From 23b2da4686101af375165601c72a26c2fc42739b Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Thu, 30 Apr 2015 11:56:29 +0200 Subject: [PATCH] Updated to nettle 3.1.1 --- .gitignore | 1 + hobble-nettle | 21 +- nettle-2.7.1-remove-ecc-testsuite.patch | 131 ------ nettle-2.7.1-tmpalloc.patch | 590 ------------------------ nettle-3.1.1-remove-ecc-testsuite.patch | 180 ++++++++ nettle.spec | 32 +- sources | 2 +- 7 files changed, 212 insertions(+), 745 deletions(-) delete mode 100644 nettle-2.7.1-remove-ecc-testsuite.patch delete mode 100644 nettle-2.7.1-tmpalloc.patch create mode 100644 nettle-3.1.1-remove-ecc-testsuite.patch diff --git a/.gitignore b/.gitignore index d332619..859e28e 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ nettle-1.15.tar.gz /nettle-2.4.tar.gz /nettle-2.6.tar.gz /nettle-2.7.1-hobbled.tar.gz +/nettle-3.1.1-hobbled.tar.gz diff --git a/hobble-nettle b/hobble-nettle index c68d538..935e062 100755 --- a/hobble-nettle +++ b/hobble-nettle @@ -13,14 +13,16 @@ for f in ecc-192.c ecc-224.c; do done patch -p1 << __EOF__ ---- nettle-2.7.1.orig/eccdata.c 2013-05-28 16:21:53.000000000 +0200 -+++ nettle-2.7.1/eccdata.c 2013-11-25 15:20:42.208517159 +0100 -@@ -287,69 +287,6 @@ +diff --git a/eccdata.c b/eccdata.c +index 9533d78..2f0e4e7 100644 +--- a/eccdata.c ++++ b/eccdata.c +@@ -349,71 +349,6 @@ ecc_curve_init (struct ecc_curve *ecc, unsigned bit_size) { switch (bit_size) { - case 192: -- ecc_curve_init_str (ecc, +- ecc_curve_init_str (ecc, ECC_TYPE_WEIERSTRASS, - /* p = 2^{192} - 2^{64} - 1 */ - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE" - "FFFFFFFFFFFFFFFF", @@ -35,7 +37,8 @@ patch -p1 << __EOF__ - "f4ff0afd82ff1012", - - "07192b95ffc8da78631011ed6b24cdd5" -- "73f977a11e794811"); +- "73f977a11e794811", +- NULL, NULL); - ecc->ref = ecc_alloc (3); - ecc_set_str (&ecc->ref[0], /* 2 g */ - "dafebf5828783f2ad35534631588a3f629a70fb16982a888", @@ -51,7 +54,7 @@ patch -p1 << __EOF__ - - break; - case 224: -- ecc_curve_init_str (ecc, +- ecc_curve_init_str (ecc, ECC_TYPE_WEIERSTRASS, - /* p = 2^{224} - 2^{96} + 1 */ - "ffffffffffffffffffffffffffffffff" - "000000000000000000000001", @@ -66,7 +69,8 @@ patch -p1 << __EOF__ - "56c21122343280d6115c1d21", - - "bd376388b5f723fb4c22dfe6cd4375a0" -- "5a07476444d5819985007e34"); +- "5a07476444d5819985007e34", +- NULL, NULL); - - ecc->ref = ecc_alloc (3); - ecc_set_str (&ecc->ref[0], /* 2 g */ @@ -83,7 +87,6 @@ patch -p1 << __EOF__ - - break; case 256: - ecc_curve_init_str (ecc, + ecc_curve_init_str (ecc, ECC_TYPE_WEIERSTRASS, /* p = 2^{256} - 2^{224} + 2^{192} + 2^{96} - 1 */ - __EOF__ diff --git a/nettle-2.7.1-remove-ecc-testsuite.patch b/nettle-2.7.1-remove-ecc-testsuite.patch deleted file mode 100644 index 306d47e..0000000 --- a/nettle-2.7.1-remove-ecc-testsuite.patch +++ /dev/null @@ -1,131 +0,0 @@ -diff -ur nettle-2.7.1.orig/examples/ecc-benchmark.c nettle-2.7.1/examples/ecc-benchmark.c ---- nettle-2.7.1.orig/examples/ecc-benchmark.c 2013-05-28 16:21:54.000000000 +0200 -+++ nettle-2.7.1/examples/ecc-benchmark.c 2013-11-25 14:57:21.168064904 +0100 -@@ -262,8 +262,6 @@ - } - - const struct ecc_curve * const curves[] = { -- &nettle_secp_192r1, -- &nettle_secp_224r1, - &nettle_secp_256r1, - &nettle_secp_384r1, - &nettle_secp_521r1, -Only in nettle-2.7.1/examples: ecc-benchmark.c~ -diff -ur nettle-2.7.1.orig/examples/hogweed-benchmark.c nettle-2.7.1/examples/hogweed-benchmark.c ---- nettle-2.7.1.orig/examples/hogweed-benchmark.c 2013-05-28 16:21:54.000000000 +0200 -+++ nettle-2.7.1/examples/hogweed-benchmark.c 2013-11-25 14:57:53.728295845 +0100 -@@ -376,23 +376,6 @@ - - switch (size) - { -- case 192: -- ecc = &nettle_secp_192r1; -- xs = "8e8e07360350fb6b7ad8370cfd32fa8c6bba785e6e200599"; -- ys = "7f82ddb58a43d59ff8dc66053002b918b99bd01bd68d6736"; -- zs = "f2e620e086d658b4b507996988480917640e4dc107808bdd"; -- ctx->digest = hash_string (&nettle_sha1, 3, "abc"); -- ctx->digest_size = 20; -- break; -- case 224: -- ecc = &nettle_secp_224r1; -- xs = "993bf363f4f2bc0f255f22563980449164e9c894d9efd088d7b77334"; -- ys = "b75fff9849997d02d135140e4d0030944589586e22df1fc4b629082a"; -- zs = "cdfd01838247f5de3cc70b688418046f10a2bfaca6de9ec836d48c27"; -- ctx->digest = hash_string (&nettle_sha224, 3, "abc"); -- ctx->digest_size = 28; -- break; -- - /* From RFC 4754 */ - case 256: - ecc = &nettle_secp_256r1; -@@ -585,13 +568,10 @@ - #if 0 - { "dsa",2048, bench_dsa_init, bench_dsa_sign, bench_dsa_verify, bench_dsa_clear }, - #endif -- { "ecdsa", 192, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear }, -- { "ecdsa", 224, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear }, - { "ecdsa", 256, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear }, - { "ecdsa", 384, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear }, - { "ecdsa", 521, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear }, - #if WITH_OPENSSL -- { "ecdsa (openssl)", 224, bench_openssl_init, bench_openssl_sign, bench_openssl_verify, bench_openssl_clear }, - { "ecdsa (openssl)", 384, bench_openssl_init, bench_openssl_sign, bench_openssl_verify, bench_openssl_clear }, - { "ecdsa (openssl)", 521, bench_openssl_init, bench_openssl_sign, bench_openssl_verify, bench_openssl_clear }, - #endif -Only in nettle-2.7.1/examples: hogweed-benchmark.c~ -diff -ur nettle-2.7.1.orig/testsuite/ecdsa-sign-test.c nettle-2.7.1/testsuite/ecdsa-sign-test.c ---- nettle-2.7.1.orig/testsuite/ecdsa-sign-test.c 2013-05-28 16:21:54.000000000 +0200 -+++ nettle-2.7.1/testsuite/ecdsa-sign-test.c 2013-11-25 14:54:01.104562760 +0100 -@@ -55,37 +55,6 @@ - { - /* Test cases for the smaller groups, verified with a - proof-of-concept implementation done for Yubico AB. */ -- test_ecdsa (&nettle_secp_192r1, -- "DC51D3866A15BACDE33D96F992FCA99D" -- "A7E6EF0934E70975", /* z */ -- -- "9E56F509196784D963D1C0A401510EE7" -- "ADA3DCC5DEE04B15", /* k */ -- -- SHEX("BA7816BF8F01CFEA414140DE5DAE2223" -- "B00361A396177A9C"), /* h */ -- -- "8c478db6a5c131540cebc739f9c0a9a8" -- "c720c2abdd14a891", /* r */ -- -- "a91fb738f9f175d72f9c98527e881c36" -- "8de68cb55ffe589"); /* s */ -- -- test_ecdsa (&nettle_secp_224r1, -- "446df0a771ed58403ca9cb316e617f6b" -- "158420465d00a69601e22858", /* z */ -- -- "4c13f1905ad7eb201178bc08e0c9267b" -- "4751c15d5e1831ca214c33f4", /* z */ -- -- SHEX("1b28a611fe62ab3649350525d06703ba" -- "4b979a1e543566fd5caa85c6"), /* h */ -- -- "2cc280778f3d067df6d3adbe3a6aad63" -- "bc75f08f5c5f915411902a99", /* r */ -- -- "d0f069fd0f108eb07b7bbc54c8d6c88d" -- "f2715c38a95c31a2b486995f"); /* s */ - - /* From RFC 4754 */ - test_ecdsa (&nettle_secp_256r1, -Only in nettle-2.7.1/testsuite: ecdsa-sign-test.c~ -diff -ur nettle-2.7.1.orig/testsuite/testutils.c nettle-2.7.1/testsuite/testutils.c ---- nettle-2.7.1.orig/testsuite/testutils.c 2013-05-28 16:21:54.000000000 +0200 -+++ nettle-2.7.1/testsuite/testutils.c 2013-11-25 15:01:37.623807622 +0100 -@@ -1125,8 +1125,6 @@ - } - - const struct ecc_curve * const ecc_curves[] = { -- &nettle_secp_192r1, -- &nettle_secp_224r1, - &nettle_secp_256r1, - &nettle_secp_384r1, - &nettle_secp_521r1, -@@ -1178,20 +1176,6 @@ - { - /* For each curve, the points 2 g, 3 g and 4 g */ - static const struct ecc_ref_point ref[5][3] = { -- { { "dafebf5828783f2ad35534631588a3f629a70fb16982a888", -- "dd6bda0d993da0fa46b27bbc141b868f59331afa5c7e93ab" }, -- { "76e32a2557599e6edcd283201fb2b9aadfd0d359cbb263da", -- "782c37e372ba4520aa62e0fed121d49ef3b543660cfd05fd" }, -- { "35433907297cc378b0015703374729d7a4fe46647084e4ba", -- "a2649984f2135c301ea3acb0776cd4f125389b311db3be32" } -- }, -- { { "706a46dc76dcb76798e60e6d89474788d16dc18032d268fd1a704fa6", -- "1c2b76a7bc25e7702a704fa986892849fca629487acf3709d2e4e8bb" }, -- { "df1b1d66a551d0d31eff822558b9d2cc75c2180279fe0d08fd896d04", -- "a3f7f03cadd0be444c0aa56830130ddf77d317344e1af3591981a925" }, -- { "ae99feebb5d26945b54892092a8aee02912930fa41cd114e40447301", -- "482580a0ec5bc47e88bc8c378632cd196cb3fa058a7114eb03054c9" }, -- }, - { { "7cf27b188d034f7e8a52380304b51ac3c08969e277f21b35a60b48fc47669978", - "7775510db8ed040293d9ac69f7430dbba7dade63ce982299e04b79d227873d1" }, - { "5ecbe4d1a6330a44c8f7ef951d4bf165e6c6b721efada985fb41661bc6e7fd6c", -Only in nettle-2.7.1/testsuite: testutils.c~ diff --git a/nettle-2.7.1-tmpalloc.patch