nettle-bugs December 2015

nettle-bugs@lists.lysator.liu.se

5 participants
6 discussions

using gitlab CI for nettle
by Nikos Mavrogiannopoulos 25 Jan '16

25 Jan '16

Hi, gitlab now allows mirroring projects so I've setup a mirror of nettle at gitlab main server: https://gitlab.com/gnutls/nettle This has the advantage of using gnutls' CI servers. For that I attach the file needed to be present to enable using these servers. On every commit nettle will be tested for building + make check, in the available platforms and a mail will be sent to the author/committer. An example run can be seen at: https://gitlab.com/gnutls/nettle/builds?scope=finished regards, Nikos

2 7

Miscalculations on secp384 curve
by Hanno Böck 15 Dec '15

15 Dec '15

Hi, Attached is an example elliptic curve multiplication that will produce a wrong result in nettle. It's a multiplication of these coordinates 23000000000000000000000000000000000000000000000000110011C2DD0000000000000000000 46BE3FEF75FCA4BD52CE28EC3F1483A05EE154965B05282F9029E14277409908C0EBAAD2CA5449FFA61FEC78473816BC with this scalar 23000000000000C1DD3FF800E83E2CACA1010A21 The example code will do the calculation with both openssl and nettle and will produce different results (I have verified the result with nss, which produces the same result as openssl). Compile with gcc nettle-nistp384-miscalc.c -lhogweed -lgmp -lcrypto -- Hanno Böck http://hboeck.de/ mail/jabber: hanno(a)hboeck.de GPG: BBB51E42

2 4

secp256 calculation bug (already fixed)
by Hanno Böck 12 Dec '15

12 Dec '15

Hi, I had reported this privately to Niels Möller, but I'm re-sending it here so it's publicly available and archived. (Niels didn't think it's neccesary to keep this private.) The attached example will show a bug in the nistp256 point multiplication of nettle. It compiles a certain curve point with 1 which should not change the coordinates, however it does. Was fixed here: https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e455… -- Hanno Böck http://hboeck.de/ mail/jabber: hanno(a)hboeck.de GPG: BBB51E42

1 0

nettle + rsa crt fix
by Nikos Mavrogiannopoulos 11 Dec '15

11 Dec '15

Hi, Given this issue in openssl [0] , I think the issue of software errors helping retrieve an RSA key seems less and less foreign. Given its repercussions if such an issue exists (RSA private keys can be retrieved) would it make sense to have a bug fix release with that? regards, Nikos [0]. https://blog.fuzzing-project.org/31-Fuzzing-Math-miscalculations-in-OpenSSL…

3 4

RSASSA-PSS API
by andy lawrence 08 Dec '15

08 Dec '15

Hello, I have been thinking about implementing RSASSA-PSS in Nettle. I would like to propose the following API for performing and verifying signatures: diff --git a/rsa.h b/rsa.h > index 6d2574b..b9faffe 100644 > --- a/rsa.h > +++ b/rsa.h > @@ -35,6 +35,7 @@ > #define NETTLE_RSA_H_INCLUDED > > #include "nettle-types.h" > +#include "nettle-meta.h" > #include "bignum.h" > > #include "md5.h" > @@ -188,6 +189,27 @@ int > rsa_private_key_prepare(struct rsa_private_key *key); > > > +/* PSS style signatures */ > +int > +rsa_pss_sign(const struct rsa_private_key *key, > + size_t length, const uint8_t *digest_info, > + mpz_t s, const struct nettle_hash *hash_func, > + size_t salt_length, const uint8_t *salt); > + > +int > +rsa_pss_sign_tr(const struct rsa_public_key *pub, > + const struct rsa_private_key *key, > + void *random_ctx, nettle_random_func *random, > + size_t length, const uint8_t *digest_info, > + mpz_t s, const struct nettle_hash *hash_func, > + size_t salt_length, const uint8_t *salt); > + > +int > +rsa_pss_verify(const struct rsa_public_key *key, > + size_t length, const uint8_t *digest_info, > + const mpz_t signature, const struct nettle_hash *hash_func, > + size_t salt_length); > + > /* PKCS#1 style signatures */ > int > rsa_pkcs1_sign(const struct rsa_private_key *key, > It is fairly similar to PKCS#1 API but with the addition of a hash function and salt. If this sounds reasonable then I will have a go at writing the implementations. Best wishes, Andrew Lawrence

