diff options
author | Niels Möller <nisse@lysator.liu.se> | 2016-09-06 07:13:46 +0200 |
---|---|---|
committer | Niels Möller <nisse@lysator.liu.se> | 2016-09-06 07:13:46 +0200 |
commit | 09f13a4a6df4ef7dc880fe27525581d92e0168d4 (patch) | |
tree | 0ddc3ed61d2f16bc0769cdb250189b367d87b82a /NEWS | |
parent | 50d8c444e786f9e043e7ce7d4ab8aac982d9140c (diff) | |
download | nettle-09f13a4a6df4ef7dc880fe27525581d92e0168d4.tar.gz |
Update NEWS for 3.3.
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 70 |
1 files changed, 70 insertions, 0 deletions
@@ -1,3 +1,73 @@ +NEWS for the Nettle 3.3 release + + This release fixes a couple of bugs, and improves resistance + to side-channel attacks on RSA private key operations. + + Changes in behavoir: + + * Invalid private RSA keys, with an even modulo, are now + rejected by rsa_private_key_prepare. (Earlier versions + allowed such keys, even if results of using them were bogus). + + Nettle applications are required to call + rsa_private_key_prepare and check the return value, before + using any other RSA private key functions. Failing to do so + will now lead to crashes for invalid private keys. + + The Gnutls library used to not call rsa_private_key_prepare. + To avoid crashes when using Gnutls with an invalid private + key, Nettle performs additional checks for even moduli in + the functions the rsa_*_sign_tr, and rsa_decrypt_tr, which + are used by all recent versions of Gnutls. + + * Ignore bit 255 of the x coordinate of the input point to + curve25519_mul, as required by RFC 7748. To differentiate at + compile time, curve25519.h defines the constant + NETTLE_CURVE25519_RFC7748. + + Security: + + * RSA and DSA now use side-channel silent modular + exponentiation, to defend against attacks on the private key + from evil processes sharing the same processor cache. This + attack scenario is of particular relevance when running an + HTTPS server on a virtual machine, where you don't know who + you share the cache hardware with. + + Bug fixes: + + * Fix sexp-conv crashes on invalid input. Reported by Hanno + Böck. + + * Fix out-of-bounds read in des_weak_p. Fixed by Nikos + Mavrogiannopoulos. + + * Fix a couple of formally undefined shift operations, + reported by Nikos Mavrogiannopoulos. + + Miscellaneous: + + * Building the public key support of nettle now requires GMP + version 5.0 or later (unless --enable-mini-gmp is used). + + * Filenames of windows DLL libraries now include major number + only. So the dll names change at the same time as the + corresponding soname on ELF platforms. Fixed by Nikos + Mavrogiannopoulos. + + * Fix compilation with c89. Reported by Henrik Grubbström. + + * Eliminate most pointer-signedness warnings. In the process, + the strings representing expression type for sexp_interator + functions were changed from const uint8_t * to const char *. + These functions are undocumented, and it doesn't change the + ABI on any platform I'm aware of. + + The shared library names are libnettle.so.6.3 and + libhogweed.so.4.3, with sonames still libnettle.so.6 and + libhogweed.so.4. It is intended to be fully binary compatible + with nettle-3.1. + NEWS for the Nettle 3.2 release Bug fixes: |