest_size = 20; -- break; -- case 224: -- ecc = &nettle_secp_224r1; -- xs = "993bf363f4f2bc0f255f22563980449164e9c894d9efd088d7b77334"; -- ys = "b75fff9849997d02d135140e4d0030944589586e22df1fc4b629082a"; -- zs = "cdfd01838247f5de3cc70b688418046f10a2bfaca6de9ec836d48c27"; -- ctx->digest = hash_string (&nettle_sha224, 3, "abc"); -- ctx->digest_size = 28; -- break; -- - /* From RFC 4754 */ - case 256: - ecc = &nettle_secp_256r1; -@@ -582,16 +565,6 @@ bench_openssl_ecdsa_init (unsigned size) - - switch (size) - { -- case 192: -- ctx->key = EC_KEY_new_by_curve_name (NID_X9_62_prime192v1); -- ctx->digest_length = 24; /* truncated */ -- ctx->digest = hash_string (&nettle_sha224, 3, "abc"); -- break; -- case 224: -- ctx->key = EC_KEY_new_by_curve_name (NID_secp224r1); -- ctx->digest_length = SHA224_DIGEST_SIZE; -- ctx->digest = hash_string (&nettle_sha224, 3, "abc"); -- break; - case 256: - ctx->key = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1); - ctx->digest_length = SHA256_DIGEST_SIZE; -@@ -702,14 +675,10 @@ struct alg alg_list[] = { - #if 0 - { "dsa",2048, bench_dsa_init, bench_dsa_sign, bench_dsa_verify, bench_dsa_clear }, - #endif -- { "ecdsa", 192, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear }, -- { "ecdsa", 224, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear }, - { "ecdsa", 256, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear }, - { "ecdsa", 384, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear }, - { "ecdsa", 521, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear }, - #if WITH_OPENSSL -- { "ecdsa (openssl)", 192, bench_openssl_ecdsa_init, bench_openssl_ecdsa_sign, bench_openssl_ecdsa_verify, bench_openssl_ecdsa_clear }, -- { "ecdsa (openssl)", 224, bench_openssl_ecdsa_init, bench_openssl_ecdsa_sign, bench_openssl_ecdsa_verify, bench_openssl_ecdsa_clear }, - { "ecdsa (openssl)", 256, bench_openssl_ecdsa_init, bench_openssl_ecdsa_sign, bench_openssl_ecdsa_verify, bench_openssl_ecdsa_clear }, - { "ecdsa (openssl)", 384, bench_openssl_ecdsa_init, bench_openssl_ecdsa_sign, bench_openssl_ecdsa_verify, bench_openssl_ecdsa_clear }, - { "ecdsa (openssl)", 521, bench_openssl_ecdsa_init, bench_openssl_ecdsa_sign, bench_openssl_ecdsa_verify, bench_openssl_ecdsa_clear }, -diff --git a/testsuite/ecdh-test.c b/testsuite/ecdh-test.c -index 5a2b39d..08870b1 100644 ---- a/testsuite/ecdh-test.c -+++ b/testsuite/ecdh-test.c -@@ -138,26 +138,6 @@ test_dh (const char *name, const struct ecc_curve *ecc, - void - test_main(void) - { -- test_dh ("secp-192r1", &nettle_secp_192r1, -- "3406157206141798348095184987208239421004566462391397236532", -- "1050363442265225480786760666329560655512990381040021438562", -- "5298249600854377235107392014200406283816103564916230704184", -- "738368960171459956677260317271477822683777845013274506165", -- "2585840779771604687467445319428618542927556223024046979917", -- "293088185788565313717816218507714888251468410990708684573", -- "149293809021051532782730990145509724807636529827149481690", -- "2891131861147398318714693938158856874319184314120776776192"); -- -- test_dh ("secp-224r1", &nettle_secp_224r1, -- "1321072106881784386340709783538698930880431939595776773514895067682", -- "6768311794185371282972144247871764855860666277647541840973645586477", -- "2880077809069104378181313860274147139049600284805670362929579614547", -- "13934723037778859565852601874354272638301919827851286722006496784914", -- "373124771833407982305885866158843810218322878380632071540538232035", -- "24223309755162432227459925493224336241652868856405241018762887667883", -- "8330362698029245839097779050425944245826040430538860338085968752913", -- "24167244512472228715617822000878192535267113543393576038737592837010"); -- - test_dh ("secp-256r1", &nettle_secp_256r1, - "94731533361265297353914491124013058635674217345912524033267198103710636378786", - "22441589863306126152768848344973918725077248391248404659242620344938484650846", -diff --git a/testsuite/ecdsa-sign-test.c b/testsuite/ecdsa-sign-test.c -index 559de8e..1ca36c2 100644 ---- a/testsuite/ecdsa-sign-test.c -+++ b/testsuite/ecdsa-sign-test.c -@@ -60,37 +60,6 @@ test_main (void) - { - /* Test cases for the smaller groups, verified with a - proof-of-concept implementation done for Yubico AB. */ -- test_ecdsa (&nettle_secp_192r1, -- "DC51D3866A15BACDE33D96F992FCA99D" -- "A7E6EF0934E70975", /* z */ -- -- "9E56F509196784D963D1C0A401510EE7" -- "ADA3DCC5DEE04B15", /* k */ -- -- SHEX("BA7816BF8F01CFEA414140DE5DAE2223" -- "B00361A396177A9C"), /* h */ -- -- "8c478db6a5c131540cebc739f9c0a9a8" -- "c720c2abdd14a891", /* r */ -- -- "a91fb738f9f175d72f9c98527e881c36" -- "8de68cb55ffe589"); /* s */ -- -- test_ecdsa (&nettle_secp_224r1, -- "446df0a771ed58403ca9cb316e617f6b" -- "158420465d00a69601e22858", /* z */ -- -- "4c13f1905ad7eb201178bc08e0c9267b" -- "4751c15d5e1831ca214c33f4", /* z */ -- -- SHEX("1b28a611fe62ab3649350525d06703ba" -- "4b979a1e543566fd5caa85c6"), /* h */ -- -- "2cc280778f3d067df6d3adbe3a6aad63" -- "bc75f08f5c5f915411902a99", /* r */ -- -- "d0f069fd0f108eb07b7bbc54c8d6c88d" -- "f2715c38a95c31a2b486995f"); /* s */ - - /* From RFC 4754 */ - test_ecdsa (&nettle_secp_256r1, -diff --git a/testsuite/testutils.c b/testsuite/testutils.c -index 1ef04c9..b96a2fc 100644 ---- a/testsuite/testutils.c -+++ b/testsuite/testutils.c -@@ -1224,8 +1224,6 @@ test_dsa_key(const struct dsa_params *params, - } - - const struct ecc_curve * const ecc_curves[] = { -- &nettle_secp_192r1, -- &nettle_secp_224r1, - &nettle_secp_256r1, - &nettle_secp_384r1, - &nettle_secp_521r1, -@@ -1282,20 +1280,6 @@ test_ecc_mul_a (unsigned curve, unsigned n, const mp_limb_t *p) - { - /* For each curve, the points 2 g, 3 g and 4 g */ - static const struct ecc_ref_point ref[6][3] = { -- { { "dafebf5828783f2ad35534631588a3f629a70fb16982a888", -- "dd6bda0d993da0fa46b27bbc141b868f59331afa5c7e93ab" }, -- { "76e32a2557599e6edcd283201fb2b9aadfd0d359cbb263da", -- "782c37e372ba4520aa62e0fed121d49ef3b543660cfd05fd" }, -- { "35433907297cc378b0015703374729d7a4fe46647084e4ba", -- "a2649984f2135c301ea3acb0776cd4f125389b311db3be32" } -- }, -- { { "706a46dc76dcb76798e60e6d89474788d16dc18032d268fd1a704fa6", -- "1c2b76a7bc25e7702a704fa986892849fca629487acf3709d2e4e8bb" }, -- { "df1b1d66a551d0d31eff822558b9d2cc75c2180279fe0d08fd896d04", -- "a3f7f03cadd0be444c0aa56830130ddf77d317344e1af3591981a925" }, -- { "ae99feebb5d26945b54892092a8aee02912930fa41cd114e40447301", -- "482580a0ec5bc47e88bc8c378632cd196cb3fa058a7114eb03054c9" }, -- }, - { { "7cf27b188d034f7e8a52380304b51ac3c08969e277f21b35a60b48fc47669978", - "7775510db8ed040293d9ac69f7430dbba7dade63ce982299e04b79d227873d1" }, - { "5ecbe4d1a6330a44c8f7ef951d4bf165e6c6b721efada985fb41661bc6e7fd6c", diff --git a/nettle-3.3-remove-ecc-testsuite.patch b/nettle-3.3-remove-ecc-testsuite.patch new file mode 100644 index 0000000..1b519f9 --- /dev/null +++ b/nettle-3.3-remove-ecc-testsuite.patch @@ -0,0 +1,181 @@ +diff --git a/examples/ecc-benchmark.c b/examples/ecc-benchmark.c +index 8e5e095..720d483 100644 +--- a/examples/ecc-benchmark.c ++++ b/examples/ecc-benchmark.c +@@ -330,8 +330,6 @@ bench_curve (const struct ecc_curve *ecc) + } + + const struct ecc_curve * const curves[] = { +- &nettle_secp_192r1, +- &nettle_secp_224r1, + &_nettle_curve25519, + &nettle_secp_256r1, + &nettle_secp_384r1, +diff --git a/examples/hogweed-benchmark.c b/examples/hogweed-benchmark.c +index 3fabe20..0223fe7 100644 +--- a/examples/hogweed-benchmark.c ++++ b/examples/hogweed-benchmark.c +@@ -393,24 +393,6 @@ bench_ecdsa_init (unsigned size) + + switch (size) + { +- case 192: +- ecc = &nettle_secp_192r1; +- xs = "8e8e07360350fb6b7ad8370cfd32fa8c6bba785e6e200599"; +- ys = "7f82ddb58a43d59ff8dc66053002b918b99bd01bd68d6736"; +- zs = "f2e620e086d658b4b507996988480917640e4dc107808bdd"; +- ctx->digest = hash_string (&nettle_sha1, "abc"); +- ctx->digest_size = 20; +- break; +- case 224: +- ecc = &nettle_secp_224r1; +- xs = "993bf363f4f2bc0f255f22563980449164e9c894d9efd088d7b77334"; +- ys = "b75fff9849997d02d135140e4d0030944589586e22df1fc4b629082a"; +- zs = "cdfd01838247f5de3cc70b688418046f10a2bfaca6de9ec836d48c27"; +- ctx->digest = hash_string (&nettle_sha224, "abc"); +- ctx->digest_size = 28; +- break; +- +- /* From RFC 4754 */ + case 256: + ecc = &nettle_secp_256r1; + xs = "2442A5CC 0ECD015F A3CA31DC 8E2BBC70 BF42D60C BCA20085 E0822CB0 4235E970"; +@@ -581,16 +563,6 @@ bench_openssl_ecdsa_init (unsigned size) + + switch (size) + { +- case 192: +- ctx->key = EC_KEY_new_by_curve_name (NID_X9_62_prime192v1); +- ctx->digest_length = 24; /* truncated */ +- ctx->digest = hash_string (&nettle_sha224, "abc"); +- break; +- case 224: +- ctx->key = EC_KEY_new_by_curve_name (NID_secp224r1); +- ctx->digest_length = SHA224_DIGEST_SIZE; +- ctx->digest = hash_string (&nettle_sha224, "abc"); +- break; + case 256: + ctx->key = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1); + ctx->digest_length = SHA256_DIGEST_SIZE; +@@ -701,14 +673,10 @@ struct alg alg_list[] = { + #if 0 + { "dsa",2048, bench_dsa_init, bench_dsa_sign, bench_dsa_verify, bench_dsa_clear }, + #endif +- { "ecdsa", 192, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear }, +- { "ecdsa", 224, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear }, + { "ecdsa", 256, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear }, + { "ecdsa", 384, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear }, + { "ecdsa", 521, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear }, + #if WITH_OPENSSL +- { "ecdsa (openssl)", 192, bench_openssl_ecdsa_init, bench_openssl_ecdsa_sign, bench_openssl_ecdsa_verify, bench_openssl_ecdsa_clear }, +- { "ecdsa (openssl)", 224, bench_openssl_ecdsa_init, bench_openssl_ecdsa_sign, bench_openssl_ecdsa_verify, bench_openssl_ecdsa_clear }, + { "ecdsa (openssl)", 256, bench_openssl_ecdsa_init, bench_openssl_ecdsa_sign, bench_openssl_ecdsa_verify, bench_openssl_ecdsa_clear }, + { "ecdsa (openssl)", 384, bench_openssl_ecdsa_init, bench_openssl_ecdsa_sign, bench_openssl_ecdsa_verify, bench_openssl_ecdsa_clear }, + { "ecdsa (openssl)", 521, bench_openssl_ecdsa_init, bench_openssl_ecdsa_sign, bench_openssl_ecdsa_verify, bench_openssl_ecdsa_clear }, +diff --git a/testsuite/ecdh-test.c b/testsuite/ecdh-test.c +index 5a2b39d..08870b1 100644 +--- a/testsuite/ecdh-test.c ++++ b/testsuite/ecdh-test.c +@@ -138,26 +138,6 @@ test_dh (const char *name, const struct ecc_curve *ecc, + void + test_main(void) + { +- test_dh ("secp-192r1", &nettle_secp_192r1, +- "3406157206141798348095184987208239421004566462391397236532", +- "1050363442265225480786760666329560655512990381040021438562", +- "5298249600854377235107392014200406283816103564916230704184", +- "738368960171459956677260317271477822683777845013274506165", +- "2585840779771604687467445319428618542927556223024046979917", +- "293088185788565313717816218507714888251468410990708684573", +- "149293809021051532782730990145509724807636529827149481690", +- "2891131861147398318714693938158856874319184314120776776192"); +- +- test_dh ("secp-224r1", &nettle_secp_224r1, +- "1321072106881784386340709783538698930880431939595776773514895067682", +- "6768311794185371282972144247871764855860666277647541840973645586477", +- "2880077809069104378181313860274147139049600284805670362929579614547", +- "13934723037778859565852601874354272638301919827851286722006496784914", +- "373124771833407982305885866158843810218322878380632071540538232035", +- "24223309755162432227459925493224336241652868856405241018762887667883", +- "8330362698029245839097779050425944245826040430538860338085968752913", +- "24167244512472228715617822000878192535267113543393576038737592837010"); +- + test_dh ("secp-256r1", &nettle_secp_256r1, + "94731533361265297353914491124013058635674217345912524033267198103710636378786", + "22441589863306126152768848344973918725077248391248404659242620344938484650846", +diff --git a/testsuite/ecdsa-sign-test.c b/testsuite/ecdsa-sign-test.c +index 559de8e..1ca36c2 100644 +--- a/testsuite/ecdsa-sign-test.c ++++ b/testsuite/ecdsa-sign-test.c +@@ -60,37 +60,6 @@ test_main (void) + { + /* Test cases for the smaller groups, verified with a + proof-of-concept implementation done for Yubico AB. */ +- test_ecdsa (&nettle_secp_192r1, +- "DC51D3866A15BACDE33D96F992FCA99D" +- "A7E6EF0934E70975", /* z */ +- +- "9E56F509196784D963D1C0A401510EE7" +- "ADA3DCC5DEE04B15", /* k */ +- +- SHEX("BA7816BF8F01CFEA414140DE5DAE2223" +- "B00361A396177A9C"), /* h */ +- +- "8c478db6a5c131540cebc739f9c0a9a8" +- "c720c2abdd14a891", /* r */ +- +- "a91fb738f9f175d72f9c98527e881c36" +- "8de68cb55ffe589"); /* s */ +- +- test_ecdsa (&nettle_secp_224r1, +- "446df0a771ed58403ca9cb316e617f6b" +- "158420465d00a69601e22858", /* z */ +- +- "4c13f1905ad7eb201178bc08e0c9267b" +- "4751c15d5e1831ca214c33f4", /* z */ +- +- SHEX("1b28a611fe62ab3649350525d06703ba" +- "4b979a1e543566fd5caa85c6"), /* h */ +- +- "2cc280778f3d067df6d3adbe3a6aad63" +- "bc75f08f5c5f915411902a99", /* r */ +- +- "d0f069fd0f108eb07b7bbc54c8d6c88d" +- "f2715c38a95c31a2b486995f"); /* s */ + + /* From RFC 4754 */ + test_ecdsa (&nettle_secp_256r1, +diff --git a/testsuite/testutils.c b/testsuite/testutils.c +index 6f89761..901f62b 100644 +--- a/testsuite/testutils.c ++++ b/testsuite/testutils.c +@@ -1212,8 +1212,6 @@ test_dsa_key(const struct dsa_params *params, + } + + const struct ecc_curve * const ecc_curves[] = { +- &nettle_secp_192r1, +- &nettle_secp_224r1, + &nettle_secp_256r1, + &nettle_secp_384r1, + &nettle_secp_521r1, +@@ -1270,20 +1268,6 @@ test_ecc_mul_a (unsigned curve, unsigned n, const mp_limb_t *p) + { + /* For each curve, the points 2 g, 3 g and 4 g */ + static const struct ecc_ref_point ref[6][3] = { +- { { "dafebf5828783f2ad35534631588a3f629a70fb16982a888", +- "dd6bda0d993da0fa46b27bbc141b868f59331afa5c7e93ab" }, +- { "76e32a2557599e6edcd283201fb2b9aadfd0d359cbb263da", +- "782c37e372ba4520aa62e0fed121d49ef3b543660cfd05fd" }, +- { "35433907297cc378b0015703374729d7a4fe46647084e4ba", +- "a2649984f2135c301ea3acb0776cd4f125389b311db3be32" } +- }, +- { { "706a46dc76dcb76798e60e6d89474788d16dc18032d268fd1a704fa6", +- "1c2b76a7bc25e7702a704fa986892849fca629487acf3709d2e4e8bb" }, +- { "df1b1d66a551d0d31eff822558b9d2cc75c2180279fe0d08fd896d04", +- "a3f7f03cadd0be444c0aa56830130ddf77d317344e1af3591981a925" }, +- { "ae99feebb5d26945b54892092a8aee02912930fa41cd114e40447301", +- "482580a0ec5bc47e88bc8c378632cd196cb3fa058a7114eb03054c9" }, +- }, + { { "7cf27b188d034f7e8a52380304b51ac3c08969e277f21b35a60b48fc47669978", + "7775510db8ed040293d9ac69f7430dbba7dade63ce982299e04b79d227873d1" }, + { "5ecbe4d1a6330a44c8f7ef951d4bf165e6c6b721efada985fb41661bc6e7fd6c", diff --git a/sources b/sources index f7020f7..a29411e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -caa868f3b25f36dd197e15d08047d7e6 nettle-3.2-hobbled.tar.xz +ddd625492ff671845c9306aa96837214 nettle-3.3-hobbled.tar.xz