Merge branch 'rename-data-symbols' into master-updates

442e0438 · Niels Möller · 51661cb3 · 8bf4747d · 442e0438 · 442e0438
Commit 442e0438 authored Mar 27, 2018 by Niels Möller
20 changed files
--- a/ChangeLog
+++ b/ChangeLog
@@ -13,6 +13,21 @@
 	* arm/v6/sha256-compress.asm: Likewise.
 	* arm/README: Document big-endian considerations.

+2018-03-17  Niels Möller  <nisse@lysator.liu.se>
+
+	Discourage direct access to data symbols with non-public size.
+	Direct references to these symbols may result in copy-relocations
+	like R_X86_64_COPY, which make the symbol size leak into the ABI.
+	* ecc-curve.h (_nettle_secp_192r1, _nettle_secp_224r1)
+	(_nettle_secp_256r1, _nettle_secp_384r1, _nettle_secp_521r1): Add
+	leading underscore on these data symbols.
+
+	* nettle-meta.h (_nettle_ciphers, _nettle_hashes, _nettle_aeads)
+	(_nettle_armors): Add leading underscore on these data symbols.
+	Update all internal use. Macros without leading underscore remain,
+	and expand to access via accessor functions nettle_get_ciphers and
+	similar.
+
 2018-03-10  Niels Möller  <nisse@lysator.liu.se>

 	* eccdata.c (ecc_table_size): New helper function.

--- a/ecc-192.c
+++ b/ecc-192.c
@@ -110,7 +110,7 @@ ecc_192_modp (const struct ecc_modulo *m UNUSED, mp_limb_t *rp)
 #define ecc_192_modp ecc_mod
 #endif

-const struct ecc_curve nettle_secp_192r1 =
+const struct ecc_curve _nettle_secp_192r1 =
 {
  {
    192,
@@ -174,5 +174,5 @@ const struct ecc_curve nettle_secp_192r1 =

 const struct ecc_curve *nettle_get_secp_192r1(void)
 {
-  return &nettle_secp_192r1;
+  return &_nettle_secp_192r1;
 }
--- a/ecc-224.c
+++ b/ecc-224.c
@@ -62,7 +62,7 @@ ecc_224_modp (const struct ecc_modulo *m, mp_limb_t *rp);
 # error Configuration error
 #endif

-const struct ecc_curve nettle_secp_224r1 =
+const struct ecc_curve _nettle_secp_224r1 =
 {
  {
    224,
@@ -126,5 +126,5 @@ const struct ecc_curve nettle_secp_224r1 =

 const struct ecc_curve *nettle_get_secp_224r1(void)
 {
-  return &nettle_secp_224r1;
+  return &_nettle_secp_224r1;
 }
--- a/ecc-256.c
+++ b/ecc-256.c
@@ -239,7 +239,7 @@ ecc_256_modq (const struct ecc_modulo *q, mp_limb_t *rp)
 #error Unsupported parameters
 #endif

-const struct ecc_curve nettle_secp_256r1 =
+const struct ecc_curve _nettle_secp_256r1 =
 {
  {
    256,
@@ -303,5 +303,5 @@ const struct ecc_curve nettle_secp_256r1 =

 const struct ecc_curve *nettle_get_secp_256r1(void)
 {
-  return &nettle_secp_256r1;
+  return &_nettle_secp_256r1;
 }
--- a/ecc-384.c
+++ b/ecc-384.c
@@ -147,7 +147,7 @@ ecc_384_modp (const struct ecc_modulo *p, mp_limb_t *rp)
 #define ecc_384_modp ecc_mod
 #endif
  
-const struct ecc_curve nettle_secp_384r1 =
+const struct ecc_curve _nettle_secp_384r1 =
 {
  {
    384,
@@ -211,5 +211,5 @@ const struct ecc_curve nettle_secp_384r1 =

 const struct ecc_curve *nettle_get_secp_384r1(void)
 {
-  return &nettle_secp_384r1;
+  return &_nettle_secp_384r1;
 }
--- a/ecc-521.c
+++ b/ecc-521.c
@@ -75,7 +75,7 @@ ecc_521_modp (const struct ecc_modulo *m UNUSED, mp_limb_t *rp)
 }
 #endif

