nettle-bugs February 2021

nettle-bugs@lists.lysator.liu.se

10 participants
14 discussions

Add RSA-OAEP encryption/decryption to Nettle
by Nicolas Mora 09 Mar '24

09 Mar '24

Hello, I've made a new Merge Request in the nettle gitlab repo to provide RSA-OAEP encryption and decryption: https://git.lysator.liu.se/nettle/nettle/-/merge_requests/20 It adds 2 new functions: int pkcs1_oaep_encrypt (size_t key_size, void *random_ctx, nettle_random_func *random, size_t hlen, size_t label_length, const uint8_t *label, size_t message_length, const uint8_t *message, mpz_t m); int pkcs1_oaep_decrypt (size_t key_size, const … [View More]

4 21

Curve point decompression
by Wim Lewis 10 Nov '21

10 Nov '21

I'm looking at implementing elliptic curve point compression a la SEC1 (admittedly, mostly to reduce the number of "feature not supported" code paths in a library, but it seems like a somewhat useful ability). Nettle/Hogweed already implements it internally for curve25519, but I want to implement it for the "secp" curves as well. Point compression is easy enough, but point decompression requires some curve math, potentially dependent on the specific curve, and some of it is redundant … [View More]

3 10

[S390x] Optimize AES modes
by Maamoun TK 19 Sep '21

19 Sep '21

I made a merge request for optimizing AES modes on s390x architecture, the patch implements the optimized cores using cipher instructions that have been added to s390x arch in message security assist extensions. The patch uses the following functions: KM-AES-128 (ECB-AES128) KM-AES-192 (ECB-AES192) KM-AES-256 (ECB-AES256) KMC-AES-128 (CBC-AES128) KMC-AES-192 (CBC-AES192) KMC-AES-256 (CBC-AES256) KMAC-AES-128 (CCM-AES128, CMAC-AES128) KMAC-AES-192 (CCM-AES192) KMAC-AES-256 (CCM-AES256, CMAC-… [View More]

4 39

HPKE implementation
by Norbert Pocs 14 Jul '21

14 Jul '21

Hello mailing list, I am a student at Brno University of Technology at Faculty of Information Technology and intern at Red Hat Crypto team. My current project is the implementation of HPKE draft [0]. The first goal is to implement mode_base. Example usage for the project is the encrypted hello message in TLS [1]. Do you have interest in merging the code after completion? [0] https://tools.ietf.org/html/draft-irtf-cfrg-hpke-07 [1] https://gitlab.com/gnutls/gnutls/-/issues/595 Regards Norbert Pócs

2 3

Add AES Key Wrap (RFC 3394) in Nettle
by Nicolas Mora 23 May '21

23 May '21

Hello, I've added a merge request to implement AES key wrap and unwrap in Nettle [1]. The MR is not complete, because the tests haven't been pushed yet and the documentation is missing, but if the new functionality is welcome to Nettle, I'd rather have some feedback on the code first, to make sure it respects the project guidelines. I can add tests based on the tests vectors in the RFC [2], but I'm not sure how the test suites are build, should I need to create test_wrap functions like … [View More]

