Compare commits
10 Commits
5f8fa05fe1
...
9699f3fa7c
Author | SHA1 | Date |
---|---|---|
Daiki Ueno | 9699f3fa7c | |
Daiki Ueno | 1f652335ac | |
Daiki Ueno | 4f04a0acf4 | |
Daiki Ueno | 999f3b003c | |
Daiki Ueno | 5c46bf5bac | |
Mohan Boddu | 147eac20a5 | |
Daiki Ueno | c78aed7d17 | |
Aleksandra Fedorova | 746f6ab2d9 | |
Mohan Boddu | dff3a6f5f7 | |
DistroBaker | 68c9edeca9 |
|
@ -15,3 +15,8 @@ nettle-1.15.tar.gz
|
|||
/nettle-3.4.1rc1-hobbled.tar.xz
|
||||
/nettle-3.6-hobbled.tar.xz
|
||||
/nettle-3.7-hobbled.tar.xz
|
||||
/nettle-3.7.1-hobbled.tar.xz
|
||||
/nettle-3.7.2-hobbled.tar.xz
|
||||
/nettle-3.7.3-hobbled.tar.xz
|
||||
/nettle-3.8-hobbled.tar.xz
|
||||
/gmp-6.2.1.tar.xz
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
c809f048a71b322453c18e30986a18e600306d77 nettle-3.8-hobbled.tar.xz
|
|
@ -0,0 +1,9 @@
|
|||
--- !Policy
|
||||
product_versions:
|
||||
- rhel-9
|
||||
decision_context: osci_compose_gate
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
|
||||
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tedude.validation}
|
||||
- !PassingTestCaseRule {test_case_name: manual.sst_security_crypto.gnutls.streamspreadprevent}
|
||||
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,53 @@
|
|||
diff -r e3123b88d012 memory.c
|
||||
--- a/memory.c Tue Aug 16 22:02:45 2022 +0200
|
||||
+++ b/memory.c Fri Aug 19 06:25:37 2022 +0900
|
||||
@@ -29,7 +29,8 @@
|
||||
see https://www.gnu.org/licenses/. */
|
||||
|
||||
#include <stdio.h>
|
||||
-#include <stdlib.h> /* for malloc, realloc, free */
|
||||
+#include <stdlib.h> /* for malloc, free */
|
||||
+#include <string.h> /* for memcpy, explicit_bzero */
|
||||
|
||||
#include "gmp-impl.h"
|
||||
|
||||
@@ -98,11 +99,28 @@
|
||||
new_size += 2 * GMP_LIMB_BYTES;
|
||||
#endif
|
||||
|
||||
- ret = realloc (oldptr, new_size);
|
||||
- if (ret == 0)
|
||||
+ if (new_size == 0)
|
||||
+ {
|
||||
+ explicit_bzero (oldptr, old_size);
|
||||
+ free (oldptr);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ else if (old_size == new_size)
|
||||
+ return oldptr;
|
||||
+ else
|
||||
{
|
||||
- fprintf (stderr, "GNU MP: Cannot reallocate memory (old_size=%lu new_size=%lu)\n", (long) old_size, (long) new_size);
|
||||
- abort ();
|
||||
+ /* We can't simply call realloc, as it may allocate memory from
|
||||
+ a different arena. */
|
||||
+ ret = malloc (new_size);
|
||||
+ if (ret == NULL)
|
||||
+ {
|
||||
+ fprintf (stderr, "GNU MP: Cannot reallocate memory (old_size=%lu new_size=%lu)\n", (long) old_size, (long) new_size);
|
||||
+ explicit_bzero(oldptr, old_size);
|
||||
+ abort();
|
||||
+ }
|
||||
+ memcpy (ret, oldptr, MIN(old_size, new_size));
|
||||
+ explicit_bzero (oldptr, old_size);
|
||||
+ free (oldptr);
|
||||
}
|
||||
|
||||
#ifdef DEBUG
|
||||
@@ -141,5 +159,6 @@
|
||||
blk_ptr = p - 1;
|
||||
}
|
||||
#endif
|
||||
+ explicit_bzero (blk_ptr, blk_size);
|
||||
free (blk_ptr);
|
||||
}
|
275
hobble-nettle
275
hobble-nettle
|
@ -8,20 +8,36 @@ else
|
|||
fi
|
||||
|
||||
# ECC-192, 224
|
||||
for f in ecc-192.c ecc-224.c; do
|
||||
for f in ecc-secp192r1.c ecc-secp224r1.c; do
|
||||
eval "$CMD $f"
|
||||
done
|
||||
|
||||
patch -p1 << __EOF__
|
||||
From b519b23a141752043c9cc9182048c26d80d22af2 Mon Sep 17 00:00:00 2001
|
||||
From: Daiki Ueno <dueno@redhat.com>
|
||||
Date: Sun, 21 Mar 2021 11:09:51 +0100
|
||||
Subject: [PATCH] Remove secp192r1 and secp224r1 support
|
||||
|
||||
---
|
||||
eccdata.c | 67 +----------------------------------
|
||||
examples/ecc-benchmark.c | 2 --
|
||||
examples/hogweed-benchmark.c | 17 ---------
|
||||
testsuite/ecdh-test.c | 40 ---------------------
|
||||
testsuite/ecdsa-sign-test.c | 47 ------------------------
|
||||
testsuite/ecdsa-verify-test.c | 28 ---------------
|
||||
testsuite/testutils.c | 20 -----------
|
||||
7 files changed, 1 insertion(+), 220 deletions(-)
|
||||
|
||||
diff --git a/eccdata.c b/eccdata.c
|
||||
index 9533d78..2f0e4e7 100644
|
||||
index 1b4cb0b5..dc2be5f9 100644
|
||||
--- a/eccdata.c
|
||||
+++ b/eccdata.c
|
||||
@@ -349,71 +349,6 @@ ecc_curve_init (struct ecc_curve *ecc, unsigned bit_size)
|
||||
@@ -434,72 +434,7 @@ ecc_curve_init_str (struct ecc_curve *ecc, enum ecc_type type,
|
||||
static void
|
||||
ecc_curve_init (struct ecc_curve *ecc, const char *curve)
|
||||
{
|
||||
switch (bit_size)
|
||||
{
|
||||
- case 192:
|
||||
- if (!strcmp (curve, "secp192r1"))
|
||||
- {
|
||||
- ecc_curve_init_str (ecc, ECC_TYPE_WEIERSTRASS,
|
||||
- /* p = 2^{192} - 2^{64} - 1 */
|
||||
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE"
|
||||
|
@ -37,8 +53,7 @@ index 9533d78..2f0e4e7 100644
|
|||
- "f4ff0afd82ff1012",
|
||||
-
|
||||
- "07192b95ffc8da78631011ed6b24cdd5"
|
||||
- "73f977a11e794811",
|
||||
- NULL, NULL);
|
||||
- "73f977a11e794811");
|
||||
- ecc->ref = ecc_alloc (3);
|
||||
- ecc_set_str (&ecc->ref[0], /* 2 g */
|
||||
- "dafebf5828783f2ad35534631588a3f629a70fb16982a888",
|
||||
|
@ -52,8 +67,9 @@ index 9533d78..2f0e4e7 100644
|
|||
- "35433907297cc378b0015703374729d7a4fe46647084e4ba",
|
||||
- "a2649984f2135c301ea3acb0776cd4f125389b311db3be32");
|
||||
-
|
||||
- break;
|
||||
- case 224:
|
||||
- }
|
||||
- else if (!strcmp (curve, "secp224r1"))
|
||||
- {
|
||||
- ecc_curve_init_str (ecc, ECC_TYPE_WEIERSTRASS,
|
||||
- /* p = 2^{224} - 2^{96} + 1 */
|
||||
- "ffffffffffffffffffffffffffffffff"
|
||||
|
@ -69,8 +85,7 @@ index 9533d78..2f0e4e7 100644
|
|||