-const struct ecc_curve nettle_secp_521r1 =
+const struct ecc_curve _nettle_secp_521r1 =
 {
  {
    521,
@@ -139,5 +139,5 @@ const struct ecc_curve nettle_secp_521r1 =

 const struct ecc_curve *nettle_get_secp_521r1(void)
 {
-  return &nettle_secp_521r1;
+  return &_nettle_secp_521r1;
 }
--- a/ecc-curve.h
+++ b/ecc-curve.h
@@ -41,14 +41,11 @@ extern "C" {
 /* The contents of this struct is internal. */
 struct ecc_curve;

-/* FIXME: Rename with leading underscore. Due to ABI subtleties,
-   applications should not refer to these directly, but use the below
-   accessor functions. */
-extern const struct ecc_curve nettle_secp_192r1;
-extern const struct ecc_curve nettle_secp_224r1;
-extern const struct ecc_curve nettle_secp_256r1;
-extern const struct ecc_curve nettle_secp_384r1;
-extern const struct ecc_curve nettle_secp_521r1;
+extern const struct ecc_curve _nettle_secp_192r1;
+extern const struct ecc_curve _nettle_secp_224r1;
+extern const struct ecc_curve _nettle_secp_256r1;
+extern const struct ecc_curve _nettle_secp_384r1;
+extern const struct ecc_curve _nettle_secp_521r1;

 #ifdef __GNUC__
 #define NETTLE_PURE __attribute__((pure))

--- a/examples/ecc-benchmark.c
+++ b/examples/ecc-benchmark.c
@@ -330,12 +330,12 @@ bench_curve (const struct ecc_curve *ecc)
 }

 const struct ecc_curve * const curves[] = {
-  &nettle_secp_192r1,
-  &nettle_secp_224r1,
+  &_nettle_secp_192r1,
+  &_nettle_secp_224r1,
  &_nettle_curve25519,
-  &nettle_secp_256r1,
-  &nettle_secp_384r1,
-  &nettle_secp_521r1,
+  &_nettle_secp_256r1,
+  &_nettle_secp_384r1,
+  &_nettle_secp_521r1,
 };

 #define numberof(x)  (sizeof (x) / sizeof ((x)[0]))

--- a/examples/hogweed-benchmark.c
+++ b/examples/hogweed-benchmark.c
@@ -394,7 +394,7 @@ bench_ecdsa_init (unsigned size)
  switch (size)
    {
    case 192:
-      ecc = &nettle_secp_192r1;
+      ecc = &_nettle_secp_192r1;
      xs = "8e8e07360350fb6b7ad8370cfd32fa8c6bba785e6e200599";
      ys = "7f82ddb58a43d59ff8dc66053002b918b99bd01bd68d6736";
      zs = "f2e620e086d658b4b507996988480917640e4dc107808bdd";
@@ -402,7 +402,7 @@ bench_ecdsa_init (unsigned size)
      ctx->digest_size = 20;
      break;
    case 224:
-      ecc = &nettle_secp_224r1;
+      ecc = &_nettle_secp_224r1;
      xs = "993bf363f4f2bc0f255f22563980449164e9c894d9efd088d7b77334";
      ys = "b75fff9849997d02d135140e4d0030944589586e22df1fc4b629082a";
      zs = "cdfd01838247f5de3cc70b688418046f10a2bfaca6de9ec836d48c27";
@@ -412,7 +412,7 @@ bench_ecdsa_init (unsigned size)

      /* From RFC 4754 */
    case 256:
-      ecc = &nettle_secp_256r1;
+      ecc = &_nettle_secp_256r1;
      xs = "2442A5CC 0ECD015F A3CA31DC 8E2BBC70 BF42D60C BCA20085 E0822CB0 4235E970";
      ys = "6FC98BD7 E50211A4 A27102FA 3549DF79 EBCB4BF2 46B80945 CDDFE7D5 09BBFD7D";
      zs = "DC51D386 6A15BACD E33D96F9 92FCA99D A7E6EF09 34E70975 59C27F16 14C88A7F";
@@ -420,7 +420,7 @@ bench_ecdsa_init (unsigned size)
      ctx->digest_size = 32;
      break;
    case 384:
-      ecc = &nettle_secp_384r1;
+      ecc = &_nettle_secp_384r1;
      xs = "96281BF8 DD5E0525 CA049C04 8D345D30 82968D10 FEDF5C5A CA0C64E6 465A97EA"
 	"5CE10C9D FEC21797 41571072 1F437922";
      ys = "447688BA 94708EB6 E2E4D59F 6AB6D7ED FF9301D2 49FE49C3 3096655F 5D502FAD"
@@ -431,7 +431,7 @@ bench_ecdsa_init (unsigned size)
      ctx->digest_size = 48;
      break;
    case 521:
-      ecc = &nettle_secp_521r1;
+      ecc = &_nettle_secp_521r1;
      xs = "0151518F 1AF0F563 517EDD54 85190DF9 5A4BF57B 5CBA4CF2 A9A3F647 4725A35F"
 	"7AFE0A6D DEB8BEDB CD6A197E 592D4018 8901CECD 650699C9 B5E456AE A5ADD190"
 	"52A8";

--- a/nettle-lookup-hash.c
+++ b/nettle-lookup-hash.c
@@ -38,14 +38,12 @@

 #include "nettle-meta.h"

-#undef nettle_hashes
-
 const struct nettle_hash *
 nettle_lookup_hash (const char *name)
 {
  unsigned i;
-  for (i = 0; nettle_hashes[i]; i++)
-    if (!strcmp (name, nettle_hashes[i]->name))
-      return nettle_hashes[i];
+  for (i = 0; _nettle_hashes[i]; i++)
+    if (!strcmp (name, _nettle_hashes[i]->name))
+      return _nettle_hashes[i];
  return NULL;
 }
--- a/nettle-meta-aeads.c
+++ b/nettle-meta-aeads.c
@@ -37,9 +37,7 @@

 #include "nettle-meta.h"

-#undef nettle_aeads
-
-const struct nettle_aead * const nettle_aeads[] = {
+const struct nettle_aead * const _nettle_aeads[] = {
  &nettle_gcm_aes128,
  &nettle_gcm_aes192,
  &nettle_gcm_aes256,
@@ -53,5 +51,5 @@ const struct nettle_aead * const nettle_aeads[] = {
 const struct nettle_aead * const *
 nettle_get_aeads (void)
 {
-  return nettle_aeads;
+  return _nettle_aeads;
 }
--- a/nettle-meta-armors.c
+++ b/nettle-meta-armors.c
@@ -36,9 +36,7 @@
 #include <stddef.h>
 #include "nettle-meta.h"

-#undef nettle_armors
-
-const struct nettle_armor * const nettle_armors[] = {
+const struct nettle_armor * const _nettle_armors[] = {
  &nettle_base64,
  &nettle_base64url,
  &nettle_base16,
@@ -48,5 +46,5 @@ const struct nettle_armor * const nettle_armors[] = {
 const struct nettle_armor * const *
 nettle_get_armors (void)
 {
-  return nettle_armors;
+  return _nettle_armors;
 }
--- a/nettle-meta-ciphers.c
+++ b/nettle-meta-ciphers.c
@@ -36,9 +36,7 @@
 #include <stddef.h>
 #include "nettle-meta.h"

-#undef nettle_ciphers
-
-const struct nettle_cipher * const nettle_ciphers[] = {
+const struct nettle_cipher * const _nettle_ciphers[] = {
  &nettle_aes128,
  &nettle_aes192,
  &nettle_aes256,
@@ -62,5 +60,5 @@ const struct nettle_cipher * const nettle_ciphers[] = {
 const struct nettle_cipher * const *
 nettle_get_ciphers (void)
 {
-  return nettle_ciphers;
+  return _nettle_ciphers;
 }
--- a/nettle-meta-hashes.c
+++ b/nettle-meta-hashes.c
@@ -37,9 +37,7 @@

 #include "nettle-meta.h"

-#undef nettle_hashes
-
-const struct nettle_hash * const nettle_hashes[] = {
+const struct nettle_hash * const _nettle_hashes[] = {
  &nettle_md2,
  &nettle_md4,
  &nettle_md5,
@@ -59,5 +57,5 @@ const struct nettle_hash * const nettle_hashes[] = {
 const struct nettle_hash * const *
 nettle_get_hashes (void)
 {
-  return nettle_hashes;
+  return _nettle_hashes;
 }
--- a/nettle-meta.h
+++ b/nettle-meta.h
@@ -60,11 +60,8 @@ struct nettle_cipher
  nettle_cipher_func *decrypt;
 };

