import nettle-3.8-3.el9_0

This commit is contained in:
CentOS Sources 2022-09-27 10:27:24 -04:00 committed by Stepan Oksanichenko
parent ae60fd978b
commit 2ab53e94f0
7 changed files with 3957 additions and 49 deletions

3
.gitignore vendored
View File

@ -1 +1,2 @@
SOURCES/nettle-3.7.3-hobbled.tar.xz SOURCES/gmp-6.2.1.tar.xz
SOURCES/nettle-3.8-hobbled.tar.xz

View File

@ -1 +1,2 @@
128dc3ced096462fef4233404b542ed6dfe40b87 SOURCES/nettle-3.7.3-hobbled.tar.xz 0578d48607ec0e272177d175fd1807c30b00fdf2 SOURCES/gmp-6.2.1.tar.xz
c809f048a71b322453c18e30986a18e600306d77 SOURCES/nettle-3.8-hobbled.tar.xz

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,53 @@
diff -r e3123b88d012 memory.c
--- a/memory.c Tue Aug 16 22:02:45 2022 +0200
+++ b/memory.c Fri Aug 19 06:25:37 2022 +0900
@@ -29,7 +29,8 @@
see https://www.gnu.org/licenses/. */
#include <stdio.h>
-#include <stdlib.h> /* for malloc, realloc, free */
+#include <stdlib.h> /* for malloc, free */
+#include <string.h> /* for memcpy, explicit_bzero */
#include "gmp-impl.h"
@@ -98,11 +99,28 @@
new_size += 2 * GMP_LIMB_BYTES;
#endif
- ret = realloc (oldptr, new_size);
- if (ret == 0)
+ if (new_size == 0)
+ {
+ explicit_bzero (oldptr, old_size);
+ free (oldptr);
+ return NULL;
+ }
+ else if (old_size == new_size)
+ return oldptr;
+ else
{
- fprintf (stderr, "GNU MP: Cannot reallocate memory (old_size=%lu new_size=%lu)\n", (long) old_size, (long) new_size);
- abort ();
+ /* We can't simply call realloc, as it may allocate memory from
+ a different arena. */
+ ret = malloc (new_size);
+ if (ret == NULL)
+ {
+ fprintf (stderr, "GNU MP: Cannot reallocate memory (old_size=%lu new_size=%lu)\n", (long) old_size, (long) new_size);
+ explicit_bzero(oldptr, old_size);
+ abort();
+ }
+ memcpy (ret, oldptr, MIN(old_size, new_size));
+ explicit_bzero (oldptr, old_size);
+ free (oldptr);
}
#ifdef DEBUG
@@ -141,5 +159,6 @@
blk_ptr = p - 1;
}
#endif
+ explicit_bzero (blk_ptr, blk_size);
free (blk_ptr);
}

View File

@ -1,40 +0,0 @@
From 952c2d890902782ee90b6ed273f1d8b4e95dbff1 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Sun, 21 Mar 2021 11:13:36 +0100
Subject: [PATCH] nettle-benchmark: suppress -Wmaybe-uninitialized warnings
---
examples/nettle-benchmark.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/examples/nettle-benchmark.c b/examples/nettle-benchmark.c
index ca6346e0..518b947d 100644
--- a/examples/nettle-benchmark.c
+++ b/examples/nettle-benchmark.c
@@ -392,6 +392,7 @@ time_umac(void)
uint8_t key[16];
+ init_key(sizeof(key), key);
umac32_set_key (&ctx32, key);
info.ctx = &ctx32;
info.update = (nettle_hash_update_func *) umac32_update;
@@ -434,6 +435,7 @@ time_cmac(void)
uint8_t key[16];
+ init_key(sizeof(key), key);
cmac_aes128_set_key (&ctx, key);
info.ctx = &ctx;
info.update = (nettle_hash_update_func *) cmac_aes128_update;
@@ -451,6 +453,7 @@ time_poly1305_aes(void)
struct poly1305_aes_ctx ctx;
uint8_t key[32];
+ init_key(sizeof(key), key);
poly1305_aes_set_key (&ctx, key);
info.ctx = &ctx;
info.update = (nettle_hash_update_func *) poly1305_aes_update;
--
2.30.2