- "56c21122343280d6115c1d21",
|
||||
-
|
||||
- "bd376388b5f723fb4c22dfe6cd4375a0"
|
||||
- "5a07476444d5819985007e34",
|
||||
- NULL, NULL);
|
||||
- "5a07476444d5819985007e34");
|
||||
-
|
||||
- ecc->ref = ecc_alloc (3);
|
||||
- ecc_set_str (&ecc->ref[0], /* 2 g */
|
||||
|
@ -85,8 +100,240 @@ index 9533d78..2f0e4e7 100644
|
|||
- "ae99feebb5d26945b54892092a8aee02912930fa41cd114e40447301",
|
||||
- "482580a0ec5bc47e88bc8c378632cd196cb3fa058a7114eb03054c9");
|
||||
-
|
||||
- break;
|
||||
case 256:
|
||||
- }
|
||||
- else if (!strcmp (curve, "secp256r1"))
|
||||
+ if (!strcmp (curve, "secp256r1"))
|
||||
{
|
||||
ecc_curve_init_str (ecc, ECC_TYPE_WEIERSTRASS,
|
||||
/* p = 2^{256} - 2^{224} + 2^{192} + 2^{96} - 1 */
|
||||
diff --git a/examples/ecc-benchmark.c b/examples/ecc-benchmark.c
|
||||
index 3ab269c7..402744a0 100644
|
||||
--- a/examples/ecc-benchmark.c
|
||||
+++ b/examples/ecc-benchmark.c
|
||||
@@ -307,8 +307,6 @@ bench_curve (const struct ecc_curve *ecc)
|
||||
}
|
||||
|
||||
const struct ecc_curve * const curves[] = {
|
||||
- &_nettle_secp_192r1,
|
||||
- &_nettle_secp_224r1,
|
||||
&_nettle_curve25519,
|
||||
&_nettle_secp_256r1,
|
||||
&_nettle_secp_384r1,
|
||||
diff --git a/examples/hogweed-benchmark.c b/examples/hogweed-benchmark.c
|
||||
index 3d008021..b8cf902c 100644
|
||||
--- a/examples/hogweed-benchmark.c
|
||||
+++ b/examples/hogweed-benchmark.c
|
||||
@@ -412,23 +412,6 @@ bench_ecdsa_init (unsigned size)
|
||||
|
||||
switch (size)
|
||||
{
|
||||
- case 192:
|
||||
- ecc = &_nettle_secp_192r1;
|
||||
- xs = "8e8e07360350fb6b7ad8370cfd32fa8c6bba785e6e200599";
|
||||
- ys = "7f82ddb58a43d59ff8dc66053002b918b99bd01bd68d6736";
|
||||
- zs = "f2e620e086d658b4b507996988480917640e4dc107808bdd";
|
||||
- ctx->digest = hash_string (&nettle_sha1, "abc");
|
||||
- ctx->digest_size = 20;
|
||||
- break;
|
||||
- case 224:
|
||||
- ecc = &_nettle_secp_224r1;
|
||||
- xs = "993bf363f4f2bc0f255f22563980449164e9c894d9efd088d7b77334";
|
||||
- ys = "b75fff9849997d02d135140e4d0030944589586e22df1fc4b629082a";
|
||||
- zs = "cdfd01838247f5de3cc70b688418046f10a2bfaca6de9ec836d48c27";
|
||||
- ctx->digest = hash_string (&nettle_sha224, "abc");
|
||||
- ctx->digest_size = 28;
|
||||
- break;
|
||||
-
|
||||
/* From RFC 4754 */
|
||||
case 256:
|
||||
ecc = &_nettle_secp_256r1;
|
||||
diff --git a/testsuite/ecdh-test.c b/testsuite/ecdh-test.c
|
||||
index ff4f7233..2be26b19 100644
|
||||
--- a/testsuite/ecdh-test.c
|
||||
+++ b/testsuite/ecdh-test.c
|
||||
@@ -159,46 +159,6 @@ test_public_key (const char *label, const struct ecc_curve *ecc,
|
||||
void
|
||||
test_main(void)
|
||||
{
|
||||
- test_public_key ("(0,0) with secp-192r1", &_nettle_secp_192r1, "0", "0", 0);
|
||||
- test_public_key (
|
||||
- "(P,0) with secp-192r1", &_nettle_secp_192r1,
|
||||
- "6277101735386680763835789423207666416083908700390324961279",
|
||||
- "0", 0);
|
||||
- test_public_key (
|
||||
- "(0,P) with secp-192r1", &_nettle_secp_192r1, "0",
|
||||
- "6277101735386680763835789423207666416083908700390324961279",
|
||||
- 0);
|
||||
- test_public_key (
|
||||
- "(P,P) with secp-192r1", &_nettle_secp_192r1,
|
||||
- "6277101735386680763835789423207666416083908700390324961279",
|
||||
- "6277101735386680763835789423207666416083908700390324961279",
|
||||
- 0);
|
||||
- test_public_key ("(1,2) with secp-192r1", &_nettle_secp_192r1, "1", "2", 0);
|
||||
- test_public_key ("(X,Y) with secp-192r1", &_nettle_secp_192r1,
|
||||
- "1050363442265225480786760666329560655512990381040021438562",
|
||||
- "5298249600854377235107392014200406283816103564916230704184",
|
||||
- 1);
|
||||
-
|
||||
- test_dh ("secp-192r1", &_nettle_secp_192r1,
|
||||
- "3406157206141798348095184987208239421004566462391397236532",
|
||||
- "1050363442265225480786760666329560655512990381040021438562",
|
||||
- "5298249600854377235107392014200406283816103564916230704184",
|
||||
- "738368960171459956677260317271477822683777845013274506165",
|
||||
- "2585840779771604687467445319428618542927556223024046979917",
|
||||
- "293088185788565313717816218507714888251468410990708684573",
|
||||
- "149293809021051532782730990145509724807636529827149481690",
|
||||
- "2891131861147398318714693938158856874319184314120776776192");
|
||||
-
|
||||
- test_dh ("secp-224r1", &_nettle_secp_224r1,
|
||||
- "1321072106881784386340709783538698930880431939595776773514895067682",
|
||||
- "6768311794185371282972144247871764855860666277647541840973645586477",
|
||||
- "2880077809069104378181313860274147139049600284805670362929579614547",
|
||||
- "13934723037778859565852601874354272638301919827851286722006496784914",
|
||||
- "373124771833407982305885866158843810218322878380632071540538232035",
|
||||
- "24223309755162432227459925493224336241652868856405241018762887667883",
|
||||
- "8330362698029245839097779050425944245826040430538860338085968752913",
|
||||
- "24167244512472228715617822000878192535267113543393576038737592837010");
|
||||
-
|
||||
test_dh ("secp-256r1", &_nettle_secp_256r1,
|
||||
"94731533361265297353914491124013058635674217345912524033267198103710636378786",
|
||||
"22441589863306126152768848344973918725077248391248404659242620344938484650846",
|
||||
diff --git a/testsuite/ecdsa-sign-test.c b/testsuite/ecdsa-sign-test.c
|
||||
index 08a10a1d..0acd4e5c 100644
|
||||
--- a/testsuite/ecdsa-sign-test.c
|
||||
+++ b/testsuite/ecdsa-sign-test.c
|
||||
@@ -58,53 +58,6 @@ test_ecdsa (const struct ecc_curve *ecc,