-/* FIXME: Rename with leading underscore, but keep current name (and
-   size!) for now, for ABI compatibility with nettle-3.1, soname
-   libnettle.so.6. */
 /* null-terminated list of ciphers implemented by this version of nettle */
-extern const struct nettle_cipher * const nettle_ciphers[];
+extern const struct nettle_cipher * const _nettle_ciphers[];

 const struct nettle_cipher * const *
 #ifdef __GNUC__
@@ -125,11 +122,8 @@ struct nettle_hash
 (nettle_hash_digest_func *) name##_digest	\
 } 

-/* FIXME: Rename with leading underscore, but keep current name (and
-   size!) for now, for ABI compatibility with nettle-3.1, soname
-   libnettle.so.6. */
 /* null-terminated list of digests implemented by this version of nettle */
-extern const struct nettle_hash * const nettle_hashes[];
+extern const struct nettle_hash * const _nettle_hashes[];

 const struct nettle_hash * const *
 #ifdef __GNUC__
@@ -180,12 +174,9 @@ struct nettle_aead
  nettle_hash_digest_func *digest;
 };

-/* FIXME: Rename with leading underscore, but keep current name (and
-   size!) for now, for ABI compatibility with nettle-3.1, soname
-   libnettle.so.6. */
 /* null-terminated list of aead constructions implemented by this
   version of nettle */
-extern const struct nettle_aead * const nettle_aeads[];
+extern const struct nettle_aead * const _nettle_aeads[];

 const struct nettle_aead * const *
 #ifdef __GNUC__
@@ -252,11 +243,8 @@ struct nettle_armor
  (nettle_armor_decode_final_func *) name##_decode_final,	\
 }

-/* FIXME: Rename with leading underscore, but keep current name (and
-   size!) for now, for ABI compatibility with nettle-3.1, soname
-   libnettle.so.6. */
 /* null-terminated list of armor schemes implemented by this version of nettle */
-extern const struct nettle_armor * const nettle_armors[];
+extern const struct nettle_armor * const _nettle_armors[];

 const struct nettle_armor * const *
 #ifdef __GNUC__

--- a/testsuite/ecc-mod-test.c
+++ b/testsuite/ecc-mod-test.c
@@ -105,23 +105,23 @@ test_fixed (void)
  /* Triggered a bug reported by Hanno Böck. */
  mpz_set_str (r, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFF001C2C00", 16);
  mpz_mul_2exp (r, r, 256);
-  test_one ("p", &nettle_secp_256r1.p, r);
-  test_one ("q", &nettle_secp_256r1.q, r);
+  test_one ("p", &_nettle_secp_256r1.p, r);
+  test_one ("q", &_nettle_secp_256r1.q, r);

  mpz_set_str (r, "ffffffff00000001fffffffeffffffffffffffffffffffffffffffc0000000000007ffffffffffffffffffffffffffff00000000000000000fffffffffffffff", 16);
-  test_one ("p", &nettle_secp_256r1.p, r);
-  test_one ("q", &nettle_secp_256r1.q, r);
+  test_one ("p", &_nettle_secp_256r1.p, r);
+  test_one ("q", &_nettle_secp_256r1.q, r);

  /* Triggered a bug reported by Hanno Böck. */
  mpz_set_str (r, "4c9000000000000000000000000000000000000000000000004a604db486e000000000000000000000000000000000000000121025be29575adb2c8ffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 16);
-  test_one ("p", &nettle_secp_384r1.p, r);
-  test_one ("q", &nettle_secp_384r1.q, r);
+  test_one ("p", &_nettle_secp_384r1.p, r);
+  test_one ("q", &_nettle_secp_384r1.q, r);

  /* Triggered a carry bug in development version. */
  mpz_set_str (r, "e64a84643150260640e4677c19ffc4faef06042132b86af6e9ee33fe1850222e57a514d5f1d6d444008bb896a96a43d5629945e57548f5e12f66be132b24110cbb2df6d7d3dd3aaadc98b0bbf29573843ad72e57f59fc5d4f56cc599da18bb99", 16);

