Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • nettle/nettle
  • briansmith/nettle
  • ajlawrence/nettle
  • mhoffmann/nettle
  • devnexen/nettle
  • wiml/nettle
  • lumag/nettle
  • michaelweiser/nettle
  • aberaud/nettle
  • mamonet/nettle
  • npocs/nettle
  • babelouest/nettle
  • ueno/nettle
  • rth/nettle
14 results
Show changes
Commits on Source (3519)
3,419 additional commits have been omitted to prevent performance issues.
Hide whitespace changes
Inline Side-by-side
Showing
with 17673 additions and 925 deletions
.bootstrap
View file @ c3005802
#! /bin/sh
aclocal && autoconf && autoheader && automake -a
autoconf && autoheader
.cvsignore deleted 100644 → 0
View file @ a62d9f3d
*.s
*.tar.gz
*.tar.gz.asc
.deps
.lib
Makefile
Makefile.in
aclocal.m4
aesdata
autom4te.cache
config.cache
config.h
config.h.in
config.log
config.m4
config.status
configure
desdata
keymap.h
nettle-types.h
nettle.aux
nettle.cp
nettle.cps
nettle.dvi
nettle.fn
nettle.html
nettle.info*
nettle.ky
nettle.log
nettle.pg
nettle.ps
nettle.toc
nettle.tp
nettle.tps
nettle.vr
nettle.vrs
parity.h
rotors.h
shadata
stamp-h
stamp-h.in
stamp-h1
stamp-h1.in
stamp-h2.in
stamp-h3.in
stamp-h4.in
.gitattributes
View file @ c3005802
[attr]binary -text -crlf -diff -ident
* text ident
* text -ident
.gitignore
View file @ c3005802
RCS
SCCS
CVS
CVS.adm
RCSLOG
cvslog.*
tags
TAGS
.make.state
.nse_depinfo
*~
#*
.#*
,*
_$*
*$
*.old
*.bak
*.BAK
*.orig
*.rej
.del-*
*.a
*.olb
*.o
*.obj
*.so
*.exe
*.Z
*.elc
*.ln
*.dll
*.dylib
core
/*.d
/*.s
/*.tar.gz
/*.tar.gz.asc
/.deps
/.lib
/*.asm
/Makefile
/Makefile.in
/aclocal.m4
/aesdata
/autom4te.cache
/config.cache
/config.h
/config.h.in
/config.log
/config.m4
/config.make
/config.status
/configure
/autom4te.cache
/stamp-h
/stamp-h.in
/*.pc
/machine.m4
/aesdata
/desdata
/eccdata
/*.stamp
/gcmdata
/shadata
/twofishdata
/keymap.h
/nettle-types.h
/parity.h
/rotors.h
/ecc-curve25519.h
/ecc-curve448.h
/ecc-gost-gc256b.h
/ecc-gost-gc512a.h
/ecc-secp192r1.h
/ecc-secp224r1.h
/ecc-secp256r1.h
/ecc-secp384r1.h
/ecc-secp521r1.h
/version.h
/nettle.aux
/nettle.cp
/nettle.cps
......@@ -59,6 +62,7 @@ core
/nettle.info*
/nettle.ky
/nettle.log
/nettle.pdf
/nettle.pg
/nettle.ps
/nettle.toc
......@@ -66,13 +70,5 @@ core
/nettle.tps
/nettle.vr
/nettle.vrs
/parity.h
/rotors.h
/shadata
/stamp-h
/stamp-h.in
/stamp-h1
/stamp-h1.in
/stamp-h2.in
/stamp-h3.in
/stamp-h4.in
/libhogweed.map
/libnettle.map
.gitlab-ci.yml 0 → 100644
View file @ c3005802
variables:
BUILDENV_NATIVE_IMAGE: gnutls/nettle-build-images:buildenv-native
BUILDENV_CLANG_IMAGE: gnutls/nettle-build-images:buildenv-clang
BUILDENV_CROSS_IMAGE: gnutls/nettle-build-images:buildenv-cross
GET_SOURCES_ATTEMPTS: "3"
# "Native" means x86-64; no jobs run on anything else.
.native-build:
image: $CI_REGISTRY/$BUILDENV_NATIVE_IMAGE
script:
- ./.bootstrap
- './configure $EXTRA_CONFIGURE_ARGS --disable-documentation'
- 'make -j$(nproc)'
- 'make -j$(nproc) check $EXTRA_CHECK_TARGET'
tags:
- saas-linux-small-amd64
except:
- tags
variables:
NETTLE_TEST_SEED: '0'
artifacts:
expire_in: 1 week
when: always
paths:
- "config.log"
native/fat:
extends: .native-build
variables:
EXTRA_CHECK: check-fat
native/no-fat:
extends: .native-build
variables:
EXTRA_CONFIGURE_ARGS: '--disable-fat'
native/no-static:
extends: .native-build
variables:
EXTRA_CONFIGURE_ARGS: '--disable-static'
native/no-shared:
extends: .native-build
variables:
EXTRA_CONFIGURE_ARGS: '--disable-static'
native/32-bit:
extends: .native-build
variables:
EXTRA_CONFIGURE_ARGS: '--enable-mini-gmp'
CC: 'gcc -m32'
CXX: '/bin/false'
native/mini-gmp:
extends: .native-build
variables:
EXTRA_CONFIGURE_ARGS: '--enable-mini-gmp'
native/c89:
extends: .native-build
variables:
EXTRA_CONFIGURE_ARGS: '--disable-assembler'
CC: '$CI_PROJECT_DIR/misc/c89'
native/extra-asserts:
extends: .native-build
variables:
EXTRA_CONFIGURE_ARGS: '--enable-extra-asserts'
native/ndebug:
extends: .native-build
variables:
EXTRA_CONFIGURE_ARGS: 'CPPFLAGS=-DNDEBUG --disable-assembler'
native/ubsan:
extends: .native-build
variables:
EXTRA_CONFIGURE_ARGS: '--disable-assembler'
CFLAGS: '-fsanitize=undefined -fno-sanitize-recover -g -O2'
CXXFLAGS: '-fsanitize=undefined -fno-sanitize-recover -g -O2'
native/asan:
extends: .native-build
variables:
EXTRA_CONFIGURE_ARGS: '--disable-assembler'
CFLAGS: '-fsanitize=address -g -O2'
CXXFLAGS: '-fsanitize=address -g -O2'
build/static-analyzers:
image: $CI_REGISTRY/$BUILDENV_CLANG_IMAGE
script:
- ./.bootstrap
- scan-build ./configure --disable-documentation --disable-assembler
- scan-build --status-bugs -o scan-build-lib make -j$(nproc)
tags:
- saas-linux-small-amd64
except:
- tags
artifacts:
expire_in: 1 week
when: on_failure
paths:
- scan-build-lib/*
build/gnutls:
image: $CI_REGISTRY/$BUILDENV_NATIVE_IMAGE
script:
- ./.bootstrap &&
./configure --disable-documentation --prefix="$(pwd)/local" --libdir="$(pwd)/local/lib" &&
make -j4 && make install
- git clone --depth 1 --branch master https://gitlab.com/gnutls/gnutls.git gnutls-git
- cd gnutls-git && git submodule update --init && ./bootstrap &&
./configure PKG_CONFIG_PATH="$(pwd)/../local/lib/pkgconfig" CPPFLAGS="-I$(pwd)/../local/include"
LDFLAGS="-L$(pwd)/../local/lib -Wl,-rpath,$(pwd)/../local/lib"
--disable-cxx --disable-guile --without-p11-kit --disable-doc &&
make -j$(nproc) && make -j $(nproc) check
tags:
- saas-linux-small-amd64
except:
- tags
artifacts:
expire_in: 1 week
when: on_failure
paths:
- gnutls-git/guile/tests/*.log
- gnutls-git/tests/*.log
- gnutls-git/*.log
- gnutls-git/tests/*/*.log
- gnutls-git/tests/suite/*/*.log
remote/s390x:
image: $CI_REGISTRY/$BUILDENV_NATIVE_IMAGE
before_script:
# File created as world-readable by gitlab ci machinery.
- chmod 0600 $SSH_PRIVATE_KEY
- ssh -o 'StrictHostKeyChecking no' -i "$SSH_PRIVATE_KEY" "$S390X_ACCOUNT"
"mkdir -p ci-work/$CI_PIPELINE_IID"
script:
- echo $CI_PIPELINE_IID
- ./.bootstrap &&
./configure && make PACKAGE_VERSION=snapshot dist &&
ls -l *.tar.gz
- cat nettle-snapshot.tar.gz |
ssh -o 'StrictHostKeyChecking no' -i "$SSH_PRIVATE_KEY" "$S390X_ACCOUNT"
"cd ci-work/$CI_PIPELINE_IID && tar xzf -"
- ssh -o 'StrictHostKeyChecking no' -i "$SSH_PRIVATE_KEY" "$S390X_ACCOUNT"
"cd ci-work/$CI_PIPELINE_IID/nettle-snapshot && ./configure --disable-documentation --enable-s390x-msa"
- ssh -o 'StrictHostKeyChecking no' -i "$SSH_PRIVATE_KEY" "$S390X_ACCOUNT"
"cd ci-work/$CI_PIPELINE_IID/nettle-snapshot && make"
- ssh -o 'StrictHostKeyChecking no' -i "$SSH_PRIVATE_KEY" "$S390X_ACCOUNT"
"cd ci-work/$CI_PIPELINE_IID/nettle-snapshot && NETTLE_TEST_SEED=0 make check"
after_script:
- ssh -o 'StrictHostKeyChecking no' -i "$SSH_PRIVATE_KEY" "$S390X_ACCOUNT"
"rm -rf ci-work/$CI_PIPELINE_IID"
only:
variables:
- $SSH_PRIVATE_KEY != ""
- $S390X_ACCOUNT != ""
tags:
- saas-linux-small-amd64
except:
- tags
.cross-build:
image: $CI_REGISTRY/$BUILDENV_CROSS_IMAGE
script:
- build=$(dpkg-architecture -qDEB_HOST_GNU_TYPE)
- host="${CI_JOB_NAME#cross/}"
# Not setting CC_FOR_BUILD paired with qemu-user/binfmt somehow causes
# config.guess to detect the target as the build platform and not activate
# cross-compile mode, even though --build is given.
- export CC_FOR_BUILD="gcc"
- export CC="$host-gcc"
# Disable C++, to not depend on cross g++.
- export CXX=/bin/false
- ./.bootstrap
- ./configure --disable-documentation $EXTRA_CONFIGURE_ARGS --build=$build --host=$host
- make -j$(nproc)
- make EMULATOR=${EMULATOR} -j$(nproc) check
- make EMULATOR=${EMULATOR} -j$(nproc) check-fat
tags:
- saas-linux-small-amd64
except:
- tags
variables:
NETTLE_TEST_SEED: '0'
artifacts:
expire_in: 1 week
when: always
paths:
- "config.log"
cross/arm-linux-gnueabihf:
extends: .cross-build
variables:
EMULATOR: qemu-arm
cross/aarch64-linux-gnu:
extends: .cross-build
variables:
EMULATOR: qemu-aarch64
# Setting QEMU_LD_PREFIX works around the error "qemu-ppc64: Could not
# open '/lib64/ld64.so.1".
cross/powerpc64-linux-gnu:
extends: .cross-build
variables:
EXTRA_CONFIGURE_ARGS: '--enable-mini-gmp'
QEMU_LD_PREFIX: /usr/powerpc64-linux-gnu
EMULATOR: qemu-ppc64
cross/powerpc64le-linux-gnu:
extends: .cross-build
variables:
EMULATOR: qemu-ppc64le
# Disable assembly files, because current qemu doesn't support all
# needed instructions.
cross/s390x-linux-gnu:
extends: .cross-build
variables:
EXTRA_CONFIGURE_ARGS: '--disable-assembler'
EMULATOR: qemu-s390x
cross/sparc64-linux-gnu:
extends: .cross-build
variables:
EXTRA_CONFIGURE_ARGS: '--enable-mini-gmp'
QEMU_LD_PREFIX: /usr/sparc64-linux-gnu
EMULATOR: qemu-sparc64
AUTHORS
View file @ c3005802
Please see the Nettle manual.
Authors of GNU Nettle
The oldest code in Nettle was copied into precursors of the Nettle
library from other public domain or LGPLv2 sources.
Steve Reid Original CAST128 implementation
Dana L. How Original DES implementation,
Colin Plumb Original MD5 implementation
Peter Gutmann Original SHA1 implementation
Andrew Kuchling Original MD2 implementation
Free Software Foundation
Holds copyrights on code ported from
libgcrypt, written by Werner Koch and others.
J.H.M. Dassen Original port of blowfish to GNU lsh, later
split off into Nettle. (This blowfish
implementation was replaced later).
Twofish tests.
Ruud de Rooij Twofish implementation for GNU lsh, later split off into Nettle.
Rafael Sevilla AES C and x86 implementation, original port of
Serpent, for GNU lsh, later split off into Nettle.
Authors of Nettle (in roughly chronological order of initial contribution)
Niels Möller Main author.
Dan Egnor Base64 conversion.
Andreas Sigfridsson Port of MD2, from Andrew Kuchling's python
cryptography toolkit.
Marcus Comstedt Implemented MD4.
D. J. Bernstein Salsa20 public domain reference implementation.
Simon Josefsson Port of Arctwo, from GnuTLS and libgcrypt. New
ports of LGPL Serpent and Blowfish code, from
libgcrypt. Port of Salsa20, based on djb's
reference. Implementation of PBKDF2 (RFC
2898) and drbg-ctr.
Henrik Grubbström AES assembly for Sparc64.
Magnus Holmgren Conversion of DSA keys from DER format to SEXP
format.
Daniel Kahn Gillmor Added the lists for nettle_get_ciphers,
nettle_get_hashes and nettle_get_armors. Test
vectors for hashes and hmac.
Nippon Telegraph and Telephone Corporation
LGPL:ed reference implementation of the
Camellia cipher.
Andrew M. (floodyberry)
The poly1305 code nettle's C implementation is
derived from.
Aleksey Kravchenko The gosthash94 implementation in rhash library.
Stefan Metzmacher, Jeremy Allison, Michael Adam
Contributed to the CMAC code, which was added
to Nettle by Nikos Mavroyanopoulos.
Nikos Mavroyanopoulos GCM implementation, RSA blinding code,
interface for general rsa-pkcs1 signatures.
Port of gosthash94 implementation from rhash. Port of
poly1305. Salsa20r12 variant. HKDF (RFC 5869)
implementation. CMAC and SIV-CMAV
implementation. CTR and GCM optimizations.
Implementation of versioned symbols. Setup of
.gitlab-ci.yml. Large number of smaller fixes.
Andres Mejia Ported Ripemd160 from libgcrypt.
Martin Storsjö Implemented m4 macrology to make x86_64
assembly files work with the windows ABI.
Several other portability improvements.
Jeronimo Pellegrini Documentation for base16 and base64 functions.
Tim Ruehsen Several smaller cleanups and bugfixes.
Fredrik Thulin Test vectors for pbkdf2-hmac-sha512.
Joachim Strömbergson Chacha implementation. Support for sha512_224
and sha512_256.
Owen Kirby Implementation of CCM mode.
Amos Jeffries Implementation of base64url encoding.
Daiki Ueno Implementation of RSA-PSS signatures,
curve448, SHA3 shake, ed448-shake256 signatures,
chacha functions for 32-bit nonce, struct
nettle_mac interface, siv-gcm, RSA-OAEP.
Dmitry Baryshkov CFB and CFB8 modes, CMAC64. gosthash94cp and
Streebog hash functions, GOST DSA signatures
and curves GC256B and GC512A. Various bug
fixes and cleanups.
Simo Sorce Side-channel silent RSA functions. XTS
implementation.
H.J. Lu Assembly annotations for Intel "Control-flow
Enforcement Technology".
Stephen R. van den Berg
Port of bcrypt.
Mamone Tarsha Kurdi Powerpc64 assembly and fat build setup,
including AES, GCM and poly1305. Arm64 assembly and fat
build setup, including AES, Chacha, GCM, SHA1,
SHA256. S390x assembly and fat build setup,
including AES, Chacha, memxor, memxor3, SHA1,
SHA256, SHA512, SHA3.
Nicolas Mora RFC 3394 keywrap, RSA-OAEP.
Tianjia Zhang SM3 hash function, SM4 block cipher.
Amitay Isaacs Powerpc64 assembly for secp192r1, secp224r1
and secp256r1.
Martin Schwenke Powerpc64 assembly for secp384r1, secp521r1,
curve25519 and curve448.
Zoltan Fridrich Balloon password hashing.
Danny Tsen Powerpc64 assembly for combined GCM-AES.
Eric Richter Powerpc64 sha256 assembly.
CONTRIBUTING.md 0 → 100644
View file @ c3005802
# nettle -- Information about our contribution rules
# Test suite:
New functionality should be accompanied by a test case which verifies
its correctness, on successful use of the new functionality, as well as on
failure cases. The nettle test suite is run on "make check".
# Continuous Integration (CI)
We utilize a continuous integration systems, using gitlab-ci.
This is run on a repository mirror at:
https://gitlab.com/gnutls/nettle
# Sending patches
Please do not utilize the gitlab web interfaces. They are not
being followed on. Please send your patches to nettle-bugs@lists.lysator.liu.se
COPYING.LESSERv3 0 → 100644
View file @ c3005802
GNU LESSER GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
This version of the GNU Lesser General Public License incorporates
the terms and conditions of version 3 of the GNU General Public
License, supplemented by the additional permissions listed below.
0. Additional Definitions.
As used herein, "this License" refers to version 3 of the GNU Lesser
General Public License, and the "GNU GPL" refers to version 3 of the GNU
General Public License.
"The Library" refers to a covered work governed by this License,
other than an Application or a Combined Work as defined below.
An "Application" is any work that makes use of an interface provided
by the Library, but which is not otherwise based on the Library.
Defining a subclass of a class defined by the Library is deemed a mode
of using an interface provided by the Library.
A "Combined Work" is a work produced by combining or linking an
Application with the Library. The particular version of the Library
with which the Combined Work was made is also called the "Linked
Version".
The "Minimal Corresponding Source" for a Combined Work means the
Corresponding Source for the Combined Work, excluding any source code
for portions of the Combined Work that, considered in isolation, are
based on the Application, and not on the Linked Version.
The "Corresponding Application Code" for a Combined Work means the
object code and/or source code for the Application, including any data
and utility programs needed for reproducing the Combined Work from the
Application, but excluding the System Libraries of the Combined Work.
1. Exception to Section 3 of the GNU GPL.
You may convey a covered work under sections 3 and 4 of this License
without being bound by section 3 of the GNU GPL.
2. Conveying Modified Versions.
If you modify a copy of the Library, and, in your modifications, a
facility refers to a function or data to be supplied by an Application
that uses the facility (other than as an argument passed when the
facility is invoked), then you may convey a copy of the modified
version:
a) under this License, provided that you make a good faith effort to
ensure that, in the event an Application does not supply the
function or data, the facility still operates, and performs
whatever part of its purpose remains meaningful, or
b) under the GNU GPL, with none of the additional permissions of
this License applicable to that copy.
3. Object Code Incorporating Material from Library Header Files.
The object code form of an Application may incorporate material from
a header file that is part of the Library. You may convey such object
code under terms of your choice, provided that, if the incorporated
material is not limited to numerical parameters, data structure
layouts and accessors, or small macros, inline functions and templates
(ten or fewer lines in length), you do both of the following:
a) Give prominent notice with each copy of the object code that the
Library is used in it and that the Library and its use are
covered by this License.
b) Accompany the object code with a copy of the GNU GPL and this license
document.
4. Combined Works.
You may convey a Combined Work under terms of your choice that,
taken together, effectively do not restrict modification of the
portions of the Library contained in the Combined Work and reverse
engineering for debugging such modifications, if you also do each of
the following:
a) Give prominent notice with each copy of the Combined Work that
the Library is used in it and that the Library and its use are
covered by this License.
b) Accompany the Combined Work with a copy of the GNU GPL and this license
document.
c) For a Combined Work that displays copyright notices during
execution, include the copyright notice for the Library among
these notices, as well as a reference directing the user to the
copies of the GNU GPL and this license document.
d) Do one of the following:
0) Convey the Minimal Corresponding Source under the terms of this
License, and the Corresponding Application Code in a form
suitable for, and under terms that permit, the user to
recombine or relink the Application with a modified version of
the Linked Version to produce a modified Combined Work, in the
manner specified by section 6 of the GNU GPL for conveying
Corresponding Source.
1) Use a suitable shared library mechanism for linking with the
Library. A suitable mechanism is one that (a) uses at run time
a copy of the Library already present on the user's computer
system, and (b) will operate properly with a modified version
of the Library that is interface-compatible with the Linked
Version.
e) Provide Installation Information, but only if you would otherwise
be required to provide such information under section 6 of the
GNU GPL, and only to the extent that such information is
necessary to install and execute a modified version of the
Combined Work produced by recombining or relinking the
Application with a modified version of the Linked Version. (If
you use option 4d0, the Installation Information must accompany
the Minimal Corresponding Source and Corresponding Application
Code. If you use option 4d1, you must provide the Installation
Information in the manner specified by section 6 of the GNU GPL
for conveying Corresponding Source.)
5. Combined Libraries.
You may place library facilities that are a work based on the
Library side by side in a single library together with other library
facilities that are not Applications and are not covered by this
License, and convey such a combined library under terms of your
choice, if you do both of the following:
a) Accompany the combined library with a copy of the same work based
on the Library, uncombined with any other library facilities,
conveyed under the terms of this License.
b) Give prominent notice with the combined library that part of it
is a work based on the Library, and explaining where to find the
accompanying uncombined form of the same work.
6. Revised Versions of the GNU Lesser General Public License.
The Free Software Foundation may publish revised and/or new versions
of the GNU Lesser General Public License from time to time. Such new
versions will be similar in spirit to the present version, but may
differ in detail to address new problems or concerns.
Each version is given a distinguishing version number. If the
Library as you received it specifies that a certain numbered version
of the GNU Lesser General Public License "or any later version"
applies to it, you have the option of following the terms and
conditions either of that published version or of any later version
published by the Free Software Foundation. If the Library as you
received it does not specify a version number of the GNU Lesser
General Public License, you may choose any version of the GNU Lesser
General Public License ever published by the Free Software Foundation.
If the Library as you received it specifies that a proxy can decide
whether future versions of the GNU Lesser General Public License shall
apply, that proxy's public statement of acceptance of any version is
permanent authorization for you to choose that version for the
Library.
COPYINGv2 0 → 100644
View file @ c3005802
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Lesser General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License.
COPYINGv3 0 → 100644
View file @ c3005802
GNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The GNU General Public License is a free, copyleft license for
software and other kinds of works.
The licenses for most software and other practical works are designed
to take away your freedom to share and change the works. By contrast,
the GNU General Public License is intended to guarantee your freedom to
share and change all versions of a program--to make sure it remains free
software for all its users. We, the Free Software Foundation, use the
GNU General Public License for most of our software; it applies also to
any other work released this way by its authors. You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
them if you wish), that you receive source code or can get it if you
want it, that you can change the software or use pieces of it in new
free programs, and that you know you can do these things.
To protect your rights, we need to prevent others from denying you
these rights or asking you to surrender the rights. Therefore, you have
certain responsibilities if you distribute copies of the software, or if
you modify it: responsibilities to respect the freedom of others.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must pass on to the recipients the same
freedoms that you received. You must make sure that they, too, receive
or can get the source code. And you must show them these terms so they
know their rights.
Developers that use the GNU GPL protect your rights with two steps:
(1) assert copyright on the software, and (2) offer you this License
giving you legal permission to copy, distribute and/or modify it.
For the developers' and authors' protection, the GPL clearly explains
that there is no warranty for this free software. For both users' and
authors' sake, the GPL requires that modified versions be marked as
changed, so that their problems will not be attributed erroneously to
authors of previous versions.