b/nettle-2.7.1-tmpalloc.patch deleted file mode 100644 index 813ac68..0000000 --- a/nettle-2.7.1-tmpalloc.patch +++ /dev/null @@ -1,590 +0,0 @@ -diff --git a/Makefile.in b/Makefile.in -index 3b0e1cb..ebef2c4 100644 ---- a/Makefile.in -+++ b/Makefile.in -@@ -176,7 +176,7 @@ DISTFILES = $(SOURCES) $(HEADERS) getopt.h .bootstrap run-tests \ - cast128_sboxes.h desinfo.h desCode.h \ - nettle-internal.h nettle-write.h prime-list.h \ - gmp-glue.h ecc-internal.h \ -- mini-gmp.h mini-gmp.c asm.m4 \ -+ mini-gmp.h mini-gmp.c asm.m4 bignum-internal.h \ - nettle.texinfo nettle.info nettle.html nettle.pdf sha-example.c - - # Rules building static libraries -diff --git a/bignum-internal.h b/bignum-internal.h -new file mode 100644 -index 0000000..26a7cdb ---- /dev/null -+++ b/bignum-internal.h -@@ -0,0 +1,36 @@ -+/* bignum-internal.h -+ * -+ */ -+ -+/* nettle, low-level cryptographics library -+ * -+ * Copyright (C) 2013 Red Hat -+ * -+ * The nettle library is free software; you can redistribute it and/or modify -+ * it under the terms of the GNU Lesser General Public License as published by -+ * the Free Software Foundation; either version 2.1 of the License, or (at your -+ * option) any later version. -+ * -+ * The nettle library is distributed in the hope that it will be useful, but -+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public -+ * License for more details. -+ * -+ * You should have received a copy of the GNU Lesser General Public License -+ * along with the nettle library; see the file COPYING.LIB. If not, write to -+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, -+ * MA 02111-1301, USA. -+ */ -+ -+#ifndef BIGNUM_INTERNAL_H -+# define BIGNUM_INTERNAL_H -+ -+#include -+ -+#define TMP_GMP_DECL(name, type) type *name; \ -+ unsigned tmp_##name##_size -+#define TMP_GMP_ALLOC(name, size) \ -+ (name = gmp_alloc(&tmp_##name##_size, sizeof (*name) * (size))) -+#define TMP_GMP_FREE(name) (gmp_free(name, tmp_##name##_size)) -+ -+#endif -diff --git a/bignum-next-prime.c b/bignum-next-prime.c -index 58a4df8..bc89399 100644 ---- a/bignum-next-prime.c -+++ b/bignum-next-prime.c -@@ -31,6 +31,7 @@ - #include - - #include "bignum.h" -+#include "bignum-internal.h" - - #include "nettle-internal.h" - -@@ -77,9 +78,8 @@ nettle_next_prime(mpz_t p, mpz_t n, unsigned count, unsigned prime_limit, - void *progress_ctx, nettle_progress_func *progress) - { - mpz_t tmp; -- TMP_DECL(moduli, unsigned, NUMBER_OF_PRIMES); -- - unsigned difference; -+ TMP_GMP_DECL(moduli, unsigned); - - if (prime_limit > NUMBER_OF_PRIMES) - prime_limit = NUMBER_OF_PRIMES; -@@ -112,7 +112,8 @@ nettle_next_prime(mpz_t p, mpz_t n, unsigned count, unsigned prime_limit, - between the 5760 odd numbers in this interval that have no factor - in common with 15015. - */ -- TMP_ALLOC(moduli, prime_limit); -+ TMP_GMP_ALLOC(moduli, prime_limit); -+ - { - unsigned i; - for (i = 0; i < prime_limit; i++) -@@ -159,4 +160,5 @@ nettle_next_prime(mpz_t p, mpz_t n, unsigned count, unsigned prime_limit, - #endif - } - mpz_clear(tmp); -+ TMP_GMP_FREE(moduli); - } -diff --git a/bignum-random.c b/bignum-random.c -index f305f04..07ae1ba 100644 ---- a/bignum-random.c -+++ b/bignum-random.c -@@ -30,6 +30,7 @@ - #include - - #include "bignum.h" -+#include "bignum-internal.h" - #include "nettle-internal.h" - - void -@@ -38,15 +39,17 @@ nettle_mpz_random_size(mpz_t x, - unsigned bits) - { - unsigned length = (bits + 7) / 8; -- TMP_DECL(data, uint8_t, NETTLE_MAX_BIGNUM_SIZE); -- TMP_ALLOC(data, length); -+ TMP_GMP_DECL(data, uint8_t); - -- random(ctx, length, data); -+ TMP_GMP_ALLOC(data, length); - -+ random(ctx, length, data); - nettle_mpz_set_str_256_u(x, length, data); - - if (bits % 8) - mpz_fdiv_r_2exp(x, x, bits); -+ -+ TMP_GMP_FREE(data); - } - - /* Returns a random number x, 0 <= x < n */ -diff --git a/gmp-glue.c b/gmp-glue.c -index a2633a5..991e793 100644 ---- a/gmp-glue.c -+++ b/gmp-glue.c -@@ -239,3 +239,24 @@ gmp_free_limbs (mp_limb_t *p, mp_size_t n) - - free_func (p, (size_t) n * sizeof(mp_limb_t)); - } -+ -+void* gmp_alloc(unsigned* out_n, size_t n) -+{ -+ void *(*alloc_func)(size_t); -+ assert (n > 0); -+ -+ mp_get_memory_functions(&alloc_func, NULL, NULL); -+ -+ *out_n = n; -+ return alloc_func (n); -+} -+ -+void gmp_free(void* p, size_t n) -+{ -+ void (*free_func)(void *, size_t); -+ assert (n > 0); -+ assert (p != 0); -+ mp_get_memory_functions (NULL, NULL, &free_func); -+ -+ free_func (p, (size_t) n); -+} -diff --git a/gmp-glue.h b/gmp-glue.h -index 269667f..ff936a1 100644 ---- a/gmp-glue.h -+++ b/gmp-glue.h -@@ -65,6 +65,8 @@ - #define mpn_set_base256 _nettle_mpn_set_base256 - #define gmp_alloc_limbs _nettle_gmp_alloc_limbs - #define gmp_free_limbs _nettle_gmp_free_limbs -+#define gmp_free _nettle_gmp_free -+#define gmp_alloc _nettle_gmp_alloc - - /* Use only in-place operations, so we can fall back to addmul_1/submul_1 */ - #ifdef mpn_cnd_add_n -@@ -155,5 +157,7 @@ gmp_alloc_limbs (mp_size_t n); - void - gmp_free_limbs (mp_limb_t *p, mp_size_t n); - -+void* gmp_alloc(unsigned* out_n, size_t n); -+void gmp_free(void* p, size_t n); - - #endif /* NETTLE_GMP_GLUE_H_INCLUDED */ -diff --git a/pkcs1-decrypt.c b/pkcs1-decrypt.c -index 754fd51..89b4dcf 100644 ---- a/pkcs1-decrypt.c -+++ b/pkcs1-decrypt.c -@@ -31,6 +31,7 @@ - #include "pkcs1.h" - - #include "bignum.h" -+#include "bignum-internal.h" - #include "nettle-internal.h" - - int -@@ -38,35 +39,50 @@ pkcs1_decrypt (unsigned key_size, - const mpz_t m, - unsigned *length, uint8_t *message) - { -- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE); -+ TMP_GMP_DECL(em, uint8_t); - uint8_t *terminator; -- unsigned padding; -- unsigned message_length; -- -- TMP_ALLOC(em, key_size); -+ size_t padding; -+ size_t message_length; -+ int ret; -+ -+ TMP_GMP_ALLOC(em, key_size); - nettle_mpz_get_str_256(key_size, em, m); -- -+ - /* Check format */ - if (em[0] || em[1] != 2) -- return 0; -- -+ { -+ ret = 0; -+ goto cleanup; -+ } -+ - terminator = memchr(em + 2, 0, key_size - 2); -- -+ - if (!terminator) -- return 0; -+ { -+ ret = 0; -+ goto cleanup; -+ } - - padding = terminator - (em + 2); - if (padding < 8) -- return 0; -- -+ { -+ ret = 0; -+ goto cleanup; -+ } -+ - message_length = key_size - 3 - padding; -- -+ - if (*length < message_length) -- return 0; -+ { -+ ret = 0; -+ goto cleanup; -+ } - - memcpy(message, terminator + 1, message_length); - *length = message_length; -- -- return 1; -+ -+ ret = 1; -+cleanup: -+ TMP_GMP_FREE(em); -+ return ret; - } -- -diff --git a/pkcs1-encrypt.c b/pkcs1-encrypt.c -index cde19bc..5246455 100644 ---- a/pkcs1-encrypt.c -+++ b/pkcs1-encrypt.c -@@ -34,6 +34,7 @@ - #include "pkcs1.h" - - #include "bignum.h" -+#include "bignum-internal.h" - #include "nettle-internal.h" - - int -@@ -43,7 +44,7 @@ pkcs1_encrypt (unsigned key_size, - unsigned length, const uint8_t *message, - mpz_t m) - { -- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE); -+ TMP_GMP_DECL(em, uint8_t); - unsigned padding; - unsigned i; - -@@ -63,7 +64,7 @@ pkcs1_encrypt (unsigned key_size, - padding = key_size - length - 3; - assert(padding >= 8); - -- TMP_ALLOC(em, key_size - 1); -+ TMP_GMP_ALLOC(em, key_size - 1); - em[0] = 2; - - random(random_ctx, padding, em + 1); -@@ -77,5 +78,7 @@ pkcs1_encrypt (unsigned key_size, - memcpy(em + padding + 2, message, length); - - nettle_mpz_set_str_256_u(m, key_size - 1, em); -+ -+ TMP_GMP_FREE(em); - return 1; - } -diff --git a/pkcs1-rsa-digest.c b/pkcs1-rsa-digest.c -index e4a6c52..3379b8f 100644 ---- a/pkcs1-rsa-digest.c -+++ b/pkcs1-rsa-digest.c -@@ -29,21 +29,27 @@ - #include "pkcs1.h" - - #include "bignum.h" -+#include "bignum-internal.h" - #include "nettle-internal.h" - - int - pkcs1_rsa_digest_encode(mpz_t m, unsigned key_size, - unsigned di_length, const uint8_t *digest_info) - { -- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE); -- TMP_ALLOC(em, key_size); -+ TMP_GMP_DECL(em, uint8_t); -+ -+ TMP_GMP_ALLOC(em, key_size); - - if (_pkcs1_signature_prefix(key_size, em, - di_length, digest_info, 0)) - { - nettle_mpz_set_str_256_u(m, key_size, em); -+ TMP_GMP_FREE(em); - return 1; - } - else -- return 0; -+ { -+ TMP_GMP_FREE(em); -+ return 0; -+ } - } -diff --git a/pkcs1-rsa-md5.c b/pkcs1-rsa-md5.c -index 