From: Niels Möller Date: Mon, 23 Oct 2017 20:25:58 +0000 (+0200) Subject: Merge remote-tracking branch 'origin/master' into api-opaque X-Git-Tag: nettle_3.4rc1~10^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=61460b2e8edda447a40fb1264cb1327114ea61d3;p=thirdparty%2Fnettle.git Merge remote-tracking branch 'origin/master' into api-opaque --- 61460b2e8edda447a40fb1264cb1327114ea61d3 diff --cc ChangeLog index cf37b0b1,24e266ee..0b98d741 --- a/ChangeLog +++ b/ChangeLog @@@ -1,49 -1,217 +1,263 @@@ +2017-10-23 Niels Möller + + Undo added underscores on public symbols. + +2017-04-09 Niels Möller + + * ecc-curve.h (nettle_get_secp_192r1, nettle_get_secp_224r1) + (nettle_get_secp_256r1, nettle_get_secp_384r1) + (nettle_get_secp_521r1): New functions, returning a pointer to + corresponding structure. + (nettle_secp_192r1, nettle_secp_224r1, nettle_secp_256r1) + (nettle_secp_384r1, nettle_secp_521r1): Redefined as macros, + calling the corresponding function. + + * nettle-meta.h (nettle_ciphers, nettle_aeads, nettle_armors): New + macros, analogous to below change to nettle_hashes. + + * nettle-meta-ciphers.c (_nettle_ciphers): Renamed array, from... + (nettle_ciphers: ... old name. + (nettle_get_ciphers): New function. + + * nettle-meta-aeads.c (_nettle_aeads): Renamed array, from... + (nettle_aeads: ... old name. + (nettle_get_aeads): New function. + + * nettle-meta-armors.c (_nettle_armors): Renamed array, from... + (nettle_armors: ... old name. + (nettle_get_armors): New function. + +2017-01-12 Niels Möller + + * tools/nettle-hash.c (find_algorithm): Deleted function. + (main): Replaced by call to nettle_lookup_hash. + + * testsuite/meta-hash-test.c (test_main): Use nettle_lookup_hash. + + * nettle-meta.h (nettle_hashes): New macro, expanding to a call to + nettle_get_hashes. Direct access to the array causes the array + size to leak into the ABI, since a plain un-relocatable executable + linking with libnettle.so gets copy relocations for any referenced + data items in the shared library. + + * nettle-meta-hashes.c (_nettle_hashes): Renamed array, from... + (nettle_hashes): ... old name. + (nettle_get_hashes): New function. + + 2017-10-16 Niels Möller + + CFB support, contributed by Dmitry Eremin-Solenikov. + * cfb.c (cfb_encrypt, cfb_decrypt): New file, new functions. + * cfb.h: New header file. + (CFB_CTX, CFB_SET_IV, CFB_ENCRYPT, CFB_DECRYPT): New macros. + * Makefile.in (nettle_SOURCES): Add cfb.c. + (HEADERS): Add cfb.h. + * testsuite/cfb-test.c: New test case. + * testsuite/testutils.c (test_cipher_cfb): New function. + * nettle.texinfo (CFB): Documentation. + + 2017-10-16 Niels Möller + + * aclocal.m4 (GMP_PROG_CC_FOR_BUILD): Add -g when compiling with + gcc. + + 2017-09-24 Niels Möller + + * tools/pkcs1-conv.c (base64_decode_in_place): New helper + function. + (decode_base64): Use it. + + * sexp-transport-format.c (base64_encode_in_place): New helper + function. + (sexp_transport_vformat): Use it. + + * testsuite/base64-test.c (test_fuzz_once): Update to use char + type where appropriate. + (test_main): Use helper functions base64_encode_in_place and + base64_decode_in_place (copied to this file). + + * testsuite/testutils.c (tstring_data): Use uint8_t for data + argument. + * testsuite/testutils.h (SDATA): Use US macro to cast data + argument. + + 2017-09-14 Niels Möller + + * hkdf.c: Delete unneeded includes. Use Nettle licensing notice. + * hkdf.h: Include only nettle-types.h, not nettle-meta.h. + + * ecc-mod.c (ecc_mod): Workaround to silence a false positive from + the clang static analyzer. + + 2017-09-12 Niels Möller + + * testsuite/testutils.h (mpn_zero_p): Avoid redefining mpn_zero_p + when building with mini-gmp. Since the mini-gmp update, this + function is defined by mini-gmp, causing link errors if nettle is + configured with --enable-mini-gmp --disable-shared. Reported by + Tim Rühsen. + + 2017-09-09 Daiki Ueno + + * testsuite/ecc-mul-g-test.c (test_main): Fixed mpn_cmp call. + * testsuite/ecc-mul-a-test.c (test_main): Likewise. + * eccdata.c (ecc_point_out): Write to given stream, instead of + stderr. + * eccdata.c (output_curve): In curve448, the bit size of the order + is slightly smaller than the one of p's. Adjust ecc_Bmodq_shifted + accordingly. + + 2017-09-09 Niels Möller + + * mini-gmp.c: Updated mini-gmp from the gmp repository, latest + change from 2017-07-23. + * mini-gmp.h: Likewise. + + 2017-09-06 Niels Möller + + * hkdf.c (hkdf_expand): Eliminate a (signed) ssize_t variable, use + break rather than return at loop termination. + + 2017-09-06 Niels Möller + + HKDF implementation, contributed by Nikos Mavrogiannopoulos. + * hkdf.c (hkdf_extract, hkdf_expand): New file, new functions. + * hkdf.h: New file. + * Makefile.in (nettle_SOURCES): Add hkdf.c. + (HEADERS): Add hkdf.h. + * testsuite/hkdf-test.c: Tests for hkdf-sha256 and hkdf-sha1. + * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added hkdf-test.c. + * nettle.texinfo (Key derivation functions): Document HKDF. + + 2017-09-04 Andreas Schneider + + * fat-arm.c: Add missing define for _GNU_SOURCE. + + 2017-08-27 Niels Möller + + * configure.ac (GMP_NUMB_BITS): Set to dummy value "n/a" in + mini-gmp builds. + (NUMB_BITS): New substituted variable which always holds the + configured value. + * Makefile.in (GMP_NUMB_BITS): Renamed variable... + (NUMB_BITS): ...new name + * config.make.in: Update corresponding substitution. + + 2017-08-26 Niels Möller + + * ecc-mod-inv.c (ecc_mod_inv): Add missing assert. Fixes a + "dead increment" warning from the clang static analyzer. + + 2017-08-26 Niels Möller + + * examples/nettle-openssl.c (struct openssl_cipher_ctx): New + struct. Use everywhere, instead of typing EVP_CIPHER_CTX pointers + directly. + + * configure.ac: Update openssl-related tests. Checks for + cipher-specific headers are replaced by a check for openssl/evp.h, + and the check for the BF_ecb_encrypt function is replaced by a + check for EVP_CIPHER_CTX_new. + + 2017-08-03 Daniel P. Berrange + + * examples/nettle-openssl.c: Rewritten to use openssl's EVP APIs. + The older cipher-specific functions always use openssl's generic + software implementation, while the EVP functions enables + platform-specific code, e.g., using the x86 AES-NI instructions. + (nettle_openssl_init): New function. + + 2017-07-18 Niels Möller + + * ecc-add-eh.c (ecc_add_eh): Fix in-place operation by reordering + two multiplies. Previously, in-place operation resulted in an + invalid call to mpn_mul with overlapping operands. Reported by + Sergei Trofimovich. + + 2017-06-09 Niels Möller + + * pss.c (pss_verify_mgf1): Check for m being too large, fixing an + assertion failure for certain invalid signatures. Based on a patch + contributed by Daiki Ueno. + + * testsuite/rsa-pss-sign-tr-test.c (test_main): Add test case + contributed by Daiki Ueno. Problem originally found by oss-fuzz, + see https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2132. + That problem report is currently embargoed, but will hopefully be + public in a month or two. + + 2017-05-23 Niels Möller + + Rework the previous change, which had the unintended effect of + always regenerating .test-rules.make after ./configure is run. + * testsuite/Makefile.in (test-rules.stamp): New stamp file target, + depend on Makefile.in, and run $(MAKE) test-rules. + (.test-rules.make): Add a level of indirection, by depending on + test-rules.stamp. + + 2017-05-20 Niels Möller + + * testsuite/Makefile.in (test-rules): Use $(srddir)/-prefix for + .test-rules.make target, and change dependency from Makefile.in to + Makefile. + + 2017-05-17 Nikos Mavrogiannopoulos + + * testsuite/Makefile.in: Ensure .test-rules.make is regenerated + when Makefile.in is modified. + + 2017-04-09 Niels Möller + + * testsuite/dlopen-test.c (main): Call dlclose, to fix memory leak + on success. + + * testsuite/pss-test.c: Delete magic to let valgrind to check if + pss_encode_mgf1 is side-channel silent with respect to the salt + and digest inputs. It turns out that the most significant bits of + the padded bignum, and hence its