Some devices are designed to deny users access to install or run
modified versions of the software inside them, although the manufacturer
can do so. This is fundamentally incompatible with the aim of
protecting users' freedom to change the software. The systematic
pattern of such abuse occurs in the area of products for individuals to
use, which is precisely where it is most unacceptable. Therefore, we
have designed this version of the GPL to prohibit the practice for those
products. If such problems arise substantially in other domains, we
stand ready to extend this provision to those domains in future versions
of the GPL, as needed to protect the freedom of users.
Finally, every program is threatened constantly by software patents.
States should not allow patents to restrict development and use of
software on general-purpose computers, but in those that do, we wish to
avoid the special danger that patents applied to a free program could
make it effectively proprietary. To prevent this, the GPL assures that
patents cannot be used to render the program non-free.
The precise terms and conditions for copying, distribution and
modification follow.
TERMS AND CONDITIONS
0. Definitions.
"This License" refers to version 3 of the GNU General Public License.
"Copyright" also means copyright-like laws that apply to other kinds of
works, such as semiconductor masks.
"The Program" refers to any copyrightable work licensed under this
License. Each licensee is addressed as "you". "Licensees" and
"recipients" may be individuals or organizations.
To "modify" a work means to copy from or adapt all or part of the work
in a fashion requiring copyright permission, other than the making of an
exact copy. The resulting work is called a "modified version" of the
earlier work or a work "based on" the earlier work.
A "covered work" means either the unmodified Program or a work based
on the Program.
To "propagate" a work means to do anything with it that, without
permission, would make you directly or secondarily liable for
infringement under applicable copyright law, except executing it on a
computer or modifying a private copy. Propagation includes copying,
distribution (with or without modification), making available to the
public, and in some countries other activities as well.
To "convey" a work means any kind of propagation that enables other
parties to make or receive copies. Mere interaction with a user through
a computer network, with no transfer of a copy, is not conveying.
An interactive user interface displays "Appropriate Legal Notices"
to the extent that it includes a convenient and prominently visible
feature that (1) displays an appropriate copyright notice, and (2)
tells the user that there is no warranty for the work (except to the
extent that warranties are provided), that licensees may convey the
work under this License, and how to view a copy of this License. If
the interface presents a list of user commands or options, such as a
menu, a prominent item in the list meets this criterion.
1. Source Code.
The "source code" for a work means the preferred form of the work
for making modifications to it. "Object code" means any non-source
form of a work.
A "Standard Interface" means an interface that either is an official
standard defined by a recognized standards body, or, in the case of
interfaces specified for a particular programming language, one that
is widely used among developers working in that language.
The "System Libraries" of an executable work include anything, other
than the work as a whole, that (a) is included in the normal form of
packaging a Major Component, but which is not part of that Major
Component, and (b) serves only to enable use of the work with that
Major Component, or to implement a Standard Interface for which an
implementation is available to the public in source code form. A
"Major Component", in this context, means a major essential component
(kernel, window system, and so on) of the specific operating system
(if any) on which the executable work runs, or a compiler used to
produce the work, or an object code interpreter used to run it.
The "Corresponding Source" for a work in object code form means all
the source code needed to generate, install, and (for an executable
work) run the object code and to modify the work, including scripts to
control those activities. However, it does not include the work's
System Libraries, or general-purpose tools or generally available free
programs which are used unmodified in performing those activities but
which are not part of the work. For example, Corresponding Source
includes interface definition files associated with source files for
the work, and the source code for shared libraries and dynamically
linked subprograms that the work is specifically designed to require,
such as by intimate data communication or control flow between those
subprograms and other parts of the work.
The Corresponding Source need not include anything that users
can regenerate automatically from other parts of the Corresponding
Source.
The Corresponding Source for a work in source code form is that
same work.
2. Basic Permissions.
All rights granted under this License are granted for the term of
copyright on the Program, and are irrevocable provided the stated
conditions are met. This License explicitly affirms your unlimited
permission to run the unmodified Program. The output from running a
covered work is covered by this License only if the output, given its
content, constitutes a covered work. This License acknowledges your
rights of fair use or other equivalent, as provided by copyright law.
You may make, run and propagate covered works that you do not
convey, without conditions so long as your license otherwise remains
in force. You may convey covered works to others for the sole purpose
of having them make modifications exclusively for you, or provide you
with facilities for running those works, provided that you comply with
the terms of this License in conveying all material for which you do
not control copyright. Those thus making or running the covered works
for you must do so exclusively on your behalf, under your direction
and control, on terms that prohibit them from making any copies of
your copyrighted material outside their relationship with you.
Conveying under any other circumstances is permitted solely under
the conditions stated below. Sublicensing is not allowed; section 10
makes it unnecessary.
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
No covered work shall be deemed part of an effective technological
measure under any applicable law fulfilling obligations under article
11 of the WIPO copyright treaty adopted on 20 December 1996, or
similar laws prohibiting or restricting circumvention of such
measures.
When you convey a covered work, you waive any legal power to forbid
circumvention of technological measures to the extent such circumvention
is effected by exercising rights under this License with respect to
the covered work, and you disclaim any intention to limit operation or
modification of the work as a means of enforcing, against the work's
users, your or third parties' legal rights to forbid circumvention of
technological measures.
4. Conveying Verbatim Copies.
You may convey verbatim copies of the Program's source code as you
receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice;
keep intact all notices stating that this License and any
non-permissive terms added in accord with section 7 apply to the code;
keep intact all notices of the absence of any warranty; and give all
recipients a copy of this License along with the Program.
You may charge any price or no price for each copy that you convey,
and you may offer support or warranty protection for a fee.
5. Conveying Modified Source Versions.
You may convey a work based on the Program, or the modifications to
produce it from the Program, in the form of source code under the
terms of section 4, provided that you also meet all of these conditions:
a) The work must carry prominent notices stating that you modified
it, and giving a relevant date.
b) The work must carry prominent notices stating that it is
released under this License and any conditions added under section
7. This requirement modifies the requirement in section 4 to
"keep intact all notices".
c) You must license the entire work, as a whole, under this
License to anyone who comes into possession of a copy. This
License will therefore apply, along with any applicable section 7
additional terms, to the whole of the work, and all its parts,
regardless of how they are packaged. This License gives no
permission to license the work in any other way, but it does not
invalidate such permission if you have separately received it.
d) If the work has interactive user interfaces, each must display
Appropriate Legal Notices; however, if the Program has interactive
interfaces that do not display Appropriate Legal Notices, your
work need not make them do so.
A compilation of a covered work with other separate and independent
works, which are not by their nature extensions of the covered work,
and which are not combined with it such as to form a larger program,
in or on a volume of a storage or distribution medium, is called an
"aggregate" if the compilation and its resulting copyright are not
used to limit the access or legal rights of the compilation's users
beyond what the individual works permit. Inclusion of a covered work
in an aggregate does not cause this License to apply to the other
parts of the aggregate.
6. Conveying Non-Source Forms.
You may convey a covered work in object code form under the terms
of sections 4 and 5, provided that you also convey the
machine-readable Corresponding Source under the terms of this License,
in one of these ways:
a) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by the
Corresponding Source fixed on a durable physical medium
customarily used for software interchange.
b) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by a
written offer, valid for at least three years and valid for as
long as you offer spare parts or customer support for that product
model, to give anyone who possesses the object code either (1) a
copy of the Corresponding Source for all the software in the
product that is covered by this License, on a durable physical
medium customarily used for software interchange, for a price no
more than your reasonable cost of physically performing this
conveying of source, or (2) access to copy the
Corresponding Source from a network server at no charge.
c) Convey individual copies of the object code with a copy of the
written offer to provide the Corresponding Source. This
alternative is allowed only occasionally and noncommercially, and
only if you received the object code with such an offer, in accord
with subsection 6b.
d) Convey the object code by offering access from a designated
place (gratis or for a charge), and offer equivalent access to the
Corresponding Source in the same way through the same place at no
further charge. You need not require recipients to copy the
Corresponding Source along with the object code. If the place to
copy the object code is a network server, the Corresponding Source
may be on a different server (operated by you or a third party)
that supports equivalent copying facilities, provided you maintain
clear directions next to the object code saying where to find the
Corresponding Source. Regardless of what server hosts the
Corresponding Source, you remain obligated to ensure that it is
available for as long as needed to satisfy these requirements.
e) Convey the object code using peer-to-peer transmission, provided
you inform other peers where the object code and Corresponding
Source of the work are being offered to the general public at no
charge under subsection 6d.
A separable portion of the object code, whose source code is excluded
from the Corresponding Source as a System Library, need not be
included in conveying the object code work.
A "User Product" is either (1) a "consumer product", which means any
tangible personal property which is normally used for personal, family,
or household purposes, or (2) anything designed or sold for incorporation
into a dwelling. In determining whether a product is a consumer product,
doubtful cases shall be resolved in favor of coverage. For a particular
product received by a particular user, "normally used" refers to a
typical or common use of that class of product, regardless of the status
of the particular user or of the way in which the particular user
actually uses, or expects or is expected to use, the product. A product
is a consumer product regardless of whether the product has substantial
commercial, industrial or non-consumer uses, unless such uses represent
the only significant mode of use of the product.
"Installation Information" for a User Product means any methods,
procedures, authorization keys, or other information required to install
and execute modified versions of a covered work in that User Product from
a modified version of its Corresponding Source. The information must
suffice to ensure that the continued functioning of the modified object
code is in no case prevented or interfered with solely because
modification has been made.
If you convey an object code work under this section in, or with, or
specifically for use in, a User Product, and the conveying occurs as
part of a transaction in which the right of possession and use of the
User Product is transferred to the recipient in perpetuity or for a
fixed term (regardless of how the transaction is characterized), the
Corresponding Source conveyed under this section must be accompanied
by the Installation Information. But this requirement does not apply
if neither you nor any third party retains the ability to install
modified object code on the User Product (for example, the work has
been installed in ROM).
The requirement to provide Installation Information does not include a
requirement to continue to provide support service, warranty, or updates
for a work that has been modified or installed by the recipient, or for
the User Product in which it has been modified or installed. Access to a
network may be denied when the modification itself materially and
adversely affects the operation of the network or violates the rules and
protocols for communication across the network.
Corresponding Source conveyed, and Installation Information provided,
in accord with this section must be in a format that is publicly
documented (and with an implementation available to the public in
source code form), and must require no special password or key for
unpacking, reading or copying.
7. Additional Terms.
"Additional permissions" are terms that supplement the terms of this
License by making exceptions from one or more of its conditions.
Additional permissions that are applicable to the entire Program shall
be treated as though they were included in this License, to the extent
that they are valid under applicable law. If additional permissions
apply only to part of the Program, that part may be used separately
under those permissions, but the entire Program remains governed by
this License without regard to the additional permissions.
When you convey a copy of a covered work, you may at your option
remove any additional permissions from that copy, or from any part of
it. (Additional permissions may be written to require their own
removal in certain cases when you modify the work.) You may place
additional permissions on material, added by you to a covered work,
for which you have or can give appropriate copyright permission.
Notwithstanding any other provision of this License, for material you
add to a covered work, you may (if authorized by the copyright holders of
that material) supplement the terms of this License with terms:
a) Disclaiming warranty or limiting liability differently from the
terms of sections 15 and 16 of this License; or
b) Requiring preservation of specified reasonable legal notices or
author attributions in that material or in the Appropriate Legal
Notices displayed by works containing it; or
c) Prohibiting misrepresentation of the origin of that material, or
requiring that modified versions of such material be marked in
reasonable ways as different from the original version; or
d) Limiting the use for publicity purposes of names of licensors or
authors of the material; or
e) Declining to grant rights under trademark law for use of some
trade names, trademarks, or service marks; or
f) Requiring indemnification of licensors and authors of that
material by anyone who conveys the material (or modified versions of
it) with contractual assumptions of liability to the recipient, for
any liability that these contractual assumptions directly impose on
those licensors and authors.
All other non-permissive additional terms are considered "further
restrictions" within the meaning of section 10. If the Program as you
received it, or any part of it, contains a notice stating that it is
governed by this License along with a term that is a further
restriction, you may remove that term. If a license document contains
a further restriction but permits relicensing or conveying under this
License, you may add to a covered work material governed by the terms
of that license document, provided that the further restriction does
not survive such relicensing or conveying.
If you add terms to a covered work in accord with this section, you
must place, in the relevant source files, a statement of the
additional terms that apply to those files, or a notice indicating
where to find the applicable terms.
Additional terms, permissive or non-permissive, may be stated in the
form of a separately written license, or stated as exceptions;
the above requirements apply either way.
8. Termination.
You may not propagate or modify a covered work except as expressly
provided under this License. Any attempt otherwise to propagate or
modify it is void, and will automatically terminate your rights under
this License (including any patent licenses granted under the third
paragraph of section 11).
However, if you cease all violation of this License, then your
license from a particular copyright holder is reinstated (a)
provisionally, unless and until the copyright holder explicitly and
finally terminates your license, and (b) permanently, if the copyright
holder fails to notify you of the violation by some reasonable means
prior to 60 days after the cessation.
Moreover, your license from a particular copyright holder is
reinstated permanently if the copyright holder notifies you of the
violation by some reasonable means, this is the first time you have
received notice of violation of this License (for any work) from that
copyright holder, and you cure the violation prior to 30 days after
your receipt of the notice.
Termination of your rights under this section does not terminate the
licenses of parties who have received copies or rights from you under
this License. If your rights have been terminated and not permanently
reinstated, you do not qualify to receive new licenses for the same
material under section 10.
9. Acceptance Not Required for Having Copies.
You are not required to accept this License in order to receive or
run a copy of the Program. Ancillary propagation of a covered work
occurring solely as a consequence of using peer-to-peer transmission
to receive a copy likewise does not require acceptance. However,
nothing other than this License grants you permission to propagate or
modify any covered work. These actions infringe copyright if you do
not accept this License. Therefore, by modifying or propagating a
covered work, you indicate your acceptance of this License to do so.
10. Automatic Licensing of Downstream Recipients.
Each time you convey a covered work, the recipient automatically
receives a license from the original licensors, to run, modify and
propagate that work, subject to this License. You are not responsible
for enforcing compliance by third parties with this License.
An "entity transaction" is a transaction transferring control of an
organization, or substantially all assets of one, or subdividing an
organization, or merging organizations. If propagation of a covered
work results from an entity transaction, each party to that
transaction who receives a copy of the work also receives whatever
licenses to the work the party's predecessor in interest had or could
give under the previous paragraph, plus a right to possession of the
Corresponding Source of the work from the predecessor in interest, if
the predecessor has it or can get it with reasonable efforts.
You may not impose any further restrictions on the exercise of the
rights granted or affirmed under this License. For example, you may
not impose a license fee, royalty, or other charge for exercise of
rights granted under this License, and you may not initiate litigation
(including a cross-claim or counterclaim in a lawsuit) alleging that
any patent claim is infringed by making, using, selling, offering for
sale, or importing the Program or any portion of it.
11. Patents.
A "contributor" is a copyright holder who authorizes use under this
License of the Program or a work on which the Program is based. The
work thus licensed is called the contributor's "contributor version".
A contributor's "essential patent claims" are all patent claims
owned or controlled by the contributor, whether already acquired or
hereafter acquired, that would be infringed by some manner, permitted
by this License, of making, using, or selling its contributor version,
but do not include claims that would be infringed only as a
consequence of further modification of the contributor version. For
purposes of this definition, "control" includes the right to grant
patent sublicenses in a manner consistent with the requirements of
this License.
Each contributor grants you a non-exclusive, worldwide, royalty-free
patent license under the contributor's essential patent claims, to
make, use, sell, offer for sale, import and otherwise run, modify and
propagate the contents of its contributor version.
In the following three paragraphs, a "patent license" is any express
agreement or commitment, however denominated, not to enforce a patent
(such as an express permission to practice a patent or covenant not to
sue for patent infringement). To "grant" such a patent license to a
party means to make such an agreement or commitment not to enforce a
patent against the party.
If you convey a covered work, knowingly relying on a patent license,
and the Corresponding Source of the work is not available for anyone
to copy, free of charge and under the terms of this License, through a
publicly available network server or other readily accessible means,
then you must either (1) cause the Corresponding Source to be so
available, or (2) arrange to deprive yourself of the benefit of the
patent license for this particular work, or (3) arrange, in a manner
consistent with the requirements of this License, to extend the patent
license to downstream recipients. "Knowingly relying" means you have
actual knowledge that, but for the patent license, your conveying the
covered work in a country, or your recipient's use of the covered work
in a country, would infringe one or more identifiable patents in that
country that you have reason to believe are valid.
If, pursuant to or in connection with a single transaction or
arrangement, you convey, or propagate by procuring conveyance of, a
covered work, and grant a patent license to some of the parties
receiving the covered work authorizing them to use, propagate, modify
or convey a specific copy of the covered work, then the patent license
you grant is automatically extended to all recipients of the covered
work and works based on it.
A patent license is "discriminatory" if it does not include within
the scope of its coverage, prohibits the exercise of, or is
conditioned on the non-exercise of one or more of the rights that are
specifically granted under this License. You may not convey a covered
work if you are a party to an arrangement with a third party that is
in the business of distributing software, under which you make payment
to the third party based on the extent of your activity of conveying
the work, and under which the third party grants, to any of the
parties who would receive the covered work from you, a discriminatory
patent license (a) in connection with copies of the covered work
conveyed by you (or copies made from those copies), or (b) primarily
for and in connection with specific products or compilations that
contain the covered work, unless you entered into that arrangement,
or that patent license was granted, prior to 28 March 2007.
Nothing in this License shall be construed as excluding or limiting
any implied license or other defenses to infringement that may
otherwise be available to you under applicable patent law.
12. No Surrender of Others' Freedom.
If conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot convey a
covered work so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you may
not convey it at all. For example, if you agree to terms that obligate you
to collect a royalty for further conveying from those to whom you convey
the Program, the only way you could satisfy both those terms and this
License would be to refrain entirely from conveying the Program.
13. Use with the GNU Affero General Public License.
Notwithstanding any other provision of this License, you have
permission to link or combine any covered work with a work licensed
under version 3 of the GNU Affero General Public License into a single
combined work, and to convey the resulting work. The terms of this
License will continue to apply to the part which is the covered work,
but the special requirements of the GNU Affero General Public License,
section 13, concerning interaction through a network will apply to the
combination as such.
14. Revised Versions of this License.
The Free Software Foundation may publish revised and/or new versions of
the GNU General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the
Program specifies that a certain numbered version of the GNU General
Public License "or any later version" applies to it, you have the
option of following the terms and conditions either of that numbered
version or of any later version published by the Free Software
Foundation. If the Program does not specify a version number of the
GNU General Public License, you may choose any version ever published
by the Free Software Foundation.
If the Program specifies that a proxy can decide which future
versions of the GNU General Public License can be used, that proxy's
public statement of acceptance of a version permanently authorizes you
to choose that version for the Program.
Later license versions may give you additional or different
permissions. However, no additional obligations are imposed on any
author or copyright holder as a result of your choosing to follow a
later version.
15. Disclaimer of Warranty.
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. Limitation of Liability.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.
17. Interpretation of Sections 15 and 16.
If the disclaimer of warranty and limitation of liability provided
above cannot be given local legal effect according to their terms,
reviewing courts shall apply local law that most closely approximates
an absolute waiver of all civil liability in connection with the
Program, unless a warranty or assumption of liability accompanies a
copy of the Program in return for a fee.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
state the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
Also add information on how to contact you by electronic and paper mail.
If the program does terminal interaction, make it output a short
notice like this when it starts in an interactive mode:
<program> Copyright (C) <year> <name of author>
This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, your program's commands
might be different; for a GUI interface, you would use an "about box".
You should also get your employer (if you work as a programmer) or school,
if any, to sign a "copyright disclaimer" for the program, if necessary.
For more information on this, and how to apply and follow the GNU GPL, see
<https://www.gnu.org/licenses/>.
The GNU General Public License does not permit incorporating your program
into proprietary programs. If your program is a subroutine library, you
may consider it more useful to permit linking proprietary applications with
the library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License. But first, please read
<https://www.gnu.org/philosophy/why-not-lgpl.html>.
ChangeLog
View file @ c3005802
Source diff could not be displayed: it is too large. Options to address this: view the blob.
INSTALL 0 → 100644
View file @ c3005802
Installation Instructions
*************************
Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005,
2006 Free Software Foundation, Inc.
This file is free documentation; the Free Software Foundation gives
unlimited permission to copy, distribute and modify it.
Basic Installation
==================
Briefly, the shell commands `./configure; make; make install' should
configure, build, and install this package. The following
more-detailed instructions are generic; see the `README' file for
instructions specific to this package.
The `configure' shell script attempts to guess correct values for
various system-dependent variables used during compilation. It uses
those values to create a `Makefile' in each directory of the package.
It may also create one or more `.h' files containing system-dependent
definitions. Finally, it creates a shell script `config.status' that
you can run in the future to recreate the current configuration, and a
file `config.log' containing compiler output (useful mainly for
debugging `configure').
It can also use an optional file (typically called `config.cache'
and enabled with `--cache-file=config.cache' or simply `-C') that saves
the results of its tests to speed up reconfiguring. Caching is
disabled by default to prevent problems with accidental use of stale
cache files.
If you need to do unusual things to compile the package, please try
to figure out how `configure' could check whether to do them, and mail
diffs or instructions to the address given in the `README' so they can
be considered for the next release. If you are using the cache, and at
some point `config.cache' contains results you don't want to keep, you
may remove or edit it.
The file `configure.ac' (or `configure.in') is used to create
`configure' by a program called `autoconf'. You need `configure.ac' if
you want to change it or regenerate `configure' using a newer version
of `autoconf'.
The simplest way to compile this package is:
1. `cd' to the directory containing the package's source code and type
`./configure' to configure the package for your system.
Running `configure' might take a while. While running, it prints
some messages telling which features it is checking for.
2. Type `make' to compile the package.
3. Optionally, type `make check' to run any self-tests that come with
the package.
4. Type `make install' to install the programs and any data files and
documentation.
5. You can remove the program binaries and object files from the
source code directory by typing `make clean'. To also remove the
files that `configure' created (so you can compile the package for
a different kind of computer), type `make distclean'. There is
also a `make maintainer-clean' target, but that is intended mainly
for the package's developers. If you use it, you may have to get
all sorts of other programs in order to regenerate files that came
with the distribution.
Compilers and Options
=====================
Some systems require unusual options for compilation or linking that the
`configure' script does not know about. Run `./configure --help' for
details on some of the pertinent environment variables.
You can give `configure' initial values for configuration parameters
by setting variables in the command line or in the environment. Here
is an example:
./configure CC=c99 CFLAGS=-g LIBS=-lposix
*Note Defining Variables::, for more details.
Compiling For Multiple Architectures
====================================
You can compile the package for more than one kind of computer at the
same time, by placing the object files for each architecture in their
own directory. To do this, you can use GNU `make'. `cd' to the
directory where you want the object files and executables to go and run
the `configure' script. `configure' automatically checks for the
source code in the directory that `configure' is in and in `..'.
With a non-GNU `make', it is safer to compile the package for one
architecture at a time in the source code directory. After you have
installed the package for one architecture, use `make distclean' before
reconfiguring for another architecture.
Installation Names
==================
By default, `make install' installs the package's commands under
`/usr/local/bin', include files under `/usr/local/include', etc. You
can specify an installation prefix other than `/usr/local' by giving
`configure' the option `--prefix=PREFIX'.
You can specify separate installation prefixes for
architecture-specific files and architecture-independent files. If you
pass the option `--exec-prefix=PREFIX' to `configure', the package uses
PREFIX as the prefix for installing programs and libraries.
Documentation and other data files still use the regular prefix.
In addition, if you use an unusual directory layout you can give
options like `--bindir=DIR' to specify different values for particular
kinds of files. Run `configure --help' for a list of the directories
you can set and what kinds of files go in them.
If the package supports it, you can cause programs to be installed
with an extra prefix or suffix on their names by giving `configure' the
option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
Optional Features
=================
Some packages pay attention to `--enable-FEATURE' options to
`configure', where FEATURE indicates an optional part of the package.
They may also pay attention to `--with-PACKAGE' options, where PACKAGE
is something like `gnu-as' or `x' (for the X Window System). The
`README' should mention any `--enable-' and `--with-' options that the
package recognizes.
For packages that use the X Window System, `configure' can usually
find the X include and library files automatically, but if it doesn't,
you can use the `configure' options `--x-includes=DIR' and
`--x-libraries=DIR' to specify their locations.
Specifying the System Type
==========================
There may be some features `configure' cannot figure out automatically,
but needs to determine by the type of machine the package will run on.
Usually, assuming the package is built to be run on the _same_
architectures, `configure' can figure that out, but if it prints a
message saying it cannot guess the machine type, give it the
`--build=TYPE' option. TYPE can either be a short name for the system
type, such as `sun4', or a canonical name which has the form:
CPU-COMPANY-SYSTEM
where SYSTEM can have one of these forms:
OS KERNEL-OS
See the file `config.sub' for the possible values of each field. If
`config.sub' isn't included in this package, then this package doesn't
need to know the machine type.
If you are _building_ compiler tools for cross-compiling, you should
use the option `--target=TYPE' to select the type of system they will
produce code for.
If you want to _use_ a cross compiler, that generates code for a
platform different from the build platform, you should specify the
"host" platform (i.e., that on which the generated programs will
eventually be run) with `--host=TYPE'.
Sharing Defaults
================
If you want to set default values for `configure' scripts to share, you
can create a site shell script called `config.site' that gives default
values for variables like `CC', `cache_file', and `prefix'.
`configure' looks for `PREFIX/share/config.site' if it exists, then
`PREFIX/etc/config.site' if it exists. Or, you can set the
`CONFIG_SITE' environment variable to the location of the site script.
A warning: not all `configure' scripts look for a site script.
Defining Variables
==================
Variables not defined in a site shell script can be set in the
environment passed to `configure'. However, some packages may run
configure again during the build, and the customized values of these
variables may be lost. In order to avoid this problem, you should set
them in the `configure' command line, using `VAR=value'. For example:
./configure CC=/usr/local2/bin/gcc
causes the specified `gcc' to be used as the C compiler (unless it is
overridden in the site shell script).
Unfortunately, this technique does not work for `CONFIG_SHELL' due to
an Autoconf bug. Until the bug is fixed you can use this workaround:
CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash
`configure' Invocation
======================
`configure' recognizes the following options to control how it operates.
`--help'
`-h'
Print a summary of the options to `configure', and exit.
`--version'
`-V'
Print the version of Autoconf used to generate the `configure'
script, and exit.
`--cache-file=FILE'
Enable the cache: use and save the results of the tests in FILE,
traditionally `config.cache'. FILE defaults to `/dev/null' to
disable caching.
`--config-cache'
`-C'
Alias for `--cache-file=config.cache'.
`--quiet'
`--silent'
`-q'
Do not print messages saying which checks are being made. To
suppress all normal output, redirect it to `/dev/null' (any error
messages will still be shown).
`--srcdir=DIR'
Look for the package's source code in directory DIR. Usually
`configure' can determine that directory automatically.
`configure' also accepts some other, not widely useful, options. Run
`configure --help' for more details.
Makefile.am deleted 100644 → 0
View file @ a62d9f3d
SUBDIRS = . tools testsuite examples
noinst_PROGRAMS = aesdata desdata shadata
libnettleincludedir = $(includedir)/nettle
lib_LIBRARIES = libnettle.a
libnettleinclude_HEADERS = aes.h arcfour.h bignum.h blowfish.h \
base16.h base64.h buffer.h cast128.h \
cbc.h \
des.h des-compat.h dsa.h \
hmac.h \
knuth-lfib.h \
macros.h \
md2.h md4.h \
md5.h md5-compat.h \
memxor.h \
nettle-meta.h \
pgp.h pkcs1.h realloc.h rsa.h rsa-compat.h \
sexp.h \
serpent.h sha.h twofish.h \
yarrow.h
nodist_libnettleinclude_HEADERS = nettle-types.h
libnettle_a_SOURCES = aes.c aes.h aes-internal.h \
aes-decrypt-table.c aes-decrypt.c \
aes-encrypt-table.c aes-encrypt.c \
aes-set-encrypt-key.c aes-set-decrypt-key.c aes-meta.c \
arcfour.c arcfour.h arcfour-crypt.c arcfour-meta.c \
base16-encode.c base16-decode.c base16-meta.c \
base64-encode.c base64-decode.c base64-meta.c base64.h \
cast128.c cast128.h cast128_sboxes.h cast128-meta.c \
blowfish.h blowfish.c \
cbc.c cbc.h \
des.c des.h desinfo.h desCode.h \
des3.c des-compat.c des-compat.h \
hmac.c hmac.h hmac-md5.c hmac-sha1.c hmac-sha256.c \
knuth-lfib.c knuth-lfib.h \
md2.c md2-meta.c md4.c md4-meta.c \
md5.c md5.h md5-compat.c md5-compat.h md5-meta.c \
sha.h sha1.c sha1-compress.c sha1-meta.c sha256.c sha256-meta.c \
serpent.c serpent.h serpent_sboxes.h serpent-meta.c \
twofish.c twofish.h twofish-meta.c \
yarrow.h yarrow256.c yarrow_key_event.c \
sexp.h sexp.c sexp-format.c \
sexp-transport.c sexp-transport-format.c \
bignum.h bignum.c bignum-random.c sexp2bignum.c \
pkcs1.h pkcs1.c pkcs1-rsa-md5.c pkcs1-rsa-sha1.c \
rsa.h rsa.c rsa-sign.c rsa-verify.c \
rsa-md5-sign.c rsa-md5-verify.c \
rsa-sha1-sign.c rsa-sha1-verify.c \
rsa-encrypt.c rsa-decrypt.c \
rsa-keygen.c rsa-compat.h rsa-compat.c \
rsa2sexp.c sexp2rsa.c \
dsa.c dsa-sign.c dsa-verify.c dsa-keygen.c \
sexp2dsa.c \
pgp.h pgp-encode.c rsa2openpgp.c \
buffer.h buffer.c buffer-init.c realloc.c \
nettle-meta.h \
nettle-internal.c nettle-internal.h
LIBOBJS = @LIBOBJS@
libnettle_a_LIBADD = $(LIBOBJS)
shadata_LDADD = -lm
info_TEXINFOS = nettle.texinfo
all-local: nettle.html
EXTRA_DIST = memxor.h $(des_headers) descore.README nettle.html \
sha-example.c .bootstrap $(des_headers) \
sparc/aes.asm sparc/machine.m4 \
x86/aes.asm x86/aes-encrypt.asm x86/aes-decrypt.asm \
x86/aes_tables.asm x86/arcfour-crypt.asm x86/sha1-compress.asm
DISTCLEANFILES = aes.asm aes.s \
aes-decrypt.asm aes-decrypt.s aes-encrypt.asm aes-encrypt.s \
arcfour-crypt.asm arcfour-crypt.s sha1-compress.asm sha1-compress.s \
machine.m4 nettle-types.h
CLEANFILES = $(SHLIBFORLINK)
clean-local:
rm -rf .lib
# Using assembler files. Should get precedence before the .c.o rule.
SUFFIXES = .asm
# can be overridden during development, eg. "make RM_TMP=: aes.o"
RM_TMP = rm -f
# FIXME: How to write this without using GNU make features?
# NOTE: We have to use an explicit rule .asm -> .o, to override the .c
# -> .o rule. Using rules involving .s doesn't seem to work.
# %.s: %.asm asm.m4 machine.m4 config.m4
# $(M4) $(srcdir)/asm.m4 machine.m4 config.m4 \
# `test -f $< || echo '$(srcdir)/'`$< >$@
# NOTE: We create an empty .deps-file, to make the make/automake
# dependency tracking happier.
%.$(OBJEXT): %.asm asm.m4 machine.m4 config.m4
$(M4) $(srcdir)/asm.m4 machine.m4 config.m4 \
`test -f $< || echo '$(srcdir)/'`$< >$*.s
$(COMPILE) -c $*.s -o $@
echo >.deps/$*.Po
# Shared library rules
all-local: $(SHLIBTARGET)
install-data-local: $(SHLIBINSTALL)
# Assembler files must contain only PIC-clean code.
%_p.$(OBJEXT): %.asm asm.m4 machine.m4 config.m4
$(M4) $(srcdir)/asm.m4 machine.m4 config.m4 \
`test -f $< || echo '$(srcdir)/'`$< >$*.s
$(COMPILE) -c $*.s -o $@
echo >.deps/$*.Po
# FIXME: This rule doesn't get dependencies right.
%_p.$(OBJEXT): %.c
$(COMPILE) $(SHLIBCFLAGS) -c $< -o $@
SHLIBOBJECTS = $(patsubst %.$(OBJEXT),%_p.$(OBJEXT),$(am_libnettle_a_OBJECTS) $(LIBOBJS))
# The point of the linking is to use -Lnettle-dir at linktime,
# and LD_LIBRARY_PATH=nettle-dir/.lib at run time.
$(SHLIBFORLINK): $(SHLIBOBJECTS)
$(SHLIBLINK) $^ -o $@
-mkdir .lib 2>/dev/null
(cd .lib && ln -sf ../$(SHLIBFORLINK) $(SHLIBSONAME))
install-shared: $(SHLIBFORLINK)
$(INSTALL_DATA) $(SHLIBFORLINK) $(DESTDIR)$(libdir)/$(SHLIBFILE)
(cd $(DESTDIR)$(libdir) \
&& ln -sf $(SHLIBFILE) $(SHLIBSONAME) \
&& ln -sf $(SHLIBFILE) $(SHLIBFORLINK) )
%.html : %.texinfo
(cd $(srcdir) \
&& $(MAKEINFO) --html --no-split --output $@T $(<F) \
; test -s $@T && mv -f $@T $@)
# desCore rules
# It seems using $(srcdir)/ doesn't work with GNU make 3.79.1
# des_headers = $(srcdir)/parity.h $(srcdir)/rotors.h $(srcdir)/keymap.h
des_headers = parity.h rotors.h keymap.h
# Generate DES headers.
$(des_headers): desdata.c
$(MAKE) desdata$(EXEEXT)
./desdata$(EXEEXT) $(@F) > $@T
test -s $@T && mv -f $@T $@
des.o: des.c des.h $(des_headers)
Makefile.am.in deleted 100644 → 0
View file @ a62d9f3d
## Process this file with make_am to produce Makefile.am
SUBDIRS: include
CVS_HEADERS: cvs_headers
BODY:
AUTOMAKE_OPTIONS = foreign
noinst_LIBRARIES = libsymmetric.a
noinst_PROGRAMS = desTest desdata bf_test twofish_test generate_q rijndael_test
Makefile.am: Makefile.am.in
(cd $(top_srcdir) && $(MAKE) src/symmetric/Makefile.am)
# When compiling with lsh, this is set to to -DLSH -I/path/to/lsh/include
# INCLUDES = @crypto_cpp_flags@
LDADD = libsymmetric.a
desdata_LDADD =
des_headers = parity.h rotors.h keymap.h
BUILT_SOURCES = desSmallFips.c desSmallCore.c desQuickFips.c desQuickCore.c
libsymmetric_a_SOURCES = desCode.h desKerb.c desUtil.c desQuick.c \
$(BUILT_SOURCES) \
sha.c md5.c idea.c arcfour.c cast.c blowfish.c twofish.c rijndael.c \
serpent.c
# Generate DES headers.
$(des_headers): desdata
./desdata $@ > $@T
test -s $@T && mv -f $@T $@
desUtil.o: desUtil.c $(des_headers)
# Generate DES sources. Slowest to quickest.
desSmallFips.c:
@echo > $@ '#include "desCode.h"'
@echo >> $@ 'ENCRYPT(DesSmallFipsEncrypt,TEMPSMALL,\
LOADFIPS,KEYMAPSMALL,SAVEFIPS)'
@echo >> $@ 'DECRYPT(DesSmallFipsDecrypt,TEMPSMALL,\
LOADFIPS,KEYMAPSMALL,SAVEFIPS)'
desSmallCore.c:
@echo > $@ '#include "desCode.h"'
@echo >> $@ 'ENCRYPT(DesSmallCoreEncrypt,TEMPSMALL,\
LOADCORE,KEYMAPSMALL,SAVECORE)'
@echo >> $@ 'DECRYPT(DesSmallCoreDecrypt,TEMPSMALL,\
LOADCORE,KEYMAPSMALL,SAVECORE)'
desQuickFips.c:
@echo > $@ '#include "desCode.h"'
@echo >> $@ 'ENCRYPT(DesQuickFipsEncrypt,TEMPQUICK,\
LOADFIPS,KEYMAPQUICK,SAVEFIPS)'
@echo >> $@ 'DECRYPT(DesQuickFipsDecrypt,TEMPQUICK,\
LOADFIPS,KEYMAPQUICK,SAVEFIPS)'
desQuickCore.c:
@echo > $@ '#include "desCode.h"'
@echo >> $@ 'ENCRYPT(DesQuickCoreEncrypt,TEMPQUICK,\
LOADCORE,KEYMAPQUICK,SAVECORE)'
@echo >> $@ 'DECRYPT(DesQuickCoreDecrypt,TEMPQUICK,\
LOADCORE,KEYMAPQUICK,SAVECORE)'
EXTRA_DIST = $(cvs_headers) $(des_headers) Makefile.am.in descore.README
.PHONY: depend
depend:
rm -f $(DEP_FILES)
make $(DEP_FILES)
# .deps/%.P : %.c
# $(CC) $(CPPFLAGS) $(DEFS) -M -MG $< > $@
MAINTAINERCLEANFILES += $(DEP_FILES)
include $(top_srcdir)/misc/ctags.mk
Makefile.in
View file @ c3005802
# $Id$
#
# Makefile for low-level crypto library
CC=@CC@
CPP=@CPP@
RANLIB=@RANLIB@
AR=ar
# Reset VPATH
SRCDIR=@srcdir@
VPATH=$(SRCDIR):$(EXTRA_VPATH)
# The flags to generate a shared library
CPPFLAGS=$(PREFLAGS) $(DEFS) $(EXTRA_CPPFLAGS)
LDFLAGS=@LDFLAGS@
default: algorithms.a
### Magic Makefile for descore
# Interesting defines are sparc, mc68000, vax and i386
# Rely on gcc defining them appropriately.
# CPPFLAGS= -Dsparc # use 6+8 general regs
# CPPFLAGS= -Dmc68000 # use 3+4 addr (1+4 live), and 3+3 data regs
# CPPFLAGS= -Dvax # use 6+0 general regs
# CPPFLAGS= -Di386 # use 3+0 regs, and 3+0 normal variables
CODEGEN.c= $(CC) $(CFLAGS) $(CPPFLAGS) -S
COMPILE.c= $(CC) $(CFLAGS) $(CPPFLAGS) -c
LINK.c= $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS)
# hand-entered files that go into the library
SC= desKerb.c desUtil.c desQuick.c
SO= desKerb.o desUtil.o desQuick.o
# special generated files
GH= parity.h rotors.h keymap.h
GC= desSmallFips.c desSmallCore.c desQuickFips.c desQuickCore.c
GI= desSmallFips.i desSmallCore.i desQuickFips.i desQuickCore.i
GO= desSmallFips.o desSmallCore.o desQuickFips.o desQuickCore.o
O= $(SO) $(GO)
# prefer compilation from .i if .i exists
#.SUFFIXES:
#.SUFFIXES: .i .o .c $(SUFFIXES)
desTest: desCore.a desTest.o
$(LINK.c) -o $@ desTest.o desCore.a
./desTest
# test all performance enhancement flags
sure:
make clean ; make desTest 'CPPFLAGS=-Di386 -Umc68000 -Usparc'
make clean ; make desTest 'CPPFLAGS=-Dvax -Umc68000 -Usparc'
make clean ; make desTest 'CPPFLAGS=-Dmc68000 -Usparc'
make clean ; make desTest 'CPPFLAGS=-Dsparc -Umc68000'
make clean ; make desTest
clean:
-rm -f *.o *.i *.x *.a ./desTest
-rm -f $(GC) $(GH) desdata
depend:
desCore.a: $O
$(AR) cru $@ $O
$(RANLIB) $@
desdata.o: desinfo.h $(SRCDIR)/../include/des.h
desUtil.o: $(GH)
$(SO): $(SRCDIR)/../include/des.h
$(GI): desCode.h $(SRCDIR)/../include/des.h Makefile
desTest.o: $(SRCDIR)/../include/des.h
$(GH): desdata
./desdata $@ > $@
desdata: desdata.o
$(LINK.c) -o $@ desdata.o
# new rules (note: tr|sed|tr is NOT necessary, just there so .i is readable)
.c.i:
$(CPP) $(CFLAGS) $(CPPFLAGS) $< > $*.x
@tr ';'\\012 \\012';' < $*.x | \
sed -e 's/[ ][ ]*/ /g' \
-e 's/^ //' \
-e 's/ $$//' \
-e '/^$$/d' \
-e '/^[^;]/s/^/;/' \
-e 's/#[^;]*;//g' \
-e 's/\([){]\) *\(register\)/\1;\2/g' \
-e 's/\([[(]\) /\1/g' \
-e 's/ \([])]\)/\1/g' \
-e 's/\([^]+0123 ]\) =/\1 =/g' \
-e 's/}/};;/g' \
-e 's/ *; */;/g' \
-e 's/;;;*/;;/g' \
-e '1s/^;*//' | \
tr ';'\\012 \\012';' > $@
@echo "" >> $@
# @echo "}" >> $@ # last definition must be a procedure
# -e 's/\(;[kmxyz][0-9]*\)\([^;]*=\)/\1 \2/g'
.i.o:
$(CODEGEN.c) $<
$(COMPILE.c) $*.s
# slowest to quickest
desSmallFips.c:
@echo '#include "desCode.h"' > $@
@echo \
'ENCRYPT(DesSmallFipsEncrypt,TEMPSMALL,LOADFIPS,KEYMAPSMALL,SAVEFIPS)' >> $@
@echo \
'DECRYPT(DesSmallFipsDecrypt,TEMPSMALL,LOADFIPS,KEYMAPSMALL,SAVEFIPS)' >> $@
desSmallCore.c:
@echo '#include "desCode.h"' > $@
@echo \
'ENCRYPT(DesSmallCoreEncrypt,TEMPSMALL,LOADCORE,KEYMAPSMALL,SAVECORE)' >> $@
@echo \
'DECRYPT(DesSmallCoreDecrypt,TEMPSMALL,LOADCORE,KEYMAPSMALL,SAVECORE)' >> $@
desQuickFips.c:
@echo '#include "desCode.h"' > $@
@echo \
'ENCRYPT(DesQuickFipsEncrypt,TEMPQUICK,LOADFIPS,KEYMAPQUICK,SAVEFIPS)' >> $@
@echo \
'DECRYPT(DesQuickFipsDecrypt,TEMPQUICK,LOADFIPS,KEYMAPQUICK,SAVEFIPS)' >> $@
desQuickCore.c:
@echo '#include "desCode.h"' > $@
@echo \
'ENCRYPT(DesQuickCoreEncrypt,TEMPQUICK,LOADCORE,KEYMAPQUICK,SAVECORE)' >> $@
@echo \
'DECRYPT(DesQuickCoreDecrypt,TEMPQUICK,LOADCORE,KEYMAPQUICK,SAVECORE)' >> $@
### End of rules for desCore
SRCS = sha.c md5.c idea.c rc4.c cast.c $(SC) $(GC)
OBJS = $(SRCS:.c=.o)
algorithms.a: $(OBJS)
rm -f algorithms.a
$(AR) cru algorithms.a $(OBJS)
$(RANLIB) algorithms.a
#### Remaking the Makefile and configure scripts. ####
#${srcdir}/configure: configure.in aclocal.m4
${srcdir}/configure: configure.in
cd ${srcdir} && autoconf
# Nettle Makefile
@SET_MAKE@
srcdir = @srcdir@
VPATH = @srcdir@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = $(INSTALL_PROGRAM) -s
MKDIR_P = @MKDIR_P@
OPT_NETTLE_OBJS = @OPT_NETTLE_OBJS@
OPT_HOGWEED_OBJS = @OPT_HOGWEED_OBJS@
OPT_NETTLE_SOURCES = @OPT_NETTLE_SOURCES@
FAT_TEST_LIST = @FAT_TEST_LIST@
SUBDIRS = tools testsuite examples
include config.make
PRE_CPPFLAGS = -I.
EXTRA_CFLAGS = $(CCPIC)
LIBTARGETS = @IF_STATIC@ libnettle.a @IF_HOGWEED@ libhogweed.a
SHLIBTARGETS = @IF_SHARED@ $(LIBNETTLE_FORLINK) @IF_HOGWEED@ $(LIBHOGWEED_FORLINK)
getopt_SOURCES = getopt.c getopt1.c
getopt_TARGETS = $(getopt_SOURCES:.c=.$(OBJEXT))
internal_SOURCES = non-nettle.c
internal_TARGETS = $(internal_SOURCES:.c=.$(OBJEXT))
TARGETS = $(getopt_TARGETS) $(internal_TARGETS) \
$(LIBTARGETS) $(SHLIBTARGETS)
DOCTARGETS = @IF_DOCUMENTATION@ nettle.info nettle.html nettle.pdf
PKGCONFIG_FILES = nettle.pc @IF_HOGWEED@ hogweed.pc
pkgconfigdir = $(libdir)/pkgconfig
all check install uninstall:
$(MAKE) $@-here
set -e; for d in $(SUBDIRS); do \
echo "Making $@ in $$d" ; (cd $$d && $(MAKE) $@); done
clean distclean mostlyclean maintainer-clean tags:
set -e; for d in $(SUBDIRS); do \
echo "Making $@ in $$d" ; (cd $$d && $(MAKE) $@); done
$(MAKE) $@-here
check-here:
true
# Tries different settings of NETTLE_FAT_OVERRIDE. Note that this
# requires that corresponding processor features are available on the
# test machine.
check-fat:
[ -z "$(FAT_TEST_LIST)" ] || \
set -e; cd testsuite && for f in $(FAT_TEST_LIST) ; do \
echo NETTLE_FAT_OVERRIDE=$$f ; \
NETTLE_FAT_OVERRIDE=$$f $(MAKE) check TS_ALL='$$(TS_FAT)' ; \
done
all-here: $(TARGETS) $(DOCTARGETS)
nettle_SOURCES = aes-decrypt-internal.c aes-decrypt-table.c \
aes128-decrypt.c aes192-decrypt.c aes256-decrypt.c \
aes-encrypt-internal.c aes-encrypt-table.c \
aes128-encrypt.c aes192-encrypt.c aes256-encrypt.c \
aes-invert-internal.c aes-set-key-internal.c \
aes128-set-encrypt-key.c aes128-set-decrypt-key.c \
aes128-meta.c \
aes192-set-encrypt-key.c aes192-set-decrypt-key.c \
aes192-meta.c \
aes256-set-encrypt-key.c aes256-set-decrypt-key.c \
aes256-meta.c \
nist-keywrap.c \
arcfour.c \
arctwo.c arctwo-meta.c blowfish.c blowfish-bcrypt.c \
balloon.c balloon-sha1.c balloon-sha256.c \
balloon-sha384.c balloon-sha512.c \
base16-encode.c base16-decode.c base16-meta.c \
base64-encode.c base64-decode.c base64-meta.c \
base64url-encode.c base64url-decode.c base64url-meta.c \
buffer.c buffer-init.c \
camellia-crypt-internal.c camellia-table.c \
camellia-absorb.c camellia-invert-key.c \
camellia128-set-encrypt-key.c camellia128-crypt.c \
camellia128-set-decrypt-key.c \
camellia128-meta.c \
camellia192-meta.c \
camellia256-set-encrypt-key.c camellia256-crypt.c \
camellia256-set-decrypt-key.c \
camellia256-meta.c \
cast128.c cast128-meta.c \
cbc.c cbc-aes128-encrypt.c cbc-aes192-encrypt.c cbc-aes256-encrypt.c \
ccm.c ccm-aes128.c ccm-aes192.c ccm-aes256.c cfb.c \
siv-cmac.c siv-cmac-aes128.c siv-cmac-aes256.c \
siv-gcm.c siv-gcm-aes128.c siv-gcm-aes256.c \
cnd-memcpy.c \
chacha-crypt.c chacha-core-internal.c \
chacha-poly1305.c chacha-poly1305-meta.c \
chacha-set-key.c chacha-set-nonce.c \
ctr.c ctr16.c des.c des3.c \
eax.c eax-aes128.c eax-aes128-meta.c \
ghash-set-key.c ghash-update.c \
siv-ghash-set-key.c siv-ghash-update.c \
gcm.c \
gcm-aes128.c gcm-aes128-meta.c \
gcm-aes192.c gcm-aes192-meta.c \
gcm-aes256.c gcm-aes256-meta.c \
gcm-camellia128.c gcm-camellia128-meta.c \
gcm-camellia256.c gcm-camellia256-meta.c \
gcm-sm4.c gcm-sm4-meta.c \
cmac.c cmac64.c cmac-aes128.c cmac-aes256.c cmac-des3.c \
cmac-aes128-meta.c cmac-aes256-meta.c cmac-des3-meta.c \
gost28147.c gosthash94.c gosthash94-meta.c \
hmac.c hmac-gosthash94.c hmac-md5.c hmac-ripemd160.c \
hmac-sha1.c hmac-sha224.c hmac-sha256.c hmac-sha384.c \
hmac-sha512.c hmac-streebog.c hmac-sm3.c \
hmac-md5-meta.c hmac-ripemd160-meta.c hmac-sha1-meta.c \
hmac-sha224-meta.c hmac-sha256-meta.c hmac-sha384-meta.c \
hmac-sha512-meta.c hmac-gosthash94-meta.c \
hmac-streebog-meta.c hmac-sm3-meta.c \
knuth-lfib.c hkdf.c \
md2.c md2-meta.c md4.c md4-meta.c \
md5.c md5-meta.c \
memeql-sec.c memxor.c memxor3.c \
nettle-lookup-hash.c \
nettle-meta-aeads.c nettle-meta-armors.c \
nettle-meta-ciphers.c nettle-meta-hashes.c nettle-meta-macs.c \
ocb.c ocb-aes128.c \
pbkdf2.c pbkdf2-hmac-gosthash94.c pbkdf2-hmac-sha1.c \
pbkdf2-hmac-sha256.c pbkdf2-hmac-sha384.c pbkdf2-hmac-sha512.c \
poly1305-aes.c poly1305-internal.c poly1305-update.c \
realloc.c \
ripemd160.c ripemd160-compress.c ripemd160-meta.c \
salsa20-core-internal.c salsa20-crypt-internal.c \
salsa20-crypt.c salsa20r12-crypt.c salsa20-set-key.c \
salsa20-set-nonce.c \
salsa20-128-set-key.c salsa20-256-set-key.c \
sha1.c sha1-compress.c sha1-meta.c \
sha256.c sha256-compress-n.c sha224-meta.c sha256-meta.c \
sha512.c sha512-compress.c sha384-meta.c sha512-meta.c \
sha512-224-meta.c sha512-256-meta.c \
sha3.c sha3-permute.c \
sha3-224.c sha3-224-meta.c sha3-256.c sha3-256-meta.c \
sha3-384.c sha3-384-meta.c sha3-512.c sha3-512-meta.c \
sha3-shake.c shake128.c shake256.c \
sm3.c sm3-meta.c \
serpent-set-key.c serpent-encrypt.c serpent-decrypt.c \
serpent-meta.c \
streebog.c streebog-meta.c \
twofish.c twofish-meta.c \
sm4.c sm4-meta.c \
umac-nh.c umac-nh-n.c umac-l2.c umac-l3.c \
umac-poly64.c umac-poly128.c umac-set-key.c \
umac32.c umac64.c umac96.c umac128.c \
version.c \
write-be32.c write-le32.c write-le64.c \
yarrow256.c yarrow_key_event.c \
xts.c xts-aes128.c xts-aes256.c \
drbg-ctr-aes256.c
hogweed_SOURCES = sexp.c sexp-format.c \
sexp-transport.c sexp-transport-format.c \
bignum.c bignum-random.c bignum-random-prime.c \
sexp2bignum.c \
pkcs1.c pkcs1-encrypt.c pkcs1-decrypt.c \
oaep.c \
pkcs1-sec-decrypt.c \
pkcs1-rsa-digest.c pkcs1-rsa-md5.c pkcs1-rsa-sha1.c \
pkcs1-rsa-sha256.c pkcs1-rsa-sha512.c \
pss.c pss-mgf1.c \
rsa.c rsa-sign.c rsa-sign-tr.c rsa-verify.c \
rsa-sec-compute-root.c \
rsa-pkcs1-sign.c rsa-pkcs1-sign-tr.c rsa-pkcs1-verify.c \
rsa-md5-sign.c rsa-md5-sign-tr.c rsa-md5-verify.c \
rsa-sha1-sign.c rsa-sha1-sign-tr.c rsa-sha1-verify.c \
rsa-sha256-sign.c rsa-sha256-sign-tr.c rsa-sha256-verify.c \
rsa-sha512-sign.c rsa-sha512-sign-tr.c rsa-sha512-verify.c \
rsa-pss-sha256-sign-tr.c rsa-pss-sha256-verify.c \
rsa-pss-sha512-sign-tr.c rsa-pss-sha512-verify.c \
rsa-encrypt.c rsa-decrypt.c \
rsa-oaep-encrypt.c rsa-oaep-decrypt.c \
rsa-sec-decrypt.c rsa-decrypt-tr.c \
rsa-keygen.c \
rsa2sexp.c sexp2rsa.c \
dsa.c dsa-gen-params.c \
dsa-sign.c dsa-verify.c dsa-keygen.c dsa-hash.c \
dsa2sexp.c sexp2dsa.c \
der-iterator.c der2rsa.c der2dsa.c \
sec-add-1.c sec-sub-1.c \
gmp-glue.c cnd-copy.c \
ecc-mod.c ecc-mod-inv.c \
ecc-mod-arith.c ecc-pp1-redc.c ecc-pm1-redc.c \
ecc-curve25519.c ecc-curve448.c \
ecc-gost-gc256b.c ecc-gost-gc512a.c \
ecc-secp192r1.c ecc-secp224r1.c ecc-secp256r1.c \
ecc-secp384r1.c ecc-secp521r1.c \
ecc-size.c ecc-j-to-a.c ecc-a-to-j.c \
ecc-dup-jj.c ecc-add-jja.c ecc-add-jjj.c ecc-nonsec-add-jjj.c \
ecc-eh-to-a.c \
ecc-dup-eh.c ecc-add-eh.c ecc-add-ehh.c \
ecc-dup-th.c ecc-add-th.c ecc-add-thh.c \
ecc-mul-g-eh.c ecc-mul-a-eh.c ecc-mul-m.c \
ecc-mul-g.c ecc-mul-a.c ecc-random.c \
ecc-point.c ecc-scalar.c ecc-point-mul.c ecc-point-mul-g.c \
ecc-ecdsa-sign.c ecdsa-sign.c \
ecc-ecdsa-verify.c ecdsa-verify.c ecdsa-keygen.c \
ecc-gostdsa-sign.c gostdsa-sign.c \
ecc-gostdsa-verify.c gostdsa-verify.c gostdsa-vko.c \
curve25519-mul-g.c curve25519-mul.c curve25519-eh-to-x.c \
curve448-mul-g.c curve448-mul.c curve448-eh-to-x.c \
eddsa-compress.c eddsa-decompress.c eddsa-expand.c \
eddsa-hash.c eddsa-pubkey.c eddsa-sign.c eddsa-verify.c \
ed25519-sha512.c ed25519-sha512-pubkey.c \
ed25519-sha512-sign.c ed25519-sha512-verify.c \
ed448-shake256.c ed448-shake256-pubkey.c \
ed448-shake256-sign.c ed448-shake256-verify.c
OPT_SOURCES = fat-arm.c fat-arm64.c fat-ppc.c fat-s390x.c fat-x86_64.c mini-gmp.c
HEADERS = aes.h arcfour.h arctwo.h asn1.h blowfish.h balloon.h \
base16.h base64.h bignum.h buffer.h camellia.h cast128.h \
cbc.h ccm.h cfb.h chacha.h chacha-poly1305.h ctr.h \
curve25519.h curve448.h des.h dsa.h eax.h \
ecc-curve.h ecc.h ecdsa.h eddsa.h \
gcm.h gostdsa.h gosthash94.h hmac.h \
knuth-lfib.h hkdf.h \
macros.h \
cmac.h siv-cmac.h siv-gcm.h \
md2.h md4.h md5.h \
memops.h memxor.h \
nettle-meta.h nettle-types.h \
ocb.h pbkdf2.h \
pkcs1.h pss.h pss-mgf1.h realloc.h ripemd160.h rsa.h \
salsa20.h sexp.h serpent.h \
sha.h sha1.h sha2.h sha3.h sm3.h sm4.h streebog.h twofish.h \
umac.h yarrow.h xts.h poly1305.h nist-keywrap.h \
drbg-ctr.h
INSTALL_HEADERS = $(HEADERS) version.h @IF_MINI_GMP@ mini-gmp.h
SOURCES = $(nettle_SOURCES) $(hogweed_SOURCES) \
$(getopt_SOURCES) $(internal_SOURCES) \
$(OPT_SOURCES) \
aesdata.c desdata.c twofishdata.c shadata.c eccdata.c
# NOTE: This list must include all source files, with no duplicates,
# independently of which source files are included in the build.
DISTFILES = $(SOURCES) $(HEADERS) getopt.h getopt_int.h \
.bootstrap run-tests \
aclocal.m4 configure.ac \
configure stamp-h.in version.h.in \
libnettle.map.in libhogweed.map.in \
config.guess config.sub install-sh \
config.h.in config.m4.in config.make.in Makefile.in \
README CONTRIBUTING.md AUTHORS COPYING.LESSERv3 COPYINGv2 COPYINGv3 \
INSTALL NEWS ChangeLog \
nettle.pc.in hogweed.pc.in \
desdata.stamp $(des_headers) descore.README \
aes-internal.h block-internal.h blowfish-internal.h bswap-internal.h \
camellia-internal.h gcm-internal.h \
ghash-internal.h gost28147-internal.h poly1305-internal.h \
serpent-internal.h cast128_sboxes.h desinfo.h desCode.h \
ripemd160-internal.h md-internal.h sha2-internal.h \
memxor-internal.h nettle-internal.h non-nettle.h nettle-write.h \
ctr-internal.h chacha-internal.h sha3-internal.h \
salsa20-internal.h umac-internal.h hogweed-internal.h \
rsa-internal.h pkcs1-internal.h dsa-internal.h eddsa-internal.h \
gmp-glue.h ecc-internal.h fat-setup.h oaep.h \
mini-gmp.h asm.m4 m4-utils.m4 \
nettle.texinfo nettle.info nettle.html nettle.pdf sha-example.c
# Rules building static libraries
nettle_OBJS = $(nettle_SOURCES:.c=.$(OBJEXT)) \
$(OPT_NETTLE_SOURCES:.c=.$(OBJEXT)) $(OPT_NETTLE_OBJS)
hogweed_OBJS = $(hogweed_SOURCES:.c=.$(OBJEXT)) \
$(OPT_HOGWEED_OBJS) @IF_MINI_GMP@ mini-gmp.$(OBJEXT)
libnettle.a: $(nettle_OBJS)
-rm -f $@
$(AR) $(ARFLAGS) $@ $(nettle_OBJS)
$(RANLIB) $@
echo nettle > libnettle.stamp
libhogweed.a: $(hogweed_OBJS)
-rm -f $@
$(AR) $(ARFLAGS) $@ $(hogweed_OBJS)
$(RANLIB) $@
echo hogweed > libhogweed.stamp
%.$(OBJEXT): %.asm $(srcdir)/m4-utils.m4 $(srcdir)/asm.m4 config.m4 machine.m4
$(M4) $(srcdir)/m4-utils.m4 $(srcdir)/asm.m4 config.m4 machine.m4 $< >$*.s
$(COMPILE) $(ASM_FLAGS) -c $*.s
%.$(OBJEXT): %.c
$(COMPILE) -c $< \
&& $(DEP_PROCESS)
# Rules building shared libraries.
$(LIBNETTLE_FORLINK): $(nettle_OBJS)
$(LIBNETTLE_LINK) $(nettle_OBJS) @EXTRA_LINKER_FLAGS@ -o $@ $(LIBNETTLE_LIBS)
-mkdir .lib 2>/dev/null
(cd .lib \
&& rm -f $(LIBNETTLE_FORLINK) \
&& $(LN_S) ../$(LIBNETTLE_FORLINK) $(LIBNETTLE_FORLINK) \
&& [ -z "$(LIBNETTLE_SONAME)" ] \
|| { rm -f $(LIBNETTLE_SONAME) \
&& $(LN_S) $(LIBNETTLE_FORLINK) $(LIBNETTLE_SONAME) ; } )
echo nettle > libnettle.stamp
$(LIBHOGWEED_FORLINK): $(hogweed_OBJS) $(LIBNETTLE_FORLINK)
$(LIBHOGWEED_LINK) $(hogweed_OBJS) @EXTRA_HOGWEED_LINKER_FLAGS@ -o $@ $(LIBHOGWEED_LIBS)
-mkdir .lib 2>/dev/null
(cd .lib \
&& rm -f $(LIBHOGWEED_FORLINK) \
&& $(LN_S) ../$(LIBHOGWEED_FORLINK) $(LIBHOGWEED_FORLINK) \
&& [ -z "$(LIBHOGWEED_SONAME)" ] \
|| { rm -f $(LIBHOGWEED_SONAME) \
&& $(LN_S) $(LIBHOGWEED_FORLINK) $(LIBHOGWEED_SONAME) ; } )
echo hogweed > libhogweed.stamp
# For building the various *data.c programs. -lm needed for shadata.
%$(EXEEXT_FOR_BUILD): %.c
$(CC_FOR_BUILD) $< -lm -o $@
# Explicit dependency.
eccdata$(EXEEXT_FOR_BUILD): mini-gmp.c mini-gmp.h
# desCore rules
# It seems using $(srcdir)/ doesn't work with GNU make 3.79.1
# des_headers = $(srcdir)/rotors.h $(srcdir)/keymap.h
des_headers = rotors.h keymap.h
# Generate DES headers.
$(des_headers): desdata.stamp
f="$(srcdir)/`basename $@`"; \
./desdata$(EXEEXT_FOR_BUILD) $(@F) > $${f}T; \
test -s $${f}T && mv -f $${f}T $$f
desdata.stamp: desdata.c
$(MAKE) desdata$(EXEEXT_FOR_BUILD)
echo stamp > desdata.stamp
des.$(OBJEXT): des.c des.h $(des_headers)
# Generate ECC files, with roughly 16 KB of tables per curve.
# Some reasonable choices for 192:
# k = 8, c = 6, S = 256, T = 40 ( 32 A + 8 D) 12 KB
# k = 14, c = 7, S = 256, T = 42 ( 28 A + 14 D) 12 KB
# k = 11, c = 6, S = 192, T = 44 ( 33 A + 11 D) 9 KB
# k = 16, c = 6, S = 128, T = 48 ( 32 A + 16 D) 6 KB
ecc-secp192r1.h: eccdata.stamp
./eccdata$(EXEEXT_FOR_BUILD) secp192r1 8 6 $(NUMB_BITS) > $@T && mv $@T $@
# Some reasonable choices for 224:
# k = 16, c = 7, S = 256, T = 48 ( 32 A + 16 D) ~16 KB
# k = 10, c = 6, S = 256, T = 50 ( 40 A + 10 D) ~16 KB
# k = 13, c = 6, S = 192, T = 52 ( 39 A + 13 D) ~12 KB
# k = 9, c = 5, S = 160, T = 54 ( 45 A + 9 D) ~10 KB
ecc-secp224r1.h: eccdata.stamp
./eccdata$(EXEEXT_FOR_BUILD) secp224r1 16 7 $(NUMB_BITS) > $@T && mv $@T $@
# Some reasonable choices for 256:
# k = 9, c = 6, S = 320, T = 54 ( 45 A + 9 D) 20 KB
# k = 11, c = 6, S = 256, T = 55 ( 44 A + 11 D) 16 KB
# k = 19, c = 7, S = 256, T = 57 ( 38 A + 19 D) 16 KB
# k = 15, c = 6, S = 192, T = 60 ( 45 A + 15 D) 12 KB
ecc-secp256r1.h: eccdata.stamp
./eccdata$(EXEEXT_FOR_BUILD) secp256r1 11 6 $(NUMB_BITS) > $@T && mv $@T $@
# Some reasonable choices for 384:
# k = 16, c = 6, S = 256, T = 80 ( 64 A + 16 D) 24 KB
# k = 28, c = 7, S = 256, T = 84 ( 56 A + 28 D) 24 KB
# k = 11, c = 5, S = 224, T = 88 ( 77 A + 11 D) 21 KB
# k = 22, c = 6, S = 192, T = 88 ( 66 A + 22 D) 18 KB
# k = 13, c = 5, S = 192, T = 91 ( 78 A + 13 D) 18 KB
# k = 16, c = 5, S = 160, T = 96 ( 80 A + 16 D) 15 KB
# k = 32, c = 6, S = 128, T = 96 ( 64 A + 32 D) 12 KB
ecc-secp384r1.h: eccdata.stamp
./eccdata$(EXEEXT_FOR_BUILD) secp384r1 32 6 $(NUMB_BITS) > $@T && mv $@T $@
# Some reasonable choices for 521:
# k = 29, c = 6, S = 192, T = 116 ( 87 A + 29 D) ~27 KB
# k = 21, c = 5, S = 160, T = 126 (105 A + 21 D) ~23 KB
# k = 44, c = 6, S = 128, T = 132 ( 88 A + 44 D) ~18 KB
# k = 35, c = 5, S = 96, T = 140 (105 A + 35 D) ~14 KB
ecc-secp521r1.h: eccdata.stamp
./eccdata$(EXEEXT_FOR_BUILD) secp521r1 44 6 $(NUMB_BITS) > $@T && mv $@T $@
# Parameter choices mostly the same as for ecc-secp256r1.h.
ecc-curve25519.h: eccdata.stamp
./eccdata$(EXEEXT_FOR_BUILD) curve25519 11 6 $(NUMB_BITS) > $@T && mv $@T $@
ecc-curve448.h: eccdata.stamp
./eccdata$(EXEEXT_FOR_BUILD) curve448 38 6 $(NUMB_BITS) > $@T && mv $@T $@
# Some reasonable choices for 256:
# k = 9, c = 6, S = 320, T = 54 ( 45 A + 9 D) 20 KB
# k = 11, c = 6, S = 256, T = 55 ( 44 A + 11 D) 16 KB
# k = 19, c = 7, S = 256, T = 57 ( 38 A + 19 D) 16 KB
# k = 15, c = 6, S = 192, T = 60 ( 45 A + 15 D) 12 KB
ecc-gost-gc256b.h: eccdata.stamp
./eccdata$(EXEEXT_FOR_BUILD) gost_gc256b 11 6 $(NUMB_BITS) > $@T && mv $@T $@
# Some reasonable choices for 512:
# k = 22, c = 6, S = 256, T = 110 ( 88 A + 22 D) 32 KB
# k = 29, c = 6, S = 192, T = 116 ( 87 A + 29 D) 24 KB
# k = 21, c = 5, S = 160, T = 126 (105 A + 21 D) 20 KB
# k = 43, c = 6, S = 128, T = 129 ( 86 A + 43 D) 16 KB
# k = 35, c = 5, S = 96, T = 140 (105 A + 35 D) 12 KB
ecc-gost-gc512a.h: eccdata.stamp
./eccdata$(EXEEXT_FOR_BUILD) gost_gc512a 43 6 $(NUMB_BITS) > $@T && mv $@T $@
eccdata.stamp: eccdata.c
$(MAKE) eccdata$(EXEEXT_FOR_BUILD)
echo stamp > eccdata.stamp
ecc-curve25519.$(OBJEXT): ecc-curve25519.h
ecc-curve448.$(OBJEXT): ecc-curve448.h
ecc-gost-gc256b.$(OBJEXT): ecc-gost-gc256b.h
ecc-gost-gc512a.$(OBJEXT): ecc-gost-gc512a.h
ecc-secp192r1.$(OBJEXT): ecc-secp192r1.h
ecc-secp224r1.$(OBJEXT): ecc-secp224r1.h
ecc-secp256r1.$(OBJEXT): ecc-secp256r1.h
ecc-secp384r1.$(OBJEXT): ecc-secp384r1.h
ecc-secp521r1.$(OBJEXT): ecc-secp521r1.h
# Texinfo rules
%.info: %.texinfo
cd $(srcdir) && $(MAKEINFO) --output $@ `basename "$<"`
%.html: %.texinfo
cd $(srcdir) && $(MAKEINFO) --html --no-split \
--output $@T `basename "$<"` \
&& test -s $@T && mv -f $@T $@
%.pdf: %.texinfo
cd $(srcdir) && texi2pdf `basename "$<"`
# Configure-related rules, mostly copied from the autoconf manual. No
# $(srcdir) prefixes on the targets, though.
configure: configure.ac aclocal.m4
cd $(srcdir) && $(AUTOCONF)
# autoheader might not change config.h.in, so touch a stamp file.
${srcdir}/config.h.in: stamp-h.in
config.h.in: stamp-h.in
stamp-h.in: configure.ac aclocal.m4
cd $(srcdir) && $(AUTOHEADER)
echo timestamp > $(srcdir)/stamp-h.in
#${srcdir}/stamp-h.in: configure.in aclocal.m4 acconfig.h \
# config.h.top config.h.bot
${srcdir}/stamp-h.in: configure.in
cd ${srcdir} && autoheader
echo timestamp > ${srcdir}/stamp-h.in
config.status: configure
./config.status --recheck
config.h: stamp-h
stamp-h: config.h.in config.status
./config.status
./config.status config.h
echo timestamp > stamp-h
Makefile: Makefile.in config.status
./config.status
config.status: configure
./config.status --recheck
%.d: %.c
$(SHELL) -ec '$(CC) -MM -MG $(CPPFLAGS) $(DEFS) $< \
| sed '\''s/\($*\)\.o:/\1\.o $@ : /g'\'' > $@'
include $(SRCS:.c=.d)
./config.status $@
config.make: config.make.in config.status
./config.status $@
config.m4: config.m4.in config.status
./config.status $@
nettle.pc: nettle.pc.in config.status
./config.status $@
hogweed.pc: hogweed.pc.in config.status
./config.status $@
version.h: version.h.in config.status
./config.status $@
# Installation
install-doc: @IF_DOCUMENTATION@ install-info
install-here: install-doc install-headers install-static install-pkgconfig \
@IF_SHARED@ install-shared-nettle @IF_HOGWEED@ install-shared-hogweed
install-static: $(LIBTARGETS)
$(MKDIR_P) $(DESTDIR)$(libdir)
for f in $(LIBTARGETS); do \
$(INSTALL_DATA) $$f $(DESTDIR)$(libdir) ; \
done
install-dll-nettle:
$(MKDIR_P) $(DESTDIR)$(bindir)
$(INSTALL_DATA) $(LIBNETTLE_FORLINK) $(DESTDIR)$(bindir)/$(LIBNETTLE_FORLINK)
install-shared-nettle: $(LIBNETTLE_FORLINK) @IF_DLL@ install-dll-nettle
$(MKDIR_P) $(DESTDIR)$(libdir)
$(INSTALL_DATA) $(LIBNETTLE_FILE_SRC) $(DESTDIR)$(libdir)/$(LIBNETTLE_FILE)
[ -z "$(LIBNETTLE_SONAME)" ] \
|| (cd $(DESTDIR)$(libdir) \
&& rm -f $(LIBNETTLE_SONAME) $(LIBNETTLE_FORLINK) \
&& $(LN_S) $(LIBNETTLE_FILE) $(LIBNETTLE_SONAME) \
&& $(LN_S) $(LIBNETTLE_FILE) $(LIBNETTLE_FORLINK))
install-dll-hogweed:
$(MKDIR_P) $(DESTDIR)$(bindir)
$(INSTALL_DATA) $(LIBHOGWEED_FORLINK) $(DESTDIR)$(bindir)/$(LIBHOGWEED_FORLINK)
install-shared-hogweed: $(LIBHOGWEED_FORLINK) @IF_DLL@ install-dll-hogweed
$(MKDIR_P) $(DESTDIR)$(libdir)
$(INSTALL_DATA) $(LIBHOGWEED_FILE_SRC) $(DESTDIR)$(libdir)/$(LIBHOGWEED_FILE)
[ -z "$(LIBHOGWEED_SONAME)" ] \
|| (cd $(DESTDIR)$(libdir) \
&& rm -f $(LIBHOGWEED_SONAME) $(LIBHOGWEED_FORLINK) \
&& $(LN_S) $(LIBHOGWEED_FILE) $(LIBHOGWEED_SONAME) \
&& $(LN_S) $(LIBHOGWEED_FILE) $(LIBHOGWEED_FORLINK))
# I'd like to use makes VPATH search to locate the files to be
# installed. But it seems most make programs don't set $<, $^, $? and
# friends for ordinary explicit rules.
install-info: nettle.info
$(MKDIR_P) $(DESTDIR)$(infodir)
f=nettle.info ; \
[ -f $$f ] || f="$(srcdir)/$$f" ; \
$(INSTALL_DATA) "$$f" $(DESTDIR)$(infodir) ; \
if (install-info --version && \
install-info --version 2>&1 | sed 1q | grep -i -v debian) >/dev/null 2>&1; then \
install-info --info-dir="$(DESTDIR)$(infodir)" "$$f" ; \
else : ; fi
# NOTE: I'd like to use $^, but that's a GNU extension. $? should be
# more portable, and equivalent for phony targets.
install-headers: $(INSTALL_HEADERS)
$(MKDIR_P) $(DESTDIR)$(includedir)/nettle
for f in $(INSTALL_HEADERS) ; do \
if [ -f "$$f" ] ; then \
$(INSTALL_DATA) "$$f" $(DESTDIR)$(includedir)/nettle ; \
else \
$(INSTALL_DATA) "$(srcdir)/$$f" $(DESTDIR)$(includedir)/nettle ; \
fi ; done
install-pkgconfig: $(PKGCONFIG_FILES)
$(MKDIR_P) $(DESTDIR)$(pkgconfigdir)
for f in $(PKGCONFIG_FILES) ; do \
$(INSTALL_DATA) "$$f" $(DESTDIR)$(pkgconfigdir) ; \
done
# Uninstall
uninstall-here: uninstall-info uninstall-headers uninstall-static \
uninstall-pkgconfig @IF_SHARED@ uninstall-shared
uninstall-static:
for f in $(LIBTARGETS) ; do \
rm -f $(DESTDIR)$(libdir)/$$f ; \
done
uninstall-headers:
for f in $(INSTALL_HEADERS) ; do \
rm -f $(DESTDIR)$(includedir)/nettle/$$f ; \
done
uninstall-info:
if (install-info --version && \
install-info --version 2>&1 | sed 1q | grep -i -v debian) >/dev/null 2>&1; then \
install-info --info-dir="$(DESTDIR)$(infodir)" --remove "$(DESTDIR)$(infodir)"/nettle.info ; \
else : ; fi
-rm -f $(DESTDIR)$(infodir)/nettle.info
# FIXME: Leaves the links around
uninstall-shared: uninstall-shared-nettle @IF_HOGWEED@ uninstall-shared-hogweed
uninstall-dll-nettle:
rm -f $(DESTDIR)$(bindir)/$(LIBNETTLE_FORLINK)
uninstall-shared-nettle: @IF_DLL@ uninstall-dll-nettle
rm -f $(DESTDIR)$(libdir)/$(LIBNETTLE_FILE)
[ -z "$(LIBNETTLE_SONAME)" ] \
|| rm -f $(LIBNETTLE_SONAME) $(LIBNETTLE_FORLINK)
uninstall-dll-hogweed:
rm -f $(DESTDIR)$(bindir)/$(LIBHOGWEED_FORLINK)
uninstall-shared-hogweed: @IF_DLL@ uninstall-dll-hogweed
rm -f $(DESTDIR)$(libdir)/$(LIBHOGWEED_FILE)
[ -z "$(LIBHOGWEED_SONAME)" ] \
|| rm -f $(LIBHOGWEED_SONAME) $(LIBHOGWEED_FORLINK)
uninstall-pkgconfig:
for f in $(PKGCONFIG_FILES) ; do \
rm -f $(DESTDIR)$(pkgconfigdir)/$$f ; \
done
# Distribution
distdir = $(PACKAGE_NAME)-$(PACKAGE_VERSION)
top_distdir = $(distdir)
# NOTE: We should handle both absolute and relative $destdir.
distdir: $(DISTFILES)
rm -rf "$(distdir)"
mkdir "$(distdir)"
set -e; for f in $(DISTFILES) ; do \
if [ -f "$$f" ] ; then cp "$$f" "$(distdir)" ; \
else cp "$(srcdir)/$$f" "$(distdir)" ; \
fi ; \
done
set -e; for d in sparc64 x86 \
x86_64 x86_64/aesni x86_64/sha_ni x86_64/pclmul x86_64/fat \
arm arm/neon arm/v6 arm/fat \
arm64 arm64/crypto arm64/fat \
powerpc64 powerpc64/p7 powerpc64/p8 powerpc64/p9 powerpc64/fat \
s390x s390x/vf s390x/msa s390x/msa_x1 s390x/msa_x2 s390x/msa_x4 s390x/fat ; do \
mkdir "$(distdir)/$$d" ; \
find "$(srcdir)/$$d" -maxdepth 1 '(' -name '*.asm' -o -name '*.m4' -o -name README ')' \
-exec cp '{}' "$(distdir)/$$d" ';' ; \
done
set -e; for d in $(SUBDIRS); do \
sd="$(distdir)/$$d" ; \
mkdir "$$sd" && $(MAKE) -C $$d distdir="`cd $$sd && pwd`" $@ ; \
done
dist: distdir
tar cf - $(distdir) | gzip -c >$(distdir).tar.gz
rm -rf $(distdir)
rm_distcheck = test ! -d distcheck-tmp \
|| { find distcheck-tmp -type d ! -perm -200 -exec chmod u+w {} ';' \
&& rm -fr distcheck-tmp; };
distcheck: dist
$(rm_distcheck)
mkdir distcheck-tmp
gzip -d < $(distdir).tar.gz \
| { cd distcheck-tmp && tar xf - && chmod -R a-w $(distdir) ; }
mkdir distcheck-tmp/build
mkdir distcheck-tmp/install
cd distcheck-tmp/build && ../$(distdir)/configure --prefix="`cd ../install && pwd`"
cd distcheck-tmp/build && $(MAKE)
cd distcheck-tmp/build && $(MAKE) check
cd distcheck-tmp/build && $(MAKE) install
cd distcheck-tmp/build && $(MAKE) uninstall
cd distcheck-tmp && find install -type f -print > leftover-install-files
@test `cat distcheck-tmp/leftover-install-files | wc -l` -le 1 \
|| { echo "ERROR: files left after uninstall:" ; \
cat distcheck-tmp/leftover-install-files ; \
exit 1; }
chmod -R a-w distcheck-tmp/install
mkdir distcheck-tmp/destdir
destdir="`cd distcheck-tmp/destdir && pwd`" \
&& cd distcheck-tmp/build \
&& $(MAKE) install DESTDIR="$$destdir" \
&& $(MAKE) uninstall DESTDIR="$$destdir"
cd distcheck-tmp && find destdir -type f -print > leftover-destdir-files
@test `cat distcheck-tmp/leftover-destdir-files | wc -l` -le 1 \
|| { echo "ERROR: destdir files left after uninstall:" ; \
cat distcheck-tmp/leftover-destdir-files ; \
exit 1; }
cd distcheck-tmp/build && $(MAKE) dist
cd distcheck-tmp/build && rm *.gz
cd distcheck-tmp/build && $(MAKE) distclean
cd distcheck-tmp && find build -type f -print > leftover-build-files
@test `cat distcheck-tmp/leftover-build-files | wc -l` -eq 0 \
|| { echo "ERROR: files left in build directory after distclean:" ; \
cat distcheck-tmp/leftover-build-files ; \
exit 1; }
$(rm_distcheck)
clean-here:
-rm -f $(TARGETS) *.$(OBJEXT) *.$(OBJEXT).d *.s *.so *.dll *.a \
ecc-curve25519.h ecc-curve448.h \
ecc-gost-gc256b.h ecc-gost-gc512a.h \
ecc-secp192r1.h ecc-secp224r1.h ecc-secp256r1.h \
ecc-secp384r1.h ecc-secp521r1.h \
aesdata$(EXEEXT_FOR_BUILD) \
desdata$(EXEEXT_FOR_BUILD) \
twofishdata$(EXEEXT_FOR_BUILD) \
shadata$(EXEEXT_FOR_BUILD) \
eccdata$(EXEEXT_FOR_BUILD) eccdata.stamp
-rm -rf .lib libnettle.stamp libhogweed.stamp
distclean-here: clean-here
-rm -f config.h stamp-h config.log config.status machine.m4 \
config.make config.m4 Makefile version.h \
nettle.pc hogweed.pc libnettle.map libhogweed.map \
*.asm *.d
maintainer-clean-here:
-rm -f $(DOCTARGETS) *.dvi *.ps
tags-here:
etags -o $(srcdir)/TAGS $(srcdir)/*.c $(srcdir)/*.h
DEP_FILES = $(SOURCES:.c=.$(OBJEXT).d)
-include $(DEP_FILES)
NEWS
View file @ c3005802
NEWS for the Nettle 3.10.1 release
This is a maintenance release, with only a few bugfixes and
portability improvements.
The new version is intended to be fully source and binary
compatible with Nettle-3.6. The shared library names are
libnettle.so.8.10 and libhogweed.so.6.10, with sonames
libnettle.so.8 and libhogweed.so.6.
Bug fixes:
* Fix buffer overread in the new sha256 assembly for
powerpc64, as well as a stack alignment issue.
* Added missing nettle_mac structs for hmac-gosthash.
* Fix configure test for valgrind, to not attempt to run
valgrind on executables built using memory sanitizers.
Optimizations:
* Improved runtime detection of cpu features for OpenBSD and
FreeBSD, using elf_aux_info when available. This also adds
runtime detection for FreeBSD on arm64. Contributed by Brad
Smith.
NEWS for the Nettle 3.10 release
This is a maintenance release, including a few each of bug
fixes, new features and optimizations.
The new version is intended to be fully source and binary
compatible with Nettle-3.6. The shared library names are
libnettle.so.8.9 and libhogweed.so.6.9, with sonames
libnettle.so.8 and libhogweed.so.6.
Bug fixes:
* Add missing hash functions sha512_224 and sha512_256 to the
nettle_get_hashes() list. The name values in the
corresponding nettle_hash structs also changed to use
underscore instead of dash, for consistency.
* Fix a few cases of formally undefined calls to memcpy(dst,
NULL, 0), resulting from valid calls to, e.g.,
sha256_update(ctx, 0, NULL).
New features:
* Support RSA-OAEP encryption. Contributed by Nicolas Mora and
Daiki Ueno.
* New function sha3_256_shake_output, new functions
sha3_128_init, sha3_128_update, sha3_128_shake,
sha3_128_shake_output. Contributed by Daiki Ueno.
* Added DRBG-CTR with AES256, contributed by Simon Josefsson.
Optimizations:
* New combined gcm-aes assembly for powerpc64, contributed by
Danny Tsen.
* New sha256 assembly for powerpc64, contributed by Eric
Richter.
* Improved performance for powerpc64 AES decrypt, by skipping
subkey transformations that don't suit the vncipher
instructions.
* Add arm64 CPU feature detection for Android and for Apple systems,
contributed by Foolbar and Tim Kosse, respectively.
Miscellaneous:
* New tests for side-channel silence, based on valgrind.
* Delete all md5 assembly code. Delete all sparc32 assembly code.
NEWS for the Nettle 3.9.1 release
This is a bugfix release, fixing a few bugs reported for
Nettle-3.9. The bug in the new OCB code may be exploitable for
denial of service or worse, since triggering it leads to
memory corruption. Upgrading from Nettle-3.9 to the new
version is strongly recommended.
The new version is intended to be fully source and binary
compatible with Nettle-3.6. The shared library names are
libnettle.so.8.8 and libhogweed.so.6.8, with sonames
libnettle.so.8 and libhogweed.so.6.
Bug fixes:
* Fix OCB loop for processing messages of size 272 bytes or
larger. Reported and fixed by Jussi Kivilinna.
* Fix alignment bug in the new x86_64 non-pclmul assembly
implementation of ghash. Reported by Henrik Grubbström.
* Fix build-time memory leak in eccdata. Reported by Noah
Watkins.
NEWS for the Nettle 3.9 release
This release includes bug fixes, several new features, a few
performance improvements, and one performance regression
affecting GCM on certain platforms.
The new version is intended to be fully source and binary
compatible with Nettle-3.6. The shared library names are
libnettle.so.8.7 and libhogweed.so.6.7, with sonames
libnettle.so.8 and libhogweed.so.6.
This release includes a rewrite of the C implementation of
GHASH (dating from 2011), as well as the plain x86_64 assembly
version, to use precomputed tables in a different way, with
tables always accessed in the same sequential manner.
This should make Nettle's GHASH implementation side-channel
silent on all platforms, but considerably slower on platforms
without carry-less mul instructions. E.g., benchmarks of the C
implementation on x86_64 showed a slowdown of 3 times.
Bug fixes:
* Fix bug in ecdsa and gostdsa signature verify operation, for
the unlikely corner case that point addition really is point
duplication.
* Fix for chacha on Power7, nettle's assembly used an
instruction only available on later processors. Fixed by
Mamone Tarsha.
* GHASH implementation should now be side-channel silent on
all architectures.
* A few portability fixes for *BSD.
New features:
* Support for the SM4 block cipher, contributed by Tianjia
Zhang.
* Support for the Balloon password hash, contributed by Zoltan
Fridrich.
* Support for SIV-GCM authenticated encryption mode,
contributed by Daiki Ueno.
* Support for OCB authenticated encryption mode.
* New exported functions md5_compress, sha1_compress,
sha256_compress, sha512_compress, based on patches from
Corentin Labbe.
Optimizations:
* Improved sha256 performance, in particular for x86_64 and
s390x.
* Use GMP's mpn_sec_tabselect, which is implemented in
assembly on many platforms, and delete the similar nettle
function. Gives a modest speedup to all ecc operations.
* Faster poly1305 for x86_64 and ppc64. New ppc code
contributed by Mamone Tarsha.
Miscellaneous:
* New ASM_FLAGS variable recognized by configure.
* Delete all arcfour assembly code. Affects 32-bit x86, 32-bit
and 64-bit sparc.
Known issues:
* Version 6.2.1 of GNU GMP (the most recent GMP release as of
this writing) has a known issue for MacOS on 64-bit ARM: GMP
assembly files use the reserved x18 register. On this
platform it is recommended to use a GMP snapshot where this
bug is fixed, and upgrade to a later GMP release when one
becomes available.
* Also on MacOS, Nettle's testsuite may still break due to
DYLD_LIBRARY_PATH being discarded under some circumstances.
As a workaround, use
make check EMULATOR='env DYLD_LIBRARY_PATH=$(TEST_SHLIB_DIR)'
NEWS for the Nettle 3.8.1 release
This is a bugfix release, fixing a few portability issues
reported for Nettle-3.8.
Bug fixes:
* Avoid non-posix m4 argument references in the chacha
implementation for arm64, powerpc64 and s390x. Reported by
Christian Weisgerber, fix contributed by Mamone Tarsha.
* Use explicit .machine pseudo-ops where needed in s390x
assembly files. Bug report by Andreas K. Huettel, fix
contributed by Mamone Tarsha.
Optimizations:
* Implemented runtime detection of cpu features for OpenBSD on
arm64. Contributed by Christian Weisgerber.
The new version is intended to be fully source and binary
compatible with Nettle-3.6. The shared library names are
libnettle.so.8.6 and libhogweed.so.6.6, with sonames
libnettle.so.8 and libhogweed.so.6.
NEWS for the Nettle 3.8 release
This release includes a couple of new features, and many
performance improvements. It adds assembly code for two more
architectures: ARM64 and S390x.
The new version is intended to be fully source and binary
compatible with Nettle-3.6. The shared library names are
libnettle.so.8.5 and libhogweed.so.6.5, with sonames
libnettle.so.8 and libhogweed.so.6.
New features:
* AES keywrap (RFC 3394), contributed by Nicolas Mora.
* SM3 hash function, contributed by Tianjia Zhang.
* New functions cbc_aes128_encrypt, cbc_aes192_encrypt,
cbc_aes256_encrypt.
On processors where AES is fast enough, e.g., x86_64 with
aesni instructions, the overhead of using Nettle's general
cbc_encrypt can be significant. The new functions can be
implemented in assembly, to do multiple blocks with reduced
per-block overhead.
Note that there's no corresponding new decrypt functions,
since the general cbc_decrypt doesn't suffer from the same
performance problem.
Bug fixes:
* Fix fat builds for x86_64 windows, these appear to never
have worked.
Optimizations:
* New ARM64 implementation of AES, GCM, Chacha, SHA1 and
SHA256, for processors supporting crypto extensions. Great
speedups, and fat builds are supported. Contributed by
Mamone Tarsha.
* New s390x implementation of AES, GCM, Chacha, memxor, SHA1,
SHA256, SHA512 and SHA3. Great speedups, and fat builds are
supported. Contributed by Mamone Tarsha.
* New PPC64 assembly for ecc modulo/redc operations,
contributed by Amitay Isaacs, Martin Schwenke and Alastair
D´Silva.
* The x86_64 AES implementation using aesni instructions has
been reorganized with one separate function per key size,
each interleaving the processing of two blocks at a time
(when the caller processes multiple blocks with each call).
This gives a modest performance improvement on some
processors.
* Rewritten and faster x86_64 poly1305 assembly.
Known issues:
* Nettle's testsuite doesn't work out-of-the-box on recent
MacOS, due to /bin/sh discarding the DYLD_LIBRARY_PATH
environment variable. Nettle's test scripts handle this in
some cases, but currently fails the test cases that are
themselves written as /bin/sh scripts. As a workaround, use
make check EMULATOR='env DYLD_LIBRARY_PATH=$(TEST_SHLIB_DIR)'
Miscellaneous:
* Updated manual to current makeinfo conventions, with no
explicit node pointers. Generate pdf version with texi2pdf,
to get working hyper links.
* Added square root functions for NIST ecc curves, as a
preparation for supporting compact point representation.
* Reworked internal GCM/ghash interfaces, simplifying assembly
implementations. Deleted unused GCM C implementation
variants with less than 8-bit lookup table.
NEWS for the Nettle 3.7.3 release
This is bugfix release, fixing bugs that could make the RSA
decryption functions crash on invalid inputs.
Upgrading to the new version is strongly recommended. For
applications that want to support older versions of Nettle,
the bug can be worked around by adding a check that the RSA
ciphertext is in the range 0 < ciphertext < n, before
attempting to decrypt it.
Thanks to Paul Schaub and Justus Winter for reporting these
problems.
The new version is intended to be fully source and binary
compatible with Nettle-3.6. The shared library names are
libnettle.so.8.4 and libhogweed.so.6.4, with sonames
libnettle.so.8 and libhogweed.so.6.
Bug fixes:
* Fix crash for zero input to rsa_sec_decrypt and
rsa_decrypt_tr. Potential denial of service vector.
* Ensure that all of rsa_decrypt_tr and rsa_sec_decrypt return
failure for out of range inputs, instead of either crashing,
or silently reducing input modulo n. Potential denial of
service vector.
* Ensure that rsa_decrypt returns failure for out of range
inputs, instead of silently reducing input modulo n.
* Ensure that rsa_sec_decrypt returns failure if the message
size is too large for the given key. Unlike the other bugs,
this would typically be triggered by invalid local
configuration, rather than by processing untrusted remote
data.
NEWS for the Nettle 3.7.2 release
This is a bugfix release, fixing a bug in ECDSA signature
verification that could lead to a denial of service attack
(via an assertion failure) or possibly incorrect results. It
also fixes a few related problems where scalars are required
to be canonically reduced modulo the ECC group order, but in
fact may be slightly larger.
Upgrading to the new version is strongly recommended.
Even when no assert is triggered in ecdsa_verify, ECC point
multiplication may get invalid intermediate values as input,
and produce incorrect results. It's trivial to construct
alleged signatures that result in invalid intermediate values.
It appears difficult to construct an alleged signature that
makes the function misbehave in such a way that an invalid
signature is accepted as valid, but such attacks can't be
ruled out without further analysis.
Thanks to Guido Vranken for setting up the fuzzer tests that
uncovered this problem.
The new version is intended to be fully source and binary
compatible with Nettle-3.6. The shared library names are
libnettle.so.8.3 and libhogweed.so.6.3, with sonames
libnettle.so.8 and libhogweed.so.6.
Bug fixes:
* Fixed bug in ecdsa_verify, and added a corresponding test
case.
* Similar fixes to ecc_gostdsa_verify and gostdsa_vko.
* Similar fixes to eddsa signatures. The problem is less severe
for these curves, because (i) the potentially out or range
value is derived from output of a hash function, making it
harder for the attacker to to hit the narrow range of
problematic values, and (ii) the ecc operations are
inherently more robust, and my current understanding is that
unless the corresponding assert is hit, the verify
operation should complete with a correct result.
* Fix to ecdsa_sign, which with a very low probability could
return out of range signature values, which would be
rejected immediately by a verifier.
NEWS for the Nettle 3.7.1 release
This is primarily a bug fix release, fixing a couple of
problems found in Nettle-3.7.
The new version is intended to be fully source and binary
compatible with Nettle-3.6. The shared library names are
libnettle.so.8.2 and libhogweed.so.6.2, with sonames
libnettle.so.8 and libhogweed.so.6.
Bug fixes:
* Fix bug in chacha counter update logic. The problem affected
ppc64 and ppc64el, with the new altivec assembly code
enabled. Reported by Andreas Metzler, after breakage in
GnuTLS tests on ppc64.
* Support for big-endian ARM platforms has been restored.
Fixes contributed by Michael Weiser.
* Fix build problem on OpenBSD/powerpc64, reported by Jasper
Lievisse Adriaanse.
* Fix corner case bug in ECDSA verify, it would produce
incorrect result in the unlikely case of an all-zero
message hash. Reported by Guido Vranken.
New features:
* Support for pbkdf2_hmac_sha384 and pbkdf2_hmac_sha512,
contributed by Nicolas Mora.
Miscellaneous:
* Poorly performing ARM Neon code for doing single-block
Salsa20 and Chacha has been deleted. The code to do two or
three blocks in parallel, introduced in Nettle-3.7, is
unchanged.
NEWS for the Nettle 3.7 release
This release adds one new feature, the bcrypt password hashing
function, and lots of optimizations. There's also one
important change to how Nettle is configured: Fat builds are
now on by default.
The release adds PowerPC64 assembly for a few algorithms,
resulting in great speedups. Benchmarked on a Power9 machine,
speedup was 13 times for AES256-CTR and AES256-GCM, and 3.5
times for Chacha. For fat builds (now the default), the new
code is used automatically, on processors supporting the needed
instruction set extensions.
The new version is intended to be fully source and binary
compatible with Nettle-3.6. The shared library names are
libnettle.so.8.1 and libhogweed.so.6.1, with sonames
libnettle.so.8 and libhogweed.so.6.
New features:
* Support for bcrypt, contributed by Stephen R. van den Berg.
Optimizations:
* Much faster AES and GCM on PowerPC64 processors supporting
the corresponding crypto extensions. Contributed by Mamone
Tarsha.
* Speed of Chacha improved on PowerPC64, x86_64 and ARM Neon.
* Speed of Salsa20 improved on x86_64 and ARM Neon.
* Overhaul of some elliptic curve primitives, improving ECDSA
signature speed.
Configure:
* Fat builds are enabled by default on the architectures where
it is supported (x86_64, arm and powerpc64). To disable
runtime selection, and instead specify the processor flavor
at configure time, you need to pass --disable-fat to the
configure script.
Known issues:
* The ARM assembly code in this release doesn't work correctly
on big-endian ARM systems. This will hopefully be fixed in a
later release.
Miscellaneous:
* Use a few more gmp-6.1 functions: mpn_cnd_add_n,
mpn_cnd_sub_n, mpn_cnd_swap. Delete corresponding internal
Nettle functions.
* Convert all assembly files to use the default m4 quote
characters.
NEWS for the Nettle 3.6 release
This release adds a couple of new features, most notable being
support for ED448 signatures.
It is not binary compatible with earlier releases. The shared
library names are libnettle.so.8.0 and libhogweed.so.6.0, with
sonames libnettle.so.8 and libhogweed.so.6. The changed
sonames are mainly to avoid upgrade problems with recent
GnuTLS versions, that depend on Nettle internals outside of
the advertised ABI. But also because of the removal of
internal poly1305 functions which were undocumented but
declared in an installed header file, see Interface changes
below.
New features:
* Support for Curve448 and ED448 signatures. Contributed by
Daiki Ueno.
* Support for SHAKE256 (SHA3 variant with arbitrary output
size). Contributed by Daiki Ueno.
* Support for SIV-CMAC (Synthetic Initialization Vector) mode,
contributed by Nikos Mavrogiannopoulos.
* Support for CMAC64, contributed by Dmitry Baryshkov.
* Support for the "CryptoPro" variant of the GOST hash
function, as gosthash94cp. Contributed by Dmitry Baryshkov.
* Support for GOST DSA signatures, including GOST curves
gc256b and gc512a. Contributed by Dmitry Baryshkov.
* Support for Intel CET in x86 and x86_64 assembly files, if
enabled via CFLAGS (gcc --fcf-protection=full). Contributed
by H.J. Lu and Simo Sorce.
* A few new functions to improve support for the Chacha
variant with 96-bit nonce and 32-bit block counter (the
existing functions use nonce and counter of 64-bit each),
and functions to set the counter. Contributed by Daiki Ueno.
* New interface, struct nettle_mac, for MAC (message
authentication code) algorithms. This abstraction is only
for MACs that don't require a per-message nonce. For HMAC,
the key size is fixed, and equal the digest size of the
underlying hash function.
Bug fixes:
* Fix bug in cfb8_decrypt. Previously, the IV was not updated
correctly in the case of input data shorter than the block
size. Reported by Stephan Mueller, fixed by Daiki Ueno.
* Fix configure check for __builtin_bswap64, the incorrect
check would result in link errors on platforms missing this
function. Patch contributed by George Koehler.
* All use of old-fashioned suffix rules in the Makefiles have
been replaced with %-pattern rules. Nettle's use of suffix
rules in earlier versions depended on undocumented GNU make
behavior, which is being deprecated in GNU make 4.3.
Building with other make programs than GNU make is untested
and unsupported. (Building with BSD make or Solaris make
used to work years ago, but has not been tested recently).
Interface changes:
* Declarations of internal poly1305.h functions have been
removed from the header file poly1305.h, to make it clear
that they are not part of the advertised API or ABI.
Miscellaneous:
* Building the public key support of nettle now requires GMP
version 6.1.0 or later (unless --enable-mini-gmp is used).
* A fair amount of changes to ECC internals, with a few
deleted and a few new fields in the internal struct
ecc_curve. Files and functions have been renamed to more
consistently match the curve name, e.g., ecc-256.c has been
renamed to ecc-secp256r1.c.
* Documentation for chacha-poly1305 updated. It is no longer
experimental. The implementation was updated to follow RFC
8439 in Nettle-3.1, but that was not documented or announced
at the time.
NEWS for the Nettle 3.5.1 release
The Nettle-3.5.1 corrects a packaging mistake in Nettle-3.5.
The new directory x86_64/sha_ni were missing in the tar file,
breaking x86_64 builds with --enable-fat, and producing worse
performance than promised for builds with --enable-x86-sha-ni.
Also a few unused in-progress assembly files were accidentally
included in the tar file.
These problems are corrected in Nettle-3.5.1. There are no
other changes, and also the library version numbers are
unchanged.
NEWS for the Nettle 3.5 release
This release adds a couple of new features and optimizations,
and deletes or deprecates a few obsolete features. It is *not*
binary (ABI) compatible with earlier versions. Except for
deprecations listed below, it is intended to be fully
source-level (API) compatible with Nettle-3.4.1.
The shared library names are libnettle.so.7.0 and
libhogweed.so.5.0, with sonames libnettle.so.7 and
libhogweed.so.5.
Changes in behavior:
* Nettle's gcm_crypt will now call the underlying block cipher
to process more than one block at a time. This is not a
change to the documented behavior, but unfortunately breaks
assumptions accidentally made in GnuTLS, up to and including
version 3.6.1.
New features:
* Support for CFB8 (Cipher Feedback Mode, processing a single
octet per block cipher operation), contributed by Dmitry
Eremin-Solenikov.
* Support for CMAC (RFC 4493), contributed by Nikos
Mavrogiannopoulos.
* Support for XTS mode, contributed by Simo Sorce.
Optimizations:
* Improved performance of the x86_64 AES implementation using
the aesni instructions. Gives a large speedup for operations
processing multiple blocks at a time (including CTR mode,
GCM mode, and CBC decrypt, but *not* CBC encrypt).
* Improved performance for CTR mode, for the common case of
16-byte block size. Pass more data at a time to underlying
block cipher, and fill the counter blocks more efficiently.
Extension to also handle GCM mode efficiently contributed
by Nikos Mavrogiannopoulos.
* New x86_64 implementation of sha1 and sha256, for processors
supporting the sha_ni instructions. Speedup of 3-5 times on
affected processors.
* Improved parameters for the precomputation of tables used
for ecc signatures. Roughly 10%-15% speedup of the ecdsa
sign operation using the secp_256r1, secp_384r1 and
secp_521r1 curves, and 25% speedup of ed25519 sign
operation, benchmarked on x86_64. Table sizes unchanged,
around 16 KB per curve.
* In ARM fat builds, automatically select Neon implementation
of Chacha, where possible. Contributed by Yuriy M.
Kaminskiy.
Deleted features:
* The header file des-compat.h and everything declared therein
has been deleted, as announced earlier. This file provided a
subset of the old libdes/ssleay/openssl interface for DES
and triple-DES. DES is still supported, via the functions
declared in des.h.
* Functions using the old struct aes_ctx have been marked as
deprecated. Use the fixed key size interface instead, e.g.,
struct aes256_ctx, introduced in Nettle-3.0.
* The header file nettle-stdint.h, and corresponding autoconf
tests, have been deleted. Nettle now requires that the
compiler/libc provides <stdint.h>.
Miscellaneous:
* Support for big-endian ARM systems, contributed by Michael
Weiser.
* The programs aesdata, desdata, twofishdata, shadata and
gcmdata are no longer built by default. Makefile
improvements contributed by Jay Foad.
* The "example" program examples/eratosthenes.c has been
deleted.
* The contents of hash context structs, and the deprecated
aes_ctx struct, have been reorganized, to enable later
optimizations.
The shared library names are libnettle.so.7.0 and
libhogweed.so.5.0.
NEWS for the Nettle 3.4.1 release
This release fixes a few bugs, and makes the RSA private key
operations side channel silent. The RSA improvements are
contributed by Simo Sorce and Red Hat, and include one new
public function, rsa_sec_decrypt, see below.
All functions using RSA private keys are now side-channel
silent, meaning that they try hard to avoid any branches or
memory accesses depending on secret data. This applies both to
the bignum calculations, which now use GMP's mpn_sec_* family
of functions, and the processing of PKCS#1 padding needed for
RSA decryption.
Nettle's ECC functions were already side-channel silent, while
the DSA functions still aren't. There's also one caveat
regarding the improved RSA functions: due to small table
lookups in relevant mpn_sec_* functions in GMP-6.1.2, the
lowest and highest few bits of the secret factors p and q may
still leak. I'm not aware of any attacks on RSA where knowing
a few bits of the factors makes a significant difference. This
leak will likely be plugged in later GMP versions.
Changes in behavior:
* The functions rsa_decrypt and rsa_decrypt_tr may now clobber
all of the provided message buffer, independent of the
actual message length. They are side-channel silent, in that
branches and memory accesses don't depend on the validity or
length of the message. Side-channel leakage from the
caller's use of length and return value may still provide an
oracle useable for a Bleichenbacher-style chosen ciphertext
attack. Which is why the new function rsa_sec_decrypt is
recommended.
New features:
* A new function rsa_sec_decrypt. It differs from
rsa_decrypt_tr in that the length of the decrypted message
is given a priori, and PKCS#1 padding indicating a different
length is treated as an error. For applications that may be
subject to chosen ciphertext attacks, it is recommended to
initialize the message area with random data, call this
function, and ignore the return value. This applies in
particular to RSA-based key exchange in the TLS protocol.
Bug fixes:
* Fix bug in pkcs1-conv, missing break statements in the
parsing of PEM input files.
* Fix link error on the pss-mgf1-test test, affecting builds
without public key support.
Performance regression:
* All RSA private key operations employing RSA blinding, i.e.,
rsa_decrypt_tr, rsa_*_sign_tr, the new rsa_sec_decrypt, and
rsa_compute_root_tr, are significantly slower. This is
because (i) RSA blinding now use side-channel silent
operations, (ii) blinding includes a modular inversion, and
(iii) side-channel silent modular inversion, implemented as
mpn_sec_invert, is very expensive. A 60% slowdown for
2048-bit RSA keys have been measured.
Miscellaneous:
* Building the public key support of nettle now requires GMP
version 6.0 or later (unless --enable-mini-gmp is used).
The shared library names are libnettle.so.6.5 and
libhogweed.so.4.5, with sonames still libnettle.so.6 and
libhogweed.so.4. It is intended to be fully binary compatible
with nettle-3.1.
NEWS for the Nettle 3.4 release
This release fixes bugs and adds a few new features. It also
addresses an ABI compatibility issue affecting Nettle-3.1 and
later, see below.
Bug fixes:
* Fixed an improper use of GMP mpn_mul, breaking curve2559 and
eddsa on certain platforms. Reported by Sergei Trofimovich.
* Fixed memory leak when handling invalid signatures in
ecdsa_verify. Fix contributed by Nikos Mavrogiannopoulos.
* Fix compilation error with --enable-fat om ARM. Fix
contributed by Andreas Schneider.
* Reorganized the way certain data items are made available.
Short version: Nettle header files now define the symbols
nettle_hashes, nettle_ciphers, and nettle_aeads, as
preprocessor macros invoking a corresponding accessor
function. For backwards ABI compatibility, the symbols are
still present in the compiled libraries, and with the same
sizes as in nettle-3.3.
New features:
* Support for RSA-PSS signatures, contributed by Daiki Ueno.
* Support for the HKDF key derivation function, defined by RFC
5869. Contributed by Nikos Mavrogiannopoulos.
* Support for the Cipher Feedback Mode (CFB), contributed by
Dmitry Eremin-Solenikov.
* New accessor functions: nettle_get_hashes,
nettle_get_ciphers, nettle_get_aeads, nettle_get_secp_192r1,
nettle_get_secp_224r1, nettle_get_secp_256r1,
nettle_get_secp_384r1, nettle_get_secp_521r1.
For source-level compatibility with future versions,
applications are encouraged to migrate to using these
functions instead of referring to the corresponding data
items directly.
Miscellaneous:
* The base16 and base64 functions now use the type char * for
ascii data, rather than uint8_t *. This eliminates the last
pointer-signedness warnings when building Nettle. This is a
minor API change, and applications may need to be adjusted,
but the ABI is unaffected on all platforms I'm aware of.
* The contents of the header file nettle/version.h is now
architecture independent, except in --enable-mini-gmp
configurations.
ABI issue:
Since the breakage was a bit subtle, let me document it
here. The nettle and hogweed libraries export a couple of
data symbols, and for some of these, the size was never
intended to be part of the ABI. E.g.,
extern const struct nettle_hash * const nettle_hashes[];
which is an NULL-terminated array.
It turns out the sizes nevertheless may leak into the ABI, and
that increasing the sizes can break old executables linked
with a newer version of the library.
When linking a classic non-PIE executable with a shared
library, we get ELF relocations of type R_X86_64_COPY for
references to data items. These mean that the linker allocates
space for the data item in the data segment of executable, at
a fixed address determined at link-time, and with size
extracted from the version of the .so-file seen when linking.
At load time, the run time linker then copies the contents of
the symbol from the .so file to that location, and uses the
copy instead of the version loaded with the .so-file. And if
the data item in the .so file used at load time is larger than
the data item seen at link time, it is silently truncated in
the process.
So when SHA3 hashes were was added to the nettle_hashes array
in the nettle-3.3 release, this way of linking produces a
truncated array at load time, no longer NULL-terminated.
We will get similar problems for planned extensions of the
internal struct ecc_curve, and exported data items like
extern const struct ecc_curve nettle_secp_256r1;
where the ecc_curve struct is only forward declared in the
public headers. To prepare, applications should migrate to
using the new function nettle_get_secp_256r1, and similarly
for the other curves.
In some future version, the plan is to add a leading
underscore to the name of the actual data items. E.g.,
nettle_hashes --> _nettle_hashes, breaking the ABI, while
keeping the nettle_get_hashes function and the nettle_hashes
macro as the supported ways to access it. We will also
rename nettle_secp_256r1 --> _nettle_secp_256r1, breaking
both ABI and API.
Note that data items like nettle_sha256 are *not* affected,
since the size and layout of this struct is considered part
of the ABI, and R_X86_64_COPY-relocations then work fine.
The shared library names are libnettle.so.6.4 and
libhogweed.so.4.4, with sonames still libnettle.so.6 and
libhogweed.so.4. It is intended to be fully binary compatible
with nettle-3.1.
NEWS for the Nettle 3.3 release
This release fixes a couple of bugs, and improves resistance
to side-channel attacks on RSA and DSA private key operations.
Changes in behavior:
* Invalid private RSA keys, with an even modulo, are now
rejected by rsa_private_key_prepare. (Earlier versions
allowed such keys, even if results of using them were bogus).
Nettle applications are required to call
rsa_private_key_prepare and check the return value, before
using any other RSA private key functions; failing to do so
may result in crashes for invalid private keys. As a
workaround for versions of Gnutls which don't use
rsa_private_key_prepare, additional checks for even moduli
are added to the rsa_*_tr functions which are used by all
recent versions of Gnutls.
* Ignore bit 255 of the x coordinate of the input point to
curve25519_mul, as required by RFC 7748. To differentiate at
compile time, curve25519.h defines the constant
NETTLE_CURVE25519_RFC7748.
Security:
* RSA and DSA now use side-channel silent modular
exponentiation, to defend against attacks on the private key
from evil processes sharing the same processor cache. This
attack scenario is of particular relevance when running an
HTTPS server on a virtual machine, where you don't know who
you share the cache hardware with.
(Private key operations on elliptic curves were already
side-channel silent).
Bug fixes:
* Fix sexp-conv crashes on invalid input. Reported by Hanno
Böck.
* Fix out-of-bounds read in des_weak_p. Fixed by Nikos
Mavrogiannopoulos.
* Fix a couple of formally undefined shift operations,
reported by Nikos Mavrogiannopoulos.
* Fix compilation with c89. Reported by Henrik Grubbström.
New features:
* New function memeql_sec, for side-channel silent comparison
of two memory areas.
Miscellaneous:
* Building the public key support of nettle now requires GMP
version 5.0 or later (unless --enable-mini-gmp is used).
* Filenames of windows DLL libraries now include major number
only. So the dll names change at the same time as the
corresponding soname on ELF platforms. Fixed by Nikos
Mavrogiannopoulos.
* Eliminate most pointer-signedness warnings. In the process,
the strings representing expression type for sexp_interator
functions were changed from const uint8_t * to const char *.
These functions are undocumented, and it doesn't change the
ABI on any platform I'm aware of.
The shared library names are libnettle.so.6.3 and
libhogweed.so.4.3, with sonames still libnettle.so.6 and
libhogweed.so.4. It is intended to be fully binary compatible
with nettle-3.1.
NEWS for the Nettle 3.2 release
Bug fixes:
* The SHA3 implementation is updated according to the FIPS 202
standard. It is not interoperable with earlier versions of
Nettle. Thanks to Nikos Mavrogiannopoulos. To easily
differentiate at compile time, sha3.h defines the constant
NETTLE_SHA3_FIPS202.
* Fix corner-case carry propagation bugs affecting elliptic
curve operations on the curves secp_256r1 and secp_384r1 on
certain platforms, including x86_64. Reported by Hanno Böck.
New features:
* New functions for RSA private key operations, identified by
the "_tr" suffix, with better resistance to side channel
attacks and to hardware or software failures which could
break the CRT optimization. See the Nettle manual for
details. Initial patch by Nikos Mavrogiannopoulos.
* New functions nettle_version_major, nettle_version_minor, as
a run-time variant of the compile-time constants
NETTLE_VERSION_MAJOR and NETTLE_VERSION_MINOR.
Optimizations:
* New ARM Neon implementation of the chacha stream cipher.
Miscellaneous:
* ABI detection on mips, with improved default libdir
location. Contributed by Klaus Ziegler.
* Fixes for ARM assembly syntax, to work better with the clang
assembler. Thanks to Jukka Ukkonen.
* Disabled use of ifunc relocations for fat builds, to fix
problems most easily triggered by using dlopen RTLD_NOW.
The shared library names are libnettle.so.6.2 and
libhogweed.so.4.2, with sonames still libnettle.so.6 and
libhogweed.so.4. It is intended to be fully binary compatible
with nettle-3.1.
NEWS for the Nettle 3.1.1 release
This release fixes a couple of non-critical bugs.
Bug fixes:
* By accident, nettle-3.1 disabled the assembly code for the
secp_224r1 and secp_521r1 elliptic curves on all x86_64
configurations, making signature operations on those curves
10%-30% slower. This code is now re-enabled.
* The x86_64 assembly implementation of gcm hashing has been
fixed to work with the Sun/Oracle assembler.
The shared library names are libnettle.so.6.1 and
libhogweed.so.4.1, with sonames still libnettle.so.6 and
libhogweed.so.4. It is intended to be fully binary compatible
with nettle-3.1.
NEWS for the Nettle 3.1 release
This release adds a couple of new features.
The library is mostly source-level compatible with nettle-3.0.
It is however not binary compatible, due to the introduction
of versioned symbols, and extensions to the base64 context
structs. The shared library names are libnettle.so.6.0 and
libhogweed.so.4.0, with sonames libnettle.so.6 and
libhogweed.so.4.
Bug fixes:
* Fixed a missing include of <limits.h>, which made the
camellia implementation fail on all 64-bit non-x86
platforms.
* Eliminate out-of-bounds reads in the C implementation of
memxor (related to valgrind's --partial-loads-ok flag).
Interface changes:
* Declarations of many internal functions are moved from ecc.h
to ecc-internal.h. The functions are undocumented, and
luckily they're apparently also unused by applications, so I
don't expect any problems from this change.
New features:
* Support for curve25519 and for EdDSA25519 signatures.
* Support for "fat builds" on x86_64 and arm, where the
implementation of certain functions is selected at run-time
depending on available cpu features. Configure with
--enable-fat to try this out. If it turns out to work well
enough, it will likely be enabled by default in later
releases.
* Support for building the hogweed library (public key
support) using "mini-gmp", a small but slower implementation
of a subset of the GMP interfaces. Note that builds using
mini-gmp are *not* binary compatible with regular builds,
and more likely to leak side-channel information.
One intended use-case is for small embedded applications
which need to verify digital signatures.
* The shared libraries are now built with versioned symbols.
Should reduce problems in case a program links explicitly to
nettle and/or hogweed, and to gnutls, and the program and
gnutls expect different versions.
* Support for "URL-safe" base64 encoding and decoding, as
specified in RFC 4648. Contributed by Amos Jeffries.
Optimizations:
* New x86_64 implementation of AES, using the "aesni"
instructions. Autodetected in fat builds. In non-fat builds,
it has to be enabled explicitly with --enable-x86-aesni.
Build system:
* Use the same object files for both static and shared
libraries. This eliminates the *.po object files which were
confusing to some tools (as well as humans). Like before,
PIC code is used by default; to build a non-pic static
library, configure with --disable-pic --disable-shared.
Miscellaneous:
* Made type-checking hack in CBC_ENCRYPT and similar macros
stricter, to generate warnings if they are used with
functions which have a length argument smaller than size_t.
NEWS for the Nettle 3.0 release
This is a major release, including several interface changes,
and new features, some of which are a bit experimental.
Feedback is highly appreciated.
It is *not* binary (ABI) compatible with earlier versions. It
is mostly source-level (API) compatible, with a couple of
incompatibilities noted below. The shared library names are
libnettle.so.5.0 and libhogweed.so.3.0, with sonames
libnettle.so.5 and libhogweed.so.3.
There may be some problems in the new interfaces and new
features which really need incompatible fixes. It is likely
that there will be an update in the form of a 3.1 release in
the not too distant future, with small but incompatible
changes, and if that happens, bugfix-only releases 3.0.x are
unlikely. Users and applications which desire better API and
ABI stability are advised to stay with nettle-2.7.x (latest
version is now 2.7.1) until the dust settles.
Interface changes:
* For the many _set_key functions, it is now consider the
normal case to have a fixed key size, with no key_size
arguments. _set_key functions with a length parameter are
provided only for algorithms with a truly variable keysize,
and where it makes sense for backwards compatibility.
INCOMPATIBLE CHANGE: cast128_set_key no longer accepts a key
size argument. The old function is available under a new
name, cast5_set_key.
INCOMPATIBLE CHANGE: The function typedef
nettle_set_key_func no longer accepts a key size argument.
In particular, this affects users of struct nettle_cipher.
* The nettle_cipher abstraction (in nettle-meta.h) is
restricted to block ciphers only. The encrypt and decrypt
functions now take a const argument for the context.
INCOMPATIBLE CHANGE: nettle_arcfour, i.e., the nettle_cipher
abstraction for the arcfour stream cipher, is deleted.
INCOMPATIBLE CHANGE: New type, nettle_cipher_func, for the
encrypt and decrypt fields of struct nettle_cipher.
* New DSA interface, with a separate struct dsa_param to
represent the underlying group, and generalized dsa_sign and
dsa_verify functions which don't care about the hash
function used. Limited backwards compatibility provided in
dsa-compat.h.
INCOMPATIBLE CHANGE: Declarations of the old interface,
e.g., struct dsa_public_key, dsa_sha1_sign, etc, is moved to
dsa-compat.h.
INCOMPATIBLE CHANGE: The various key conversion functions,
e.g., dsa_keypair_to_sexp, all use the new DSA interface, with
no backwards compatible functions.
INCOMPATIBLE CHANGE: dsa_generate_keypair also uses the new
interface. dsa-compat.h declares a function
dsa_compat_generate_keypair, implementing the old
interface, and #defines dsa_generate_keypair to refer to
this backwards compatible function.
* New AES and Camellia interfaces. There are now separate
context structs for each key size, e.g., aes128_ctx and
camellia256_ctx, and corresponding new functions. The old
interface, with struct aes_ctx and struct camellia_ctx, is
kept for backwards compatibility, but might be removed in
later versions.
* The type of most length arguments is changed from unsigned
to size_t. The memxor functions have their pointer arguments
changed from uint8_t * to void *, for consistency with
related libc functions.
* For hash functions, the constants *_DATA_SIZE have been
renamed to *_BLOCK_SIZE. Old names kept for backwards
compatibility.
Removed features:
* The nettle_next_prime function has been deleted.
Applications should use GMP's mpz_nextprime instead.
* Deleted the RSAREF compatibility, including the header file
rsa-compat.h and everything declared therein.
* Also under consideration for removal is des-compat.h and
everything declared therein. This implements a subset of the
old libdes/ssleay/openssl interface for DES and triple-DES,
and it is poorly tested. If anyone uses this interface,
please speak up! Otherwise, it will likely be removed in the
next release.
Bug fixes:
* Building with ./configure --disable-static now works.
* Use GMP's allocation functions for temporary storage related
to bignums, to avoid potentially large stack allocations.
* Fixes for shared libraries on M$ Windows.
New features:
* Support for Poly1305-AES MAC.
* Support for the ChaCha stream cipher and EXPERIMENTAL
support for the ChaCha-Poly1305 AEAD mode. Specifications
are still in flux, and future releases may do incompatible
changes to track standardization. Currently uses 256-bit key
and 64-bit nonce.
* Support for EAX mode.
* Support for CCM mode. Contributed by Owen Kirby.
* Additional variants of SHA512 with output size of 224 and
256 bits. Contributed by Joachim Strömbergson.
* New interface, struct nettle_aead, for mechanisms providing
authenticated encryption with associated data (AEAD).
* DSA: Support a wider range for the size of q and a wider
range for the digest size.
Optimizations:
* New x86_64 assembly for GCM and MD5. Modest speedups on the
order of 10%-20%.
Miscellaneous:
* SHA3 is now documented as EXPERIMENTAL. Nettle currently
implements SHA3 as specified at the time Keccak won the SHA3
competition. However, the final standard specified by NIST
is likely to be incompatible, in which case future releases
may do incompatible changes to track standardization.
* The portability fix for the rotation macros, mentioned in
NEWS for 2.7.1, actually didn't make it into that release.
It is included now.
* cast128_set_key rewritten for clarity, also eliminating a
couple of compiler warnings.
* New command line tool nettle-pbkdf2.
NEWS for the 2.7.1 release
This is a bugfix release.
Bug fixes:
* Fixed a bug in the new ECC code. The ecc_j_to_a function
called GMP:s mpn_mul_n (via ecc_modp_mul) with overlapping
input and output arguments, which is not supported.
* The assembly files for SHA1, SHA256 and AES depend on ARMv6
instructions, breaking nettle-2.7 for pre-v6 ARM processors.
The configure script now enables those assembly files only
when building for ARMv6 or later.
* Use a more portable C expression for rotations. The
previous version used the following "standard" expression
for 32-bit rotation:
(x << n) | (x >> (32 - n))
But this gives undefined behavior (according to the C
specification) for n = 0. The rotate expression is replaced
by the more portable:
(x << n) | (x >> ((-n)&31))
This change affects only CAST128, which uses non-constant
rotation counts. Unfortunately, the new expression is poorly
optimized by released versions of gcc, making CAST128 a bit
slower. This is being fixed by the gcc hackers, see
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=57157.
The following problems have been reported, but are *not* fixed
in this release:
* ARM assembly files use instruction syntax which is not
supported by all assemblers. Workaround: Use a current
version of GNU as, or configure with --disable-assembler.
* Configuring with --disable-static doesn't work on windows.
The libraries are intended to be binary compatible with
nettle-2.2 and later. The shared library names are
libnettle.so.4.7 and libhogweed.so.2.5, with sonames still
libnettle.so.4 and libhogweed.so.2.
NEWS for the 2.7 release
This release includes an implementation of elliptic curve
cryptography (ECC) and optimizations for the ARM architecture.
This work was done at the offices of South Pole AB, and
generously funded by the .SE Internet Fund.
Bug fixes:
* Fixed a bug in the buffer handling for incremental SHA3
hashing, with a possible buffer overflow. Patch by Edgar
E. Iglesias.
New features:
* Support for ECDSA signatures. Elliptic curve operations over
the following curves: secp192r1, secp224r1, secp256r1,
secp384r1 and secp521r1, including x86_64 and ARM assembly
for the most important primitives.
* Support for UMAC, including x86_64 and ARM assembly.
* Support for 12-round salsa20, "salsa20r12", as specified by
eSTREAM. Contributed by Nikos Mavrogiannopoulos.
Optimizations:
* ARM assembly code for several additional algorithms,
including AES, Salsa20, and the SHA family of hash
functions.
* x86_64 assembly for SHA256, SHA512, and SHA3. (SHA3 assembly
was included in the 2.6 release, but disabled due to poor
performance on some AMD processors. Hopefully, that
performance problem is fixed now).
The ARM code was tested and benchmarked on Cortex-A9. Some of
the functions use "neon" instructions. The configure script
decides if neon instructions can be used, and the command line
options --enable-arm-neon and --disable-arm-neon can be used
to override its choice. Feedback appreciated.
The libraries are intended to be binary compatible with
nettle-2.2 and later. The shared library names are
libnettle.so.4.6 and libhogweed.so.2.4, with sonames still
libnettle.so.4 and libhogweed.so.2.
NEWS for the 2.6 release
Bug fixes:
* Fixed a bug in ctr_crypt. For zero length (which should be a
NOP), it sometimes incremented the counter. Reported by Tim
Kosse.
* Fixed a small memory leak in nettle_realloc and
nettle_xrealloc.
New features:
* Support for PKCS #5 PBKDF2, to generate a key from a
password or passphrase. Contributed by Simon Josefsson.
Specification in RFC 2898 and test vectors in RFC 6070.
* Support for SHA3.
* Support for the GOST R 34.11-94 hash algorithm. Ported from
librhash by Nikos Mavrogiannopoulos. Written by Aleksey
Kravchenko. More information in RFC4357. Test vectors taken
from the GOST hash wikipedia page.
Miscellaneous:
* The include file <nettle/sha.h> has been split into
<nettle/sha1.h> and <nettle/sha2.h>. For now, sha.h is kept
for backwards compatibility and it simply includes both
files, but applications are encouraged to use the new names.
The new SHA3 functions are declared in <nettle/sha3.h>.
* Testsuite can be run under valgrind, using
make check EMULATOR='$(VALGRIND)'
For this to work, test programs and other executables now
deallocate storage.
* New configure options --disable-documentation and
--disable-static. Contributed by Sam Thursfield and Alon
Bar-Lev, respectively.
* The section on hash functions in the manual is split into
separate nodes for recommended hash functions and legacy
hash functions.
* Various smaller improvements, most of them portability
fixes. Credits go to David Woodhouse, Tim Rühsen, Martin
Storsjö, Nikos Mavrogiannopoulos, Fredrik Thulin and Dennis
Clarke.
Finally, a note on the naming of the various "SHA" hash
functions. Naming is a bit inconsistent; we have, e.g.,
SHA1: sha1_digest
SHA2: sha256_digest (not sha2_256_digest)
SHA3: sha3_256_digest
Renaming the SHA2 functions to make Nettle's naming more
consistent has been considered, but the current naming follows
common usage. Most documents (including the specification for
SHA2) refer to 256-bit SHA2 as "SHA-256" or "SHA256" rather
than "SHA2-256".
The libraries are intended to be binary compatible with
nettle-2.2 and later. The shared library names are
libnettle.so.4.5 and libhogweed.so.2.3, with sonames still
libnettle.so.4 and libhogweed.so.2
NEWS for the 2.5 release
This release includes important portability fixes for Windows
and MacOS. There are also a few new features.
First a *warning*: Some internal functions have been removed
from the library. Since the functions in question are internal
and not documented, this is not considered a change of ABI or
API. Programs explicitly using any of these functions will
break.
* The function pkcs1_signature_prefix has been renamed to
_pkcs1_signature_prefix, and with slightly different
behavior.
* The file nettle-internal.c is no longer included in the
library (the features defined there are used by the
benchmark and test programs, and were never intended for
public use).
New features:
* Support for the salsa20 stream cipher, including x86_64
assembler. Originally contributed by Simon Josefsson, based
on the reference implementation, then further optimized.
* Tentative interface for timing-resistant RSA functions,
contributed by Nikos Mavrogiannopoulos.
* A more general interface for PKCS#1 signatures, taking the
input in the form of a "DigestInfo". Suggested by Nikos
Mavrogiannopoulos.
Configuration:
* Building of shared libraries (./configure --enable-shared)
is now enabled by default.
* Various portability fixes for MacOS and M$ Windows. A lot of
this work done by Martin Storsjö.
* In particular, Nettle now hopefully works on 64-bit Windows
builds, "W64", including the x86_64 assembly code.
Miscellaneous:
* Documentation and example programs for the base16 and base64
functions. Was contributed by Jeronimo Pellegrini back in
2006, but unfortunately forgotten until now.
* Use an additional table to avoid GF2^8 multiplications in
aes_invert_key (mainly used by aes_set_decrypt_key). Also
tabulate round constants in aes_set_encrypt_key.
* The nettle repository has been migrated from cvs to git,
with a public repository at
http://git.lysator.liu.se/nettle. To make it independent of
the LSH repository, a few files have been moved around.
While at it, files have also been converted from latin-1 to
utf-8.
The libraries are intended to be binary compatible with
nettle-2.2 and later. The shared library names are
libnettle.so.4.4 and libhogweed.so.2.2, with sonames still
libnettle.so.4 and libhogweed.so.2
NEWS for the 2.4 release
This is a bugfix release only. It turned out ripemd160 in the
2.3 release was broken on all big-endian systems, due to a
missing include of config.h. nettle-2.4 fixes this.
The library is intended to be binary compatible with
nettle-2.2 and nettle-2.3. The shared library names are
libnettle.so.4.3 and libhogweed.so.2.1, with sonames still
libnettle.so.4 and libhogweed.so.2.
NEWS for the 2.3 release
* Support for the ripemd-160 hash function.
* Generates and installs nettle.pc and hogweed.pc files, for
use with pkg-config. Feedback appreciated. For projects
using autoconf, the traditional non-pkg-config ways of
detecting libraries, and setting LIBS and LDFLAGS, is still
recommended.
* Fixed a bug which made the testsuite fail in the GCM test on
certain platforms. Should not affect any documented features
of the library.
* Reorganization of the code for the various Merkle-Damgård
hash functions. Some fields in the context structs for md4,
md5 and sha1 have been renamed, for consistency.
Applications should not peek inside these structs, and the
ABI is unchanged.
* In the manual, fixed mis-placed const in certain function
prototypes.
The library is intended to be binary compatible with
nettle-2.2. The shared library names are libnettle.so.4.2 and
libhogweed.so.2.1, with sonames still libnettle.so.4 and
libhogweed.so.2.
NEWS for the 2.2 release
Licensing change:
* Relicensed as LGPL v2.1 or later (user's option).
* Replaced blowfish and serpent implementation. New code is
based on the LGPLed code in libgcrypt.
New features:
* Support for Galois/Counter Mode (GCM).
* New interface for enumerating (most) available algorithms,
contributed by Daniel Kahn Gillmor.
* New tool nettle-hash. Can generate hash digests using any
supported hash function, with output compatible with md5sum
and friends from GNU coreutils. Checking (like md5sum -c)
not yet implemented.
Bug fixes:
* The old serpent code had a byte order bug (introduced by
yours truly about ten years ago). New serpent implementation
does not interoperate with earlier versions of nettle.
* Fixed ABI-dependent libdir default for Linux-based systems
which do not follow the Linux File Hierarchy Standard, e.g.,
Debian GNU/Linux.
Optimizations:
* x86_64 implemention of serpent.
* x86_64 implemention of camellia.
* Optimized memxor using word rather than byte operations.
Both generic C and x86_64 assembler.
* Eliminated a memcpy for in-place CBC decrypt.
Miscellaneous:
* In command line tools, no longer support -? for requesting
help, since using it without shell quoting is a dangerous
habit. Use long option --help instead.
The shared library names are libnettle.so.4.1 and
libhogweed.so.2.1, with sonames libnettle.so.4 and
libhogweed.so.2.
NEWS for the 2.1 release
*Important*: this release breaks source and binary
compatibility for the digital signature functions, and for the
DES and BLOWFISH ciphers which have weak keys.
Incompatible changes:
* The functions rsa_md5_sign, rsa_sha1_sign and
rsa_sha256_sign, and the corresponding _digest variants, now
have a return value which callers should check. The functions
return failure if the key is too small for the type of
signature.
* The functions dsa_sign and dsa_verify are renamed to
dsa_sha1_sign and dsa_sha1_verify. The _-digest variants are
renamed similarly. These functions now have a return value
which callers should check, and they return failure if the
number q is not of the appropriate size.
* The return value from des_set_key, des3_set_key and
blowfish_set_key now indicates whether or not the given key
is weak. But in either case, the key setup is done, and
applications that don't care about weak keys can ignore the
return value.
The incompatible part of this change is that enum des_error
and enum blowfish_error has been deleted, and so has the
status attribute in struct des_ctx, struct des3_ctx, and
struct blowfish_ctx.
The shared library names are libnettle.so.4.0 and
libhogweed.so.2.0, with sonames libnettle.so.4 and
libhogweed.so.2.
Other changes:
* Support for the Camellia block cipher, including an
assembler implementation for x86_32.
* New function aes_invert_key, useful for applications that
need both encryption and decryption using the same AES key.
* des_set_key and des3_set_key no longer check the key parity
bits. Parity bits are silently ignored. A new function
des_check_parity is provided, for applications that care
about the DES parity bits.
* Support for sha224, sha384 and sha512.
* Support for digital signatures using rsa-sha512 and
dsa-sha256. Due to lack of official test vectors and interop
testing, this support should be considered somewhat
experimental.
* Key generation for RSA and DSA changed to use Maurer's
algorithm to generate provably prime numbers (as usual, the
mathematical proof does not guaranteee that the
implementation is bug free).
* x86_64 assembler implementation actually included in the
distribution (was accidentally left out in nettle-2.0).
* Configure script now detects if the compiler uses a 32-bit
or 64-bit ABI on x86_64 (prevously did this for sparc only).
Also sets the default location for installing libraries
(libdir) depending on system type and the ABI used.
* Added the nettle and gmp libraries as dependencies when
linking shared library libhogweed.so. On systems using
shared libraries where such dependencies work (in
particular, ELF systems), it is sufficient to link
applications with -lhogweed. For static linking -lhogweed
-lnettle -lgmp is still required.
* The program pkcs1-conv is extended to also handle dsa keys.
Contributed by Magnus Holmgren.
* Slightly improved sha1 performance on x86.
NEWS for the 2.0 release
This release breaks binary compatibility by splitting the
library into two. Some other smaller changes that are not
backwards compatible are also done at the same time.
* The nettle library is split into two libraries, libnettle
and libhogweed. libnettle contains the symmetric crypto
algorithms that don't depend on GMP, while libhogweed
contains the public key algorithms that depend on GMP.
Using a single library worked fine with static linking, but
not with dynamic linking. Consider an application that uses
nettle and which doesn't use any public key cryptography. If
this application is linked dynamically to nettle, it would
have to be linked also with GMP if and only if public key
support was enabled when the nettle library was installed.
The library names are libnettle.so.3.0 and
libhogweed.so.1.0, with sonames libnettle.so.3 and
libhogweed.so.1.
* Function typedefs have been changed to non-pointer types.
E.g, the
typedef void (nettle_hash_init_func *)(void *ctx);
of previous versions is replaced by
typedef void (nettle_hash_init_func)(void *ctx);
This makes it possible to use the type when declaring
functions, like
nettle_hash_init_func foo_hash_init;
void foo_hash_init(void *ctx) { ... }
* Changes to the yarrow256 interface. The automatic seed file
generation, and the seed_file member in struct
yarrow256_ctx, has been removed. To generate a new seed
file, use yarrow256_random. The function
yarrow256_force_reseed has been replaced by the two
functions yarrow256_fast_reseed and yarrow256_slow_reseed,
which were previously static. This interface change makes it
easier to mix in the current content of the seed file before
overwriting it with newly generated data.
Other changes:
* Nettle manual now contributed to the public domain, to
enable remixing into documentation of programs that use
Nettle.
* The sexp-conv program preserves comments when using the
advanced syntax for output. Optionally locks the output
file.
* The base64 decoder recognizes ASCII FF (form feed) and VT
(vertical tab) as white space.
* New x86_64 implementations of AES and SHA1. On a 2.2 GHz
opteron, SHA1 was benchmarked at 250 MByte/s, and AES-128 at
110 MByte/s.
* Performance of AES increased by 20-30% on x86.
* New programs in the examples directory: erathostenes and
next-prime.
NEWS for the 1.15 release
Added support for PKCS#1 style RSA signatures using SHA256,
according to RFC 3447. Currently lacks interoperability
testing.
Header files are now C++ aware, so C++ programs using Nettle
should now use plain
#include <nettle/foo.h>
rather than
#extern "C" {
#include <nettle/foo.h>
}
as was the recommendation for the previous version. This
breaks source-level compatibility with C++, even though
there's full binary compatibility.
The file rfc1750.txt (which is considered non-free by debian)
has been removed from the distribution. The file was used as input
for the Yarrow testcase, and has been replaced by the short
story "The Gold-bug" by Edgar Allan Poe. Anyway, RFC 1750 is
obsoleted by RFC 4086.
Fixes for Darwin shared library support, contributed by Grant
Robinsson.
Example programs now use a supplied getopt.c.
Configure tests for assemblers with a logarithmic .align
directive.
The library is intended to be upwards binary compatible with
earlier versions. The library name is libnettle.so.2.6, soname
is still libnettle.so.2.
NEWS for the 1.14 release
Experimental support for reading keys in PKCS#1 ASN1/DER
format, and a new command line tool pkcs1-conv.
Improved MD5 performance on x86.
Fixed support for sparc64.
Reorganized AES code. Better performance for all three
implementations (C, x86 assembler, sparc assembler).
New sparc assembler for arcfour. Compared to the code
generated by gcc, the new code is about 25% faster on old
sparcs, and 6 times faster on ultrasparc.
Replaced the internal function nettle_mpz_from_octets with a
call to mpz_import, if available in the installed GMP library.
More Makefile fixes; it now seems to work to build with
the the make programs on Solaris and FreeBSD (although
--disable-dependency-tracking is required for the latter).
The library is intended to be binary compatible with earlier
versions. The library name is libnettle.so.2.5, soname is
still libnettle.so.2.
NEWS for the 1.13 release
Fixed problem with broken m4 on bsd, which resulted in
corrupted x86 assembler for sha1.
Nettle probably works on windows: I've been able to cross
compile it with ./configure --host=i586-mingw32msvc (without
public-key support), and the testsuite binaries seem to run
fine in Wine.
Implemented CTR mode.
Improved sha1 performance on x86.
Configure check to figure out if symbols in assembler files
need a leading underscore.
Improved benchmark program. Displays cycles per byte and block,
and compares with openssl (if openssl is installed).
Terminating newline in output from sexp-conv --hash.
The library is intended to be binary compatible with earlier
versions. The library name is libnettle.so.2.4. However, the
interface for the internal function _nettle_sha1_compress has
changed; any program that calls this function directly will
break.
NEWS for the 1.12 release
Fixed a bug in the configure script.
Updated the description of aes_set_encrypt_key and
aes_set_decrypt_key in the manual.
NEWS for the 1.11 release
Nettle no longer uses automake. Side effects:
* Dependency tracking is enabled only for gcc-3 (help with
supporting dependency tracking with other compilers is
appreciated).
* Makefile compatibility with make programs other than GNU
make is mostly unknown, please report any problems.
Support for arctwo.
Fixes to the libdes compatibility code. Declarations should
now match openssl/libdes better. des_cbc_cksum pads
input with NUL's, if it's not an integral number of blocks (in
general, such unreversible padding is a bad idea).
By default, also the static library is compiled as position
independent code. This is needed on some systems to make it
possible to link nettle into a dynamically loaded module. Use
the configure flag --disable-pic if this is not desired.
Stricter constness typing for the sexp_iterator_assoc and
sexp_iterator_check_types arguments.
Minor tweaks of arcfour on x86 cpu:s, to speed it up on older
x86 variants such as PII and PPro.
The shared library is intended to be binary compatible with
nettle-1.8 - nettle-1.10. Only the minor version number of the
shared library is increased. The soname is still
libnettle.so.2.
NEWS for the 1.10 release
Nettle should now compile also on Tru64, Darwin, FreeBSD and
Windows. (The only tested windows build uses the rntcl rsh
wrapper to run the command line M$ C compiler "cl". See
http://pike.ida.liu.se for those tools, I don't know all
details about the Pike team's windows setup).
There are some known testsuite failures, on Windows and on one
of the xenofarm HPUX machines, see
http://www.lysator.liu.se/~nisse/xeno-lsh/latest.html. Help
tracking these down is appreciated.
There are no new features.
This release is intended to be binary compatible with
nettle-1.8 and nettle-1.9.
NEWS for the 1.9 release
Optimized C implementation of arcfour. Optimized x86
......
README
View file @ c3005802
What is Nettle? A quote from the introduction in the Nettle Manual:
What is GNU Nettle? A quote from the introduction in the Nettle Manual:
Nettle is a cryptographic library that is designed to fit easily in more
or less any context: In crypto toolkits for object-oriented languages
......@@ -14,40 +14,38 @@ What is Nettle? A quote from the introduction in the Nettle Manual:
cryptographic libraries around.
Nettle tries to avoid this problem by doing one thing, the low-level
crypto stuff, and providing a @emph{simple} but general interface to it.
crypto stuff, and providing a simple but general interface to it.
In particular, Nettle doesn't do algorithm selection. It doesn't do
memory allocation. It doesn't do any I/O.
The idea is that one can build several application and context specific
interfaces on top of Nettle, and share the code, testcases, benchmarks,
documentation, etc. For this first version, the only application using
Nettle is LSH, and it uses an object-oriented abstraction on top of the
library.
interfaces on top of Nettle, and share the code, test cases, benchmarks,
documentation, etc. Examples are the Nettle module for the Pike
language, and LSH, which both use an object-oriented abstraction on top
of the library.
Nettle is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free
Software Foundation. See the file COPYING for details. Most, but not
all, of Nettle can also be used under the terms of the GNU Lesser
General Public License; please read the Copyright section of the
manual if you want to exercise this option.
GNU Nettle is free software; you can redistribute it and/or modify it
under the terms contained in the files COPYING* (see the manual for
information on how these licenses apply).
Build nettle with the usual ./configure && make && make check && make
install. Read the manual. Mail me if you have any questions or
suggestions.
If you have downloaded a Nettle release, build it with the usual
./configure && make && make check && make install (see the INSTALL
file for further instructions). Using GNU make is strongly
recommended. Nettle's support for public key algorithms, such as RSA
and ECDSA, depends on the GNU GMP library.
You can also build Nettle from cvs, using
You can also get Nettle from git, see
http://www.lysator.liu.se/~nisse/nettle/ for current instructions. In
particular, you need to run the ./.bootstrap script after checkout and
before running ./configure.
cvs -d :pserver:anonymous@cvs.lysator.liu.se:/cvsroot/lsh login
[ empty password ]
cvs -d :pserver:anonymous@cvs.lysator.liu.se:/cvsroot/lsh co nettle
If you get it from cvs, you need to build it with
./.bootstrap && ./configure && make && make check
Read the manual. Mail me if you have any questions or suggestions.
You may want to subscribe to the nettle-bugs mailing list. See
<URL: http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs>.
<URL: https://lists.lysator.liu.se/mailman3/postorius/lists/nettle-bugs.lists.lysator.liu.se/>.
See CONTRIBUTING.md for information on contibuting patches.
Happy hacking,
/Niels Möller <nisse@lysator.liu.se>
/Niels Möller <nisse@lysator.liu.se>
TODO deleted 100644 → 0
View file @ a62d9f3d
Public key support, analogous to that provided by RSAREF. Suggested by
Dan Egnor. Signatures are done now, but RSA encryption is still
missing. References:
http://download.gale.org/rsaref20.tar.Z
http://www.openssl.org/docs/crypto/evp.html
http://www.openssl.org/docs/crypto/rsa.html
More feedback modes, in order of decreasing priority: CBC-MAC, OFB,
Counter, and CFB. Suggested by Rafael 'Dido' Sevilla. References:
http://csrc.nist.gov/encryption/modes/Recommendation/Modes01.pdf
Valgrind reports errors on the des-compat test program. Investigate.
