packages/nettle
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:c5943a8f338c9f576103894298090cd7c2113542
Branches Tags
packages:main
...
compare: packages:d1d911488a5b939ed59ea2bf4b4fe3f51d89bc30
Branches Tags
packages:main

10 Commits
c5943a8f33 ... d1d911488a

Author SHA1 Message Date
openeuler-ci-bot
d1d911488a
!26 update to release-3.8.1 
From: @eaglegai 
Reviewed-by: @yanan-rock 
Signed-off-by: @yanan-rock
 2022-10-31 06:11:42 +00:00
eaglegai
46e4c5a9ec update to release-3.8.1 2022-10-31 02:21:30 +00:00
openeuler-ci-bot
c8aedb11b6
!20 [sync] PR-19: delete useless so file 
From: @openeuler-sync-bot 
Reviewed-by: @yanan-rock 
Signed-off-by: @yanan-rock
 2022-03-25 08:16:56 +00:00
zhaoyuxing
ee7dd02cf8 delete useless so file 
(cherry picked from commit 8f6e98c296f7aa4b86332674779a8daab1fd0303)
 2022-03-25 15:03:39 +08:00
openeuler-ci-bot
9b01b106d5 !17 update nettle to 3.7.3 
From: @yangl777
Reviewed-by: @overweight
Signed-off-by: @overweight
 2021-12-06 01:19:40 +00:00
yangl777
6000d7398c update nettle to 3.7.3 2021-12-04 16:00:41 +08:00
openeuler-ci-bot
f141d3ec65 !12 fix CVE-2021-3580 
From: @eaglegai
Reviewed-by: @yanan-rock
Signed-off-by: @yanan-rock
 2021-08-16 09:00:57 +00:00
eaglegai
ada5b9536c fix CVE-2021-3580 2021-08-16 14:38:27 +08:00
openeuler-ci-bot
27d49bc246 !6 fix CVE-2021-20305 
From: @haochenstar
Reviewed-by: @overweight
Signed-off-by: @overweight
 2021-04-20 09:53:44 +08:00
haochenstar
139a2b826b fix CVE-2021-20305 2021-04-19 19:18:07 +08:00
4 changed files with 219 additions and 71 deletions
Show Stats Expand all files Collapse all files

