GitLab

This allows the same code to be reused in curve448 and Ed448.
Signed-off-by: Daiki Ueno <dueno@redhat.com>

* testsuite/ecc-dup-test.c (test_main): Reduce test duplication.
Use ecc->dup_itch.

* testsuite/ecc-add-test.c (test_main): Reduce test duplication.
Use ecc->add_hhh_itch.

This makes it possible to share the same code for curve25519 and
curve448 primitives, which use different underlying formulas for
addition and doubling.
Signed-off-by: Daiki Ueno <dueno@redhat.com>

* hkdf.c: Delete unneeded includes. Use Nettle licensing notice.
* hkdf.h: Include only nettle-types.h, not nettle-meta.h.

Signed-off-by: Daiki Ueno <dueno@redhat.com>

In curve448, the bit size of the order is slightly smaller than the
one of p's.  Adjust ecc_Bmodq_shifted accordingly.
Signed-off-by: Daiki Ueno <dueno@redhat.com>

Signed-off-by: Daiki Ueno <dueno@redhat.com>

If configure finds secure_getenv it wants to use it. However it fails to
find the prototype because it is a GNU extension.
Signed-off-by: Andreas Schneider <asn@samba.org>

* hkdf.c (hkdf_expand): Eliminate a (signed) ssize_t variable, use
break rather than return at loop termination.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

In version.h, GMP_NUMB_BITS is needed only for mini-gmp builds. In
non-mini-gmp builds, substitute a dummy value there, to make the
contents of this header file platform independent. In Makefile, we
always need a properly configured value, and do this with the renamed
variable NUMB_BITS.

The nettle-benchmark program currently uses the openssl low level
cipher APIs for benchmarking. This means it always runs the generic
software implementation, never able to take advantage of impls
optimized for new hardware (eg AES-NI).

Rewriting it to use the higher EVP APIs means we can use the same
code for all ciphers, and automatically trigger hardware optimized
versions, giving a fairer comparison against openssl as commonly
used in applications.

Use of the generic openssl impl can still be forced by setting an
env variable  OPENSSL_ia32cap="~0x200000200000000"
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

* ecc-add-eh.c (ecc_add_eh): Fix in-place operation by reordering
two multiplies. Previously, in-place operation resulted in an
invalid call to mpn_mul with overlapping operands. Reported by
Sergei Trofimovich.

* rsa-pss-sign-tr-test.c (test_main): Add test case
contributed by Daiki Ueno. Problem originally found by oss-fuzz,
see https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2132.
That problem report is currently embargoed, but will hopefully be
public in a month or two.

* pss.c (pss_verify_mgf1): Check for m being too large, fixing an
assertion failure for certain invalid signatures. Based on a patch
contributed by Daiki Ueno.

That is, regenerate when Makefile.in is modified.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>