+2018-03-17 Niels Möller <nisse@lysator.liu.se>
+
+ Discourage direct access to data symbols with non-public size.
+ Direct references to these symbols may result in copy-relocations
+ like R_X86_64_COPY, which make the symbol size leak into the ABI.
+ * ecc-curve.h (_nettle_secp_192r1, _nettle_secp_224r1)
+ (_nettle_secp_256r1, _nettle_secp_384r1, _nettle_secp_521r1): Add
+ leading underscore on these data symbols.
+
+ * nettle-meta.h (_nettle_ciphers, _nettle_hashes, _nettle_aeads)
+ (_nettle_armors): Add leading underscore on these data symbols.
+ Update all internal use. Macros without leading underscore remain,
+ and expand to access via accessor functions nettle_get_ciphers and
+ similar.
+
2018-03-10 Niels Möller <nisse@lysator.liu.se>
* eccdata.c (ecc_table_size): New helper function.
#define ecc_192_modp ecc_mod
#endif
-const struct ecc_curve nettle_secp_192r1 =
+const struct ecc_curve _nettle_secp_192r1 =
{
{
192,
const struct ecc_curve *nettle_get_secp_192r1(void)
{
- return &nettle_secp_192r1;
+ return &_nettle_secp_192r1;
}
# error Configuration error
#endif
-const struct ecc_curve nettle_secp_224r1 =
+const struct ecc_curve _nettle_secp_224r1 =
{
{
224,
const struct ecc_curve *nettle_get_secp_224r1(void)
{
- return &nettle_secp_224r1;
+ return &_nettle_secp_224r1;
}
#error Unsupported parameters
#endif
-const struct ecc_curve nettle_secp_256r1 =
+const struct ecc_curve _nettle_secp_256r1 =
{
{
256,
const struct ecc_curve *nettle_get_secp_256r1(void)
{
- return &nettle_secp_256r1;
+ return &_nettle_secp_256r1;
}
#define ecc_384_modp ecc_mod
#endif
-const struct ecc_curve nettle_secp_384r1 =
+const struct ecc_curve _nettle_secp_384r1 =
{
{
384,
const struct ecc_curve *nettle_get_secp_384r1(void)
{
- return &nettle_secp_384r1;
+ return &_nettle_secp_384r1;
}
}
#endif
-const struct ecc_curve nettle_secp_521r1 =
+const struct ecc_curve _nettle_secp_521r1 =
{
{
521,
const struct ecc_curve *nettle_get_secp_521r1(void)
{
- return &nettle_secp_521r1;
+ return &_nettle_secp_521r1;
}
/* The contents of this struct is internal. */
struct ecc_curve;
-/* FIXME: Rename with leading underscore. Due to ABI subtleties,
- applications should not refer to these directly, but use the below
- accessor functions. */
-extern const struct ecc_curve nettle_secp_192r1;
-extern const struct ecc_curve nettle_secp_224r1;
-extern const struct ecc_curve nettle_secp_256r1;
-extern const struct ecc_curve nettle_secp_384r1;
-extern const struct ecc_curve nettle_secp_521r1;
+extern const struct ecc_curve _nettle_secp_192r1;
+extern const struct ecc_curve _nettle_secp_224r1;
+extern const struct ecc_curve _nettle_secp_256r1;
+extern const struct ecc_curve _nettle_secp_384r1;
+extern const struct ecc_curve _nettle_secp_521r1;
#ifdef __GNUC__
#define NETTLE_PURE __attribute__((pure))
}
const struct ecc_curve * const curves[] = {
- &nettle_secp_192r1,
- &nettle_secp_224r1,
+ &_nettle_secp_192r1,
+ &_nettle_secp_224r1,
&_nettle_curve25519,
- &nettle_secp_256r1,
- &nettle_secp_384r1,
- &nettle_secp_521r1,
+ &_nettle_secp_256r1,
+ &_nettle_secp_384r1,
+ &_nettle_secp_521r1,
};
#define numberof(x) (sizeof (x) / sizeof ((x)[0]))
switch (size)
{
case 192:
- ecc = &nettle_secp_192r1;
+ ecc = &_nettle_secp_192r1;
xs = "8e8e07360350fb6b7ad8370cfd32fa8c6bba785e6e200599";
ys = "7f82ddb58a43d59ff8dc66053002b918b99bd01bd68d6736";
zs = "f2e620e086d658b4b507996988480917640e4dc107808bdd";
ctx->digest_size = 20;
break;
case 224:
- ecc = &nettle_secp_224r1;
+ ecc = &_nettle_secp_224r1;
xs = "993bf363f4f2bc0f255f22563980449164e9c894d9efd088d7b77334";
ys = "b75fff9849997d02d135140e4d0030944589586e22df1fc4b629082a";