4 6

SIGILL on armv7
by Nikos Mavrogiannopoulos 03 Dec '15

03 Dec '15

Hi, It was reported that nettle crashes with SIGILL on an armv7 system. I've gather some info from the report [0], but let me know if you need anything else. My hunch is that this is neon related, and that the system that was used for compilation supported it but the final system doesn't. I'll disable neon support in the fedora builds and see how it works out. The instruction that fails is: (gdb) x/i$pc => 0xb6647af8 <_nettle_salsa20_core+8>: vldmia r12, {d20-d25} And the backtrace is: (gdb) backtrace #0 _nettle_salsa20_core () at salsa20-core-internal.s:58 #1 0xb6647db4 in nettle_salsa20r12_crypt (ctx=ctx@entry=0xb6cc7f40 <nonce_ctx>, length=<optimized out>, length@entry=29, c=c@entry=0x7f67ce83 "", m=m@entry=0x7f67ce83 "") at salsa20r12-crypt.c:65 #2 0xb6c9b1e0 in wrap_nettle_rnd_nonce (_ctx=<optimized out>, datasize=29, data=0x7f67ce83) at rnd.c:302 #3 wrap_nettle_rnd (_ctx=<optimized out>, level=level@entry=0, data=0x7f67ce83, datasize=datasize@entry=29) at rnd.c:321 #4 0xb6bcdd2c in _gnutls_rnd (len=29, data=<optimized out>, level=GNUTLS_RND_NONCE) at ./random.h:37 #5 create_tls_random (dst=<optimized out>) at gnutls_handshake.c:205 #6 0xb6bce0e0 in _gnutls_set_client_random (session=<optimized out>, rnd=<optimized out>) at gnutls_handshake.c:230 #7 0xb6bcf460 in send_client_hello (again=<optimized out>, session=0x7f67ce38) at gnutls_handshake.c:2039 #8 send_hello (session=session@entry=0x7f67ce38, again=<optimized out>) at gnutls_handshake.c:2249 #9 0xb6bd2ca4 in handshake_client (session=0x7f67ce38) at gnutls_handshake.c:2732 #10 gnutls_handshake (session=0x7f67ce38) at gnutls_handshake.c:2583 #11 0xb6f9a9d8 in cstp_handshake (vpninfo=vpninfo@entry=0x7f58ccf8, init=64, init@entry=1) at gnutls.c:2250 #12 0xb6f9aff8 in openconnect_open_https (vpninfo=vpninfo@entry=0x7f58ccf8) at gnutls.c:2227 #13 0xb6f7cc70 in do_https_request (vpninfo=vpninfo@entry=0x7f58ccf8, method=0xb6f9f700 "POST", method@entry=0xb6ffec80 <__stack_chk_guard> "", request_body_type=request_body_type@entry=0xb6f9fa28 "application/x-www-form-urlencoded", request_body=request_body@entry=0x7f58d480, form_buf=0xbefff25c, form_buf@entry=0x1bb, fetch_redirect=fetch_redirect@entry=0) at http.c:875 #14 0xb6f8d1a0 in cstp_obtain_cookie (vpninfo=<optimized out>) at auth.c:1238 #15 0x7f559508 in main (argc=0, argv=0x0) at main.c:1388 [0]. The full report: https://bugzilla.redhat.com/show_bug.cgi?id=1287298#c10 regards, Nikos

2 3

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

nettle-bugs December 2015