summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authoradam <adam@pkgsrc.org>2021-03-21 20:03:09 +0000
committeradam <adam@pkgsrc.org>2021-03-21 20:03:09 +0000
commit8ccffd78f80fbe0a93a286636c2b5630f1ef5631 (patch)
tree471e55767d8856396e84491d10403ba367a352c2 /security
parentd86233ab4213f55642c7d74de25c45c1ea4a265b (diff)
downloadpkgsrc-8ccffd78f80fbe0a93a286636c2b5630f1ef5631.tar.gz
nettle: updated to 3.7.2
NEWS for the Nettle 3.7.2 release This is a bugfix release, fixing a bug in ECDSA signature verification that could lead to a denial of service attack (via an assertion failure) or possibly incorrect results. It also fixes a few related problems where scalars are required to be canonically reduced modulo the ECC group order, but in fact may be slightly larger. Upgrading to the new version is strongly recommended. Even when no assert is triggered in ecdsa_verify, ECC point multiplication may get invalid intermediate values as input, and produce incorrect results. It's trivial to construct alleged signatures that result in invalid intermediate values. It appears difficult to construct an alleged signature that makes the function misbehave in such a way that an invalid signature is accepted as valid, but such attacks can't be ruled out without further analysis. Thanks to Guido Vranken for setting up the fuzzer tests that uncovered this problem. The new version is intended to be fully source and binary compatible with Nettle-3.6. The shared library names are libnettle.so.8.3 and libhogweed.so.6.3, with sonames libnettle.so.8 and libhogweed.so.6. Bug fixes: * Fixed bug in ecdsa_verify, and added a corresponding test case. * Similar fixes to ecc_gostdsa_verify and gostdsa_vko. * Similar fixes to eddsa signatures. The problem is less severe for these curves, because (i) the potentially out or range value is derived from output of a hash function, making it harder for the attacker to to hit the narrow range of problematic values, and (ii) the ecc operations are inherently more robust, and my current understanding is that unless the corresponding assert is hit, the verify operation should complete with a correct result. * Fix to ecdsa_sign, which with a very low probability could return out of range signature values, which would be rejected immediately by a verifier.
Diffstat (limited to 'security')
-rw-r--r--security/nettle/Makefile4
-rw-r--r--security/nettle/distinfo10
2 files changed, 7 insertions, 7 deletions
diff --git a/security/nettle/Makefile b/security/nettle/Makefile
index c0af3cb85ce..a0581e724ed 100644
--- a/security/nettle/Makefile
+++ b/security/nettle/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.25 2021/02/18 10:59:09 adam Exp $
+# $NetBSD: Makefile,v 1.26 2021/03/21 20:03:09 adam Exp $
-DISTNAME= nettle-3.7.1
+DISTNAME= nettle-3.7.2
CATEGORIES= devel security
MASTER_SITES= http://www.lysator.liu.se/~nisse/archive/
MASTER_SITES+= ftp://ftp.lysator.liu.se/pub/security/lsh/
diff --git a/security/nettle/distinfo b/security/nettle/distinfo
index 9f7c036d41d..2967cc801c3 100644
--- a/security/nettle/distinfo
+++ b/security/nettle/distinfo
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.20 2021/02/18 10:59:09 adam Exp $
+$NetBSD: distinfo,v 1.21 2021/03/21 20:03:09 adam Exp $
-SHA1 (nettle-3.7.1.tar.gz) = 2113e52ef6755a68097732080b738fcacfac8797
-RMD160 (nettle-3.7.1.tar.gz) = fcb350221e21d7bb2c22f90a3b020df669ff34a7
-SHA512 (nettle-3.7.1.tar.gz) = 25567c0546b68851a03741ea69a2959b07cab660a723b193a9043faf1fd9eb4cd7aea72de150bb0717fd2db28e417f03ad31b14e98aec40ad316f1bcf0caf50b
-Size (nettle-3.7.1.tar.gz) = 2380974 bytes
+SHA1 (nettle-3.7.2.tar.gz) = d617fbcf8d301dfd887129c3883629d4d097c579
+RMD160 (nettle-3.7.2.tar.gz) = 78dced3b71dbcb531f0b0a27c8f9c858d1cbe47b
+SHA512 (nettle-3.7.2.tar.gz) = 5f6edcc24ff620885b24394b31e55b494418c35dd63e6ece222ddabc58e793c44a82155051cc5759896ed5f014a8efd547f0aef6736a131e41651c5cab7c7211
+Size (nettle-3.7.2.tar.gz) = 2382309 bytes
SHA1 (patch-Makefile.in) = ddc92dc4343df2723fbbfd1ef1afc01f1d576b09
SHA1 (patch-aa) = 2332668b077a6e3a1add603c87f60167755554ec
SHA1 (patch-config.make.in) = 708fb3cac9c44825e0d231541cbecade2239c850