240
0000-nettle-3.3-remove-ecc-testsuite.patch
View File

@ -1,14 +1,98 @@
Subject: [PATCH] changes
From b519b23a141752043c9cc9182048c26d80d22af2 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Sun, 21 Mar 2021 11:09:51 +0100
Subject: [PATCH] Remove secp192r1 and secp224r1 support
---
nettle-3.4.1/examples/ecc-benchmark.c | 2 --
nettle-3.4.1/examples/hogweed-benchmark.c | 32 -----------------------
nettle-3.4.1/testsuite/ecdh-test.c | 20 --------------
nettle-3.4.1/testsuite/ecdsa-sign-test.c | 32 -----------------------
nettle-3.4.1/testsuite/testutils.c | 16 ------------
5 files changed, 102 deletions(-)
eccdata.c | 67 +----------------------------------
examples/ecc-benchmark.c | 2 --
examples/hogweed-benchmark.c | 17 ---------
testsuite/ecdh-test.c | 40 ---------------------
testsuite/ecdsa-sign-test.c | 47 ------------------------
testsuite/ecdsa-verify-test.c | 28 ---------------
testsuite/testutils.c | 20 -----------
7 files changed, 1 insertion(+), 220 deletions(-)
diff --git a/eccdata.c b/eccdata.c
index 1b4cb0b5..dc2be5f9 100644
--- a/eccdata.c
+++ b/eccdata.c
@@ -434,72 +434,7 @@ ecc_curve_init_str (struct ecc_curve *ecc, enum ecc_type type,
static void
ecc_curve_init (struct ecc_curve *ecc, const char *curve)
{
- if (!strcmp (curve, "secp192r1"))
- {
- ecc_curve_init_str (ecc, ECC_TYPE_WEIERSTRASS,
- /* p = 2^{192} - 2^{64} - 1 */
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE"
- "FFFFFFFFFFFFFFFF",
-
- "64210519e59c80e70fa7e9ab72243049"
- "feb8deecc146b9b1",
-
- "ffffffffffffffffffffffff99def836"
- "146bc9b1b4d22831",
-
- "188da80eb03090f67cbf20eb43a18800"
- "f4ff0afd82ff1012",
-
- "07192b95ffc8da78631011ed6b24cdd5"
- "73f977a11e794811");
- ecc->ref = ecc_alloc (3);
- ecc_set_str (&ecc->ref[0], /* 2 g */
- "dafebf5828783f2ad35534631588a3f629a70fb16982a888",
- "dd6bda0d993da0fa46b27bbc141b868f59331afa5c7e93ab");
-
- ecc_set_str (&ecc->ref[1], /* 3 g */
- "76e32a2557599e6edcd283201fb2b9aadfd0d359cbb263da",
- "782c37e372ba4520aa62e0fed121d49ef3b543660cfd05fd");
-
- ecc_set_str (&ecc->ref[2], /* 4 g */
- "35433907297cc378b0015703374729d7a4fe46647084e4ba",
- "a2649984f2135c301ea3acb0776cd4f125389b311db3be32");
-
- }
- else if (!strcmp (curve, "secp224r1"))
- {
- ecc_curve_init_str (ecc, ECC_TYPE_WEIERSTRASS,
- /* p = 2^{224} - 2^{96} + 1 */
- "ffffffffffffffffffffffffffffffff"
- "000000000000000000000001",
-
- "b4050a850c04b3abf54132565044b0b7"
- "d7bfd8ba270b39432355ffb4",
-
- "ffffffffffffffffffffffffffff16a2"
- "e0b8f03e13dd29455c5c2a3d",
-
- "b70e0cbd6bb4bf7f321390b94a03c1d3"
- "56c21122343280d6115c1d21",
-
- "bd376388b5f723fb4c22dfe6cd4375a0"
- "5a07476444d5819985007e34");
-
- ecc->ref = ecc_alloc (3);
- ecc_set_str (&ecc->ref[0], /* 2 g */
- "706a46dc76dcb76798e60e6d89474788d16dc18032d268fd1a704fa6",
- "1c2b76a7bc25e7702a704fa986892849fca629487acf3709d2e4e8bb");
-
- ecc_set_str (&ecc->ref[1], /* 3 g */
- "df1b1d66a551d0d31eff822558b9d2cc75c2180279fe0d08fd896d04",
- "a3f7f03cadd0be444c0aa56830130ddf77d317344e1af3591981a925");
-
- ecc_set_str (&ecc->ref[2], /* 4 g */
- "ae99feebb5d26945b54892092a8aee02912930fa41cd114e40447301",
- "482580a0ec5bc47e88bc8c378632cd196cb3fa058a7114eb03054c9");
-
- }
- else if (!strcmp (curve, "secp256r1"))
+ if (!strcmp (curve, "secp256r1"))
{
ecc_curve_init_str (ecc, ECC_TYPE_WEIERSTRASS,
/* p = 2^{256} - 2^{224} + 2^{192} + 2^{96} - 1 */
diff --git a/examples/ecc-benchmark.c b/examples/ecc-benchmark.c
index 8e5e095..720d483 100644
index 3ab269c7..402744a0 100644
--- a/examples/ecc-benchmark.c
+++ b/examples/ecc-benchmark.c
@@ -307,8 +307,6 @@ bench_curve (const struct ecc_curve *ecc)
@ -21,10 +105,10 @@ index 8e5e095..720d483 100644
&_nettle_secp_256r1,
&_nettle_secp_384r1,
diff --git a/examples/hogweed-benchmark.c b/examples/hogweed-benchmark.c