zs = "cdfd01838247f5de3cc70b688418046f10a2bfaca6de9ec836d48c27";
/* From RFC 4754 */
case 256:
- ecc = &nettle_secp_256r1;
+ ecc = &_nettle_secp_256r1;
xs = "2442A5CC 0ECD015F A3CA31DC 8E2BBC70 BF42D60C BCA20085 E0822CB0 4235E970";
ys = "6FC98BD7 E50211A4 A27102FA 3549DF79 EBCB4BF2 46B80945 CDDFE7D5 09BBFD7D";
zs = "DC51D386 6A15BACD E33D96F9 92FCA99D A7E6EF09 34E70975 59C27F16 14C88A7F";
ctx->digest_size = 32;
break;
case 384:
- ecc = &nettle_secp_384r1;
+ ecc = &_nettle_secp_384r1;
xs = "96281BF8 DD5E0525 CA049C04 8D345D30 82968D10 FEDF5C5A CA0C64E6 465A97EA"
"5CE10C9D FEC21797 41571072 1F437922";
ys = "447688BA 94708EB6 E2E4D59F 6AB6D7ED FF9301D2 49FE49C3 3096655F 5D502FAD"
ctx->digest_size = 48;
break;
case 521:
- ecc = &nettle_secp_521r1;
+ ecc = &_nettle_secp_521r1;
xs = "0151518F 1AF0F563 517EDD54 85190DF9 5A4BF57B 5CBA4CF2 A9A3F647 4725A35F"
"7AFE0A6D DEB8BEDB CD6A197E 592D4018 8901CECD 650699C9 B5E456AE A5ADD190"
"52A8";
#include "nettle-meta.h"
-#undef nettle_hashes
-
const struct nettle_hash *
nettle_lookup_hash (const char *name)
{
unsigned i;
- for (i = 0; nettle_hashes[i]; i++)
- if (!strcmp (name, nettle_hashes[i]->name))
- return nettle_hashes[i];
+ for (i = 0; _nettle_hashes[i]; i++)
+ if (!strcmp (name, _nettle_hashes[i]->name))
+ return _nettle_hashes[i];
return NULL;
}
#include "nettle-meta.h"
-#undef nettle_aeads
-
-const struct nettle_aead * const nettle_aeads[] = {
+const struct nettle_aead * const _nettle_aeads[] = {
&nettle_gcm_aes128,
&nettle_gcm_aes192,
&nettle_gcm_aes256,
const struct nettle_aead * const *
nettle_get_aeads (void)
{
- return nettle_aeads;
+ return _nettle_aeads;
}
#include <stddef.h>
#include "nettle-meta.h"
-#undef nettle_armors
-
-const struct nettle_armor * const nettle_armors[] = {
+const struct nettle_armor * const _nettle_armors[] = {
&nettle_base64,
&nettle_base64url,
&nettle_base16,
const struct nettle_armor * const *
nettle_get_armors (void)
{
- return nettle_armors;
+ return _nettle_armors;
}
#include <stddef.h>
#include "nettle-meta.h"
-#undef nettle_ciphers
-
-const struct nettle_cipher * const nettle_ciphers[] = {
+const struct nettle_cipher * const _nettle_ciphers[] = {
&nettle_aes128,
&nettle_aes192,
&nettle_aes256,
const struct nettle_cipher * const *
nettle_get_ciphers (void)
{
- return nettle_ciphers;
+ return _nettle_ciphers;
}
#include "nettle-meta.h"
-#undef nettle_hashes
-
-const struct nettle_hash * const nettle_hashes[] = {
+const struct nettle_hash * const _nettle_hashes[] = {
&nettle_md2,
&nettle_md4,
&nettle_md5,
const struct nettle_hash * const *
nettle_get_hashes (void)
{
- return nettle_hashes;
+ return _nettle_hashes;
}
nettle_cipher_func *decrypt;
};
-/* FIXME: Rename with leading underscore, but keep current name (and
- size!) for now, for ABI compatibility with nettle-3.1, soname
- libnettle.so.6. */
/* null-terminated list of ciphers implemented by this version of nettle */
-extern const struct nettle_cipher * const nettle_ciphers[];
+extern const struct nettle_cipher * const _nettle_ciphers[];
const struct nettle_cipher * const *
#ifdef __GNUC__
(nettle_hash_digest_func *) name##_digest \
}
-/* FIXME: Rename with leading underscore, but keep current name (and
- size!) for now, for ABI compatibility with nettle-3.1, soname
- libnettle.so.6. */
/* null-terminated list of digests implemented by this version of nettle */
-extern const struct nettle_hash * const nettle_hashes[];
+extern const struct nettle_hash * const _nettle_hashes[];
const struct nettle_hash * const *
#ifdef __GNUC__
nettle_hash_digest_func *digest;
};
-/* FIXME: Rename with leading underscore, but keep current name (and