|
||||
void
|
||||
test_main (void)
|
||||
{
|
||||
- /* Producing the signature for corresponding test in
|
||||
- ecdsa-verify-test.c, with special u1 and u2. */
|
||||
- test_ecdsa (&_nettle_secp_224r1,
|
||||
- "99b5b787484def12894ca507058b3bf5"
|
||||
- "43d72d82fa7721d2e805e5e6",
|
||||
- "2",
|
||||
- SHEX("cdb887ac805a3b42e22d224c85482053"
|
||||
- "16c755d4a736bb2032c92553"),
|
||||
- "706a46dc76dcb76798e60e6d89474788"
|
||||
- "d16dc18032d268fd1a704fa6", /* r */
|
||||
- "3a41e1423b1853e8aa89747b1f987364"
|
||||
- "44705d6d6d8371ea1f578f2e"); /* s */
|
||||
-
|
||||
- /* Test cases for the smaller groups, verified with a
|
||||
- proof-of-concept implementation done for Yubico AB. */
|
||||
- test_ecdsa (&_nettle_secp_192r1,
|
||||
- "DC51D3866A15BACDE33D96F992FCA99D"
|
||||
- "A7E6EF0934E70975", /* z */
|
||||
-
|
||||
- "9E56F509196784D963D1C0A401510EE7"
|
||||
- "ADA3DCC5DEE04B15", /* k */
|
||||
-
|
||||
- SHEX("BA7816BF8F01CFEA414140DE5DAE2223"
|
||||
- "B00361A396177A9C"), /* h */
|
||||
-
|
||||
- "8c478db6a5c131540cebc739f9c0a9a8"
|
||||
- "c720c2abdd14a891", /* r */
|
||||
-
|
||||
- "a91fb738f9f175d72f9c98527e881c36"
|
||||
- "8de68cb55ffe589"); /* s */
|
||||
-
|
||||
- test_ecdsa (&_nettle_secp_224r1,
|
||||
- "446df0a771ed58403ca9cb316e617f6b"
|
||||
- "158420465d00a69601e22858", /* z */
|
||||
-
|
||||
- "4c13f1905ad7eb201178bc08e0c9267b"
|
||||
- "4751c15d5e1831ca214c33f4", /* z */
|
||||
-
|
||||
- SHEX("1b28a611fe62ab3649350525d06703ba"
|
||||
- "4b979a1e543566fd5caa85c6"), /* h */
|
||||
-
|
||||
- "2cc280778f3d067df6d3adbe3a6aad63"
|
||||
- "bc75f08f5c5f915411902a99", /* r */
|
||||
-
|
||||
- "d0f069fd0f108eb07b7bbc54c8d6c88d"
|
||||
- "f2715c38a95c31a2b486995f"); /* s */
|
||||
-
|
||||
/* From RFC 4754 */
|
||||
test_ecdsa (&_nettle_secp_256r1,
|
||||
"DC51D386 6A15BACD E33D96F9 92FCA99D"
|
||||
diff --git a/testsuite/ecdsa-verify-test.c b/testsuite/ecdsa-verify-test.c
|
||||
index 8110c64d..71c0b5c0 100644
|
||||
--- a/testsuite/ecdsa-verify-test.c
|
||||
+++ b/testsuite/ecdsa-verify-test.c
|
||||
@@ -81,34 +81,6 @@ test_ecdsa (const struct ecc_curve *ecc,
|
||||
void
|
||||
test_main (void)
|
||||
{
|
||||
- /* Corresponds to nonce k = 2 and private key z =
|
||||
- 0x99b5b787484def12894ca507058b3bf543d72d82fa7721d2e805e5e6. z and
|
||||
- hash are chosen so that intermediate scalars in the verify
|
||||
- equations are u1 = 0x6b245680e700, u2 =
|
||||
- 259da6542d4ba7d21ad916c3bd57f811. These values require canonical
|
||||
- reduction of the scalars. Bug caused by missing canonical
|
||||
- reduction reported by Guido Vranken. */
|
||||
- test_ecdsa (&_nettle_secp_224r1,
|
||||
- "9e7e6cc6b1bdfa8ee039b66ad85e5490"
|
||||
- "7be706a900a3cba1c8fdd014", /* x */
|
||||
- "74855db3f7c1b4097ae095745fc915e3"
|
||||
- "8a79d2a1de28f282eafb22ba", /* y */
|
||||
-
|
||||
- SHEX("cdb887ac805a3b42e22d224c85482053"
|
||||
- "16c755d4a736bb2032c92553"),
|
||||
- "706a46dc76dcb76798e60e6d89474788"
|
||||
- "d16dc18032d268fd1a704fa6", /* r */
|
||||
- "3a41e1423b1853e8aa89747b1f987364"
|
||||
- "44705d6d6d8371ea1f578f2e"); /* s */
|
||||
-
|
||||
- /* Test case provided by Guido Vranken, from oss-fuzz */
|
||||
- test_ecdsa (&_nettle_secp_192r1,
|
||||
- "14683086 f1734c6d e68743a6 48181b54 a74d4c5b 383eb6a8", /* x */
|
||||
- " 1e2584 2ab8b2b0 4017f655 1b5e4058 a2aa0612 2dae9344", /* y */
|
||||
- SHEX("00"), /* h == 0 corner case*/
|
||||
- "952800792ed19341fdeeec047f2514f3b0f150d6066151fb", /* r */
|
||||
- "ec5971222014878b50d7a19d8954bc871e7e65b00b860ffb"); /* s */
|
||||
-
|
||||
/* From RFC 4754 */
|
||||
test_ecdsa (&_nettle_secp_256r1,
|
||||
"2442A5CC 0ECD015F A3CA31DC 8E2BBC70"
|
||||
diff --git a/testsuite/testutils.c b/testsuite/testutils.c
|
||||
index 2c6cac40..fbf4974c 100644
|
||||
--- a/testsuite/testutils.c
|
||||
+++ b/testsuite/testutils.c
|
||||
@@ -1656,8 +1656,6 @@ test_dsa_key(const struct dsa_params *params,
|
||||
}
|
||||
|
||||
const struct ecc_curve * const ecc_curves[] = {
|
||||
- &_nettle_secp_192r1,
|
||||
- &_nettle_secp_224r1,
|
||||
&_nettle_secp_256r1,
|
||||
&_nettle_secp_384r1,
|
||||
&_nettle_secp_521r1,
|
||||
@@ -1714,24 +1712,6 @@ test_ecc_point (const struct ecc_curve *ecc,
|
||||
|
||||
/* For each curve, the points g, 2 g, 3 g and 4 g */
|
||||
static const struct ecc_ref_point ecc_ref[9][4] = {
|
||||
- { { "188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012",
|
||||
- "07192b95ffc8da78631011ed6b24cdd573f977a11e794811" },
|
||||
- { "dafebf5828783f2ad35534631588a3f629a70fb16982a888",
|
||||
- "dd6bda0d993da0fa46b27bbc141b868f59331afa5c7e93ab" },
|
||||
- { "76e32a2557599e6edcd283201fb2b9aadfd0d359cbb263da",
|
||||
- "782c37e372ba4520aa62e0fed121d49ef3b543660cfd05fd" },
|
||||
- { "35433907297cc378b0015703374729d7a4fe46647084e4ba",
|
||||
- "a2649984f2135c301ea3acb0776cd4f125389b311db3be32" }
|
||||
- },
|
||||
- { { "b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21",
|
||||
- "bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34" },
|
||||
- { "706a46dc76dcb76798e60e6d89474788d16dc18032d268fd1a704fa6",
|
||||
- "1c2b76a7bc25e7702a704fa986892849fca629487acf3709d2e4e8bb" },
|
||||
- { "df1b1d66a551d0d31eff822558b9d2cc75c2180279fe0d08fd896d04",
|
||||
- "a3f7f03cadd0be444c0aa56830130ddf77d317344e1af3591981a925" },
|
||||
- { "ae99feebb5d26945b54892092a8aee02912930fa41cd114e40447301",
|
||||