index ebce903..f13ea18 100644
index 3d008021..b8cf902c 100644
--- a/examples/hogweed-benchmark.c
+++ b/examples/hogweed-benchmark.c
@@ -412,24 +412,6 @@ bench_ecdsa_init (unsigned size)
@@ -412,23 +412,6 @@ bench_ecdsa_init (unsigned size)
switch (size)
{
@ -45,50 +129,37 @@ index ebce903..f13ea18 100644
- ctx->digest_size = 28;
- break;
-
- /* From RFC 4754 */
/* From RFC 4754 */
case 256:
ecc = &_nettle_secp_256r1;
xs = "2442A5CC 0ECD015F A3CA31DC 8E2BBC70 BF42D60C BCA20085 E0822CB0 4235E970";
@@ -783,16 +765,6 @@ bench_openssl_ecdsa_init (unsigned size)
switch (size)
{
- case 192:
- ctx->key = EC_KEY_new_by_curve_name (NID_X9_62_prime192v1);
- ctx->digest_length = 24; /* truncated */
- ctx->digest = hash_string (&nettle_sha224, "abc");
- break;
- case 224:
- ctx->key = EC_KEY_new_by_curve_name (NID_secp224r1);
- ctx->digest_length = SHA224_DIGEST_SIZE;
- ctx->digest = hash_string (&nettle_sha224, "abc");
- break;
case 256:
ctx->key = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1);
ctx->digest_length = SHA256_DIGEST_SIZE;
@@ -924,14 +896,10 @@ struct alg alg_list[] = {
#if 0
{ "dsa",2048, bench_dsa_init, bench_dsa_sign, bench_dsa_verify, bench_dsa_clear },
#endif
- { "ecdsa", 192, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },
- { "ecdsa", 224, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },
{ "ecdsa", 256, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },
{ "ecdsa", 384, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },
{ "ecdsa", 521, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },
#if WITH_OPENSSL
- { "ecdsa (openssl)", 192, bench_openssl_ecdsa_init, bench_openssl_ecdsa_sign, bench_openssl_ecdsa_verify, bench_openssl_ecdsa_clear },
- { "ecdsa (openssl)", 224, bench_openssl_ecdsa_init, bench_openssl_ecdsa_sign, bench_openssl_ecdsa_verify, bench_openssl_ecdsa_clear },
{ "ecdsa (openssl)", 256, bench_openssl_ecdsa_init, bench_openssl_ecdsa_sign, bench_openssl_ecdsa_verify, bench_openssl_ecdsa_clear },
{ "ecdsa (openssl)", 384, bench_openssl_ecdsa_init, bench_openssl_ecdsa_sign, bench_openssl_ecdsa_verify, bench_openssl_ecdsa_clear },
{ "ecdsa (openssl)", 521, bench_openssl_ecdsa_init, bench_openssl_ecdsa_sign, bench_openssl_ecdsa_verify, bench_openssl_ecdsa_clear },
diff --git a/testsuite/ecdh-test.c b/testsuite/ecdh-test.c
index 5a2b39d..08870b1 100644
index ff4f7233..2be26b19 100644
--- a/testsuite/ecdh-test.c
+++ b/testsuite/ecdh-test.c
@@ -179,26 +179,6 @@ test_dh (const char *name, const struct ecc_curve *ecc,
"5298249600854377235107392014200406283816103564916230704184",
1);
@@ -159,46 +159,6 @@ test_public_key (const char *label, const struct ecc_curve *ecc,
void
test_main(void)
{
- test_public_key ("(0,0) with secp-192r1", &_nettle_secp_192r1, "0", "0", 0);
- test_public_key (
- "(P,0) with secp-192r1", &_nettle_secp_192r1,
- "6277101735386680763835789423207666416083908700390324961279",
- "0", 0);
- test_public_key (
- "(0,P) with secp-192r1", &_nettle_secp_192r1, "0",
- "6277101735386680763835789423207666416083908700390324961279",
- 0);
- test_public_key (
- "(P,P) with secp-192r1", &_nettle_secp_192r1,
- "6277101735386680763835789423207666416083908700390324961279",
- "6277101735386680763835789423207666416083908700390324961279",
- 0);
- test_public_key ("(1,2) with secp-192r1", &_nettle_secp_192r1, "1", "2", 0);
- test_public_key ("(X,Y) with secp-192r1", &_nettle_secp_192r1,
- "1050363442265225480786760666329560655512990381040021438562",
- "5298249600854377235107392014200406283816103564916230704184",
- 1);
-
- test_dh ("secp-192r1", &_nettle_secp_192r1,
- "3406157206141798348095184987208239421004566462391397236532",
- "1050363442265225480786760666329560655512990381040021438562",
@ -113,13 +184,28 @@ index 5a2b39d..08870b1 100644