- size!) for now, for ABI compatibility with nettle-3.1, soname
- libnettle.so.6. */
/* null-terminated list of aead constructions implemented by this
version of nettle */
-extern const struct nettle_aead * const nettle_aeads[];
+extern const struct nettle_aead * const _nettle_aeads[];
const struct nettle_aead * const *
#ifdef __GNUC__
(nettle_armor_decode_final_func *) name##_decode_final, \
}
-/* FIXME: Rename with leading underscore, but keep current name (and
- size!) for now, for ABI compatibility with nettle-3.1, soname
- libnettle.so.6. */
/* null-terminated list of armor schemes implemented by this version of nettle */
-extern const struct nettle_armor * const nettle_armors[];
+extern const struct nettle_armor * const _nettle_armors[];
const struct nettle_armor * const *
#ifdef __GNUC__
/* Triggered a bug reported by Hanno Böck. */
mpz_set_str (r, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFF001C2C00", 16);
mpz_mul_2exp (r, r, 256);
- test_one ("p", &nettle_secp_256r1.p, r);
- test_one ("q", &nettle_secp_256r1.q, r);
+ test_one ("p", &_nettle_secp_256r1.p, r);
+ test_one ("q", &_nettle_secp_256r1.q, r);
mpz_set_str (r, "ffffffff00000001fffffffeffffffffffffffffffffffffffffffc0000000000007ffffffffffffffffffffffffffff00000000000000000fffffffffffffff", 16);
- test_one ("p", &nettle_secp_256r1.p, r);
- test_one ("q", &nettle_secp_256r1.q, r);
+ test_one ("p", &_nettle_secp_256r1.p, r);
+ test_one ("q", &_nettle_secp_256r1.q, r);
/* Triggered a bug reported by Hanno Böck. */
mpz_set_str (r, "4c9000000000000000000000000000000000000000000000004a604db486e000000000000000000000000000000000000000121025be29575adb2c8ffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 16);
- test_one ("p", &nettle_secp_384r1.p, r);
- test_one ("q", &nettle_secp_384r1.q, r);
+ test_one ("p", &_nettle_secp_384r1.p, r);
+ test_one ("q", &_nettle_secp_384r1.q, r);
/* Triggered a carry bug in development version. */
mpz_set_str (r, "e64a84643150260640e4677c19ffc4faef06042132b86af6e9ee33fe1850222e57a514d5f1d6d444008bb896a96a43d5629945e57548f5e12f66be132b24110cbb2df6d7d3dd3aaadc98b0bbf29573843ad72e57f59fc5d4f56cc599da18bb99", 16);
- test_one ("p", &nettle_secp_384r1.p, r);
- test_one ("q", &nettle_secp_384r1.q, r);
+ test_one ("p", &_nettle_secp_384r1.p, r);
+ test_one ("q", &_nettle_secp_384r1.q, r);
mpz_clear (r);
}
void
test_main(void)
{
- test_dh ("secp-192r1", &nettle_secp_192r1,
+ test_dh ("secp-192r1", &_nettle_secp_192r1,
"3406157206141798348095184987208239421004566462391397236532",
"1050363442265225480786760666329560655512990381040021438562",
"5298249600854377235107392014200406283816103564916230704184",
"149293809021051532782730990145509724807636529827149481690",
"2891131861147398318714693938158856874319184314120776776192");
- test_dh ("secp-224r1", &nettle_secp_224r1,
+ test_dh ("secp-224r1", &_nettle_secp_224r1,
"1321072106881784386340709783538698930880431939595776773514895067682",
"6768311794185371282972144247871764855860666277647541840973645586477",
"2880077809069104378181313860274147139049600284805670362929579614547",
"8330362698029245839097779050425944245826040430538860338085968752913",
"24167244512472228715617822000878192535267113543393576038737592837010");
- test_dh ("secp-256r1", &nettle_secp_256r1,
+ test_dh ("secp-256r1", &_nettle_secp_256r1,
"94731533361265297353914491124013058635674217345912524033267198103710636378786",
"22441589863306126152768848344973918725077248391248404659242620344938484650846",
"8673475622926171928656873398933611700804732317466515884933832073457396747355",
"102958799567030688009123101477538973715497039396202015119148334812951370853564",