- "482580a0ec5bc47e88bc8c378632cd196cb3fa058a7114eb03054c9" },
|
||||
- },
|
||||
{ { "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296",
|
||||
"4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5" },
|
||||
{ "7cf27b188d034f7e8a52380304b51ac3c08969e277f21b35a60b48fc47669978",
|
||||
--
|
||||
2.30.2
|
||||
|
||||
__EOF__
|
||||
|
|
|
@ -1,173 +0,0 @@
|
|||
Index: nettle-3.7/examples/ecc-benchmark.c
|
||||
===================================================================
|
||||
--- nettle-3.7.orig/examples/ecc-benchmark.c
|
||||
+++ nettle-3.7/examples/ecc-benchmark.c
|
||||
@@ -307,8 +307,6 @@ bench_curve (const struct ecc_curve *ecc
|
||||
}
|
||||
|
||||
const struct ecc_curve * const curves[] = {
|
||||
- &_nettle_secp_192r1,
|
||||
- &_nettle_secp_224r1,
|
||||
&_nettle_curve25519,
|
||||
&_nettle_secp_256r1,
|
||||
&_nettle_secp_384r1,
|
||||
Index: nettle-3.7/examples/hogweed-benchmark.c
|
||||
===================================================================
|
||||
--- nettle-3.7.orig/examples/hogweed-benchmark.c
|
||||
+++ nettle-3.7/examples/hogweed-benchmark.c
|
||||
@@ -412,23 +412,6 @@ bench_ecdsa_init (unsigned size)
|
||||
|
||||
switch (size)
|
||||
{
|
||||
- case 192:
|
||||
- ecc = &_nettle_secp_192r1;
|
||||
- xs = "8e8e07360350fb6b7ad8370cfd32fa8c6bba785e6e200599";
|
||||
- ys = "7f82ddb58a43d59ff8dc66053002b918b99bd01bd68d6736";
|
||||
- zs = "f2e620e086d658b4b507996988480917640e4dc107808bdd";
|
||||
- ctx->digest = hash_string (&nettle_sha1, "abc");
|
||||
- ctx->digest_size = 20;
|
||||
- break;
|
||||
- case 224:
|
||||
- ecc = &_nettle_secp_224r1;
|
||||
- xs = "993bf363f4f2bc0f255f22563980449164e9c894d9efd088d7b77334";
|
||||
- ys = "b75fff9849997d02d135140e4d0030944589586e22df1fc4b629082a";
|
||||
- zs = "cdfd01838247f5de3cc70b688418046f10a2bfaca6de9ec836d48c27";
|
||||
- ctx->digest = hash_string (&nettle_sha224, "abc");
|
||||
- ctx->digest_size = 28;
|
||||
- break;
|
||||
-
|
||||
/* From RFC 4754 */
|
||||
case 256:
|
||||
ecc = &_nettle_secp_256r1;
|
||||
Index: nettle-3.7/testsuite/ecdh-test.c
|
||||
===================================================================
|
||||
--- nettle-3.7.orig/testsuite/ecdh-test.c
|
||||
+++ nettle-3.7/testsuite/ecdh-test.c
|
||||
@@ -159,46 +159,6 @@ test_public_key (const char *label, cons
|
||||
void
|
||||
test_main(void)
|
||||
{
|
||||
- test_public_key ("(0,0) with secp-192r1", &_nettle_secp_192r1, "0", "0", 0);
|
||||
- test_public_key (
|
||||
- "(P,0) with secp-192r1", &_nettle_secp_192r1,
|
||||
- "6277101735386680763835789423207666416083908700390324961279",
|
||||
- "0", 0);
|
||||
- test_public_key (
|
||||
- "(0,P) with secp-192r1", &_nettle_secp_192r1, "0",
|
||||
- "6277101735386680763835789423207666416083908700390324961279",
|
||||
- 0);
|
||||
- test_public_key (
|
||||
- "(P,P) with secp-192r1", &_nettle_secp_192r1,
|
||||
- "6277101735386680763835789423207666416083908700390324961279",
|
||||
- "6277101735386680763835789423207666416083908700390324961279",
|
||||
- 0);
|
||||
- test_public_key ("(1,2) with secp-192r1", &_nettle_secp_192r1, "1", "2", 0);
|
||||
- test_public_key ("(X,Y) with secp-192r1", &_nettle_secp_192r1,
|
||||
- "1050363442265225480786760666329560655512990381040021438562",
|
||||
- "5298249600854377235107392014200406283816103564916230704184",
|
||||
- 1);
|
||||
-
|
||||
- test_dh ("secp-192r1", &_nettle_secp_192r1,
|
||||
- "3406157206141798348095184987208239421004566462391397236532",
|
||||
- "1050363442265225480786760666329560655512990381040021438562",
|
||||
- "5298249600854377235107392014200406283816103564916230704184",
|
||||
- "738368960171459956677260317271477822683777845013274506165",
|
||||
- "2585840779771604687467445319428618542927556223024046979917",
|
||||
- "293088185788565313717816218507714888251468410990708684573",
|
||||
- "149293809021051532782730990145509724807636529827149481690",
|
||||
- "2891131861147398318714693938158856874319184314120776776192");
|
||||
-
|
||||
- test_dh ("secp-224r1", &_nettle_secp_224r1,
|
||||
- "1321072106881784386340709783538698930880431939595776773514895067682",
|
||||
- "6768311794185371282972144247871764855860666277647541840973645586477",
|
||||
- "2880077809069104378181313860274147139049600284805670362929579614547",
|
||||
- "13934723037778859565852601874354272638301919827851286722006496784914",
|
||||
- "373124771833407982305885866158843810218322878380632071540538232035",
|
||||
- "24223309755162432227459925493224336241652868856405241018762887667883",
|
||||
- "8330362698029245839097779050425944245826040430538860338085968752913",
|
||||
- "24167244512472228715617822000878192535267113543393576038737592837010");
|
||||
-
|
||||
test_dh ("secp-256r1", &_nettle_secp_256r1,
|
||||
"94731533361265297353914491124013058635674217345912524033267198103710636378786",
|
||||
"22441589863306126152768848344973918725077248391248404659242620344938484650846",
|
||||
Index: nettle-3.7/testsuite/ecdsa-sign-test.c
|
||||
===================================================================
|
||||
--- nettle-3.7.orig/testsuite/ecdsa-sign-test.c
|
||||
+++ nettle-3.7/testsuite/ecdsa-sign-test.c
|
||||
@@ -60,38 +60,6 @@ test_main (void)
|
||||
{
|
||||
/* Test cases for the smaller groups, verified with a
|
||||
proof-of-concept implementation done for Yubico AB. */
|
||||
- test_ecdsa (&_nettle_secp_192r1,
|
||||
- "DC51D3866A15BACDE33D96F992FCA99D"
|
||||
- "A7E6EF0934E70975", /* z */