View File

@ -0,0 +1,334 @@
From 894b22e6d851512776bd62e85e749d6950ce16fc Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Wed, 24 Aug 2022 17:19:57 +0900
Subject: [PATCH] Clear any intermediate data allocate on stack
Signed-off-by: Daiki Ueno <dueno@redhat.com>
---
cbc.c | 3 +++
cfb.c | 13 +++++++++++++
ctr.c | 4 ++++
ctr16.c | 2 ++
ecc-random.c | 3 +++
ecdsa-keygen.c | 2 ++
ecdsa-sign.c | 2 ++
ed25519-sha512-sign.c | 2 ++
ed448-shake256-sign.c | 2 ++
gostdsa-sign.c | 2 ++
hmac.c | 10 +++++++---
nettle-internal.h | 5 +++++
pbkdf2.c | 5 ++++-
pss-mgf1.c | 5 ++++-
pss.c | 4 ++++
15 files changed, 59 insertions(+), 5 deletions(-)
diff --git a/cbc.c b/cbc.c
index 76b6492d..b9da3aa0 100644
--- a/cbc.c
+++ b/cbc.c
@@ -128,6 +128,9 @@ cbc_decrypt(const void *ctx, nettle_cipher_func *f,
length - block_size);
/* Writes first block. */
memxor3(dst, buffer, initial_iv, block_size);
+
+ TMP_CLEAR(buffer, buffer_size);
+ TMP_CLEAR(initial_iv, block_size);
}
}
diff --git a/cfb.c b/cfb.c
index b9da3159..b1b01b9e 100644
--- a/cfb.c
+++ b/cfb.c
@@ -83,6 +83,8 @@ cfb_encrypt(const void *ctx, nettle_cipher_func *f,
/* We do not care about updating IV here. This is the last call in
* message sequence and one has to set IV afterwards anyway */
}
+
+ TMP_CLEAR(buffer, block_size);
}
/* Don't allocate any more space than this on the stack */
@@ -115,6 +117,8 @@ cfb_decrypt(const void *ctx, nettle_cipher_func *f,
f(ctx, block_size, buffer, iv);
memxor3(dst + length, src + length, buffer, left);
+
+ TMP_CLEAR(buffer, block_size);
}
}
else
@@ -160,6 +164,9 @@ cfb_decrypt(const void *ctx, nettle_cipher_func *f,
f(ctx, block_size, buffer, iv);
memxor(dst, buffer, left);
}
+
+ TMP_CLEAR(buffer, buffer_size);
+ TMP_CLEAR(initial_iv, block_size);
}
}
@@ -196,6 +203,9 @@ cfb8_encrypt(const void *ctx, nettle_cipher_func *f,
pos ++;
}
memcpy(iv, buffer + pos, block_size);
+
+ TMP_CLEAR(buffer, block_size * 2);
+ TMP_CLEAR(outbuf, block_size);
}
void
@@ -235,4 +245,7 @@ cfb8_decrypt(const void *ctx, nettle_cipher_func *f,
}
memcpy(iv, buffer + i, block_size);
+
+ TMP_CLEAR(buffer, block_size * 2);
+ TMP_CLEAR(outbuf, block_size * 2);
}
diff --git a/ctr.c b/ctr.c
index 8c6b4626..217d1abb 100644
--- a/ctr.c
+++ b/ctr.c
@@ -137,6 +137,8 @@ ctr_crypt(const void *ctx, nettle_cipher_func *f,
f(ctx, block_size, block, ctr);
INCREMENT(block_size, ctr);
memxor3(dst + filled, src + filled, block, length - filled);
+
+ TMP_CLEAR(block, block_size);
}
}
else
@@ -173,5 +175,7 @@ ctr_crypt(const void *ctx, nettle_cipher_func *f,
INCREMENT(block_size, ctr);
memxor(dst, buffer, length);
}
+
+ TMP_CLEAR(buffer, buffer_size);
}
}
diff --git a/ctr16.c b/ctr16.c
index d744d2a9..ec0abd72 100644
--- a/ctr16.c
+++ b/ctr16.c
@@ -102,5 +102,7 @@ _nettle_ctr_crypt16(const void *ctx, nettle_cipher_func *f,
done:
memxor3 (dst + i, src + i, buffer->b, length - i);
