From: Niels Möller Date: Wed, 28 Sep 2022 15:50:16 +0000 (+0200) Subject: Merge branch 'ecdsa-duplication-fix' X-Git-Tag: nettle_3.9_release_20230514~55 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=805e2e8448fdcd26ed1b248a77b59ef71e8f6845;p=thirdparty%2Fnettle.git Merge branch 'ecdsa-duplication-fix' --- 805e2e8448fdcd26ed1b248a77b59ef71e8f6845 diff --cc ChangeLog index 93da4856,0f497b52..6f6bd841 --- a/ChangeLog +++ b/ChangeLog @@@ -1,48 -1,21 +1,66 @@@ +2022-09-28 Niels Möller + + * testsuite/meta-hash-test.c (test_main): Add check of + NETTLE_MAX_HASH_BLOCK_SIZE. + * nettle-internal.h (NETTLE_MAX_HASH_BLOCK_SIZE): Increase to 144, + to accommodate sha3_224. + * testsuite/meta-cipher-test.c (test_main): Check that cipher + metadata doesn't exceed NETTLE_MAX_CIPHER_BLOCK_SIZE or + NETTLE_MAX_CIPHER_KEY_SIZE. + + From Daiki Ueno: + * siv-gcm.c (siv_gcm_encrypt_message, siv_gcm_decrypt_message): + New file, implementation of SIV-GCM. + * siv-gcm.h (SIV_GCM_BLOCK_SIZE, SIV_GCM_DIGEST_SIZE) + (SIV_GCM_NONCE_SIZE): New header file, new constants and + declarations. + * siv-gcm-aes128.c (siv_gcm_aes128_encrypt_message) + (siv_gcm_aes128_decrypt_message): New file and functions. + * siv-gcm-aes256.c (siv_gcm_aes256_encrypt_message) + (siv_gcm_aes256_decrypt_message): Likewise. + * siv-ghash-set-key.c (_siv_ghash_set_key): New file, new internal + function. + * siv-ghash-update.c (_siv_ghash_update): Likewise. + * block-internal.h (block16_bswap): New inline function. + * bswap-internal.h (bswap64_if_be): New macro. + * nettle-internal.h (NETTLE_MAX_CIPHER_KEY_SIZE): New constant. + * Makefile.in (nettle_SOURCES): Add new source files. + (HEADERS): Add siv-gcm.h. + * testsuite/siv-gcm-test.c: New tests. + * testsuite/Makefile.in (TS_NETTLE_SOURCES): Add siv-gcm-test.c. + * nettle.texinfo (SIV-GCM): Documentation. + + From Zoltan Fridrich: + * balloon.c (balloon, balloon_itch): Implementation of balloon + password hash. + * balloon.h: New header file. + * balloon-sha1.c (balloon_sha1): New file and function. + * balloon-sha256.c (balloon_sha256): Likewise. + * balloon-sha384.c (balloon_sha384): Likewise. + * balloon-sha512.c (balloon_sha512): Likewise. + * Makefile.in (nettle_SOURCES): Add balloon source files. + (HEADERS): Add ballon.h. + * testsuite/balloon-test.c: New tests. + * testsuite/Makefile.in (TS_NETTLE_SOURCES): Add balloon-test.c. + + 2022-09-14 Niels Möller + + * ecc-nonsec-add-jjj.c (ecc_nonsec_add_jjj): New file and + function. + * ecc-internal.h: Declare it. + * Makefile.in (hogweed_SOURCES): Add ecc-nonsec-add-jjj.c. + * testsuite/ecc-add-test.c (test_main): Add tests for ecc_nonsec_add_jjj. + + * ecc-ecdsa-verify.c (ecc_ecdsa_verify): Use ecc_nonsec_add_jjj, + to produce correct result in a corner case where point addition + needs to use point duplication. Also use ecc_j_to_a rather than + ecc->h_to_a, since ecdsa supports only weierstrass curves. + * ecc-gostdsa-verify.c (ecc_gostdsa_verify): Analogous change. + + * testsuite/ecdsa-verify-test.c (test_main): Add corresponding test. + * testsuite/ecdsa-sign-test.c (test_main): And a test producing + the problematic signature. + 2022-09-08 Niels Möller * eccdata.c (string_toupper): New utility function.