|
||||
-
|
||||
- "9E56F509196784D963D1C0A401510EE7"
|
||||
- "ADA3DCC5DEE04B15", /* k */
|
||||
-
|
||||
- SHEX("BA7816BF8F01CFEA414140DE5DAE2223"
|
||||
- "B00361A396177A9C"), /* h */
|
||||
-
|
||||
- "8c478db6a5c131540cebc739f9c0a9a8"
|
||||
- "c720c2abdd14a891", /* r */
|
||||
-
|
||||
- "a91fb738f9f175d72f9c98527e881c36"
|
||||
- "8de68cb55ffe589"); /* s */
|
||||
-
|
||||
- test_ecdsa (&_nettle_secp_224r1,
|
||||
- "446df0a771ed58403ca9cb316e617f6b"
|
||||
- "158420465d00a69601e22858", /* z */
|
||||
-
|
||||
- "4c13f1905ad7eb201178bc08e0c9267b"
|
||||
- "4751c15d5e1831ca214c33f4", /* z */
|
||||
-
|
||||
- SHEX("1b28a611fe62ab3649350525d06703ba"
|
||||
- "4b979a1e543566fd5caa85c6"), /* h */
|
||||
-
|
||||
- "2cc280778f3d067df6d3adbe3a6aad63"
|
||||
- "bc75f08f5c5f915411902a99", /* r */
|
||||
-
|
||||
- "d0f069fd0f108eb07b7bbc54c8d6c88d"
|
||||
- "f2715c38a95c31a2b486995f"); /* s */
|
||||
-
|
||||
/* From RFC 4754 */
|
||||
test_ecdsa (&_nettle_secp_256r1,
|
||||
"DC51D386 6A15BACD E33D96F9 92FCA99D"
|
||||
Index: nettle-3.7/testsuite/testutils.c
|
||||
===================================================================
|
||||
--- nettle-3.7.orig/testsuite/testutils.c
|
||||
+++ nettle-3.7/testsuite/testutils.c
|
||||
@@ -1656,8 +1656,6 @@ test_dsa_key(const struct dsa_params *pa
|
||||
}
|
||||
|
||||
const struct ecc_curve * const ecc_curves[] = {
|
||||
- &_nettle_secp_192r1,
|
||||
- &_nettle_secp_224r1,
|
||||
&_nettle_secp_256r1,
|
||||
&_nettle_secp_384r1,
|
||||
&_nettle_secp_521r1,
|
||||
@@ -1714,24 +1712,6 @@ test_ecc_point (const struct ecc_curve *
|
||||
|
||||
/* For each curve, the points g, 2 g, 3 g and 4 g */
|
||||
static const struct ecc_ref_point ecc_ref[9][4] = {
|
||||
- { { "188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012",
|
||||
- "07192b95ffc8da78631011ed6b24cdd573f977a11e794811" },
|
||||
- { "dafebf5828783f2ad35534631588a3f629a70fb16982a888",
|
||||
- "dd6bda0d993da0fa46b27bbc141b868f59331afa5c7e93ab" },
|
||||
- { "76e32a2557599e6edcd283201fb2b9aadfd0d359cbb263da",
|
||||
- "782c37e372ba4520aa62e0fed121d49ef3b543660cfd05fd" },
|
||||
- { "35433907297cc378b0015703374729d7a4fe46647084e4ba",
|
||||
- "a2649984f2135c301ea3acb0776cd4f125389b311db3be32" }
|
||||
- },
|
||||
- { { "b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21",
|
||||
- "bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34" },
|
||||
- { "706a46dc76dcb76798e60e6d89474788d16dc18032d268fd1a704fa6",
|
||||
- "1c2b76a7bc25e7702a704fa986892849fca629487acf3709d2e4e8bb" },
|
||||
- { "df1b1d66a551d0d31eff822558b9d2cc75c2180279fe0d08fd896d04",
|
||||
- "a3f7f03cadd0be444c0aa56830130ddf77d317344e1af3591981a925" },
|
||||
- { "ae99feebb5d26945b54892092a8aee02912930fa41cd114e40447301",
|
||||
- "482580a0ec5bc47e88bc8c378632cd196cb3fa058a7114eb03054c9" },
|
||||
- },
|
||||
{ { "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296",
|
||||
"4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5" },
|
||||
{ "7cf27b188d034f7e8a52380304b51ac3c08969e277f21b35a60b48fc47669978",
|
|
@ -1,51 +0,0 @@
|
|||
From 64837b2e433e2b99b893683949bad3a99acab38f Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se>
|
||||
Date: Wed, 10 Feb 2021 11:22:23 +0100
|
||||
Subject: [PATCH] Fix chacha counter update for _4core variants.
|
||||
|
||||
---
|
||||
ChangeLog | 4 ++++
|
||||
chacha-crypt.c | 10 +++++++---
|
||||
2 files changed, 11 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/chacha-crypt.c b/chacha-crypt.c
|
||||
index 081ebcf4..1fdfc813 100644
|
||||
--- a/chacha-crypt.c
|
||||
+++ b/chacha-crypt.c
|
||||
@@ -80,13 +80,16 @@ _nettle_chacha_crypt_4core(struct chacha_ctx *ctx,
|
||||
while (length > 2*CHACHA_BLOCK_SIZE)
|
||||
{
|
||||
_nettle_chacha_4core (x, ctx->state, CHACHA_ROUNDS);
|
||||
- ctx->state[12] += 4;
|
||||
- ctx->state[13] += (ctx->state[12] < 4);
|
||||
if (length <= 4*CHACHA_BLOCK_SIZE)
|
||||
{
|
||||
+ uint32_t incr = 3 + (length > 3*CHACHA_BLOCK_SIZE);
|
||||
+ ctx->state[12] += incr;
|
||||
+ ctx->state[13] += (ctx->state[12] < incr);
|
||||
memxor3 (dst, src, x, length);
|
||||
return;
|
||||
}
|
||||
+ ctx->state[12] += 4;
|
||||
+ ctx->state[13] += (ctx->state[12] < 4);
|
||||
memxor3 (dst, src, x, 4*CHACHA_BLOCK_SIZE);
|
||||
|
||||
length -= 4*CHACHA_BLOCK_SIZE;
|
||||
@@ -200,12 +203,13 @@ _nettle_chacha_crypt32_4core(struct chacha_ctx *ctx,
|
||||
while (length > 2*CHACHA_BLOCK_SIZE)
|
||||
{
|
||||
_nettle_chacha_4core32 (x, ctx->state, CHACHA_ROUNDS);
|
||||
- ctx->state[12] += 4;
|
||||
if (length <= 4*CHACHA_BLOCK_SIZE)
|
||||
{
|
||||
+ ctx->state[12] += 3 + (length > 3*CHACHA_BLOCK_SIZE);
|
||||
memxor3 (dst, src, x, length);
|
||||
return;
|
||||
}
|
||||
+ ctx->state[12] += 4;
|
||||
memxor3 (dst, src, x, 4*CHACHA_BLOCK_SIZE);
|
||||
|
||||
length -= 4*CHACHA_BLOCK_SIZE;
|
||||
--
|
||||
2.29.2
|
||||
|
|
@ -0,0 +1,40 @@
|
|||
From 952c2d890902782ee90b6ed273f1d8b4e95dbff1 Mon Sep 17 00:00:00 2001
|
||||
From: Daiki Ueno <dueno@redhat.com>
|
||||
Date: Sun, 21 Mar 2021 11:13:36 +0100
|
||||
Subject: [PATCH] nettle-benchmark: suppress -Wmaybe-uninitialized warnings
|
||||
|
||||
---
|
||||
examples/nettle-benchmark.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/examples/nettle-benchmark.c b/examples/nettle-benchmark.c
|
||||
index ca6346e0..518b947d 100644
|
||||
--- a/examples/nettle-benchmark.c
|
||||
+++ b/examples/nettle-benchmark.c
|
||||
@@ -392,6 +392,7 @@ time_umac(void)
|
||||
|
||||
uint8_t key[16];
|
||||
|
||||
+ init_key(sizeof(key), key);
|
||||
umac32_set_key (&ctx32, key);
|
||||
info.ctx = &ctx32;
|
||||
info.update = (nettle_hash_update_func *) umac32_update;
|
||||
@@ -434,6 +435,7 @@ time_cmac(void)
|
||||
|
||||
uint8_t key[16];
|
||||
|
||||
+ init_key(sizeof(key), key);
|
||||
cmac_aes128_set_key (&ctx, key);
|
||||
info.ctx = &ctx;
|
||||
info.update = (nettle_hash_update_func *) cmac_aes128_update;
|
||||
@@ -451,6 +453,7 @@ time_poly1305_aes(void)
|
||||
struct poly1305_aes_ctx ctx;
|
||||
uint8_t key[32];
|
||||
|
||||
+ init_key(sizeof(key), key);
|
||||
poly1305_aes_set_key (&ctx, key);
|
||||
info.ctx = &ctx;
|
||||
info.update = (nettle_hash_update_func *) poly1305_aes_update;
|
||||
--
|
||||
2.30.2
|
||||
|
|
@ -0,0 +1,334 @@
|
|||
From 894b22e6d851512776bd62e85e749d6950ce16fc Mon Sep 17 00:00:00 2001
|
||||
From: Daiki Ueno <dueno@redhat.com>
|
||||
Date: Wed, 24 Aug 2022 17:19:57 +0900
|
||||
Subject: [PATCH] Clear any intermediate data allocate on stack
|
||||
|
||||
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
||||
---
|
||||
cbc.c | 3 +++
|
||||
cfb.c | 13 +++++++++++++
|
||||
ctr.c | 4 ++++
|
||||
ctr16.c | 2 ++
|
||||
ecc-random.c | 3 +++
|
||||
ecdsa-keygen.c | 2 ++
|
||||
ecdsa-sign.c | 2 ++
|
||||
ed25519-sha512-sign.c | 2 ++
|
||||
ed448-shake256-sign.c | 2 ++
|
||||
gostdsa-sign.c | 2 ++
|
||||
hmac.c | 10 +++++++---
|
||||
nettle-internal.h | 5 +++++
|
||||
pbkdf2.c | 5 ++++-
|
||||
pss-mgf1.c | 5 ++++-
|
||||
pss.c | 4 ++++
|
||||
15 files changed, 59 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/cbc.c b/cbc.c
|
||||
index 76b6492d..b9da3aa0 100644
|
||||
--- a/cbc.c
|
||||
+++ b/cbc.c
|
||||
@@ -128,6 +128,9 @@ cbc_decrypt(const void *ctx, nettle_cipher_func *f,
|
||||
length - block_size);
|
||||
/* Writes first block. */
|
||||
memxor3(dst, buffer, initial_iv, block_size);
|
||||
+
|
||||
+ TMP_CLEAR(buffer, buffer_size);
|
||||
+ TMP_CLEAR(initial_iv, block_size);
|
||||
}
|
||||
}
|
||||
|
||||
diff --git a/cfb.c b/cfb.c
|
||||
index b9da3159..b1b01b9e 100644
|
||||
--- a/cfb.c
|
||||
+++ b/cfb.c
|
||||
@@ -83,6 +83,8 @@ cfb_encrypt(const void *ctx, nettle_cipher_func *f,
|
||||
/* We do not care about updating IV here. This is the last call in
|
||||
* message sequence and one has to set IV afterwards anyway */
|
||||
}
|
||||
+
|
||||
+ TMP_CLEAR(buffer, block_size);
|
||||
}
|
||||
|
||||
/* Don't allocate any more space than this on the stack */
|
||||
@@ -115,6 +117,8 @@ cfb_decrypt(const void *ctx, nettle_cipher_func *f,
|
||||
|
||||
f(ctx, block_size, buffer, iv);
|
||||
memxor3(dst + length, src + length, buffer, left);
|
||||
+
|
||||
+ TMP_CLEAR(buffer, block_size);
|
||||
}
|
||||
}
|
||||
else
|
||||
@@ -160,6 +164,9 @@ cfb_decrypt(const void *ctx, nettle_cipher_func *f,
|
||||
f(ctx, block_size, buffer, iv);
|
||||
memxor(dst, buffer, left);
|
||||
}
|
||||
+
|
||||
+ TMP_CLEAR(buffer, buffer_size);
|
||||
+ TMP_CLEAR(initial_iv, block_size);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -196,6 +203,9 @@ cfb8_encrypt(const void *ctx, nettle_cipher_func *f,
|
||||
pos ++;
|
||||
}
|
||||
memcpy(iv, buffer + pos, block_size);
|
||||
+
|
||||
+ TMP_CLEAR(buffer, block_size * 2);
|
||||
+ TMP_CLEAR(outbuf, block_size);
|
||||
}
|
||||
|
||||
void
|
||||
@@ -235,4 +245,7 @@ cfb8_decrypt(const void *ctx, nettle_cipher_func *f,
|
||||
}
|
||||
|
||||
memcpy(iv, buffer + i, block_size);
|
||||
+
|
||||
+ TMP_CLEAR(buffer, block_size * 2);
|
||||
+ TMP_CLEAR(outbuf, block_size * 2);
|
||||
}
|
||||
diff --git a/ctr.c b/ctr.c
|
||||
index 8c6b4626..217d1abb 100644
|
||||
--- a/ctr.c
|
||||
+++ b/ctr.c
|
||||
@@ -137,6 +137,8 @@ ctr_crypt(const void *ctx, nettle_cipher_func *f,
|
||||
f(ctx, block_size, block, ctr);
|
||||
INCREMENT(block_size, ctr);
|
||||
memxor3(dst + filled, src + filled, block, length - filled);
|
||||
+
|
||||
+ TMP_CLEAR(block, block_size);
|
||||
}
|
||||
}
|
||||
else
|
||||
@@ -173,5 +175,7 @@ ctr_crypt(const void *ctx, nettle_cipher_func *f,
|
||||
INCREMENT(block_size, ctr);
|
||||
memxor(dst, buffer, length);
|
||||
}
|
||||
+
|
||||
+ TMP_CLEAR(buffer, buffer_size);
|
||||
}
|
||||
}
|
||||
diff --git a/ctr16.c b/ctr16.c
|
||||
index d744d2a9..ec0abd72 100644
|
||||
--- a/ctr16.c
|
||||
+++ b/ctr16.c
|
||||
@@ -102,5 +102,7 @@ _nettle_ctr_crypt16(const void *ctx, nettle_cipher_func *f,
|
||||
done:
|
||||
memxor3 (dst + i, src + i, buffer->b, length - i);
|
||||
}
|
||||
+
|
||||
+ TMP_CLEAR(buffer, MIN(blocks, CTR_BUFFER_LIMIT / 16));
|
||||
}
|
||||
}
|
||||
diff --git a/ecc-random.c b/ecc-random.c
|
||||
index a7b48d6a..676f5933 100644
|
||||
--- a/ecc-random.c
|
||||
+++ b/ecc-random.c
|
||||
@@ -36,6 +36,7 @@
|
||||
#endif
|
||||
|
||||
#include <assert.h>
|
||||
+#include <string.h>
|
||||
|
||||
#include "ecc.h"
|
||||
#include "ecc-internal.h"
|
||||
@@ -79,4 +80,6 @@ ecc_scalar_random (struct ecc_scalar *x,
|
||||
TMP_ALLOC (scratch, ECC_MOD_RANDOM_ITCH (x->ecc->q.size));
|
||||
|
||||
ecc_mod_random (&x->ecc->q, x->p, random_ctx, random, scratch);
|
||||
+
|
||||
+ TMP_CLEAR (scratch, ECC_MOD_RANDOM_ITCH (x->ecc->q.size));
|
||||
}
|
||||
diff --git a/ecdsa-keygen.c b/ecdsa-keygen.c
|
||||
index 870282b0..05dd827a 100644
|
||||
--- a/ecdsa-keygen.c
|
||||
+++ b/ecdsa-keygen.c
|
||||
@@ -59,4 +59,6 @@ ecdsa_generate_keypair (struct ecc_point *pub,
|
||||