}
+
+ TMP_CLEAR(buffer, MIN(blocks, CTR_BUFFER_LIMIT / 16));
}
}
diff --git a/ecc-random.c b/ecc-random.c
index a7b48d6a..676f5933 100644
--- a/ecc-random.c
+++ b/ecc-random.c
@@ -36,6 +36,7 @@
#endif
#include <assert.h>
+#include <string.h>
#include "ecc.h"
#include "ecc-internal.h"
@@ -79,4 +80,6 @@ ecc_scalar_random (struct ecc_scalar *x,
TMP_ALLOC (scratch, ECC_MOD_RANDOM_ITCH (x->ecc->q.size));
ecc_mod_random (&x->ecc->q, x->p, random_ctx, random, scratch);
+
+ TMP_CLEAR (scratch, ECC_MOD_RANDOM_ITCH (x->ecc->q.size));
}
diff --git a/ecdsa-keygen.c b/ecdsa-keygen.c
index 870282b0..05dd827a 100644
--- a/ecdsa-keygen.c
+++ b/ecdsa-keygen.c
@@ -59,4 +59,6 @@ ecdsa_generate_keypair (struct ecc_point *pub,
ecc_mod_random (&ecc->q, key->p, random_ctx, random, p);
ecc->mul_g (ecc, p, key->p, p + 3*ecc->p.size);
ecc->h_to_a (ecc, 0, pub->p, p, p + 3*ecc->p.size);
+
+ TMP_CLEAR (p, itch);
}
diff --git a/ecdsa-sign.c b/ecdsa-sign.c
index e6fb3287..e6b960bf 100644
--- a/ecdsa-sign.c
+++ b/ecdsa-sign.c
@@ -68,4 +68,6 @@ ecdsa_sign (const struct ecc_scalar *key,
mpz_limbs_finish (signature->s, size);
}
while (mpz_sgn (signature->r) == 0 || mpz_sgn (signature->s) == 0);
+
+ TMP_CLEAR (k, size + ECC_ECDSA_SIGN_ITCH (size));
}
diff --git a/ed25519-sha512-sign.c b/ed25519-sha512-sign.c
index 389a157e..52a46ea5 100644
--- a/ed25519-sha512-sign.c
+++ b/ed25519-sha512-sign.c
@@ -38,6 +38,7 @@
#include "ecc-internal.h"
#include "sha2.h"
+#include <string.h>
void
ed25519_sha512_sign (const uint8_t *pub,
@@ -61,6 +62,7 @@ ed25519_sha512_sign (const uint8_t *pub,
length, msg, signature, scratch_out);
gmp_free_limbs (scratch, itch);
+ explicit_bzero (digest, sizeof(digest));
#undef k1
#undef k2
#undef scratch_out
diff --git a/ed448-shake256-sign.c b/ed448-shake256-sign.c
index c524593d..01abf457 100644
--- a/ed448-shake256-sign.c
+++ b/ed448-shake256-sign.c
@@ -39,6 +39,7 @@
#include "ecc-internal.h"
#include "eddsa-internal.h"
#include "sha3.h"
+#include <string.h>
void
ed448_shake256_sign (const uint8_t *pub,
@@ -63,6 +64,7 @@ ed448_shake256_sign (const uint8_t *pub,
length, msg, signature, scratch_out);
gmp_free_limbs (scratch, itch);
+ explicit_bzero (digest, sizeof(digest));
#undef k1
#undef k2
#undef scratch_out
diff --git a/gostdsa-sign.c b/gostdsa-sign.c
index 892c0742..a7e0c21d 100644
--- a/gostdsa-sign.c
+++ b/gostdsa-sign.c
@@ -71,4 +71,6 @@ gostdsa_sign (const struct ecc_scalar *key,
mpz_limbs_finish (signature->s, size);
}
while (mpz_sgn (signature->r) == 0 || mpz_sgn (signature->s) == 0);
+
+ TMP_CLEAR (k, size + ECC_GOSTDSA_SIGN_ITCH (size));
}
diff --git a/hmac.c b/hmac.c
index 6ac5e11a..0ac33bed 100644
--- a/hmac.c
+++ b/hmac.c
@@ -55,6 +55,8 @@ hmac_set_key(void *outer, void *inner, void *state,
{
TMP_DECL(pad, uint8_t, NETTLE_MAX_HASH_BLOCK_SIZE);
TMP_ALLOC(pad, hash->block_size);