-  test_one ("p", &nettle_secp_384r1.p, r);
-  test_one ("q", &nettle_secp_384r1.q, r);
+  test_one ("p", &_nettle_secp_384r1.p, r);
+  test_one ("q", &_nettle_secp_384r1.q, r);

  mpz_clear (r);
 }

--- a/testsuite/ecdh-test.c
+++ b/testsuite/ecdh-test.c
@@ -138,7 +138,7 @@ test_dh (const char *name, const struct ecc_curve *ecc,
 void
 test_main(void)
 {
-  test_dh ("secp-192r1", &nettle_secp_192r1,
+  test_dh ("secp-192r1", &_nettle_secp_192r1,
 	   "3406157206141798348095184987208239421004566462391397236532",
 	   "1050363442265225480786760666329560655512990381040021438562",
 	   "5298249600854377235107392014200406283816103564916230704184",
@@ -148,7 +148,7 @@ test_main(void)
 	   "149293809021051532782730990145509724807636529827149481690",
 	   "2891131861147398318714693938158856874319184314120776776192");

-  test_dh ("secp-224r1", &nettle_secp_224r1,
+  test_dh ("secp-224r1", &_nettle_secp_224r1,
 	   "1321072106881784386340709783538698930880431939595776773514895067682",
 	   "6768311794185371282972144247871764855860666277647541840973645586477",
 	   "2880077809069104378181313860274147139049600284805670362929579614547",
@@ -158,7 +158,7 @@ test_main(void)
 	   "8330362698029245839097779050425944245826040430538860338085968752913",
 	   "24167244512472228715617822000878192535267113543393576038737592837010");	   

-  test_dh ("secp-256r1", &nettle_secp_256r1,
+  test_dh ("secp-256r1", &_nettle_secp_256r1,
 	   "94731533361265297353914491124013058635674217345912524033267198103710636378786",
 	   "22441589863306126152768848344973918725077248391248404659242620344938484650846",
 	   "8673475622926171928656873398933611700804732317466515884933832073457396747355",
@@ -168,7 +168,7 @@ test_main(void)
 	   "102958799567030688009123101477538973715497039396202015119148334812951370853564",
 	   "29188877854984806245046208182450375893010623119030341548941791125497546766367");

-  test_dh ("secp-384r1", &nettle_secp_384r1,
+  test_dh ("secp-384r1", &_nettle_secp_384r1,
 	   "39086550219018474560700767788227987514008150214902287969462741484831311917159729009715909108606822193356890811565070",
 	   "15536343869384820642787280162462493474000839389760580357050317691132784247078954166759523572989472049798969369413707",
 	   "23268351460749985365652822073294615614961429585671989812206213135127969284347174876010177880230302801199500921999966",
@@ -178,7 +178,7 @@ test_main(void)
 	   "27780263733159299625371532605243698753833039933618994121416145881861678645978369807598146716869504289033472077532789",
 	   "12327518461490664021199432424728005314646140038116972426756705356672414772151215711157356913456651047992140493843405");

-  test_dh ("secp-521r1", &nettle_secp_521r1,
+  test_dh ("secp-521r1", &_nettle_secp_521r1,
 	   "1177787298234877762125077260641419691552146813662613924864132680693789861345339466386194840381422980702458955378518702648732728796955434922249345867267377826",
 	   "3168153642368000846168628288850857848098131369578410603904155841373678828215434925507474033105518841999665785152501356092020415699294327720257651796364374116",
 	   "278603899104240796379373331240296114411332466119196525390128418935585486485808560319073463912513286987331907013829243645911963547435764718505394265715321106",

--- a/testsuite/ecdsa-sign-test.c
+++ b/testsuite/ecdsa-sign-test.c
@@ -60,7 +60,7 @@ test_main (void)
 {
  /* Test cases for the smaller groups, verified with a
     proof-of-concept implementation done for Yubico AB. */
-  test_ecdsa (&nettle_secp_192r1,
+  test_ecdsa (&_nettle_secp_192r1,
 	      "DC51D3866A15BACDE33D96F992FCA99D"
 	      "A7E6EF0934E70975", /* z */

@@ -76,7 +76,7 @@ test_main (void)
 	      "a91fb738f9f175d72f9c98527e881c36"
 	      "8de68cb55ffe589"); /* s */