ecc_mod_random (&ecc->q, key->p, random_ctx, random, p);
|
||||
ecc->mul_g (ecc, p, key->p, p + 3*ecc->p.size);
|
||||
ecc->h_to_a (ecc, 0, pub->p, p, p + 3*ecc->p.size);
|
||||
+
|
||||
+ TMP_CLEAR (p, itch);
|
||||
}
|
||||
diff --git a/ecdsa-sign.c b/ecdsa-sign.c
|
||||
index e6fb3287..e6b960bf 100644
|
||||
--- a/ecdsa-sign.c
|
||||
+++ b/ecdsa-sign.c
|
||||
@@ -68,4 +68,6 @@ ecdsa_sign (const struct ecc_scalar *key,
|
||||
mpz_limbs_finish (signature->s, size);
|
||||
}
|
||||
while (mpz_sgn (signature->r) == 0 || mpz_sgn (signature->s) == 0);
|
||||
+
|
||||
+ TMP_CLEAR (k, size + ECC_ECDSA_SIGN_ITCH (size));
|
||||
}
|
||||
diff --git a/ed25519-sha512-sign.c b/ed25519-sha512-sign.c
|
||||
index 389a157e..52a46ea5 100644
|
||||
--- a/ed25519-sha512-sign.c
|
||||
+++ b/ed25519-sha512-sign.c
|
||||
@@ -38,6 +38,7 @@
|
||||
|
||||
#include "ecc-internal.h"
|
||||
#include "sha2.h"
|
||||
+#include <string.h>
|
||||
|
||||
void
|
||||
ed25519_sha512_sign (const uint8_t *pub,
|
||||
@@ -61,6 +62,7 @@ ed25519_sha512_sign (const uint8_t *pub,
|
||||
length, msg, signature, scratch_out);
|
||||
|
||||
gmp_free_limbs (scratch, itch);
|
||||
+ explicit_bzero (digest, sizeof(digest));
|
||||
#undef k1
|
||||
#undef k2
|
||||
#undef scratch_out
|
||||
diff --git a/ed448-shake256-sign.c b/ed448-shake256-sign.c
|
||||
index c524593d..01abf457 100644
|
||||
--- a/ed448-shake256-sign.c
|
||||
+++ b/ed448-shake256-sign.c
|
||||
@@ -39,6 +39,7 @@
|
||||
#include "ecc-internal.h"
|
||||
#include "eddsa-internal.h"
|
||||
#include "sha3.h"
|
||||
+#include <string.h>
|
||||
|
||||
void
|
||||
ed448_shake256_sign (const uint8_t *pub,
|
||||
@@ -63,6 +64,7 @@ ed448_shake256_sign (const uint8_t *pub,
|
||||
length, msg, signature, scratch_out);
|
||||
|
||||
gmp_free_limbs (scratch, itch);
|
||||
+ explicit_bzero (digest, sizeof(digest));
|
||||
#undef k1
|
||||
#undef k2
|
||||
#undef scratch_out
|
||||
diff --git a/gostdsa-sign.c b/gostdsa-sign.c
|
||||
index 892c0742..a7e0c21d 100644
|
||||
--- a/gostdsa-sign.c
|
||||
+++ b/gostdsa-sign.c
|
||||
@@ -71,4 +71,6 @@ gostdsa_sign (const struct ecc_scalar *key,
|
||||
mpz_limbs_finish (signature->s, size);
|
||||
}
|
||||
while (mpz_sgn (signature->r) == 0 || mpz_sgn (signature->s) == 0);
|
||||
+
|
||||
+ TMP_CLEAR (k, size + ECC_GOSTDSA_SIGN_ITCH (size));
|
||||
}
|
||||
diff --git a/hmac.c b/hmac.c
|
||||
index 6ac5e11a..0ac33bed 100644
|
||||
--- a/hmac.c
|
||||
+++ b/hmac.c
|
||||
@@ -55,6 +55,8 @@ hmac_set_key(void *outer, void *inner, void *state,
|
||||
{
|
||||
TMP_DECL(pad, uint8_t, NETTLE_MAX_HASH_BLOCK_SIZE);
|
||||
TMP_ALLOC(pad, hash->block_size);
|
||||
+ TMP_DECL(digest, uint8_t, NETTLE_MAX_HASH_DIGEST_SIZE);
|
||||
+ TMP_ALLOC(digest, hash->digest_size);
|
||||
|
||||
hash->init(outer);
|
||||
hash->init(inner);
|
||||
@@ -64,9 +66,6 @@ hmac_set_key(void *outer, void *inner, void *state,
|
||||
/* Reduce key to the algorithm's hash size. Use the area pointed
|
||||
* to by state for the temporary state. */
|
||||
|
||||
- TMP_DECL(digest, uint8_t, NETTLE_MAX_HASH_DIGEST_SIZE);
|
||||
- TMP_ALLOC(digest, hash->digest_size);
|
||||
-
|
||||
hash->init(state);
|
||||
hash->update(state, key_length, key);
|
||||
hash->digest(state, hash->digest_size, digest);
|
||||
@@ -88,6 +87,9 @@ hmac_set_key(void *outer, void *inner, void *state,
|
||||
hash->update(inner, hash->block_size, pad);
|
||||
|
||||
memcpy(state, inner, hash->context_size);
|
||||
+
|
||||
+ TMP_CLEAR(pad, hash->block_size);
|
||||
+ TMP_CLEAR(digest, hash->digest_size);
|
||||
}
|
||||
|
||||
void
|
||||
@@ -114,4 +116,6 @@ hmac_digest(const void *outer, const void *inner, void *state,
|
||||
hash->digest(state, length, dst);
|
||||
|
||||
memcpy(state, inner, hash->context_size);
|
||||
+
|
||||
+ TMP_CLEAR(digest, hash->digest_size);
|
||||
}
|
||||
diff --git a/nettle-internal.h b/nettle-internal.h
|
||||
index ddc483de..9fc55514 100644
|
||||
--- a/nettle-internal.h
|
||||
+++ b/nettle-internal.h
|
||||
@@ -72,6 +72,11 @@
|
||||
do { assert((size_t)(size) <= (sizeof(name))); } while (0)
|
||||
#endif
|
||||
|
||||
+#include <string.h> /* explicit_bzero */
|
||||
+
|
||||
+#define TMP_CLEAR(name, size) (explicit_bzero (name, sizeof (*name) * (size)))
|
||||
+#define TMP_CLEAR_ALIGN(name, size) (explicit_bzero (name, size))
|
||||
+
|
||||
/* Arbitrary limits which apply to systems that don't have alloca */
|
||||
#define NETTLE_MAX_HASH_BLOCK_SIZE 128
|
||||
#define NETTLE_MAX_HASH_DIGEST_SIZE 64
|
||||
diff --git a/pbkdf2.c b/pbkdf2.c
|
||||
index 291d138a..a8ecba5b 100644
|
||||
--- a/pbkdf2.c
|
||||
+++ b/pbkdf2.c
|
||||
@@ -92,8 +92,11 @@ pbkdf2 (void *mac_ctx,
|
||||
if (length <= digest_size)
|
||||
{
|
||||
memcpy (dst, T, length);
|
||||
- return;
|
||||
+ break;
|
||||
}
|
||||
memcpy (dst, T, digest_size);
|
||||
}
|
||||
+
|
||||
+ TMP_CLEAR (U, digest_size);
|
||||
+ TMP_CLEAR (T, digest_size);
|
||||
}
|
||||
diff --git a/pss-mgf1.c b/pss-mgf1.c
|
||||
index 3f5e204b..3644c642 100644
|
||||
--- a/pss-mgf1.c
|
||||
+++ b/pss-mgf1.c
|
||||
@@ -66,8 +66,11 @@ pss_mgf1(const void *seed, const struct nettle_hash *hash,
|
||||
if (length <= hash->digest_size)
|
||||
{
|
||||
hash->digest(state, length, mask);
|
||||
- return;
|
||||
+ break;
|
||||
}
|
||||
hash->digest(state, hash->digest_size, mask);
|
||||
}
|
||||
+
|
||||
+ TMP_CLEAR(h, hash->digest_size);
|
||||
+ TMP_CLEAR_ALIGN(state, hash->context_size);