00514fc..e5edaf3 100644 ---- a/pkcs1-rsa-md5.c -+++ b/pkcs1-rsa-md5.c -@@ -34,6 +34,7 @@ - #include "rsa.h" - - #include "bignum.h" -+#include "bignum-internal.h" - #include "pkcs1.h" - - #include "nettle-internal.h" -@@ -65,8 +66,9 @@ int - pkcs1_rsa_md5_encode(mpz_t m, unsigned key_size, struct md5_ctx *hash) - { - uint8_t *p; -- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE); -- TMP_ALLOC(em, key_size); -+ TMP_GMP_DECL(em, uint8_t); -+ -+ TMP_GMP_ALLOC(em, key_size); - - p = _pkcs1_signature_prefix(key_size, em, - sizeof(md5_prefix), -@@ -76,18 +78,23 @@ pkcs1_rsa_md5_encode(mpz_t m, unsigned key_size, struct md5_ctx *hash) - { - md5_digest(hash, MD5_DIGEST_SIZE, p); - nettle_mpz_set_str_256_u(m, key_size, em); -+ TMP_GMP_FREE(em); - return 1; - } - else -- return 0; -+ { -+ TMP_GMP_FREE(em); -+ return 0; -+ } - } - - int - pkcs1_rsa_md5_encode_digest(mpz_t m, unsigned key_size, const uint8_t *digest) - { - uint8_t *p; -- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE); -- TMP_ALLOC(em, key_size); -+ TMP_GMP_DECL(em, uint8_t); -+ -+ TMP_GMP_ALLOC(em, key_size); - - p = _pkcs1_signature_prefix(key_size, em, - sizeof(md5_prefix), -@@ -97,8 +104,12 @@ pkcs1_rsa_md5_encode_digest(mpz_t m, unsigned key_size, const uint8_t *digest) - { - memcpy(p, digest, MD5_DIGEST_SIZE); - nettle_mpz_set_str_256_u(m, key_size, em); -+ TMP_GMP_FREE(em); - return 1; - } - else -- return 0; -+ { -+ TMP_GMP_FREE(em); -+ return 0; -+ } - } -diff --git a/pkcs1-rsa-sha1.c b/pkcs1-rsa-sha1.c -index 2951618..2a68121 100644 ---- a/pkcs1-rsa-sha1.c -+++ b/pkcs1-rsa-sha1.c -@@ -34,6 +34,7 @@ - #include "rsa.h" - - #include "bignum.h" -+#include "bignum-internal.h" - #include "pkcs1.h" - - #include "nettle-internal.h" -@@ -65,8 +66,9 @@ int - pkcs1_rsa_sha1_encode(mpz_t m, unsigned key_size, struct sha1_ctx *hash) - { - uint8_t *p; -- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE); -- TMP_ALLOC(em, key_size); -+ TMP_GMP_DECL(em, uint8_t); -+ -+ TMP_GMP_ALLOC(em, key_size); - - p = _pkcs1_signature_prefix(key_size, em, - sizeof(sha1_prefix), -@@ -76,18 +78,23 @@ pkcs1_rsa_sha1_encode(mpz_t m, unsigned key_size, struct sha1_ctx *hash) - { - sha1_digest(hash, SHA1_DIGEST_SIZE, p); - nettle_mpz_set_str_256_u(m, key_size, em); -+ TMP_GMP_FREE(em); - return 1; - } - else -- return 0; -+ { -+ TMP_GMP_FREE(em); -+ return 0; -+ } - } - - int - pkcs1_rsa_sha1_encode_digest(mpz_t m, unsigned key_size, const uint8_t *digest) - { - uint8_t *p; -- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE); -- TMP_ALLOC(em, key_size); -+ TMP_GMP_DECL(em, uint8_t); -+ -+ TMP_GMP_ALLOC(em, key_size); - - p = _pkcs1_signature_prefix(key_size, em, - sizeof(sha1_prefix), -@@ -97,8 +104,12 @@ pkcs1_rsa_sha1_encode_digest(mpz_t m, unsigned key_size, const uint8_t *digest) - { - memcpy(p, digest, SHA1_DIGEST_SIZE); - nettle_mpz_set_str_256_u(m, key_size, em); -+ TMP_GMP_FREE(em); - return 1; - } - else -- return 0; -+ { -+ TMP_GMP_FREE(em); -+ return 0; -+ } - } -diff --git a/pkcs1-rsa-sha256.c b/pkcs1-rsa-sha256.c -index cb07375..3aaabe1 100644 ---- a/pkcs1-rsa-sha256.c -+++ b/pkcs1-rsa-sha256.c -@@ -34,6 +34,7 @@ - #include "rsa.h" - - #include "bignum.h" -+#include "bignum-internal.h" - #include "pkcs1.h" - - #include "nettle-internal.h" -@@ -63,8 +64,9 @@ int - pkcs1_rsa_sha256_encode(mpz_t m, unsigned key_size, struct sha256_ctx *hash) - { - uint8_t *p; -- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE); -- TMP_ALLOC(em, key_size); -+ TMP_GMP_DECL(em, uint8_t); -+ -+ TMP_GMP_ALLOC(em, key_size); - - p = _pkcs1_signature_prefix(key_size, em, - sizeof(sha256_prefix), -@@ -74,18 +76,23 @@ pkcs1_rsa_sha256_encode(mpz_t m, unsigned key_size, struct sha256_ctx *hash) - { - sha256_digest(hash, SHA256_DIGEST_SIZE, p); - nettle_mpz_set_str_256_u(m, key_size, em); -+ TMP_GMP_FREE(em); - return 1; - } - else -- return 0; -+ { -+ TMP_GMP_FREE(em); -+ return 0; -+ } - } - - int - pkcs1_rsa_sha256_encode_digest(mpz_t m, unsigned key_size, const uint8_t *digest) - { - uint8_t *p; -- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE); -- TMP_ALLOC(em, key_size); -+ TMP_GMP_DECL(em, uint8_t); -+ -+ TMP_GMP_ALLOC(em, key_size); - - p = _pkcs1_signature_prefix(key_size, em, - sizeof(sha256_prefix), -@@ -95,8 +102,12 @@ pkcs1_rsa_sha256_encode_digest(mpz_t m, unsigned key_size, const uint8_t *digest - { - memcpy(p, digest, SHA256_DIGEST_SIZE); - nettle_mpz_set_str_256_u(m, key_size, em); -+ TMP_GMP_FREE(em); - return 1; - } - else -- return 0; -+ { -+ TMP_GMP_FREE(em); -+ return 0; -+ } - } -diff --git a/pkcs1-rsa-sha512.c b/pkcs1-rsa-sha512.c -index 3afd790..bd3d277 100644 ---- a/pkcs1-rsa-sha512.c -+++ b/pkcs1-rsa-sha512.c -@@ -34,6 +34,7 @@ - #include "rsa.h" - - #include "bignum.h" -+#include "bignum-internal.h" - #include "pkcs1.h" - - #include "nettle-internal.h" -@@ -63,8 +64,9 @@ int - pkcs1_rsa_sha512_encode(mpz_t m, unsigned key_size, struct sha512_ctx *hash) - { - uint8_t *p; -- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE); -- TMP_ALLOC(em, key_size); -+ TMP_GMP_DECL(em, uint8_t); -+ -+ TMP_GMP_ALLOC(em, key_size); - - p = _pkcs1_signature_prefix(key_size, em, - sizeof(sha512_prefix), -@@ -74,18 +76,23 @@ pkcs1_rsa_sha512_encode(mpz_t m, unsigned key_size, struct sha512_ctx *hash) - { - sha512_digest(hash, SHA512_DIGEST_SIZE, p); - nettle_mpz_set_str_256_u(m, key_size, em); -+ TMP_GMP_FREE(em); - return 1; - } - else -- return 0; -+ { -+ TMP_GMP_FREE(em); -+ return 0; -+ } - } - - int - pkcs1_rsa_sha512_encode_digest(mpz_t m, unsigned key_size, const uint8_t *digest) - { - uint8_t *p; -- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE); -- TMP_ALLOC(em, key_size); -+ TMP_GMP_DECL(em, uint8_t); -+ -+ TMP_GMP_ALLOC(em, key_size); - - p = _pkcs1_signature_prefix(key_size, em, - sizeof(sha512_prefix), -@@ -95,8 +102,12 @@ pkcs1_rsa_sha512_encode_digest(mpz_t m, unsigned key_size, const uint8_t *digest - { - memcpy(p, digest, SHA512_DIGEST_SIZE); - nettle_mpz_set_str_256_u(m, key_size, em); -+ TMP_GMP_FREE(em); - return 1; - } - else -- return 0; -+ { -+ TMP_GMP_FREE(em); -+ return 0; -+ } - } diff --git a/nettle-3.1.1-remove-ecc-testsuite.patch b/nettle-3.1.1-remove-ecc-testsuite.patch new file mode 100644 index 0000000..75673bb --- /dev/null +++ b/nettle-3.1.1-remove-ecc-testsuite.patch @@ -0,0 +1,180 @@ +diff --git a/examples/ecc-benchmark.c b/examples/ecc-benchmark.c +index 15df4c7..18eaae7 100644 +--- a/examples/ecc-benchmark.c ++++ b/examples/ecc-benchmark.c +@@ -341,8 +341,6 @@ bench_curve (const struct ecc_curve *ecc) + } + + const struct ecc_curve * const curves[] = { +- &nettle_secp_192r1, +- &nettle_secp_224r1, + &_nettle_curve25519, + &nettle_secp_256r1, + &nettle_secp_384r1, +diff --git a/examples/hogweed-benchmark.c b/examples/hogweed-benchmark.c +index 444d7aa..24c023e 100644 +--- a/examples/hogweed-benchmark.c ++++ b/examples/hogweed-benchmark.c +@@ -394,23 +394,6 @@ bench_ecdsa_init (unsigned size) + + switch (size) + { +- case 192: +- ecc = &nettle_secp_192r1; +- xs = "8e8e07360350fb6b7ad8370cfd32fa8c6bba785e6e200599"; +- ys = "7f82ddb58a43d59ff8dc66053002b918b99bd01bd68d6736"; +- zs = "f2e620e086d658b4b507996988480917640e4dc107808bdd"; +- ctx->digest = hash_string (&nettle_sha1, 3, "abc"); +- ctx->digest_size = 20; +- break; +- case 224: +- ecc = &nettle_secp_224r1; +- xs = "993bf363f4f2bc0f255f22563980449164e9c894d9efd088d7b77334"; +- ys = "b75fff9849997d02d135140e4d0030944589586e22df1fc4b629082a"; +- zs = "cdfd01838247f5de3cc70b688418046f10a2bfaca6de9ec836d48c27"; +- ctx->digest = hash_string (&nettle_sha224, 3, "abc"); +- ctx->digest_size = 28; +- break; +- + /* From RFC 4754 */ + case 256: + ecc = &nettle_secp_256r1; +@@ -582,16 +565,6 @@ bench_openssl_ecdsa_init (unsigned size) + + switch (size) + { +- case 192: +- ctx->key = EC_KEY_new_by_curve_name (NID_X9_62_prime192v1); +- ctx->digest_length = 24; /* truncated */ +- ctx->digest = hash_string (&nettle_sha224, 3, "abc"); +- break; +- case 224: +- ctx->key = EC_KEY_new_by_curve_name (NID_secp224r1); +- ctx->digest_length = SHA224_DIGEST_SIZE; +- ctx->digest = hash_string (&nettle_sha224, 3, "abc"); +- break; + case 256: + ctx->key = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1); + ctx->digest_length = SHA256_DIGEST_SIZE; +@@ -702,14 +675,10 @@ struct alg alg_list[] = { + #if 0 + { "dsa",2048, bench_dsa_init, bench_dsa_sign, bench_dsa_verify, bench_dsa_clear }, + #endif +- { "ecdsa", 192, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear }, +- { "ecdsa", 224, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear }, + { "ecdsa", 256, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear }, + { "ecdsa", 384, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear }, + { "ecdsa", 521, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear }, + #if WITH_OPENSSL +- { "ecdsa (openssl)", 192, bench_openssl_ecdsa_init, bench_openssl_ecdsa_sign, bench_openssl_ecdsa_verify, bench_openssl_ecdsa_clear }, +- { "ecdsa (openssl)", 224, bench_openssl_ecdsa_init, bench_openssl_ecdsa_sign, bench_openssl_ecdsa_verify, bench_openssl_ecdsa_clear }, + { "ecdsa (openssl)", 256, bench_openssl_ecdsa_init, bench_openssl_ecdsa_sign, bench_openssl_ecdsa_verify, bench_openssl_ecdsa_clear }, + { "ecdsa (openssl)", 384, bench_openssl_ecdsa_init, bench_openssl_ecdsa_sign, bench_openssl_ecdsa_verify, bench_openssl_ecdsa_clear }, + { "ecdsa (openssl)", 521, bench_openssl_ecdsa_init, bench_openssl_ecdsa_sign, bench_openssl_ecdsa_verify, bench_openssl_ecdsa_clear }, +diff --git a/testsuite/ecdh-test.c b/testsuite/ecdh-test.c +index 5a2b39d..08870b1 100644 +--- a/testsuite/ecdh-test.c ++++ b/testsuite/ecdh-test.c +@@ -138,26 +138,6 @@ test_dh (const char *name, const struct ecc_curve *ecc, + void + test_main(void) + { +- test_dh ("secp-192r1", &nettle_secp_192r1, +- "3406157206141798348095184987208239421004566462391397236532", +- "1050363442265225480786760666329560655512990381040021438562", +- "5298249600854377235107392014200406283816103564916230704184", +- "738368960171459956677260317271477822683777845013274506165", +- "2585840779771604687467445319428618542927556223024046979917", +- "293088185788565313717816218507714888251468410990708684573", +- "149293809021051532782730990145509724807636529827149481690", +- "2891131861147398318714693938158856874319184314120776776192"); +- +- test_dh ("secp-224r1", &nettle_secp_224r1, +- "1321072106881784386340709783538698930880431939595776773514895067682", +- "6768311794185371282972144247871764855860666277647541840973645586477", +- "2880077809069104378181313860274147139049600284805670362929579614547", +- "13934723037778859565852601874354272638301919827851286722006496784914", +- "373124771833407982305885866158843810218322878380632071540538232035", +- "24223309755162432227459925493224336241652868856405241018762887667883", +- "8330362698029245839097779050425944245826040430538860338085968752913", +- "24167244512472228715617822000878192535267113543393576038737592837010"); +- + test_dh ("secp-256r1", &nettle_secp_256r1, + "94731533361265297353914491124013058635674217345912524033267198103710636378786", + "22441589863306126152768848344973918725077248391248404659242620344938484650846", +diff --git a/testsuite/ecdsa-sign-test.c b/testsuite/ecdsa-sign-test.c +index 559de8e..1ca36c2 100644 +--- a/testsuite/ecdsa-sign-test.c ++++ b/testsuite/ecdsa-sign-test.c +@@ -60,37 +60,6 @@ test_main (void) + { + /* Test cases for the smaller groups, verified with a + proof-of-concept implementation done for Yubico AB. */ +- test_ecdsa (&nettle_secp_192r1, +- "DC51D3866A15BACDE33D96F992FCA99D" +- "A7E6EF0934E70975", /* z */ +- +- "9E56F509196784D963D1C0A401510EE7" +- "ADA3DCC5DEE04B15", /* k */ +- +- SHEX("BA7816BF8F01CFEA414140DE5DAE2223" +- "B00361A396177A9C"), /* h */ +- +- "8c478db6a5c131540cebc739f9c0a9a8" +- "c720c2abdd14a891", /* r */ +- +- "a91fb738f9f175d72f9c98527e881c36" +- "8de68cb55ffe589"); /* s */ +- +- test_ecdsa (&nettle_secp_224r1, +- "446df0a771ed58403ca9cb316e617f6b" +- "158420465d00a69601e22858", /* z */ +- +- "4c13f1905ad7eb201178bc08e0c9267b" +- "4751c15d5e1831ca214c33f4", /* z */ +- +- SHEX("1b28a611fe62ab3649350525d06703ba" +- "4b979a1e543566fd5caa85c6"), /* h */ +- +- "2cc280778f3d067df6d3adbe3a6aad63" +- "bc75f08f5c5f915411902a99", /* r */ +- +- "d0f069fd0f108eb07b7bbc54c8d6c88d" +- "f2715c38a95c31a2b486995f"); /* s */ + + /* From