"29188877854984806245046208182450375893010623119030341548941791125497546766367");
- test_dh ("secp-384r1", &nettle_secp_384r1,
+ test_dh ("secp-384r1", &_nettle_secp_384r1,
"39086550219018474560700767788227987514008150214902287969462741484831311917159729009715909108606822193356890811565070",
"15536343869384820642787280162462493474000839389760580357050317691132784247078954166759523572989472049798969369413707",
"23268351460749985365652822073294615614961429585671989812206213135127969284347174876010177880230302801199500921999966",
"27780263733159299625371532605243698753833039933618994121416145881861678645978369807598146716869504289033472077532789",
"12327518461490664021199432424728005314646140038116972426756705356672414772151215711157356913456651047992140493843405");
- test_dh ("secp-521r1", &nettle_secp_521r1,
+ test_dh ("secp-521r1", &_nettle_secp_521r1,
"1177787298234877762125077260641419691552146813662613924864132680693789861345339466386194840381422980702458955378518702648732728796955434922249345867267377826",
"3168153642368000846168628288850857848098131369578410603904155841373678828215434925507474033105518841999665785152501356092020415699294327720257651796364374116",
"278603899104240796379373331240296114411332466119196525390128418935585486485808560319073463912513286987331907013829243645911963547435764718505394265715321106",
{
/* Test cases for the smaller groups, verified with a
proof-of-concept implementation done for Yubico AB. */
- test_ecdsa (&nettle_secp_192r1,
+ test_ecdsa (&_nettle_secp_192r1,
"DC51D3866A15BACDE33D96F992FCA99D"
"A7E6EF0934E70975", /* z */
"a91fb738f9f175d72f9c98527e881c36"
"8de68cb55ffe589"); /* s */
- test_ecdsa (&nettle_secp_224r1,
+ test_ecdsa (&_nettle_secp_224r1,
"446df0a771ed58403ca9cb316e617f6b"
"158420465d00a69601e22858", /* z */
"f2715c38a95c31a2b486995f"); /* s */
/* From RFC 4754 */
- test_ecdsa (&nettle_secp_256r1,
+ test_ecdsa (&_nettle_secp_256r1,
"DC51D386 6A15BACD E33D96F9 92FCA99D"
"A7E6EF09 34E70975 59C27F16 14C88A7F", /* z */
"86FA3BB4 E26CAD5B F90B7F81 899256CE"
"7594BB1E A0C89212 748BFF3B 3D5B0315"); /* s */
- test_ecdsa (&nettle_secp_384r1,
+ test_ecdsa (&_nettle_secp_384r1,
"0BEB6466 34BA8773 5D77AE48 09A0EBEA"
"865535DE 4C1E1DCB 692E8470 8E81A5AF"
"62E528C3 8B2A81B3 5309668D 73524D9F", /* z */
"09F417BC A112674C 528262A4 0A629AF1"
"CBB9F516 CE0FA7D2 FF630863 A00E8B9F"); /* s*/
- test_ecdsa (&nettle_secp_521r1,
+ test_ecdsa (&_nettle_secp_521r1,
"0065FDA3 409451DC AB0A0EAD 45495112"
"A3D813C1 7BFD34BD F8C1209D 7DF58491"
"20597779 060A7FF9 D704ADF7 8B570FFA"
test_main (void)
{
/* From RFC 4754 */
- test_ecdsa (&nettle_secp_256r1,
+ test_ecdsa (&_nettle_secp_256r1,
"2442A5CC 0ECD015F A3CA31DC 8E2BBC70"
"BF42D60C BCA20085 E0822CB0 4235E970", /* x */
"86FA3BB4 E26CAD5B F90B7F81 899256CE"
"7594BB1E A0C89212 748BFF3B 3D5B0315"); /* s */
- test_ecdsa (&nettle_secp_384r1,
+ test_ecdsa (&_nettle_secp_384r1,
"96281BF8 DD5E0525 CA049C04 8D345D30"
"82968D10 FEDF5C5A CA0C64E6 465A97EA"
"5CE10C9D FEC21797 41571072 1F437922", /* x */
"09F417BC A112674C 528262A4 0A629AF1"
"CBB9F516 CE0FA7D2 FF630863 A00E8B9F"); /* s*/
- test_ecdsa (&nettle_secp_521r1,
+ test_ecdsa (&_nettle_secp_521r1,
"0151518F 1AF0F563 517EDD54 85190DF9"
"5A4BF57B 5CBA4CF2 A9A3F647 4725A35F"
"7AFE0A6D DEB8BEDB CD6A197E 592D4018"
}
const struct ecc_curve * const ecc_curves[] = {
- &nettle_secp_192r1,
- &nettle_secp_224r1,
- &nettle_secp_256r1,
- &nettle_secp_384r1,
- &nettle_secp_521r1,
+ &_nettle_secp_192r1,
+ &_nettle_secp_224r1,
+ &_nettle_secp_256r1,
+ &_nettle_secp_384r1,
+ &_nettle_secp_521r1,
&_nettle_curve25519,
NULL
};
projects / thirdparty / nettle.git / commitdiff