+ TMP_DECL(digest, uint8_t, NETTLE_MAX_HASH_DIGEST_SIZE);
+ TMP_ALLOC(digest, hash->digest_size);
hash->init(outer);
hash->init(inner);
@@ -64,9 +66,6 @@ hmac_set_key(void *outer, void *inner, void *state,
/* Reduce key to the algorithm's hash size. Use the area pointed
* to by state for the temporary state. */
- TMP_DECL(digest, uint8_t, NETTLE_MAX_HASH_DIGEST_SIZE);
- TMP_ALLOC(digest, hash->digest_size);
-
hash->init(state);
hash->update(state, key_length, key);
hash->digest(state, hash->digest_size, digest);
@@ -88,6 +87,9 @@ hmac_set_key(void *outer, void *inner, void *state,
hash->update(inner, hash->block_size, pad);
memcpy(state, inner, hash->context_size);
+
+ TMP_CLEAR(pad, hash->block_size);
+ TMP_CLEAR(digest, hash->digest_size);
}
void
@@ -114,4 +116,6 @@ hmac_digest(const void *outer, const void *inner, void *state,
hash->digest(state, length, dst);
memcpy(state, inner, hash->context_size);
+
+ TMP_CLEAR(digest, hash->digest_size);
}
diff --git a/nettle-internal.h b/nettle-internal.h
index ddc483de..9fc55514 100644
--- a/nettle-internal.h
+++ b/nettle-internal.h
@@ -72,6 +72,11 @@
do { assert((size_t)(size) <= (sizeof(name))); } while (0)
#endif
+#include <string.h> /* explicit_bzero */
+
+#define TMP_CLEAR(name, size) (explicit_bzero (name, sizeof (*name) * (size)))
+#define TMP_CLEAR_ALIGN(name, size) (explicit_bzero (name, size))
+
/* Arbitrary limits which apply to systems that don't have alloca */
#define NETTLE_MAX_HASH_BLOCK_SIZE 128
#define NETTLE_MAX_HASH_DIGEST_SIZE 64
diff --git a/pbkdf2.c b/pbkdf2.c
index 291d138a..a8ecba5b 100644
--- a/pbkdf2.c
+++ b/pbkdf2.c
@@ -92,8 +92,11 @@ pbkdf2 (void *mac_ctx,
if (length <= digest_size)
{
memcpy (dst, T, length);
- return;
+ break;
}
memcpy (dst, T, digest_size);
}
+
+ TMP_CLEAR (U, digest_size);
+ TMP_CLEAR (T, digest_size);
}
diff --git a/pss-mgf1.c b/pss-mgf1.c
index 3f5e204b..3644c642 100644
--- a/pss-mgf1.c
+++ b/pss-mgf1.c
@@ -66,8 +66,11 @@ pss_mgf1(const void *seed, const struct nettle_hash *hash,
if (length <= hash->digest_size)
{
hash->digest(state, length, mask);
- return;
+ break;
}
hash->digest(state, hash->digest_size, mask);
}
+
+ TMP_CLEAR(h, hash->digest_size);
+ TMP_CLEAR_ALIGN(state, hash->context_size);
}
diff --git a/pss.c b/pss.c
index d28e7b13..8106ebf2 100644
--- a/pss.c
+++ b/pss.c
@@ -77,6 +77,7 @@ pss_encode_mgf1(mpz_t m, size_t bits,
if (key_size < hash->digest_size + salt_length + 2)
{
TMP_GMP_FREE(em);
+ TMP_CLEAR_ALIGN(state, hash->context_size);
return 0;
}
@@ -111,6 +112,7 @@ pss_encode_mgf1(mpz_t m, size_t bits,
nettle_mpz_set_str_256_u(m, key_size, em);
TMP_GMP_FREE(em);
+ TMP_CLEAR_ALIGN(state, hash->context_size);
return 1;
}
@@ -194,5 +196,7 @@ pss_verify_mgf1(const mpz_t m, size_t bits,
ret = 1;
cleanup:
TMP_GMP_FREE(em);
+ TMP_CLEAR(h2, hash->digest_size);
+ TMP_CLEAR_ALIGN(state, hash->context_size);
return ret;
}
--
2.37.2