size, depends on these inputs. + Which results in a data-dependent branch in the normalization code + of at the end of gmp's mpz_import. + + 2017-04-04 Niels Möller + + * pss.c (pss_verify_mgf1): Use const for input mpz_t argument. + (pss_encode_mgf1): Avoid unnecessary memset and xor operations. + + Merged RSA-PSS support, contributed by Daiki Ueno. + * pss-mgf1.h, pss.h: New header files. + * pss-mgf1.c (pss_mgf1): New file and function. + * pss.c (pss_encode_mgf1, pss_verify_mgf1): New file and + functions. + * rsa-verify.c (_rsa_verify_recover): New function. + * rsa-pss-sha256-sign-tr.c: (rsa_pss_sha256_sign_digest_tr): New + file and function. + * rsa-pss-sha256-verify.c (rsa_pss_sha256_verify_digest): New + file and function. + * rsa-pss-sha512-sign-tr.c (rsa_pss_sha384_sign_digest_tr) + (rsa_pss_sha512_sign_digest_tr): New file and functions. + * rsa-pss-sha512-verify.c (rsa_pss_sha384_verify_digest) + (rsa_pss_sha512_verify_digest): New file and functions. + * rsa.h: Prototypes for new functions. + * testsuite/rsa-pss-sign-tr-test.c: New test case. + * testsuite/pss-test.c: New test case. + * testsuite/pss-mgf1-test.c: New test case. + * Makefile.in, testsuite/Makefile.in: Added new files. + * nettle.texinfo: Documentation of rsa-pss functions. + + 2017-03-20 Niels Möller + + * nettle-internal.h (NETTLE_MAX_HASH_CONTEXT_SIZE): New constant. + * testsuite/meta-hash-test.c (test_main): Add sanity check for + NETTLE_MAX_HASH_CONTEXT_SIZE. + + * tools/nettle-hash.c (list_algorithms): Also display the internal + context size. + + 2017-01-03 Nikos Mavrogiannopoulos + + * ecdsa-verify.c (ecdsa_verify): Eliminated memory leak on error + path. + 2016-10-10 Niels Möller * write-be32.c (_nettle_write_be32): Use const for source argument. diff --cc testsuite/meta-hash-test.c index afc71504,f7fa5369..4754f665 --- a/testsuite/meta-hash-test.c +++ b/testsuite/meta-hash-test.c @@@ -21,16 -23,21 +23,16 @@@ const char* hashes[] = void test_main(void) { - int i,j; + int i; int count = sizeof(hashes)/sizeof(*hashes); for (i = 0; i < count; i++) { - for (j = 0; NULL != nettle_hashes[j]; j++) { - if (0 == strcmp(hashes[i], nettle_hashes[j]->name)) - break; - } - ASSERT(NULL != nettle_hashes[j]); /* make sure we found a matching hash */ + /* make sure we found a matching hash */ + ASSERT(nettle_lookup_hash(hashes[i]) != NULL); } - j = 0; - while (NULL != nettle_hashes[j]) - j++; - ASSERT(j == count); /* we are not missing testing any hashes */ - for (j = 0; NULL != nettle_hashes[j]; j++) { - ASSERT(nettle_hashes[j]->digest_size <= NETTLE_MAX_HASH_DIGEST_SIZE); - ASSERT(nettle_hashes[j]->context_size <= NETTLE_MAX_HASH_CONTEXT_SIZE); + - while (NULL != nettle_hashes[i]) - i++; - ASSERT(i == count); /* we are not missing testing any hashes */ - for (i = 0; NULL != nettle_hashes[i]; i++) ++ for (i = 0; NULL != nettle_hashes[i]; i++) { + ASSERT(nettle_hashes[i]->digest_size <= NETTLE_MAX_HASH_DIGEST_SIZE); ++ ASSERT(nettle_hashes[i]->context_size <= NETTLE_MAX_HASH_CONTEXT_SIZE); + } ++ ASSERT(i == count); /* we are not missing testing any hashes */ } diff --cc tools/nettle-hash.c index d7d4ce2e,488dff3d..24199921 --- a/tools/nettle-hash.c +++ b/tools/nettle-hash.c @@@ -53,13 -53,26 +53,13 @@@ list_algorithms (void { unsigned i; const struct nettle_hash *alg; - printf ("%10s digestsize (internal block size), in units of octets\n", "name"); + printf ("%10s digestsize (internal block size, context size), in units of octets\n", "name"); for (i = 0; (alg = nettle_hashes[i]); i++) - printf ("%10s %d (%d)\n", - alg->name, alg->digest_size, alg->block_size); + printf ("%10s %d (%d, %d)\n", + alg->name, alg->digest_size, alg->block_size, alg->context_size); }; -static const struct nettle_hash * -find_algorithm (const char *name) -{ - const struct nettle_hash *alg; - unsigned i; - - for (i = 0; (alg = nettle_hashes[i]); i++) - if (!strcmp(name, alg->name)) - return alg; - - return NULL; -} - /* Also in examples/io.c */ static int hash_file(const struct nettle_hash *hash, void *ctx, FILE *f)