-  test_ecdsa (&nettle_secp_224r1,
+  test_ecdsa (&_nettle_secp_224r1,
 	      "446df0a771ed58403ca9cb316e617f6b"
 	      "158420465d00a69601e22858",  /* z */

@@ -93,7 +93,7 @@ test_main (void)
 	      "f2715c38a95c31a2b486995f"); /* s */

  /* From RFC 4754 */
-  test_ecdsa (&nettle_secp_256r1,
+  test_ecdsa (&_nettle_secp_256r1,
 	      "DC51D386 6A15BACD E33D96F9 92FCA99D"
 	      "A7E6EF09 34E70975 59C27F16 14C88A7F",  /* z */

@@ -108,7 +108,7 @@ test_main (void)
 	      "86FA3BB4 E26CAD5B F90B7F81 899256CE"
 	      "7594BB1E A0C89212 748BFF3B 3D5B0315"); /* s */

-  test_ecdsa (&nettle_secp_384r1,
+  test_ecdsa (&_nettle_secp_384r1,
 	      "0BEB6466 34BA8773 5D77AE48 09A0EBEA"
 	      "865535DE 4C1E1DCB 692E8470 8E81A5AF"
 	      "62E528C3 8B2A81B3 5309668D 73524D9F",  /* z */
@@ -128,7 +128,7 @@ test_main (void)
 	      "09F417BC A112674C 528262A4 0A629AF1"
 	      "CBB9F516 CE0FA7D2 FF630863 A00E8B9F"); /* s*/

-  test_ecdsa (&nettle_secp_521r1,
+  test_ecdsa (&_nettle_secp_521r1,
 	      "0065FDA3 409451DC AB0A0EAD 45495112"
 	      "A3D813C1 7BFD34BD F8C1209D 7DF58491"
 	      "20597779 060A7FF9 D704ADF7 8B570FFA"

--- a/testsuite/ecdsa-verify-test.c
+++ b/testsuite/ecdsa-verify-test.c
@@ -82,7 +82,7 @@ void
 test_main (void)
 {
  /* From RFC 4754 */
-  test_ecdsa (&nettle_secp_256r1,
+  test_ecdsa (&_nettle_secp_256r1,
 	      "2442A5CC 0ECD015F A3CA31DC 8E2BBC70"
 	      "BF42D60C BCA20085 E0822CB0 4235E970",  /* x */

@@ -97,7 +97,7 @@ test_main (void)
 	      "86FA3BB4 E26CAD5B F90B7F81 899256CE"
 	      "7594BB1E A0C89212 748BFF3B 3D5B0315"); /* s */

-  test_ecdsa (&nettle_secp_384r1,
+  test_ecdsa (&_nettle_secp_384r1,
 	      "96281BF8 DD5E0525 CA049C04 8D345D30"
 	      "82968D10 FEDF5C5A CA0C64E6 465A97EA"
 	      "5CE10C9D FEC21797 41571072 1F437922",  /* x */
@@ -117,7 +117,7 @@ test_main (void)
 	      "09F417BC A112674C 528262A4 0A629AF1"
 	      "CBB9F516 CE0FA7D2 FF630863 A00E8B9F"); /* s*/

-  test_ecdsa (&nettle_secp_521r1,
+  test_ecdsa (&_nettle_secp_521r1,
 	      "0151518F 1AF0F563 517EDD54 85190DF9"
 	      "5A4BF57B 5CBA4CF2 A9A3F647 4725A35F"
 	      "7AFE0A6D DEB8BEDB CD6A197E 592D4018"

--- a/testsuite/testutils.c
+++ b/testsuite/testutils.c
@@ -1577,11 +1577,11 @@ test_dsa_key(const struct dsa_params *params,
 }

 const struct ecc_curve * const ecc_curves[] = {
-  &nettle_secp_192r1,
-  &nettle_secp_224r1,
-  &nettle_secp_256r1,
-  &nettle_secp_384r1,
-  &nettle_secp_521r1,
+  &_nettle_secp_192r1,
+  &_nettle_secp_224r1,
+  &_nettle_secp_256r1,
+  &_nettle_secp_384r1,
+  &_nettle_secp_521r1,
  &_nettle_curve25519,
  NULL
 };