GitLab

In version.h, GMP_NUMB_BITS is needed only for mini-gmp builds. In
non-mini-gmp builds, substitute a dummy value there, to make the
contents of this header file platform independent. In Makefile, we
always need a properly configured value, and do this with the renamed
variable NUMB_BITS.

The nettle-benchmark program currently uses the openssl low level
cipher APIs for benchmarking. This means it always runs the generic
software implementation, never able to take advantage of impls
optimized for new hardware (eg AES-NI).

Rewriting it to use the higher EVP APIs means we can use the same
code for all ciphers, and automatically trigger hardware optimized
versions, giving a fairer comparison against openssl as commonly
used in applications.

Use of the generic openssl impl can still be forced by setting an
env variable  OPENSSL_ia32cap="~0x200000200000000"
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

* ecc-add-eh.c (ecc_add_eh): Fix in-place operation by reordering
two multiplies. Previously, in-place operation resulted in an
invalid call to mpn_mul with overlapping operands. Reported by
Sergei Trofimovich.

* rsa-pss-sign-tr-test.c (test_main): Add test case
contributed by Daiki Ueno. Problem originally found by oss-fuzz,
see https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2132.
That problem report is currently embargoed, but will hopefully be
public in a month or two.

* pss.c (pss_verify_mgf1): Check for m being too large, fixing an
assertion failure for certain invalid signatures. Based on a patch
contributed by Daiki Ueno.

That is, regenerate when Makefile.in is modified.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

The former provides a much newer version.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

* testsuite/pss-test.c: Delete magic to let valgrind to check if
pss_encode_mgf1 is side-channel silent with respect to the salt
and digest inputs. It turns out that the most significant bits of
the padded bignum, and hence its size, depends on these inputs.
Which results in a data-dependent branch in the normalization code
of at the end of gmp's mpz_import.

Signed-off-by: Daiki Ueno <dueno@redhat.com>

Signed-off-by: Daiki Ueno <dueno@redhat.com>

* nettle-internal.h (NETTLE_MAX_HASH_CONTEXT_SIZE): New constant.
* testsuite/meta-hash-test.c (test_main): Add sanity check for
NETTLE_MAX_HASH_CONTEXT_SIZE.

* tools/nettle-hash.c (list_algorithms): Also display the internal
context size.

See: http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0204j/Cjagjjbc.html
The pre-UAL instruction is also accepted by modern assemblers.
Signed-off-by: Marcus Hoffmann <m.hoffmann@cartelsol.com>