"94731533361265297353914491124013058635674217345912524033267198103710636378786",
"22441589863306126152768848344973918725077248391248404659242620344938484650846",
diff --git a/testsuite/ecdsa-sign-test.c b/testsuite/ecdsa-sign-test.c
index 559de8e..2e84ed7 100644
index 08a10a1d..0acd4e5c 100644
--- a/testsuite/ecdsa-sign-test.c
+++ b/testsuite/ecdsa-sign-test.c
@@ -60,38 +60,6 @@ test_main (void)
@@ -58,53 +58,6 @@ test_ecdsa (const struct ecc_curve *ecc,
void
test_main (void)
{
/* Test cases for the smaller groups, verified with a
proof-of-concept implementation done for Yubico AB. */
- /* Producing the signature for corresponding test in
- ecdsa-verify-test.c, with special u1 and u2. */
- test_ecdsa (&_nettle_secp_224r1,
- "99b5b787484def12894ca507058b3bf5"
- "43d72d82fa7721d2e805e5e6",
- "2",
- SHEX("cdb887ac805a3b42e22d224c85482053"
- "16c755d4a736bb2032c92553"),
- "706a46dc76dcb76798e60e6d89474788"
- "d16dc18032d268fd1a704fa6", /* r */
- "3a41e1423b1853e8aa89747b1f987364"
- "44705d6d6d8371ea1f578f2e"); /* s */
-
- /* Test cases for the smaller groups, verified with a
- proof-of-concept implementation done for Yubico AB. */
- test_ecdsa (&_nettle_secp_192r1,
- "DC51D3866A15BACDE33D96F992FCA99D"
- "A7E6EF0934E70975", /* z */
@ -155,8 +241,47 @@ index 559de8e..2e84ed7 100644
/* From RFC 4754 */
test_ecdsa (&_nettle_secp_256r1,
"DC51D386 6A15BACD E33D96F9 92FCA99D"
diff --git a/testsuite/ecdsa-verify-test.c b/testsuite/ecdsa-verify-test.c
index 8110c64d..71c0b5c0 100644
--- a/testsuite/ecdsa-verify-test.c
+++ b/testsuite/ecdsa-verify-test.c
@@ -81,34 +81,6 @@ test_ecdsa (const struct ecc_curve *ecc,
void
test_main (void)
{
- /* Corresponds to nonce k = 2 and private key z =
- 0x99b5b787484def12894ca507058b3bf543d72d82fa7721d2e805e5e6. z and
- hash are chosen so that intermediate scalars in the verify
- equations are u1 = 0x6b245680e700, u2 =
- 259da6542d4ba7d21ad916c3bd57f811. These values require canonical
- reduction of the scalars. Bug caused by missing canonical
- reduction reported by Guido Vranken. */
- test_ecdsa (&_nettle_secp_224r1,
- "9e7e6cc6b1bdfa8ee039b66ad85e5490"
- "7be706a900a3cba1c8fdd014", /* x */
- "74855db3f7c1b4097ae095745fc915e3"
- "8a79d2a1de28f282eafb22ba", /* y */
-
- SHEX("cdb887ac805a3b42e22d224c85482053"
- "16c755d4a736bb2032c92553"),
- "706a46dc76dcb76798e60e6d89474788"
- "d16dc18032d268fd1a704fa6", /* r */
- "3a41e1423b1853e8aa89747b1f987364"
- "44705d6d6d8371ea1f578f2e"); /* s */
-
- /* Test case provided by Guido Vranken, from oss-fuzz */
- test_ecdsa (&_nettle_secp_192r1,
- "14683086 f1734c6d e68743a6 48181b54 a74d4c5b 383eb6a8", /* x */
- " 1e2584 2ab8b2b0 4017f655 1b5e4058 a2aa0612 2dae9344", /* y */
- SHEX("00"), /* h == 0 corner case*/
- "952800792ed19341fdeeec047f2514f3b0f150d6066151fb", /* r */
- "ec5971222014878b50d7a19d8954bc871e7e65b00b860ffb"); /* s */
-
/* From RFC 4754 */
test_ecdsa (&_nettle_secp_256r1,
"2442A5CC 0ECD015F A3CA31DC 8E2BBC70"
diff --git a/testsuite/testutils.c b/testsuite/testutils.c
index c965618..7f6745a 100644
index 2c6cac40..fbf4974c 100644
--- a/testsuite/testutils.c
+++ b/testsuite/testutils.c
@@ -1656,8 +1656,6 @@ test_dsa_key(const struct dsa_params *params,
@ -168,7 +293,7 @@ index c965618..7f6745a 100644
&_nettle_secp_256r1,
&_nettle_secp_384r1,
&_nettle_secp_521r1,
@@ -1714,24 +1712,6 @@ test_ecc_mul_a (unsigned curve, unsigned n, const mp_limb_t *p)
@@ -1714,24 +1712,6 @@ test_ecc_point (const struct ecc_curve *ecc,
/* For each curve, the points g, 2 g, 3 g and 4 g */
static const struct ecc_ref_point ecc_ref[9][4] = {
@ -194,5 +319,4 @@ index c965618..7f6745a 100644
"4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5" },
{ "7cf27b188d034f7e8a52380304b51ac3c08969e277f21b35a60b48fc47669978",
--
2.19.1
2.30.2