RFC 4754 */ + test_ecdsa (&nettle_secp_256r1, +diff --git a/testsuite/testutils.c b/testsuite/testutils.c +index 1ef04c9..b96a2fc 100644 +--- a/testsuite/testutils.c ++++ b/testsuite/testutils.c +@@ -1224,8 +1224,6 @@ test_dsa_key(const struct dsa_params *params, + } + + const struct ecc_curve * const ecc_curves[] = { +- &nettle_secp_192r1, +- &nettle_secp_224r1, + &nettle_secp_256r1, + &nettle_secp_384r1, + &nettle_secp_521r1, +@@ -1282,20 +1280,6 @@ test_ecc_mul_a (unsigned curve, unsigned n, const mp_limb_t *p) + { + /* For each curve, the points 2 g, 3 g and 4 g */ + static const struct ecc_ref_point ref[6][3] = { +- { { "dafebf5828783f2ad35534631588a3f629a70fb16982a888", +- "dd6bda0d993da0fa46b27bbc141b868f59331afa5c7e93ab" }, +- { "76e32a2557599e6edcd283201fb2b9aadfd0d359cbb263da", +- "782c37e372ba4520aa62e0fed121d49ef3b543660cfd05fd" }, +- { "35433907297cc378b0015703374729d7a4fe46647084e4ba", +- "a2649984f2135c301ea3acb0776cd4f125389b311db3be32" } +- }, +- { { "706a46dc76dcb76798e60e6d89474788d16dc18032d268fd1a704fa6", +- "1c2b76a7bc25e7702a704fa986892849fca629487acf3709d2e4e8bb" }, +- { "df1b1d66a551d0d31eff822558b9d2cc75c2180279fe0d08fd896d04", +- "a3f7f03cadd0be444c0aa56830130ddf77d317344e1af3591981a925" }, +- { "ae99feebb5d26945b54892092a8aee02912930fa41cd114e40447301", +- "482580a0ec5bc47e88bc8c378632cd196cb3fa058a7114eb03054c9" }, +- }, + { { "7cf27b188d034f7e8a52380304b51ac3c08969e277f21b35a60b48fc47669978", + "7775510db8ed040293d9ac69f7430dbba7dade63ce982299e04b79d227873d1" }, + { "5ecbe4d1a6330a44c8f7ef951d4bf165e6c6b721efada985fb41661bc6e7fd6c", diff --git a/nettle.spec b/nettle.spec index 35650b3..9c84f05 100644 --- a/nettle.spec +++ b/nettle.spec @@ -1,15 +1,14 @@ Name: nettle -Version: 2.7.1 -Release: 6%{?dist} +Version: 3.1.1 +Release: 1%{?dist} Summary: A low-level cryptographic library Group: Development/Libraries -License: LGPLv2+ +License: LGPLv3+ or GPLv2+ URL: http://www.lysator.liu.se/~nisse/nettle/ Source0: %{name}-%{version}-hobbled.tar.gz #Source0: http://www.lysator.liu.se/~nisse/archive/%{name}-%{version}.tar.gz -Patch0: nettle-2.7.1-remove-ecc-testsuite.patch -Patch1: nettle-2.7.1-tmpalloc.patch +Patch0: nettle-3.1.1-remove-ecc-testsuite.patch BuildRequires: gmp-devel m4 texinfo-tex texlive-dvips ghostscript @@ -44,7 +43,6 @@ sed s/ggdb3/g/ -i configure sed 's/ecc-192.c//g' -i Makefile.in sed 's/ecc-224.c//g' -i Makefile.in %patch0 -p1 -%patch1 -p1 -b .tmpalloc %build %configure --enable-shared @@ -58,26 +56,29 @@ mkdir -p $RPM_BUILD_ROOT%{_infodir} install -p -m 644 nettle.info $RPM_BUILD_ROOT%{_infodir}/ rm -f $RPM_BUILD_ROOT%{_libdir}/*.a rm -f $RPM_BUILD_ROOT%{_infodir}/dir -chmod 0755 $RPM_BUILD_ROOT%{_libdir}/libnettle.so.4.* -chmod 0755 $RPM_BUILD_ROOT%{_libdir}/libhogweed.so.2.* +chmod 0755 $RPM_BUILD_ROOT%{_libdir}/libnettle.so.6.* +chmod 0755 $RPM_BUILD_ROOT%{_libdir}/libhogweed.so.4.* %check make check %files -%doc AUTHORS ChangeLog COPYING.LIB NEWS README TODO +%doc AUTHORS ChangeLog NEWS README TODO +%license COPYINGv2 COPYING.LESSERv3 %{_infodir}/nettle.info.gz %{_bindir}/nettle-lfib-stream %{_bindir}/pkcs1-conv %{_bindir}/sexp-conv %{_bindir}/nettle-hash -%{_libdir}/libnettle.so.4 -%{_libdir}/libnettle.so.4.* -%{_libdir}/libhogweed.so.2 -%{_libdir}/libhogweed.so.2.* +%{_bindir}/nettle-pbkdf2 +%{_libdir}/libnettle.so.6 +%{_libdir}/libnettle.so.6.* +%{_libdir}/libhogweed.so.4 +%{_libdir}/libhogweed.so.4.* %files devel -%doc descore.README nettle.html nettle.pdf COPYING.LIB +%doc descore.README nettle.html nettle.pdf +%license COPYINGv2 COPYING.LESSERv3 %{_includedir}/nettle %{_libdir}/libnettle.so %{_libdir}/libhogweed.so @@ -98,6 +99,9 @@ fi %changelog +* Thu Apr 30 2015 Nikos Mavrogiannopoulos - 3.1.1-1 +- Updated to nettle 3.1.1 + * Sat Feb 21 2015 Till Maas - 2.7.1-6 - Rebuilt for Fedora 23 Change https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code diff --git a/sources b/sources index 1e90ed3..ca91de5 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -62f7101fb4337ac29b5954a647222823 nettle-2.7.1-hobbled.tar.gz +7d1d1e4844bdc196ba34db6b8bb6549a nettle-3.1.1-hobbled.tar.gz