View File

@ -14,24 +14,32 @@
%bcond_without fips %bcond_without fips
Name: nettle Name: nettle
Version: 3.7.3 Version: 3.8
Release: 2%{?dist} Release: 3%{?dist}
Summary: A low-level cryptographic library Summary: A low-level cryptographic library
License: LGPLv3+ or GPLv2+ License: LGPLv3+ or GPLv2+
URL: http://www.lysator.liu.se/~nisse/nettle/ URL: http://www.lysator.liu.se/~nisse/nettle/
Source0: %{name}-%{version}-hobbled.tar.xz Source0: %{name}-%{version}-hobbled.tar.xz
#Source0: http://www.lysator.liu.se/~nisse/archive/%{name}-%{version}.tar.gz #Source0: http://www.lysator.liu.se/~nisse/archive/%%{name}-%%{version}.tar.gz
%if 0%{?bootstrap} %if 0%{?bootstrap}
Source1: %{name}-%{version_old}-hobbled.tar.xz Source1: %{name}-%{version_old}-hobbled.tar.xz
Source2: nettle-3.5-remove-ecc-testsuite.patch Source2: nettle-3.5-remove-ecc-testsuite.patch
%endif %endif
Patch0: nettle-3.4-annocheck.patch Patch: nettle-3.4-annocheck.patch
Patch1: nettle-3.7.2-suppress-maybe-uninit.patch Patch: nettle-3.8-zeroize-stack.patch
Source100: gmp-6.2.1.tar.xz
# Taken from the main gmp package
Source101: gmp-6.2.1-intel-cet.patch
Source102: gmp-6.2.1-zeroize-allocator.patch
BuildRequires: make BuildRequires: make
BuildRequires: gcc BuildRequires: gcc
BuildRequires: gmp-devel, m4 %if !%{with fips}
BuildRequires: gmp-devel
%endif
BuildRequires: m4
BuildRequires: libtool, automake, autoconf, gettext-devel BuildRequires: libtool, automake, autoconf, gettext-devel
%if %{with fips} %if %{with fips}
BuildRequires: fipscheck BuildRequires: fipscheck
@ -59,6 +67,18 @@ applications with nettle.
%prep %prep
%autosetup -Tb 0 -p1 %autosetup -Tb 0 -p1
%if %{with fips}
mkdir -p bundled_gmp
pushd bundled_gmp
tar --strip-components=1 -xf %{SOURCE100}
patch -p1 < %{SOURCE101}
patch -p1 < %{SOURCE102}
popd
# Prevent -lgmp appearing in the compiler command line in dependent components
sed -i '/^Libs.private:/d' hogweed.pc.in
%endif
%if 0%{?bootstrap} %if 0%{?bootstrap}
mkdir -p bootstrap_ver mkdir -p bootstrap_ver
pushd bootstrap_ver pushd bootstrap_ver
@ -78,8 +98,22 @@ sed 's/ecc-secp192r1.c//g' -i Makefile.in
sed 's/ecc-secp224r1.c//g' -i Makefile.in sed 's/ecc-secp224r1.c//g' -i Makefile.in
%build %build
%if %{with fips}
pushd bundled_gmp
autoreconf -ifv autoreconf -ifv
%configure --enable-shared --enable-fat %configure --disable-cxx --disable-shared --enable-fat --with-pic
%make_build
popd
%endif
autoreconf -ifv
%configure --enable-shared --enable-fat \
%if %{with fips}
--with-include-path=$PWD/bundled_gmp --with-lib-path=$PWD/bundled_gmp/.libs \
%endif
%{nil}
%make_build %make_build
%if 0%{?bootstrap} %if 0%{?bootstrap}
@ -171,6 +205,16 @@ make check
%changelog %changelog
* Thu Aug 25 2022 Daiki Ueno <dueno@redhat.com> - 3.8-3
- Rebuild in new side-tag
* Thu Aug 18 2022 Daiki Ueno <dueno@redhat.com> - 3.8-2
- Bundle GMP to privatize memory functions
- Zeroize stack allocated intermediate data
* Tue Jun 28 2022 Daiki Ueno <dueno@redhat.com> - 3.8-1
- Update to nettle 3.8 (#2100350)
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.7.3-2 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.7.3-2
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688 Related: rhbz#1991688