BIN
nettle-3.6.tar.gz
View File

Binary file not shown.

BIN
nettle-3.8.1.tar.gz Normal file
View File

Binary file not shown.

50
nettle.spec
View File

@ -1,16 +1,15 @@
Name: nettle
Version: 3.6
Release: 5
Version: 3.8.1
Release: 1
Summary: A low-level cryptographic library
License: LGPLv3+ or GPLv2+
URL: https://www.lysator.liu.se/~nisse/nettle/
Source0: https://www.lysator.liu.se/~nisse/archive/%{name}-%{version}.tar.gz
Patch0: 0000-nettle-3.3-remove-ecc-testsuite.patch
BuildRequires: automake autoconf fipscheck gcc gettext-devel gmp-devel libtool m4
BuildRequires: nettle
Provides: libnettle.so.6()(64bit) libnettle.so.6(NETTLE_6)(64bit) libhogweed.so.4()(64bit) libhogweed.so.4(HOGWEED_4)(64bit)
BuildRequires: automake autoconf fipscheck gcc gettext-devel gmp-devel libtool m4
%description
Nettle is a cryptographic library designed to fit any context:
in crypto toolkits for object-oriented languages, in applications
@ -26,11 +25,11 @@ The devel for %{name}
%package_help
%prep
%autosetup -n %{name}-3.6 -p1
%autosetup -n %{name}-%{version} -p1
sed s/ggdb3/g/ -i configure
sed 's/ecc-192.c//g' -i Makefile.in
sed 's/ecc-224.c//g' -i Makefile.in
sed 's/ecc-secp192r1.c//g' -i Makefile.in
sed 's/ecc-secp224r1.c//g' -i Makefile.in
%build
autoreconf -ifv
@ -41,8 +40,7 @@ autoreconf -ifv
%make_install
make install-shared
install -D -p -m0644 nettle.info "$RPM_BUILD_ROOT%{_infodir}/nettle.info"
cp -p %{_libdir}/libnettle.so.6.* $RPM_BUILD_ROOT%{_libdir}/
cp -p %{_libdir}/libhogweed.so.4.* $RPM_BUILD_ROOT%{_libdir}/
rm -f $RPM_BUILD_ROOT%{_libdir}/*.a
chmod 0755 $RPM_BUILD_ROOT%{_libdir}/libnettle.so.8.*
chmod 0755 $RPM_BUILD_ROOT%{_libdir}/libhogweed.so.6.*
@ -55,8 +53,6 @@ make check
%doc AUTHORS descore.README nettle.pdf
%license COPYINGv2 COPYINGv3 COPYING.LESSERv3
%{_infodir}/nettle.info.gz
%{_libdir}/libnettle.so.6*
%{_libdir}/libhogweed.so.4*
%{_libdir}/libnettle.so.8*
%{_libdir}/libhogweed.so.6*
%exclude %{_bindir}/*
@ -64,7 +60,6 @@ make check
%files devel
%defattr(-,root,root)
%{_includedir}/nettle/
%{_libdir}/*.a
%{_libdir}/libnettle.so
%{_libdir}/libhogweed.so
%{_libdir}/pkgconfig/*
@ -77,6 +72,35 @@ make check
%ldconfig_scriptlets
%changelog
* Mon Oct 31 2022 gaihuiying <eaglegai@163.com> - 3.8.1-1
- Type:requirement
- Id:NA
- SUG:NA
- DESC:update to release-3.8.1
* Wed Mar 23 2022 xingwei <xingwei14@h-partners.com> - 3.7.3-2
- Type:bugfix
- Id:NA
- SUG:restart
- DESC:delete useless so file
* Sat Dec 04 2021 yanglu <yanglu72@huawei.com> - 3.7.3-1
- Type:requirements
- Id:NA
- SUG:NA
- DESC:update nettle to 3.7.3
* Mon Aug 16 2021 gaihuiying <gaihuiying1@huawei.com> - 3.6-7
- Type:CVE
- CVE:CVE-2021-3580
- SUG:NA
- DESC:fix CVE-2021-3580
* Mon Apr 19 2021 xihaochen <xihaochen@huawei.com> - 3.6-6
- Type:CVE
- CVE:CVE-2021-20305
- SUG:NA
- DESC:fix CVE-2021-20305
* Tue Jul 21 2020 cuibaobao <cuibaobao1@huawei.com> - 3.6-5
- Type:update
- Id:NA