|
||||
}
|
||||
diff --git a/pss.c b/pss.c
|
||||
index d28e7b13..8106ebf2 100644
|
||||
--- a/pss.c
|
||||
+++ b/pss.c
|
||||
@@ -77,6 +77,7 @@ pss_encode_mgf1(mpz_t m, size_t bits,
|
||||
if (key_size < hash->digest_size + salt_length + 2)
|
||||
{
|
||||
TMP_GMP_FREE(em);
|
||||
+ TMP_CLEAR_ALIGN(state, hash->context_size);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -111,6 +112,7 @@ pss_encode_mgf1(mpz_t m, size_t bits,
|
||||
|
||||
nettle_mpz_set_str_256_u(m, key_size, em);
|
||||
TMP_GMP_FREE(em);
|
||||
+ TMP_CLEAR_ALIGN(state, hash->context_size);
|
||||
return 1;
|
||||
}
|
||||
|
||||
@@ -194,5 +196,7 @@ pss_verify_mgf1(const mpz_t m, size_t bits,
|
||||
ret = 1;
|
||||
cleanup:
|
||||
TMP_GMP_FREE(em);
|
||||
+ TMP_CLEAR(h2, hash->digest_size);
|
||||
+ TMP_CLEAR_ALIGN(state, hash->context_size);
|
||||
return ret;
|
||||
}
|
||||
--
|
||||
2.37.2
|
||||
|
75
nettle.spec
75
nettle.spec
|
@ -14,26 +14,32 @@
|
|||
%bcond_without fips
|
||||
|
||||
Name: nettle
|
||||
Version: 3.7
|
||||
Version: 3.8
|
||||
Release: 3%{?dist}
|
||||
Summary: A low-level cryptographic library
|
||||
|
||||
License: LGPLv3+ or GPLv2+
|
||||
URL: http://www.lysator.liu.se/~nisse/nettle/
|
||||
Source0: %{name}-%{version}-hobbled.tar.xz
|
||||
#Source0: http://www.lysator.liu.se/~nisse/archive/%{name}-%{version}.tar.gz
|
||||
#Source0: http://www.lysator.liu.se/~nisse/archive/%%{name}-%%{version}.tar.gz
|
||||
%if 0%{?bootstrap}
|
||||
Source1: %{name}-%{version_old}-hobbled.tar.xz
|
||||
Source2: nettle-3.5-remove-ecc-testsuite.patch
|
||||
%endif
|
||||
Patch0: nettle-3.6-remove-ecc-testsuite.patch
|
||||
Patch1: nettle-3.4-annocheck.patch
|
||||
# https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009423.html
|
||||
Patch2: nettle-3.7-chacha-counter-ppc64.patch
|
||||
Patch: nettle-3.4-annocheck.patch
|
||||
Patch: nettle-3.8-zeroize-stack.patch
|
||||
|
||||
Source100: gmp-6.2.1.tar.xz
|
||||
# Taken from the main gmp package
|
||||
Source101: gmp-6.2.1-intel-cet.patch
|
||||
Source102: gmp-6.2.1-zeroize-allocator.patch
|
||||
|
||||
BuildRequires: make
|
||||
BuildRequires: gcc
|
||||
BuildRequires: gmp-devel, m4
|
||||
%if !%{with fips}
|
||||
BuildRequires: gmp-devel
|
||||
%endif
|
||||
BuildRequires: m4
|
||||
BuildRequires: libtool, automake, autoconf, gettext-devel
|
||||
%if %{with fips}
|
||||
BuildRequires: fipscheck
|
||||
|
@ -61,6 +67,18 @@ applications with nettle.
|
|||
%prep
|
||||
%autosetup -Tb 0 -p1
|
||||
|
||||
%if %{with fips}
|
||||
mkdir -p bundled_gmp
|
||||
pushd bundled_gmp
|
||||
tar --strip-components=1 -xf %{SOURCE100}
|
||||
patch -p1 < %{SOURCE101}
|
||||
patch -p1 < %{SOURCE102}
|
||||
popd
|
||||
|
||||
# Prevent -lgmp appearing in the compiler command line in dependent components
|
||||
sed -i '/^Libs.private:/d' hogweed.pc.in
|
||||
%endif
|
||||
|
||||
%if 0%{?bootstrap}
|
||||
mkdir -p bootstrap_ver
|
||||
pushd bootstrap_ver
|
||||
|
@ -80,8 +98,22 @@ sed 's/ecc-secp192r1.c//g' -i Makefile.in
|
|||
sed 's/ecc-secp224r1.c//g' -i Makefile.in
|
||||
|
||||
%build
|
||||
%if %{with fips}
|
||||
pushd bundled_gmp
|
||||
autoreconf -ifv
|
||||
%configure --enable-shared --enable-fat
|
||||
%configure --disable-cxx --disable-shared --enable-fat --with-pic
|
||||
%make_build
|
||||
popd
|
||||
%endif
|
||||
|
||||
autoreconf -ifv
|
||||
|
||||
%configure --enable-shared --enable-fat \
|
||||
%if %{with fips}
|
||||
--with-include-path=$PWD/bundled_gmp --with-lib-path=$PWD/bundled_gmp/.libs \
|
||||
%endif
|
||||
%{nil}
|
||||
|
||||
%make_build
|
||||
|
||||
%if 0%{?bootstrap}
|
||||
|
@ -173,6 +205,33 @@ make check
|
|||
|
||||
|
||||
%changelog
|
||||
* Thu Aug 25 2022 Daiki Ueno <dueno@redhat.com> - 3.8-3
|
||||
- Rebuild in new side-tag
|
||||
|
||||
* Thu Aug 18 2022 Daiki Ueno <dueno@redhat.com> - 3.8-2
|
||||
- Bundle GMP to privatize memory functions
|
||||
- Zeroize stack allocated intermediate data
|
||||
|
||||
* Tue Jun 28 2022 Daiki Ueno <dueno@redhat.com> - 3.8-1
|
||||
- Update to nettle 3.8 (#1992457)
|
||||
|
||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.7.3-2
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
|
||||
* Wed Jul 28 2021 Daiki Ueno <dueno@redhat.com> - 3.7.3-1
|
||||
- Update to nettle 3.7.3 (#1986712)
|
||||
|
||||
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.7.2-2
|
||||
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||
|
||||
* Sun Mar 21 2021 Daiki Ueno <dueno@redhat.com> - 3.7.2-1
|
||||
- Update to nettle 3.7.2
|
||||
- Merge nettle-3.6-remove-ecc-testsuite.patch to hobble-nettle script
|
||||
|
||||
* Tue Mar 9 2021 Daiki Ueno <dueno@redhat.com> - 3.7.1-1
|
||||
- Update to nettle 3.7.1
|
||||
|
||||
* Wed Feb 10 2021 Daiki Ueno <dueno@redhat.com> - 3.7-3
|
||||
- Port a fix for chacha counter issue on ppc64le
|
||||
|
||||
|
|
3
sources
3
sources
|
@ -1 +1,2 @@
|
|||
SHA512 (nettle-3.7-hobbled.tar.xz) = 267ad57aa4fc7791490c94aae5c533489e6bc8080a8275eb7e8c037437b7e981769d7ff771115cd66c57bf4088589780653fd293ff612c233dd00fea0ea94248
|
||||
SHA512 (nettle-3.8-hobbled.tar.xz) = a0c24568401212895b69eff046dbc0450fc14f1759ec3b4b62771a3d77192056b9a43c3ee386aeae1fe2d12ce58efc183849af5f9088e4ea7dab278f52572b2f
|
||||
SHA512 (gmp-6.2.1.tar.xz) = c99be0950a1d05a0297d65641dd35b75b74466f7bf03c9e8a99895a3b2f9a0856cd17887738fa51cf7499781b65c049769271cbcb77d057d2e9f1ec52e07dd84
|
||||
|
|
Loading…
Reference in New Issue