Change the convention for declaring function pointers. Instead of for
example
typedef void *
nettle_realloc_func(void *ctx, void *p, unsigned length);
use
typedef void
nettle_realloc_func(void *ctx, void *p, unsigned length);
The make rules for building position independent *_p.o files doesn't
get dependencies right.
aclocal.m4 0 → 100644
View file @ c3005802
dnl Choose cc flags for compiling position independent code
AC_DEFUN([LSH_CCPIC],
[AC_REQUIRE([AC_CANONICAL_HOST])dnl
AC_MSG_CHECKING(CCPIC)
AC_CACHE_VAL(lsh_cv_sys_ccpic,[
if test -z "$CCPIC" ; then
if test "$GCC" = yes ; then
case "$host_os" in
bsdi4.*) CCPIC="-fPIC" ;;
bsdi*) CCPIC="" ;;
darwin*) CCPIC="-fPIC" ;;
freebsd*|netbsd*|openbsd*) CCPIC="-fPIC" ;;
# Could also use -fpic, depending on the number of symbol references
solaris*) CCPIC="-fPIC" ;;
cygwin*) CCPIC="" ;;
mingw32*) CCPIC="" ;;
*) CCPIC="-fpic" ;;
esac
else
case "$host_os" in
darwin*) CCPIC="-fPIC" ;;
irix*) CCPIC="-share" ;;
hpux*) CCPIC="+z"; ;;
freebsd*|netbsd*|openbsd*) CCPIC="-fPIC" ;;
sco*|sysv4.*) CCPIC="-KPIC -dy -Bdynamic" ;;
solaris*) CCPIC="-KPIC -Bdynamic" ;;
winnt*) CCPIC="-shared" ;;
*) CCPIC="" ;;
esac
fi
fi
OLD_CFLAGS="$CFLAGS"
CFLAGS="$CFLAGS $CCPIC"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[return 0;]])],
[lsh_cv_sys_ccpic="$CCPIC"], [lsh_cv_sys_ccpic=''])
CFLAGS="$OLD_CFLAGS"
])
CCPIC="$lsh_cv_sys_ccpic"
AC_MSG_RESULT($CCPIC)])
dnl LSH_PATH_ADD(path-id, directory)
AC_DEFUN([LSH_PATH_ADD],
[AC_MSG_CHECKING($2)
ac_exists=no
if test -d "$2/." ; then
ac_real_dir=`cd $2 && pwd`
if test -n "$ac_real_dir" ; then
ac_exists=yes
for old in $1_REAL_DIRS ; do
ac_found=no
if test x$ac_real_dir = x$old ; then
ac_found=yes;
break;
fi
done
if test $ac_found = yes ; then
AC_MSG_RESULT(already added)
else
AC_MSG_RESULT(added)
# LDFLAGS="$LDFLAGS -L $2"
$1_REAL_DIRS="$ac_real_dir [$]$1_REAL_DIRS"
$1_DIRS="$2 [$]$1_DIRS"
fi
fi
fi
if test $ac_exists = no ; then
AC_MSG_RESULT(not found)
fi
])
dnl LSH_RPATH_ADD(dir)
AC_DEFUN([LSH_RPATH_ADD], [LSH_PATH_ADD(RPATH_CANDIDATE, $1)])
dnl LSH_RPATH_INIT(candidates)
AC_DEFUN([LSH_RPATH_INIT],
[AC_REQUIRE([AC_CANONICAL_HOST])dnl
AC_MSG_CHECKING([for -R flag])
RPATHFLAG=''
case "$host_os" in
osf1*) RPATHFLAG="-rpath " ;;
irix6.*|irix5.*) RPATHFLAG="-rpath " ;;
solaris*)
if test "$TCC" = "yes"; then
# tcc doesn't know about -R
RPATHFLAG="-Wl,-R,"
else
RPATHFLAG=-R
fi
;;
linux*|freebsd*) RPATHFLAG="-Wl,-rpath," ;;
*) RPATHFLAG="" ;;
esac
if test x$RPATHFLAG = x ; then
AC_MSG_RESULT(none)
else
AC_MSG_RESULT([using $RPATHFLAG])
fi
RPATH_CANDIDATE_REAL_DIRS=''
RPATH_CANDIDATE_DIRS=''
AC_MSG_RESULT([Searching for libraries])
for d in $1 ; do
LSH_RPATH_ADD($d)
done
])
dnl Try to execute a main program, and if it fails, try adding some
dnl -R flag.
dnl LSH_RPATH_FIX
AC_DEFUN([LSH_RPATH_FIX],
[if test $cross_compiling = no -a "x$RPATHFLAG" != x ; then
ac_success=no
AC_RUN_IFELSE([AC_LANG_SOURCE([[int main(int argc, char **argv) { return 0; }]])],
[ac_success=yes], [ac_success=no], [:])
if test $ac_success = no ; then
AC_MSG_CHECKING([Running simple test program failed. Trying -R flags])
dnl echo RPATH_CANDIDATE_DIRS = $RPATH_CANDIDATE_DIRS
ac_remaining_dirs=''
ac_rpath_save_LDFLAGS="$LDFLAGS"
for d in $RPATH_CANDIDATE_DIRS ; do
if test $ac_success = yes ; then
ac_remaining_dirs="$ac_remaining_dirs $d"
else
LDFLAGS="$RPATHFLAG$d $LDFLAGS"
dnl echo LDFLAGS = $LDFLAGS
AC_RUN_IFELSE([AC_LANG_SOURCE([[int main(int argc, char **argv) { return 0; }]])],
[ac_success=yes
ac_rpath_save_LDFLAGS="$LDFLAGS"
AC_MSG_RESULT([adding $RPATHFLAG$d])
],
[ac_remaining_dirs="$ac_remaining_dirs $d"], [:])
LDFLAGS="$ac_rpath_save_LDFLAGS"
fi
done
RPATH_CANDIDATE_DIRS=$ac_remaining_dirs
fi
if test $ac_success = no ; then
AC_MSG_RESULT(failed)
fi
fi
])
dnl LSH_GCC_ATTRIBUTES
dnl Check for gcc's __attribute__ construction
AC_DEFUN([LSH_GCC_ATTRIBUTES],
[AC_CACHE_CHECK(for __attribute__,
lsh_cv_c_attribute,
[ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <stdlib.h>
static void foo(void) __attribute__ ((noreturn));
static void __attribute__ ((noreturn))
foo(void)
{
exit(1);
}
]], [[]])],
[lsh_cv_c_attribute=yes],
[lsh_cv_c_attribute=no])])
AH_TEMPLATE([HAVE_GCC_ATTRIBUTE], [Define if the compiler understands __attribute__])
if test "x$lsh_cv_c_attribute" = "xyes"; then
AC_DEFINE(HAVE_GCC_ATTRIBUTE)
fi
AH_BOTTOM(
[#if __GNUC__ && HAVE_GCC_ATTRIBUTE
# define NORETURN __attribute__ ((__noreturn__))
# define PRINTF_STYLE(f, a) __attribute__ ((__format__ (__printf__, f, a)))
# define UNUSED __attribute__ ((__unused__))
#else
# define NORETURN
# define PRINTF_STYLE(f, a)
# define UNUSED
#endif
])])
# Check for alloca, and include the standard blurb in config.h
AC_DEFUN([LSH_FUNC_ALLOCA],
[AC_FUNC_ALLOCA
AC_CHECK_HEADERS([malloc.h])
AH_BOTTOM(
[/* AIX requires this to be the first thing in the file. */
#ifndef __GNUC__
# if HAVE_ALLOCA_H
# include <alloca.h>
# else
# ifdef _AIX
#pragma alloca
# else
# ifndef alloca /* predefined by HP cc +Olibcalls */
char *alloca ();
# endif
# endif
/* Needed for alloca on windows */
# if HAVE_MALLOC_H
# include <malloc.h>
# endif
# endif
#else /* defined __GNUC__ */
# if HAVE_ALLOCA_H
# include <alloca.h>
# else
/* Needed for alloca on windows, also with gcc */
# if HAVE_MALLOC_H
# include <malloc.h>
# endif
# endif
#endif
])])
dnl LSH_DEPENDENCY_TRACKING
dnl Defines compiler flags DEP_FLAGS to generate dependency
dnl information, and DEP_PROCESS that is any shell commands needed for
dnl massaging the dependency information further. Dependencies are
dnl generated as a side effect of compilation. Dependency files
dnl themselves are not treated as targets.
AC_DEFUN([LSH_DEPENDENCY_TRACKING],
[AC_ARG_ENABLE(dependency_tracking,
AS_HELP_STRING([--disable-dependency-tracking], [Disable dependency tracking. Dependency tracking doesn't work with BSD make]),,
[enable_dependency_tracking=yes])
DEP_FLAGS=''
DEP_PROCESS='true'
if test x$enable_dependency_tracking = xyes ; then
if test x$GCC = xyes ; then
gcc_version=`gcc --version | head -1`
case "$gcc_version" in
2.*|*[[!0-9.]]2.*)
enable_dependency_tracking=no
AC_MSG_WARN([Dependency tracking disabled, gcc-3.x is needed])
;;
*)
DEP_FLAGS='-MT $[]@ -MD -MP -MF $[]@.d'
DEP_PROCESS='true'
;;
esac
else
enable_dependency_tracking=no
AC_MSG_WARN([Dependency tracking disabled])
fi
fi
AC_SUBST([DEP_FLAGS])
AC_SUBST([DEP_PROCESS])])
dnl GMP_TRY_ASSEMBLE(asm-code,[action-success][,action-fail])
dnl ----------------------------------------------------------
dnl Attempt to assemble the given code.
dnl Do "action-success" if this succeeds, "action-fail" if not.
dnl
dnl conftest.o and conftest.out are available for inspection in
dnl "action-success". If either action does a "break" out of a loop then
dnl an explicit "rm -f conftest*" will be necessary.
dnl
dnl This is not unlike AC_COMPILE_IFELSE, but there's no default includes or
dnl anything in "asm-code", everything wanted must be given explicitly.
AC_DEFUN([GMP_TRY_ASSEMBLE],
[cat >conftest.s <<EOF
[$1]
EOF
gmp_assemble="$CC $CFLAGS $CPPFLAGS $ASM_FLAGS -c conftest.s >conftest.out 2>&1"
if AC_TRY_EVAL(gmp_assemble); then
cat conftest.out >&AS_MESSAGE_LOG_FD
ifelse([$2],,:,[$2])
else
cat conftest.out >&AS_MESSAGE_LOG_FD
echo "configure: failed program was:" >&AS_MESSAGE_LOG_FD
cat conftest.s >&AS_MESSAGE_LOG_FD
ifelse([$3],,:,[$3])
fi
rm -f conftest*
])
dnl GMP_PROG_CC_FOR_BUILD
dnl ---------------------
dnl Establish CC_FOR_BUILD, a C compiler for the build system.
dnl
dnl If CC_FOR_BUILD is set then it's expected to work, likewise the old
dnl style HOST_CC, otherwise some likely candidates are tried, the same as
dnl configfsf.guess.
AC_DEFUN([GMP_PROG_CC_FOR_BUILD],
[AC_REQUIRE([AC_PROG_CC])
if test -n "$CC_FOR_BUILD"; then
GMP_PROG_CC_FOR_BUILD_WORKS($CC_FOR_BUILD,,
[AC_MSG_ERROR([Specified CC_FOR_BUILD doesn't seem to work])])
elif test -n "$HOST_CC"; then
GMP_PROG_CC_FOR_BUILD_WORKS($HOST_CC,
[CC_FOR_BUILD=$HOST_CC],
[AC_MSG_ERROR([Specified HOST_CC doesn't seem to work])])
else
if test $cross_compiling = no ; then
CC_FOR_BUILD="$CC"
else
for i in gcc cc c89 c99; do
GMP_PROG_CC_FOR_BUILD_WORKS($i,
[CC_FOR_BUILD=$i
break])
done
if test -z "$CC_FOR_BUILD"; then
AC_MSG_ERROR([Cannot find a build system compiler])
fi
fi
if test "$CC_FOR_BUILD" = gcc ; then
CC_FOR_BUILD="$CC_FOR_BUILD -O -g"
fi
fi
AC_ARG_VAR(CC_FOR_BUILD,[build system C compiler])
AC_SUBST(CC_FOR_BUILD)
])
dnl GMP_PROG_CC_FOR_BUILD_WORKS(cc/cflags[,[action-if-good][,action-if-bad]])
dnl -------------------------------------------------------------------------
dnl See if the given cc/cflags works on the build system.
dnl
dnl It seems easiest to just use the default compiler output, rather than
dnl figuring out the .exe or whatever at this stage.
AC_DEFUN([GMP_PROG_CC_FOR_BUILD_WORKS],
[AC_MSG_CHECKING([build system compiler $1])
# remove anything that might look like compiler output to our "||" expression
rm -f conftest* a.out b.out a.exe a_out.exe
cat >conftest.c <<EOF
int
main ()
{
return 0;
}
EOF
gmp_compile="$1 conftest.c"
cc_for_build_works=no
if AC_TRY_EVAL(gmp_compile); then
if (./a.out || ./b.out || ./a.exe || ./a_out.exe || ./conftest) >&AS_MESSAGE_LOG_FD 2>&1; then
cc_for_build_works=yes
fi
fi
rm -f conftest* a.out b.out a.exe a_out.exe
AC_MSG_RESULT($cc_for_build_works)
if test "$cc_for_build_works" = yes; then
ifelse([$2],,:,[$2])
else
ifelse([$3],,:,[$3])
fi
])
dnl GMP_PROG_EXEEXT_FOR_BUILD
dnl -------------------------
dnl Determine EXEEXT_FOR_BUILD, the build system executable suffix.
dnl
dnl The idea is to find what "-o conftest$foo" will make it possible to run
dnl the program with ./conftest. On Unix-like systems this is of course
dnl nothing, for DOS it's ".exe", or for a strange RISC OS foreign file
dnl system cross compile it can be ",ff8" apparently. Not sure if the
dnl latter actually applies to a build-system executable, maybe it doesn't,
dnl but it won't hurt to try.
AC_DEFUN([GMP_PROG_EXEEXT_FOR_BUILD],
[AC_REQUIRE([GMP_PROG_CC_FOR_BUILD])
AC_CACHE_CHECK([for build system executable suffix],
gmp_cv_prog_exeext_for_build,
[if test $cross_compiling = no ; then
gmp_cv_prog_exeext_for_build="$EXEEXT"
else
cat >conftest.c <<EOF
int
main ()
{
return 0;
}
EOF
for i in .exe ,ff8 ""; do
gmp_compile="$CC_FOR_BUILD conftest.c -o conftest$i"
if AC_TRY_EVAL(gmp_compile); then
if (./conftest) 2>&AS_MESSAGE_LOG_FD; then
gmp_cv_prog_exeext_for_build=$i
break
fi
fi
done
rm -f conftest*
if test "${gmp_cv_prog_exeext_for_build+set}" != set; then
AC_MSG_ERROR([Cannot determine executable suffix])
fi
fi
])
AC_SUBST(EXEEXT_FOR_BUILD,$gmp_cv_prog_exeext_for_build)
])
dnl NETTLE_CHECK_ARM_NEON
dnl ---------------------
dnl Check if ARM Neon instructions should be used.
dnl Obeys enable_arm_neon, which should be set earlier.
AC_DEFUN([NETTLE_CHECK_ARM_NEON],
[if test "$enable_arm_neon" = auto ; then
if test "$cross_compiling" = yes ; then
dnl Check if compiler/assembler accepts it,
dnl without an explicit .fpu neon directive.
AC_CACHE_CHECK([if assembler accepts Neon instructions],
nettle_cv_asm_arm_neon,
[GMP_TRY_ASSEMBLE([
.text
foo:
vmlal.u32 q1, d0, d1
],
[nettle_cv_asm_arm_neon=yes],
[nettle_cv_asm_arm_neon=no])])
enable_arm_neon="$nettle_cv_asm_arm_neon"
else
AC_MSG_CHECKING([if /proc/cpuinfo claims neon support])
if grep '^Features.*:.* neon' /proc/cpuinfo >/dev/null ; then
enable_arm_neon=yes
else
enable_arm_neon=no
fi
AC_MSG_RESULT($enable_arm_neon)
fi
fi
])
dnl NETTLE_CHECK_IFUNC
dnl ------------------
dnl Check if __attribute__ ((ifunc(...))) works
AC_DEFUN([NETTLE_CHECK_IFUNC],
[AC_REQUIRE([AC_PROG_CC])
AC_CACHE_CHECK([for ifunc support],
nettle_cv_link_ifunc,
[AC_LINK_IFELSE([AC_LANG_PROGRAM([
static int
foo_imp(int x)
{
return 1;
}
typedef void void_func (void);
static void_func *
foo_resolv(void)
{
return (void_func *) foo_imp;
}
int foo (int x) __attribute__ ((ifunc("foo_resolv")));
],[
return foo(0);
])],
[nettle_cv_link_ifunc=yes],
[nettle_cv_link_ifunc=no])])
AH_TEMPLATE([HAVE_LINK_IFUNC], [Define if compiler and linker supports __attribute__ ifunc])
if test "x$nettle_cv_link_ifunc" = xyes ; then
AC_DEFINE(HAVE_LINK_IFUNC)
fi
])
# ld-version-script.m4 serial 3
dnl Copyright (C) 2008-2014 Free Software Foundation, Inc.
dnl This file is free software; the Free Software Foundation
dnl gives unlimited permission to copy and/or distribute it,
dnl with or without modifications, as long as this notice is preserved.
dnl From Simon Josefsson
# FIXME: The test below returns a false positive for mingw
# cross-compiles, 'local:' statements does not reduce number of
# exported symbols in a DLL. Use --disable-ld-version-script to work
# around the problem.
# gl_LD_VERSION_SCRIPT
# --------------------
# Check if LD supports linker scripts, and define automake conditional
# HAVE_LD_VERSION_SCRIPT if so.
AC_DEFUN([LD_VERSION_SCRIPT],
[
AC_ARG_ENABLE([ld-version-script],
AS_HELP_STRING([--enable-ld-version-script],
[enable linker version script (default is enabled when possible)]),
[have_ld_version_script=$enableval], [])
if test -z "$have_ld_version_script"; then
AC_MSG_CHECKING([if LD -Wl,--version-script works])
save_LDFLAGS="$LDFLAGS"
LDFLAGS="$LDFLAGS -Wl,--version-script=conftest.map"
cat > conftest.map <<EOF
foo
EOF
AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])],
[accepts_syntax_errors=yes], [accepts_syntax_errors=no])
if test "$accepts_syntax_errors" = no; then
cat > conftest.map <<EOF
VERS_1 {
global: sym;
};
VERS_2 {
global: sym;
} VERS_1;
EOF
AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])],
[have_ld_version_script=yes], [have_ld_version_script=no])
else
have_ld_version_script=no
fi
rm -f conftest.map
LDFLAGS="$save_LDFLAGS"
AC_MSG_RESULT($have_ld_version_script)
fi
if test "$have_ld_version_script" = "yes";then
EXTRA_LINKER_FLAGS="-Wl,--version-script=libnettle.map"
AC_SUBST(EXTRA_LINKER_FLAGS)
EXTRA_HOGWEED_LINKER_FLAGS="-Wl,--version-script=libhogweed.map"
AC_SUBST(EXTRA_HOGWEED_LINKER_FLAGS)
fi
])
dnl GMP_ASM_POWERPC_R_REGISTERS
dnl ---------------------------
dnl Determine whether the assembler takes powerpc registers with an "r" as
dnl in "r6", or as plain "6". The latter is standard, but NeXT, Rhapsody,
dnl and MacOS-X require the "r" forms.
dnl
dnl See also powerpc64/machine.m4 which uses the result of this
dnl test.
AC_DEFUN([GMP_ASM_POWERPC_R_REGISTERS],
[AC_CACHE_CHECK([if the assembler needs r on registers],
gmp_cv_asm_powerpc_r_registers,
[GMP_TRY_ASSEMBLE(
[ $gmp_cv_asm_text
mtctr r6],
[gmp_cv_asm_powerpc_r_registers=yes],
[GMP_TRY_ASSEMBLE(
[ .text
mtctr 6],
[gmp_cv_asm_powerpc_r_registers=no],
[AC_MSG_ERROR([neither "mtctr 6" nor "mtctr r6" works])])])])
ASM_PPC_WANT_R_REGISTERS="$gmp_cv_asm_powerpc_r_registers"
])
# Check if valgrind supports the platform we are compiling for.
AC_DEFUN([NETTLE_PROG_VALGRIND],
[AC_CACHE_CHECK([if valgrind is working],
nettle_cv_prog_valgrind,
[AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])], [
# Valgrind is known to work poorly and sometimes hang indefinitely
# on executables built with gcc's leak-sanitizer and
# address-sanitizer, and with clang's memory sanitizer. Attempt to
# work around. See https://bugs.kde.org/show_bug.cgi?id=492255
if "$NM" ./conftest$EXEEXT 2>&AS_MESSAGE_LOG_FD |
grep '_lsan_\|_msan_\|_asan_' >/dev/null; then
nettle_cv_prog_valgrind=no
elif valgrind -q ./conftest$EXEEXT 2>&AS_MESSAGE_LOG_FD; then
nettle_cv_prog_valgrind=yes
else
nettle_cv_prog_valgrind=no
fi], [nettle_cv_prog_valgrind=no])])
if test "$nettle_cv_prog_valgrind" = yes ; then
IF_VALGRIND=''
else
IF_VALGRIND='#'
fi
AC_SUBST(IF_VALGRIND)
])
aes-decrypt-internal.c 0 → 100644
View file @ c3005802
/* aes-decrypt-internal.c
Decryption function for the aes/rijndael block cipher.
Copyright 2002, 2013 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <assert.h>
#include "aes-internal.h"
#include "macros.h"
/* For fat builds */
#if HAVE_NATIVE_aes_decrypt
void
_nettle_aes_decrypt_c(unsigned rounds, const uint32_t *keys,
const struct aes_table *T,
size_t length, uint8_t *dst,
const uint8_t *src);
#define _nettle_aes_decrypt _nettle_aes_decrypt_c
#endif
void
_nettle_aes_decrypt(unsigned rounds, const uint32_t *keys,
const struct aes_table *T,
size_t length, uint8_t *dst,
const uint8_t *src)
{
FOR_BLOCKS(length, dst, src, AES_BLOCK_SIZE)
{
uint32_t w0, w1, w2, w3; /* working ciphertext */
uint32_t t0, t1, t2, t3;
const uint32_t *p;
unsigned i;
/* Get clear text, using little-endian byte order.
* Also XOR with the first subkey. */
w0 = LE_READ_UINT32(src) ^ keys[0];
w1 = LE_READ_UINT32(src + 4) ^ keys[1];
w2 = LE_READ_UINT32(src + 8) ^ keys[2];
w3 = LE_READ_UINT32(src + 12) ^ keys[3];
for (i = 1, p = keys - 4; i < rounds; i++, p -= 4)
{
t0 = AES_ROUND(T, w0, w3, w2, w1, p[0]);
t1 = AES_ROUND(T, w1, w0, w3, w2, p[1]);
t2 = AES_ROUND(T, w2, w1, w0, w3, p[2]);
t3 = AES_ROUND(T, w3, w2, w1, w0, p[3]);
/* We could unroll the loop twice, to avoid these
assignments. If all eight variables fit in registers,
that should give a slight speedup. */
w0 = t0;
w1 = t1;
w2 = t2;
w3 = t3;
}
/* Final round */
t0 = AES_FINAL_ROUND(T, w0, w3, w2, w1, p[0]);
t1 = AES_FINAL_ROUND(T, w1, w0, w3, w2, p[1]);
t2 = AES_FINAL_ROUND(T, w2, w1, w0, w3, p[2]);
t3 = AES_FINAL_ROUND(T, w3, w2, w1, w0, p[3]);
LE_WRITE_UINT32(dst, t0);
LE_WRITE_UINT32(dst + 4, t1);
LE_WRITE_UINT32(dst + 8, t2);
LE_WRITE_UINT32(dst + 12, t3);
}
}