rpms/nettle
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Updated to nettle 3.1.1

Browse Source
This commit is contained in:
Nikos Mavrogiannopoulos 2015-04-30 11:56:29 +02:00
parent b41984e5a4
commit 23b2da4686
7 changed files with 212 additions and 745 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -2,3 +2,4 @@ nettle-1.15.tar.gz
/nettle-2.4.tar.gz
/nettle-2.6.tar.gz
/nettle-2.7.1-hobbled.tar.gz
/nettle-3.1.1-hobbled.tar.gz

21
hobble-nettle
View File

@ -13,14 +13,16 @@ for f in ecc-192.c ecc-224.c; do
done
patch -p1 << __EOF__
--- nettle-2.7.1.orig/eccdata.c 2013-05-28 16:21:53.000000000 +0200
+++ nettle-2.7.1/eccdata.c 2013-11-25 15:20:42.208517159 +0100
@@ -287,69 +287,6 @@
diff --git a/eccdata.c b/eccdata.c
index 9533d78..2f0e4e7 100644
--- a/eccdata.c
+++ b/eccdata.c
@@ -349,71 +349,6 @@ ecc_curve_init (struct ecc_curve *ecc, unsigned bit_size)
{
switch (bit_size)
{
- case 192:
- ecc_curve_init_str (ecc,
- ecc_curve_init_str (ecc, ECC_TYPE_WEIERSTRASS,
- /* p = 2^{192} - 2^{64} - 1 */
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE"
- "FFFFFFFFFFFFFFFF",
@ -35,7 +37,8 @@ patch -p1 << __EOF__
- "f4ff0afd82ff1012",
-
- "07192b95ffc8da78631011ed6b24cdd5"
- "73f977a11e794811");
- "73f977a11e794811",
- NULL, NULL);
- ecc->ref = ecc_alloc (3);
- ecc_set_str (&ecc->ref[0], /* 2 g */
- "dafebf5828783f2ad35534631588a3f629a70fb16982a888",
@ -51,7 +54,7 @@ patch -p1 << __EOF__
-
- break;
- case 224:
- ecc_curve_init_str (ecc,
- ecc_curve_init_str (ecc, ECC_TYPE_WEIERSTRASS,
- /* p = 2^{224} - 2^{96} + 1 */
- "ffffffffffffffffffffffffffffffff"
- "000000000000000000000001",
@ -66,7 +69,8 @@ patch -p1 << __EOF__
- "56c21122343280d6115c1d21",
-
- "bd376388b5f723fb4c22dfe6cd4375a0"
- "5a07476444d5819985007e34");
- "5a07476444d5819985007e34",
- NULL, NULL);
-
- ecc->ref = ecc_alloc (3);
- ecc_set_str (&ecc->ref[0], /* 2 g */
@ -83,7 +87,6 @@ patch -p1 << __EOF__
-
- break;
case 256:
ecc_curve_init_str (ecc,
ecc_curve_init_str (ecc, ECC_TYPE_WEIERSTRASS,
/* p = 2^{256} - 2^{224} + 2^{192} + 2^{96} - 1 */
__EOF__

131
nettle-2.7.1-remove-ecc-testsuite.patch
View File

@ -1,131 +0,0 @@
diff -ur nettle-2.7.1.orig/examples/ecc-benchmark.c nettle-2.7.1/examples/ecc-benchmark.c
--- nettle-2.7.1.orig/examples/ecc-benchmark.c 2013-05-28 16:21:54.000000000 +0200
+++ nettle-2.7.1/examples/ecc-benchmark.c 2013-11-25 14:57:21.168064904 +0100
@@ -262,8 +262,6 @@
}
const struct ecc_curve * const curves[] = {
- &nettle_secp_192r1,
- &nettle_secp_224r1,
&nettle_secp_256r1,
&nettle_secp_384r1,
&nettle_secp_521r1,
Only in nettle-2.7.1/examples: ecc-benchmark.c~
diff -ur nettle-2.7.1.orig/examples/hogweed-benchmark.c nettle-2.7.1/examples/hogweed-benchmark.c
--- nettle-2.7.1.orig/examples/hogweed-benchmark.c 2013-05-28 16:21:54.000000000 +0200
+++ nettle-2.7.1/examples/hogweed-benchmark.c 2013-11-25 14:57:53.728295845 +0100
@@ -376,23 +376,6 @@
switch (size)
{
- case 192:
- ecc = &nettle_secp_192r1;
- xs = "8e8e07360350fb6b7ad8370cfd32fa8c6bba785e6e200599";
- ys = "7f82ddb58a43d59ff8dc66053002b918b99bd01bd68d6736";
- zs = "f2e620e086d658b4b507996988480917640e4dc107808bdd";
- ctx->digest = hash_string (&nettle_sha1, 3, "abc");
- ctx->digest_size = 20;
- break;
- case 224:
- ecc = &nettle_secp_224r1;
- xs = "993bf363f4f2bc0f255f22563980449164e9c894d9efd088d7b77334";
- ys = "b75fff9849997d02d135140e4d0030944589586e22df1fc4b629082a";
- zs = "cdfd01838247f5de3cc70b688418046f10a2bfaca6de9ec836d48c27";
- ctx->digest = hash_string (&nettle_sha224, 3, "abc");
- ctx->digest_size = 28;
- break;
-
/* From RFC 4754 */
case 256:
ecc = &nettle_secp_256r1;
@@ -585,13 +568,10 @@
#if 0
{ "dsa",2048, bench_dsa_init, bench_dsa_sign, bench_dsa_verify, bench_dsa_clear },
#endif
- { "ecdsa", 192, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },
- { "ecdsa", 224, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },
{ "ecdsa", 256, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },
{ "ecdsa", 384, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },
{ "ecdsa", 521, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },
#if WITH_OPENSSL
- { "ecdsa (openssl)", 224, bench_openssl_init, bench_openssl_sign, bench_openssl_verify, bench_openssl_clear },
{ "ecdsa (openssl)", 384, bench_openssl_init, bench_openssl_sign, bench_openssl_verify, bench_openssl_clear },
{ "ecdsa (openssl)", 521, bench_openssl_init, bench_openssl_sign, bench_openssl_verify, bench_openssl_clear },
#endif
Only in nettle-2.7.1/examples: hogweed-benchmark.c~
diff -ur nettle-2.7.1.orig/testsuite/ecdsa-sign-test.c nettle-2.7.1/testsuite/ecdsa-sign-test.c
--- nettle-2.7.1.orig/testsuite/ecdsa-sign-test.c 2013-05-28 16:21:54.000000000 +0200
+++ nettle-2.7.1/testsuite/ecdsa-sign-test.c 2013-11-25 14:54:01.104562760 +0100
@@ -55,37 +55,6 @@
{
/* Test cases for the smaller groups, verified with a
proof-of-concept implementation done for Yubico AB. */
- test_ecdsa (&nettle_secp_192r1,
- "DC51D3866A15BACDE33D96F992FCA99D"
- "A7E6EF0934E70975", /* z */
-
- "9E56F509196784D963D1C0A401510EE7"
- "ADA3DCC5DEE04B15", /* k */
-
- SHEX("BA7816BF8F01CFEA414140DE5DAE2223"
- "B00361A396177A9C"), /* h */
-
- "8c478db6a5c131540cebc739f9c0a9a8"
- "c720c2abdd14a891", /* r */
-
- "a91fb738f9f175d72f9c98527e881c36"
- "8de68cb55ffe589"); /* s */
-
- test_ecdsa (&nettle_secp_224r1,
- "446df0a771ed58403ca9cb316e617f6b"
- "158420465d00a69601e22858", /* z */
-
- "4c13f1905ad7eb201178bc08e0c9267b"
- "4751c15d5e1831ca214c33f4", /* z */
-
- SHEX("1b28a611fe62ab3649350525d06703ba"
- "4b979a1e543566fd5caa85c6"), /* h */
-
- "2cc280778f3d067df6d3adbe3a6aad63"
- "bc75f08f5c5f915411902a99", /* r */
-
- "d0f069fd0f108eb07b7bbc54c8d6c88d"
- "f2715c38a95c31a2b486995f"); /* s */
/* From RFC 4754 */
test_ecdsa (&nettle_secp_256r1,
Only in nettle-2.7.1/testsuite: ecdsa-sign-test.c~
diff -ur nettle-2.7.1.orig/testsuite/testutils.c nettle-2.7.1/testsuite/testutils.c
--- nettle-2.7.1.orig/testsuite/testutils.c 2013-05-28 16:21:54.000000000 +0200
+++ nettle-2.7.1/testsuite/testutils.c 2013-11-25 15:01:37.623807622 +0100
@@ -1125,8 +1125,6 @@
}
const struct ecc_curve * const ecc_curves[] = {
- &nettle_secp_192r1,
- &nettle_secp_224r1,
&nettle_secp_256r1,
&nettle_secp_384r1,
&nettle_secp_521r1,
@@ -1178,20 +1176,6 @@
{
/* For each curve, the points 2 g, 3 g and 4 g */
static const struct ecc_ref_point ref[5][3] = {
- { { "dafebf5828783f2ad35534631588a3f629a70fb16982a888",
- "dd6bda0d993da0fa46b27bbc141b868f59331afa5c7e93ab" },
- { "76e32a2557599e6edcd283201fb2b9aadfd0d359cbb263da",
- "782c37e372ba4520aa62e0fed121d49ef3b543660cfd05fd" },
- { "35433907297cc378b0015703374729d7a4fe46647084e4ba",
- "a2649984f2135c301ea3acb0776cd4f125389b311db3be32" }
- },
- { { "706a46dc76dcb76798e60e6d89474788d16dc18032d268fd1a704fa6",
- "1c2b76a7bc25e7702a704fa986892849fca629487acf3709d2e4e8bb" },
- { "df1b1d66a551d0d31eff822558b9d2cc75c2180279fe0d08fd896d04",
- "a3f7f03cadd0be444c0aa56830130ddf77d317344e1af3591981a925" },
- { "ae99feebb5d26945b54892092a8aee02912930fa41cd114e40447301",
- "482580a0ec5bc47e88bc8c378632cd196cb3fa058a7114eb03054c9" },
- },
{ { "7cf27b188d034f7e8a52380304b51ac3c08969e277f21b35a60b48fc47669978",
"7775510db8ed040293d9ac69f7430dbba7dade63ce982299e04b79d227873d1" },
{ "5ecbe4d1a6330a44c8f7ef951d4bf165e6c6b721efada985fb41661bc6e7fd6c",
Only in nettle-2.7.1/testsuite: testutils.c~

590
nettle-2.7.1-tmpalloc.patch
View File

@ -1,590 +0,0 @@
diff --git a/Makefile.in b/Makefile.in
index 3b0e1cb..ebef2c4 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -176,7 +176,7 @@ DISTFILES = $(SOURCES) $(HEADERS) getopt.h .bootstrap run-tests \
cast128_sboxes.h desinfo.h desCode.h \
nettle-internal.h nettle-write.h prime-list.h \
gmp-glue.h ecc-internal.h \
- mini-gmp.h mini-gmp.c asm.m4 \
+ mini-gmp.h mini-gmp.c asm.m4 bignum-internal.h \
nettle.texinfo nettle.info nettle.html nettle.pdf sha-example.c
# Rules building static libraries
diff --git a/bignum-internal.h b/bignum-internal.h
new file mode 100644
index 0000000..26a7cdb
--- /dev/null
+++ b/bignum-internal.h
@@ -0,0 +1,36 @@
+/* bignum-internal.h
+ *
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Red Hat
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#ifndef BIGNUM_INTERNAL_H
+# define BIGNUM_INTERNAL_H
+
+#include <gmp-glue.h>
+
+#define TMP_GMP_DECL(name, type) type *name; \
+ unsigned tmp_##name##_size
+#define TMP_GMP_ALLOC(name, size) \
+ (name = gmp_alloc(&tmp_##name##_size, sizeof (*name) * (size)))
+#define TMP_GMP_FREE(name) (gmp_free(name, tmp_##name##_size))
+
+#endif
diff --git a/bignum-next-prime.c b/bignum-next-prime.c
index 58a4df8..bc89399 100644
--- a/bignum-next-prime.c
+++ b/bignum-next-prime.c
@@ -31,6 +31,7 @@
#include <stdlib.h>
#include "bignum.h"
+#include "bignum-internal.h"
#include "nettle-internal.h"
@@ -77,9 +78,8 @@ nettle_next_prime(mpz_t p, mpz_t n, unsigned count, unsigned prime_limit,
void *progress_ctx, nettle_progress_func *progress)
{
mpz_t tmp;
- TMP_DECL(moduli, unsigned, NUMBER_OF_PRIMES);
-
unsigned difference;
+ TMP_GMP_DECL(moduli, unsigned);
if (prime_limit > NUMBER_OF_PRIMES)
prime_limit = NUMBER_OF_PRIMES;
@@ -112,7 +112,8 @@ nettle_next_prime(mpz_t p, mpz_t n, unsigned count, unsigned prime_limit,
between the 5760 odd numbers in this interval that have no factor
in common with 15015.
*/
- TMP_ALLOC(moduli, prime_limit);
+ TMP_GMP_ALLOC(moduli, prime_limit);
+
{
unsigned i;
for (i = 0; i < prime_limit; i++)
@@ -159,4 +160,5 @@ nettle_next_prime(mpz_t p, mpz_t n, unsigned count, unsigned prime_limit,
#endif
}
mpz_clear(tmp);
+ TMP_GMP_FREE(moduli);
}
diff --git a/bignum-random.c b/bignum-random.c
index f305f04..07ae1ba 100644
--- a/bignum-random.c
+++ b/bignum-random.c
@@ -30,6 +30,7 @@
#include <stdlib.h>
#include "bignum.h"
+#include "bignum-internal.h"
#include "nettle-internal.h"
void
@@ -38,15 +39,17 @@ nettle_mpz_random_size(mpz_t x,
unsigned bits)
{
unsigned length = (bits + 7) / 8;
- TMP_DECL(data, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
- TMP_ALLOC(data, length);
+ TMP_GMP_DECL(data, uint8_t);
- random(ctx, length, data);
+ TMP_GMP_ALLOC(data, length);
+ random(ctx, length, data);
nettle_mpz_set_str_256_u(x, length, data);
if (bits % 8)
mpz_fdiv_r_2exp(x, x, bits);
+
+ TMP_GMP_FREE(data);
}
/* Returns a random number x, 0 <= x < n */
diff --git a/gmp-glue.c b/gmp-glue.c
index a2633a5..991e793 100644
--- a/gmp-glue.c
+++ b/gmp-glue.c
@@ -239,3 +239,24 @@ gmp_free_limbs (mp_limb_t *p, mp_size_t n)
free_func (p, (size_t) n * sizeof(mp_limb_t));
}
+
+void* gmp_alloc(unsigned* out_n, size_t n)
+{
+ void *(*alloc_func)(size_t);
+ assert (n > 0);
+
+ mp_get_memory_functions(&alloc_func, NULL, NULL);
+
+ *out_n = n;
+ return alloc_func (n);
+}
+
+void gmp_free(void* p, size_t n)
+{
+ void (*free_func)(void *, size_t);
+ assert (n > 0);
+ assert (p != 0);
+ mp_get_memory_functions (NULL, NULL, &free_func);
+
+ free_func (p, (size_t) n);
+}
diff --git a/gmp-glue.h b/gmp-glue.h
index 269667f..ff936a1 100644
--- a/gmp-glue.h
+++ b/gmp-glue.h
@@ -65,6 +65,8 @@
#define mpn_set_base256 _nettle_mpn_set_base256
#define gmp_alloc_limbs _nettle_gmp_alloc_limbs
#define gmp_free_limbs _nettle_gmp_free_limbs
+#define gmp_free _nettle_gmp_free
+#define gmp_alloc _nettle_gmp_alloc
/* Use only in-place operations, so we can fall back to addmul_1/submul_1 */
#ifdef mpn_cnd_add_n
@@ -155,5 +157,7 @@ gmp_alloc_limbs (mp_size_t n);
void
gmp_free_limbs (mp_limb_t *p, mp_size_t n);
+void* gmp_alloc(unsigned* out_n, size_t n);
+void gmp_free(void* p, size_t n);
#endif /* NETTLE_GMP_GLUE_H_INCLUDED */
diff --git a/pkcs1-decrypt.c b/pkcs1-decrypt.c
index 754fd51..89b4dcf 100644
--- a/pkcs1-decrypt.c
+++ b/pkcs1-decrypt.c
@@ -31,6 +31,7 @@
#include "pkcs1.h"
#include "bignum.h"
+#include "bignum-internal.h"
#include "nettle-internal.h"
int
@@ -38,35 +39,50 @@ pkcs1_decrypt (unsigned key_size,
const mpz_t m,
unsigned *length, uint8_t *message)
{
- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
+ TMP_GMP_DECL(em, uint8_t);
uint8_t *terminator;
- unsigned padding;
- unsigned message_length;
-
- TMP_ALLOC(em, key_size);
+ size_t padding;
+ size_t message_length;
+ int ret;
+
+ TMP_GMP_ALLOC(em, key_size);
nettle_mpz_get_str_256(key_size, em, m);
-
+
/* Check format */
if (em[0] || em[1] != 2)
- return 0;
-
+ {
+ ret = 0;
+ goto cleanup;
+ }
+
terminator = memchr(em + 2, 0, key_size - 2);
-
+
if (!terminator)
- return 0;
+ {
+ ret = 0;
+ goto cleanup;
+ }
padding = terminator - (em + 2);
if (padding < 8)
- return 0;
-
+ {
+ ret = 0;
+ goto cleanup;
+ }
+
message_length = key_size - 3 - padding;
-
+
if (*length < message_length)
- return 0;
+ {
+ ret = 0;
+ goto cleanup;
+ }
memcpy(message, terminator + 1, message_length);
*length = message_length;
-
- return 1;
+
+ ret = 1;
+cleanup:
+ TMP_GMP_FREE(em);
+ return ret;
}
-
diff --git a/pkcs1-encrypt.c b/pkcs1-encrypt.c
index cde19bc..5246455 100644
--- a/pkcs1-encrypt.c
+++ b/pkcs1-encrypt.c
@@ -34,6 +34,7 @@
#include "pkcs1.h"
#include "bignum.h"
+#include "bignum-internal.h"
#include "nettle-internal.h"
int
@@ -43,7 +44,7 @@ pkcs1_encrypt (unsigned key_size,
unsigned length, const uint8_t *message,
mpz_t m)
{
- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
+ TMP_GMP_DECL(em, uint8_t);
unsigned padding;
unsigned i;
@@ -63,7 +64,7 @@ pkcs1_encrypt (unsigned key_size,
padding = key_size - length - 3;
assert(padding >= 8);
- TMP_ALLOC(em, key_size - 1);
+ TMP_GMP_ALLOC(em, key_size - 1);
em[0] = 2;
random(random_ctx, padding, em + 1);
@@ -77,5 +78,7 @@ pkcs1_encrypt (unsigned key_size,
memcpy(em + padding + 2, message, length);
nettle_mpz_set_str_256_u(m, key_size - 1, em);
+
+ TMP_GMP_FREE(em);
return 1;
}
diff --git a/pkcs1-rsa-digest.c b/pkcs1-rsa-digest.c
index e4a6c52..3379b8f 100644
--- a/pkcs1-rsa-digest.c
+++ b/pkcs1-rsa-digest.c
@@ -29,21 +29,27 @@
#include "pkcs1.h"
#include "bignum.h"
+#include "bignum-internal.h"
#include "nettle-internal.h"
int
pkcs1_rsa_digest_encode(mpz_t m, unsigned key_size,
unsigned di_length, const uint8_t *digest_info)
{
- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
- TMP_ALLOC(em, key_size);
+ TMP_GMP_DECL(em, uint8_t);
+
+ TMP_GMP_ALLOC(em, key_size);
if (_pkcs1_signature_prefix(key_size, em,
di_length, digest_info, 0))
{
nettle_mpz_set_str_256_u(m, key_size, em);
+ TMP_GMP_FREE(em);
return 1;
}
else
- return 0;
+ {
+ TMP_GMP_FREE(em);
+ return 0;
+ }
}
diff --git a/pkcs1-rsa-md5.c b/pkcs1-rsa-md5.c
index 00514fc..e5edaf3 100644
--- a/pkcs1-rsa-md5.c
+++ b/pkcs1-rsa-md5.c
@@ -34,6 +34,7 @@
#include "rsa.h"
#include "bignum.h"
+#include "bignum-internal.h"
#include "pkcs1.h"
#include "nettle-internal.h"
@@ -65,8 +66,9 @@ int
pkcs1_rsa_md5_encode(mpz_t m, unsigned key_size, struct md5_ctx *hash)
{
uint8_t *p;
- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
- TMP_ALLOC(em, key_size);
+ TMP_GMP_DECL(em, uint8_t);
+
+ TMP_GMP_ALLOC(em, key_size);
p = _pkcs1_signature_prefix(key_size, em,
sizeof(md5_prefix),
@@ -76,18 +78,23 @@ pkcs1_rsa_md5_encode(mpz_t m, unsigned key_size, struct md5_ctx *hash)
{
md5_digest(hash, MD5_DIGEST_SIZE, p);
nettle_mpz_set_str_256_u(m, key_size, em);
+ TMP_GMP_FREE(em);
return 1;
}
else
- return 0;
+ {
+ TMP_GMP_FREE(em);
+ return 0;
+ }
}
int
pkcs1_rsa_md5_encode_digest(mpz_t m, unsigned key_size, const uint8_t *digest)
{
uint8_t *p;
- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
- TMP_ALLOC(em, key_size);
+ TMP_GMP_DECL(em, uint8_t);
+
+ TMP_GMP_ALLOC(em, key_size);
p = _pkcs1_signature_prefix(key_size, em,
sizeof(md5_prefix),
@@ -97,8 +104,12 @@ pkcs1_rsa_md5_encode_digest(mpz_t m, unsigned key_size, const uint8_t *digest)
{
memcpy(p, digest, MD5_DIGEST_SIZE);
nettle_mpz_set_str_256_u(m, key_size, em);
+ TMP_GMP_FREE(em);
return 1;
}
else
- return 0;
+ {
+ TMP_GMP_FREE(em);
+ return 0;
+ }
}
diff --git a/pkcs1-rsa-sha1.c b/pkcs1-rsa-sha1.c
index 2951618..2a68121 100644
--- a/pkcs1-rsa-sha1.c
+++ b/pkcs1-rsa-sha1.c
@@ -34,6 +34,7 @@
#include "rsa.h"
#include "bignum.h"
+#include "bignum-internal.h"
#include "pkcs1.h"
#include "nettle-internal.h"
@@ -65,8 +66,9 @@ int
pkcs1_rsa_sha1_encode(mpz_t m, unsigned key_size, struct sha1_ctx *hash)
{
uint8_t *p;
- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
- TMP_ALLOC(em, key_size);
+ TMP_GMP_DECL(em, uint8_t);
+
+ TMP_GMP_ALLOC(em, key_size);
p = _pkcs1_signature_prefix(key_size, em,
sizeof(sha1_prefix),
@@ -76,18 +78,23 @@ pkcs1_rsa_sha1_encode(mpz_t m, unsigned key_size, struct sha1_ctx *hash)
{
sha1_digest(hash, SHA1_DIGEST_SIZE, p);
nettle_mpz_set_str_256_u(m, key_size, em);
+ TMP_GMP_FREE(em);
return 1;
}
else
- return 0;
+ {
+ TMP_GMP_FREE(em);
+ return 0;
+ }
}
int
pkcs1_rsa_sha1_encode_digest(mpz_t m, unsigned key_size, const uint8_t *digest)
{
uint8_t *p;
- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
- TMP_ALLOC(em, key_size);
+ TMP_GMP_DECL(em, uint8_t);
+
+ TMP_GMP_ALLOC(em, key_size);
p = _pkcs1_signature_prefix(key_size, em,
sizeof(sha1_prefix),
@@ -97,8 +104,12 @@ pkcs1_rsa_sha1_encode_digest(mpz_t m, unsigned key_size, const uint8_t *digest)
{
memcpy(p, digest, SHA1_DIGEST_SIZE);
nettle_mpz_set_str_256_u(m, key_size, em);
+ TMP_GMP_FREE(em);
return 1;
}
else
- return 0;
+ {
+ TMP_GMP_FREE(em);
+ return 0;
+ }
}
diff --git a/pkcs1-rsa-sha256.c b/pkcs1-rsa-sha256.c
index cb07375..3aaabe1 100644
--- a/pkcs1-rsa-sha256.c
+++ b/pkcs1-rsa-sha256.c
@@ -34,6 +34,7 @@
#include "rsa.h"
#include "bignum.h"
+#include "bignum-internal.h"
#include "pkcs1.h"
#include "nettle-internal.h"
@@ -63,8 +64,9 @@ int
pkcs1_rsa_sha256_encode(mpz_t m, unsigned key_size, struct sha256_ctx *hash)
{
uint8_t *p;
- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
- TMP_ALLOC(em, key_size);
+ TMP_GMP_DECL(em, uint8_t);
+
+ TMP_GMP_ALLOC(em, key_size);
p = _pkcs1_signature_prefix(key_size, em,
sizeof(sha256_prefix),
@@ -74,18 +76,23 @@ pkcs1_rsa_sha256_encode(mpz_t m, unsigned key_size, struct sha256_ctx *hash)
{
sha256_digest(hash, SHA256_DIGEST_SIZE, p);
nettle_mpz_set_str_256_u(m, key_size, em);
+ TMP_GMP_FREE(em);
return 1;
}
else
- return 0;
+ {
+ TMP_GMP_FREE(em);
+ return 0;
+ }
}
int
pkcs1_rsa_sha256_encode_digest(mpz_t m, unsigned key_size, const uint8_t *digest)
{
uint8_t *p;
- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
- TMP_ALLOC(em, key_size);
+ TMP_GMP_DECL(em, uint8_t);
+
+ TMP_GMP_ALLOC(em, key_size);
p = _pkcs1_signature_prefix(key_size, em,
sizeof(sha256_prefix),
@@ -95,8 +102,12 @@ pkcs1_rsa_sha256_encode_digest(mpz_t m, unsigned key_size, const uint8_t *digest
{
memcpy(p, digest, SHA256_DIGEST_SIZE);
nettle_mpz_set_str_256_u(m, key_size, em);
+ TMP_GMP_FREE(em);
return 1;
}
else
- return 0;
+ {
+ TMP_GMP_FREE(em);
+ return 0;
+ }
}
diff --git a/pkcs1-rsa-sha512.c b/pkcs1-rsa-sha512.c
index 3afd790..bd3d277 100644
--- a/pkcs1-rsa-sha512.c
+++ b/pkcs1-rsa-sha512.c
@@ -34,6 +34,7 @@
#include "rsa.h"
#include "bignum.h"
+#include "bignum-internal.h"
#include "pkcs1.h"
#include "nettle-internal.h"
@@ -63,8 +64,9 @@ int
pkcs1_rsa_sha512_encode(mpz_t m, unsigned key_size, struct sha512_ctx *hash)
{
uint8_t *p;
- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
- TMP_ALLOC(em, key_size);
+ TMP_GMP_DECL(em, uint8_t);
+
+ TMP_GMP_ALLOC(em, key_size);
p = _pkcs1_signature_prefix(key_size, em,
sizeof(sha512_prefix),
@@ -74,18 +76,23 @@ pkcs1_rsa_sha512_encode(mpz_t m, unsigned key_size, struct sha512_ctx *hash)
{
sha512_digest(hash, SHA512_DIGEST_SIZE, p);
nettle_mpz_set_str_256_u(m, key_size, em);
+ TMP_GMP_FREE(em);
return 1;
}
else
- return 0;
+ {
+ TMP_GMP_FREE(em);
+ return 0;
+ }
}
int
pkcs1_rsa_sha512_encode_digest(mpz_t m, unsigned key_size, const uint8_t *digest)
{
uint8_t *p;
- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
- TMP_ALLOC(em, key_size);
+ TMP_GMP_DECL(em, uint8_t);
+
+ TMP_GMP_ALLOC(em, key_size);
p = _pkcs1_signature_prefix(key_size, em,
sizeof(sha512_prefix),
@@ -95,8 +102,12 @@ pkcs1_rsa_sha512_encode_digest(mpz_t m, unsigned key_size, const uint8_t *digest
{
memcpy(p, digest, SHA512_DIGEST_SIZE);
nettle_mpz_set_str_256_u(m, key_size, em);
+ TMP_GMP_FREE(em);
return 1;
}
else
- return 0;
+ {
+ TMP_GMP_FREE(em);
+ return 0;
+ }
}

180
nettle-3.1.1-remove-ecc-testsuite.patch Normal file
View File

@ -0,0 +1,180 @@
diff --git a/examples/ecc-benchmark.c b/examples/ecc-benchmark.c
index 15df4c7..18eaae7 100644
--- a/examples/ecc-benchmark.c
+++ b/examples/ecc-benchmark.c
@@ -341,8 +341,6 @@ bench_curve (const struct ecc_curve *ecc)
}
const struct ecc_curve * const curves[] = {
- &nettle_secp_192r1,
- &nettle_secp_224r1,
&_nettle_curve25519,
&nettle_secp_256r1,
&nettle_secp_384r1,
diff --git a/examples/hogweed-benchmark.c b/examples/hogweed-benchmark.c
index 444d7aa..24c023e 100644
--- a/examples/hogweed-benchmark.c
+++ b/examples/hogweed-benchmark.c
@@ -394,23 +394,6 @@ bench_ecdsa_init (unsigned size)
switch (size)
{
- case 192:
- ecc = &nettle_secp_192r1;
- xs = "8e8e07360350fb6b7ad8370cfd32fa8c6bba785e6e200599";
- ys = "7f82ddb58a43d59ff8dc66053002b918b99bd01bd68d6736";
- zs = "f2e620e086d658b4b507996988480917640e4dc107808bdd";
- ctx->digest = hash_string (&nettle_sha1, 3, "abc");
- ctx->digest_size = 20;
- break;
- case 224:
- ecc = &nettle_secp_224r1;
- xs = "993bf363f4f2bc0f255f22563980449164e9c894d9efd088d7b77334";
- ys = "b75fff9849997d02d135140e4d0030944589586e22df1fc4b629082a";
- zs = "cdfd01838247f5de3cc70b688418046f10a2bfaca6de9ec836d48c27";
- ctx->digest = hash_string (&nettle_sha224, 3, "abc");
- ctx->digest_size = 28;
- break;
-
/* From RFC 4754 */
case 256:
ecc = &nettle_secp_256r1;
@@ -582,16 +565,6 @@ bench_openssl_ecdsa_init (unsigned size)
switch (size)
{
- case 192:
- ctx->key = EC_KEY_new_by_curve_name (NID_X9_62_prime192v1);
- ctx->digest_length = 24; /* truncated */
- ctx->digest = hash_string (&nettle_sha224, 3, "abc");
- break;
- case 224:
- ctx->key = EC_KEY_new_by_curve_name (NID_secp224r1);
- ctx->digest_length = SHA224_DIGEST_SIZE;
- ctx->digest = hash_string (&nettle_sha224, 3, "abc");
- break;
case 256:
ctx->key = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1);
ctx->digest_length = SHA256_DIGEST_SIZE;
@@ -702,14 +675,10 @@ struct alg alg_list[] = {
#if 0
{ "dsa",2048, bench_dsa_init, bench_dsa_sign, bench_dsa_verify, bench_dsa_clear },
#endif
- { "ecdsa", 192, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },
- { "ecdsa", 224, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },
{ "ecdsa", 256, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },
{ "ecdsa", 384, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },
{ "ecdsa", 521, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },
#if WITH_OPENSSL
- { "ecdsa (openssl)", 192, bench_openssl_ecdsa_init, bench_openssl_ecdsa_sign, bench_openssl_ecdsa_verify, bench_openssl_ecdsa_clear },
- { "ecdsa (openssl)", 224, bench_openssl_ecdsa_init, bench_openssl_ecdsa_sign, bench_openssl_ecdsa_verify, bench_openssl_ecdsa_clear },
{ "ecdsa (openssl)", 256, bench_openssl_ecdsa_init, bench_openssl_ecdsa_sign, bench_openssl_ecdsa_verify, bench_openssl_ecdsa_clear },
{ "ecdsa (openssl)", 384, bench_openssl_ecdsa_init, bench_openssl_ecdsa_sign, bench_openssl_ecdsa_verify, bench_openssl_ecdsa_clear },
{ "ecdsa (openssl)", 521, bench_openssl_ecdsa_init, bench_openssl_ecdsa_sign, bench_openssl_ecdsa_verify, bench_openssl_ecdsa_clear },
diff --git a/testsuite/ecdh-test.c b/testsuite/ecdh-test.c
index 5a2b39d..08870b1 100644
--- a/testsuite/ecdh-test.c
+++ b/testsuite/ecdh-test.c
@@ -138,26 +138,6 @@ test_dh (const char *name, const struct ecc_curve *ecc,
void
test_main(void)
{
- test_dh ("secp-192r1", &nettle_secp_192r1,
- "3406157206141798348095184987208239421004566462391397236532",
- "1050363442265225480786760666329560655512990381040021438562",
- "5298249600854377235107392014200406283816103564916230704184",
- "738368960171459956677260317271477822683777845013274506165",
- "2585840779771604687467445319428618542927556223024046979917",
- "293088185788565313717816218507714888251468410990708684573",
- "149293809021051532782730990145509724807636529827149481690",
- "2891131861147398318714693938158856874319184314120776776192");
-
- test_dh ("secp-224r1", &nettle_secp_224r1,
- "1321072106881784386340709783538698930880431939595776773514895067682",
- "6768311794185371282972144247871764855860666277647541840973645586477",
- "2880077809069104378181313860274147139049600284805670362929579614547",
- "13934723037778859565852601874354272638301919827851286722006496784914",
- "373124771833407982305885866158843810218322878380632071540538232035",
- "24223309755162432227459925493224336241652868856405241018762887667883",
- "8330362698029245839097779050425944245826040430538860338085968752913",
- "24167244512472228715617822000878192535267113543393576038737592837010");
-
test_dh ("secp-256r1", &nettle_secp_256r1,
"94731533361265297353914491124013058635674217345912524033267198103710636378786",
"22441589863306126152768848344973918725077248391248404659242620344938484650846",
diff --git a/testsuite/ecdsa-sign-test.c b/testsuite/ecdsa-sign-test.c
index 559de8e..1ca36c2 100644
--- a/testsuite/ecdsa-sign-test.c
+++ b/testsuite/ecdsa-sign-test.c
@@ -60,37 +60,6 @@ test_main (void)
{
/* Test cases for the smaller groups, verified with a
proof-of-concept implementation done for Yubico AB. */
- test_ecdsa (&nettle_secp_192r1,
- "DC51D3866A15BACDE33D96F992FCA99D"
- "A7E6EF0934E70975", /* z */
-
- "9E56F509196784D963D1C0A401510EE7"
- "ADA3DCC5DEE04B15", /* k */
-
- SHEX("BA7816BF8F01CFEA414140DE5DAE2223"
- "B00361A396177A9C"), /* h */
-
- "8c478db6a5c131540cebc739f9c0a9a8"
- "c720c2abdd14a891", /* r */
-
- "a91fb738f9f175d72f9c98527e881c36"
- "8de68cb55ffe589"); /* s */
-
- test_ecdsa (&nettle_secp_224r1,
- "446df0a771ed58403ca9cb316e617f6b"
- "158420465d00a69601e22858", /* z */
-
- "4c13f1905ad7eb201178bc08e0c9267b"
- "4751c15d5e1831ca214c33f4", /* z */
-
- SHEX("1b28a611fe62ab3649350525d06703ba"
- "4b979a1e543566fd5caa85c6"), /* h */
-
- "2cc280778f3d067df6d3adbe3a6aad63"
- "bc75f08f5c5f915411902a99", /* r */
-
- "d0f069fd0f108eb07b7bbc54c8d6c88d"
- "f2715c38a95c31a2b486995f"); /* s */
/* From RFC 4754 */
test_ecdsa (&nettle_secp_256r1,
diff --git a/testsuite/testutils.c b/testsuite/testutils.c
index 1ef04c9..b96a2fc 100644
--- a/testsuite/testutils.c
+++ b/testsuite/testutils.c
@@ -1224,8 +1224,6 @@ test_dsa_key(const struct dsa_params *params,
}
const struct ecc_curve * const ecc_curves[] = {
- &nettle_secp_192r1,
- &nettle_secp_224r1,
&nettle_secp_256r1,
&nettle_secp_384r1,
&nettle_secp_521r1,
@@ -1282,20 +1280,6 @@ test_ecc_mul_a (unsigned curve, unsigned n, const mp_limb_t *p)
{
/* For each curve, the points 2 g, 3 g and 4 g */
static const struct ecc_ref_point ref[6][3] = {
- { { "dafebf5828783f2ad35534631588a3f629a70fb16982a888",
- "dd6bda0d993da0fa46b27bbc141b868f59331afa5c7e93ab" },
- { "76e32a2557599e6edcd283201fb2b9aadfd0d359cbb263da",
- "782c37e372ba4520aa62e0fed121d49ef3b543660cfd05fd" },
- { "35433907297cc378b0015703374729d7a4fe46647084e4ba",
- "a2649984f2135c301ea3acb0776cd4f125389b311db3be32" }
- },
- { { "706a46dc76dcb76798e60e6d89474788d16dc18032d268fd1a704fa6",
- "1c2b76a7bc25e7702a704fa986892849fca629487acf3709d2e4e8bb" },
- { "df1b1d66a551d0d31eff822558b9d2cc75c2180279fe0d08fd896d04",
- "a3f7f03cadd0be444c0aa56830130ddf77d317344e1af3591981a925" },
- { "ae99feebb5d26945b54892092a8aee02912930fa41cd114e40447301",
- "482580a0ec5bc47e88bc8c378632cd196cb3fa058a7114eb03054c9" },
- },
{ { "7cf27b188d034f7e8a52380304b51ac3c08969e277f21b35a60b48fc47669978",
"7775510db8ed040293d9ac69f7430dbba7dade63ce982299e04b79d227873d1" },
{ "5ecbe4d1a6330a44c8f7ef951d4bf165e6c6b721efada985fb41661bc6e7fd6c",

32
nettle.spec
View File

@ -1,15 +1,14 @@
Name: nettle
Version: 2.7.1
Release: 6%{?dist}
Version: 3.1.1
Release: 1%{?dist}
Summary: A low-level cryptographic library
Group: Development/Libraries
License: LGPLv2+
License: LGPLv3+ or GPLv2+
URL: http://www.lysator.liu.se/~nisse/nettle/
Source0: %{name}-%{version}-hobbled.tar.gz
#Source0: http://www.lysator.liu.se/~nisse/archive/%{name}-%{version}.tar.gz
Patch0: nettle-2.7.1-remove-ecc-testsuite.patch
Patch1: nettle-2.7.1-tmpalloc.patch
Patch0: nettle-3.1.1-remove-ecc-testsuite.patch
BuildRequires: gmp-devel m4 texinfo-tex texlive-dvips ghostscript
@ -44,7 +43,6 @@ sed s/ggdb3/g/ -i configure
sed 's/ecc-192.c//g' -i Makefile.in
sed 's/ecc-224.c//g' -i Makefile.in
%patch0 -p1
%patch1 -p1 -b .tmpalloc
%build
%configure --enable-shared
@ -58,26 +56,29 @@ mkdir -p $RPM_BUILD_ROOT%{_infodir}
install -p -m 644 nettle.info $RPM_BUILD_ROOT%{_infodir}/
rm -f $RPM_BUILD_ROOT%{_libdir}/*.a
rm -f $RPM_BUILD_ROOT%{_infodir}/dir
chmod 0755 $RPM_BUILD_ROOT%{_libdir}/libnettle.so.4.*
chmod 0755 $RPM_BUILD_ROOT%{_libdir}/libhogweed.so.2.*
chmod 0755 $RPM_BUILD_ROOT%{_libdir}/libnettle.so.6.*
chmod 0755 $RPM_BUILD_ROOT%{_libdir}/libhogweed.so.4.*
%check
make check
%files
%doc AUTHORS ChangeLog COPYING.LIB NEWS README TODO
%doc AUTHORS ChangeLog NEWS README TODO
%license COPYINGv2 COPYING.LESSERv3
%{_infodir}/nettle.info.gz
%{_bindir}/nettle-lfib-stream
%{_bindir}/pkcs1-conv
%{_bindir}/sexp-conv
%{_bindir}/nettle-hash
%{_libdir}/libnettle.so.4
%{_libdir}/libnettle.so.4.*
%{_libdir}/libhogweed.so.2
%{_libdir}/libhogweed.so.2.*
%{_bindir}/nettle-pbkdf2
%{_libdir}/libnettle.so.6
%{_libdir}/libnettle.so.6.*
%{_libdir}/libhogweed.so.4
%{_libdir}/libhogweed.so.4.*
%files devel
%doc descore.README nettle.html nettle.pdf COPYING.LIB
%doc descore.README nettle.html nettle.pdf
%license COPYINGv2 COPYING.LESSERv3
%{_includedir}/nettle
%{_libdir}/libnettle.so
%{_libdir}/libhogweed.so
@ -98,6 +99,9 @@ fi
%changelog
* Thu Apr 30 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.1.1-1
- Updated to nettle 3.1.1
* Sat Feb 21 2015 Till Maas <opensource@till.name> - 2.7.1-6
- Rebuilt for Fedora 23 Change
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code

2
sources
View File

@ -1 +1 @@
62f7101fb4337ac29b5954a647222823 nettle-2.7.1-hobbled.tar.gz
7d1d1e4844bdc196ba34db6b8bb6549a nettle-3.1.1-hobbled.tar.gz