From: Niels Möller Date: Tue, 6 Sep 2016 05:13:46 +0000 (+0200) Subject: Update NEWS for 3.3. X-Git-Tag: nettle_3.3_release_20161001~14 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=09f13a4a6df4ef7dc880fe27525581d92e0168d4;p=thirdparty%2Fnettle.git Update NEWS for 3.3. --- diff --git a/ChangeLog b/ChangeLog index 4925e0f6..9d8c0bf4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,7 @@ 2016-09-06 Niels Möller + * NEWS: Update for 3.3. + * configure.ac: Bump package version to 3.3. (LIBNETTLE_MINOR): Bump library version to 6.3. (LIBHOGWEED_MINOR): Bump library version to 4.3. diff --git a/NEWS b/NEWS index 488cac04..eabc82e6 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,73 @@ +NEWS for the Nettle 3.3 release + + This release fixes a couple of bugs, and improves resistance + to side-channel attacks on RSA private key operations. + + Changes in behavoir: + + * Invalid private RSA keys, with an even modulo, are now + rejected by rsa_private_key_prepare. (Earlier versions + allowed such keys, even if results of using them were bogus). + + Nettle applications are required to call + rsa_private_key_prepare and check the return value, before + using any other RSA private key functions. Failing to do so + will now lead to crashes for invalid private keys. + + The Gnutls library used to not call rsa_private_key_prepare. + To avoid crashes when using Gnutls with an invalid private + key, Nettle performs additional checks for even moduli in + the functions the rsa_*_sign_tr, and rsa_decrypt_tr, which + are used by all recent versions of Gnutls. + + * Ignore bit 255 of the x coordinate of the input point to + curve25519_mul, as required by RFC 7748. To differentiate at + compile time, curve25519.h defines the constant + NETTLE_CURVE25519_RFC7748. + + Security: + + * RSA and DSA now use side-channel silent modular + exponentiation, to defend against attacks on the private key + from evil processes sharing the same processor cache. This + attack scenario is of particular relevance when running an + HTTPS server on a virtual machine, where you don't know who + you share the cache hardware with. + + Bug fixes: + + * Fix sexp-conv crashes on invalid input. Reported by Hanno + Böck. + + * Fix out-of-bounds read in des_weak_p. Fixed by Nikos + Mavrogiannopoulos. + + * Fix a couple of formally undefined shift operations, + reported by Nikos Mavrogiannopoulos. + + Miscellaneous: + + * Building the public key support of nettle now requires GMP + version 5.0 or later (unless --enable-mini-gmp is used). + + * Filenames of windows DLL libraries now include major number + only. So the dll names change at the same time as the + corresponding soname on ELF platforms. Fixed by Nikos + Mavrogiannopoulos. + + * Fix compilation with c89. Reported by Henrik Grubbström. + + * Eliminate most pointer-signedness warnings. In the process, + the strings representing expression type for sexp_interator + functions were changed from const uint8_t * to const char *. + These functions are undocumented, and it doesn't change the + ABI on any platform I'm aware of. + + The shared library names are libnettle.so.6.3 and + libhogweed.so.4.3, with sonames still libnettle.so.6 and + libhogweed.so.4. It is intended to be fully binary compatible + with nettle-3.1. + NEWS for the Nettle 3.2 release Bug fixes: