GitLab

Dmitry Baryshkov authored Apr 14, 2020 and Niels Möller committed Apr 15, 2020

Make low-level poly1305 functions that were marked as "internal" in
public header file really internal. Change their prefix from nettle to
_nettle.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

* testsuite/Makefile.in (check): Pass only TEST_SHLIB_DIR
to the run-tests script, and leave setting of LD_LIBRARY_PATH and
related variables to that script.
* examples/Makefile.in (check): Likewise.

* run-tests: Check TEST_SHLIB_DIR, and set up LD_LIBRARY_PATH and
related member variables.

* config.make.in (abs_top_builddir, TEST_SHLIB_DIR): New variables.

* configure.ac: Bump package version to 3.6.
(LIBNETTLE_MINOR): Bump minor number, now 7.1.
(LIBHOGWEED_MINOR): Bump minor numbers, now 5.1

H.J. Lu authored Mar 16, 2020 and Niels Möller committed Mar 22, 2020

On Linux/x86, when CET is enabled, all indirect branch targets must
start with ENDBR instruction.  Add x86-ibt-test.c to verify that missing
ENDBR instruction at indirect branch target will trigger SIGSEGV on CET
platforms.

H.J. Lu authored Feb 28, 2020 and Niels Möller committed Mar 14, 2020

Intel Control-flow Enforcement Technology (CET):

https://software.intel.com/en-us/articles/intel-sdm



contains shadow stack (SHSTK) and indirect branch tracking (IBT).  When
CET is enabled, ELF object files must be marked with .note.gnu.property
section.  Also when IBT is enabled, all indirect branch targets must
start with ENDBR instruction.

This patch adds ASM_X86_ENDBR and the x86 CET marker to config.m4.in when
CET is enabled.  It updates PROLOGUE with ASM_X86_ENDBR.

Tested on CET machine with i686 and x86-64.
Signed-off-by: H.J. Lu <hjl.tools@gmail.com>

Michael Weiser authored Mar 05, 2020 and Niels Möller committed Mar 12, 2020

ARM assembly adjustments for big-endian systems contained armv6+-only
instructions (rev) in generic arm memxor code. Replace those with an
actual conversion of the leftover byte store routines for big-endian
systems. This also provides a slight optimisation by removing the
additional instruction as well as increased symmetry between little- and
big-endian implementations.
Signed-off-by: Michael Weiser <michael.weiser@gmx.de>

Daiki Ueno authored Mar 09, 2020 and Niels Möller committed Mar 09, 2020

While the documentation said the nonce size is 8 octets, the
implementation actually assumed 12 octets following RFC 7539.
Signed-off-by: Daiki Ueno <dueno@redhat.com>

Daiki Ueno authored Mar 09, 2020 and Niels Möller committed Mar 09, 2020

The ChaCha-Poly1305 implementation previously used the chacha_crypt
function that assumes the block counter is 64-bit long, while RFC 8439
defines that the counter is 32-bit long.  Although this should be fine
as long as up to 256 gigabytes of data is encrypted with the same key,
it would be nice to use a separate functions (chacha_set_counter32 and
chacha_crypt32) that assume the counter is 32-bit long.
Signed-off-by: Daiki Ueno <dueno@redhat.com>

Daiki Ueno authored Mar 09, 2020 and Niels Möller committed Mar 09, 2020

The ChaCha20 based header protection algorithm in QUIC requires a way
to set the initial value of counter:
https://quicwg.org/base-drafts/draft-ietf-quic-tls.html#name-chacha20-based-header-prote



This will add a new function chacha_set_counter, which takes an
8-octet initial value of the block counter.
Signed-off-by: Daiki Ueno <dueno@redhat.com>

Dmitry Baryshkov authored Feb 09, 2020 and Niels Möller committed Mar 08, 2020

Move cmac-des3 meta information from testsuite/cmac-test.c to main
Nettle library.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Dmitry Baryshkov authored Feb 10, 2020 and Niels Möller committed Feb 15, 2020

To make ecc functions usage more obvious remove ecc_modp_foo() and
ecc_modq_foo() wrapper macros.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Based on patches by Daiki Ueno.

Based on patches by Daiki Ueno.

Based on patches by Daiki Ueno.
* testsuite/cmac-test.c (nettle_cmac_aes128, nettle_cmac_aes256):
Moved to...
* cmac-aes128-meta.c: New file.
* cmac-aes256-meta.c: New file.

Dmitry Baryshkov authored Feb 04, 2020 and Niels Möller committed Feb 06, 2020

gost28147_param instances were never a part of stable release, so move
them to internal header.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>