5 25

Compile issue on Solaris 11.3
by Jeffrey Walton 28 Mar '21

28 Mar '21

Hi Everyone, I bumped to Nettle 3.7. The build is resulting in: gcc -I. -I/export/home/jwalton/tmp/ok2delete/include -DNDEBUG -DHAVE_CONFIG_H -g2 -O2 -m64 -march=native -fPIC -pthread -ggdb3 -Wall -W -Wno-sign-compare -Wmissing-prototypes -Wmissing-declarations -Wstrict-prototypes -Wpointer-arith -Wbad-function-cast -Wnested-externs -fPIC -MT sha256-compress-2.o -MD -MP -MF sha256-compress-2.o.d -c sha256-compress-2.s gcc -I. -I/export/home/jwalton/tmp/ok2delete/include -DNDEBUG -… [View More]DHAVE_CONFIG_H -g2 -O2 -m64 -march=native -fPIC -pthread -ggdb3 -Wall -W -Wno-sign-compare -Wmissing-prototypes -Wmissing-declarations -Wstrict-prototypes -Wpointer-arith -Wbad-function-cast -Wnested-externs -fPIC -MT sexp.o -MD -MP -MF sexp.o.d -c sexp.c \ && true sha256-compress-2.ssha1-compress-2.s: Assembler messages: sha1-compress-2.s:73: Error: : no such instruction: `sha1rnds4 $0,%xmm5,%xmm4'Assembler messages: sha256-compress-2.s:87 : Error: no such instruction: `sha256rnds2 %xmm5,%xmm6' sha1-compress-2.s:78sha256-compress-2.s: Error: no such instruction: `sha1nexte %xmm1,%xmm6':89 : Error: no such instruction: `sha256rnds2 %xmm6,%xmm5'sha1-compress-2.s:80 : Error: no such instruction: `sha1rnds4 $0,%xmm6,%xmm4' sha256-compress-2.ssha1-compress-2.s:96:81: Error: : Error: no such instruction: `sha1msg1 %xmm1,%xmm0'no such instruction: `sha256rnds2 %xmm5,%xmm6' sha1-compress-2.s:86sha256-compress-2.s: Error: :98no such instruction: `sha1nexte %xmm2,%xmm5' : Error: sha1-compress-2.s:88: no such instruction: `sha256rnds2 %xmm6,%xmm5'Error: sha256-compress-2.sno such instruction: `sha1rnds4 $0,%xmm5,%xmm4':99 : Error: sha1-compress-2.sno such instruction: `sha256msg1 %xmm2,%xmm1' :89: Error: no such instruction: `sha1msg1 %xmm2,%xmm1' sha256-compress-2.s:106: Error: no such instruction: `sha256rnds2 %xmm5,%xmm6' sha1-compress-2.s:96sha256-compress-2.s: Error: no such instruction: `sha1nexte %xmm3,%xmm6' :108sha1-compress-2.s:98: Error: no such instruction: `sha256rnds2 %xmm6,%xmm5': Error: no such instruction: `sha1msg2 %xmm3,%xmm0' sha256-compress-2.ssha1-compress-2.s:109:99: : Error: Error: no such instruction: `sha1rnds4 $0,%xmm6,%xmm4'no such instruction: `sha256msg1 %xmm3,%xmm2' sha256-compress-2.s:117: Error: no such instruction: `sha256rnds2 %xmm5,%xmm6' sha256-compress-2.s:119: Error: no such instruction: `sha256rnds2 %xmm6,%xmm5' sha256-compress-2.s:123: Error: no such instruction: `sha256msg2 %xmm4,%xmm1' sha256-compress-2.s:124: sha1-compress-2.sError: no such instruction: `sha256msg1 %xmm4,%xmm3' :100: Error: sha256-compress-2.sno such instruction: `sha1msg1 %xmm3,%xmm2' :129: Error: no such instruction: `sha256rnds2 %xmm5,%xmm6' sha1-compress-2.s:104: Error: no such instruction: `sha1nexte %xmm0,%xmm5'sha256-compress-2.s:131: Error: no such instruction: `sha256rnds2 %xmm6,%xmm5' sha1-compress-2.s:106sha256-compress-2.s: :135: Error: Error: no such instruction: `sha1msg2 %xmm0,%xmm1'no such instruction: `sha256msg2 %xmm1,%xmm2' sha256-compress-2.ssha1-compress-2.s:107:136: : Error: no such instruction: `sha256msg1 %xmm1,%xmm4' Error: no such instruction: `sha1rnds4 $0,%xmm5,%xmm4'sha256-compress-2.s :141: sha1-compress-2.sError: no such instruction: `sha256rnds2 %xmm5,%xmm6' :108: sha256-compress-2.sError: no such instruction: `sha1msg1 %xmm0,%xmm3':143: Error: no such instruction: `sha256rnds2 %xmm6,%xmm5' sha1-compress-2.s:113: Error: sha256-compress-2.s:147: Error: no such instruction: `sha1nexte %xmm1,%xmm6'no such instruction: `sha256msg2 %xmm2,%xmm3' sha256-compress-2.ssha1-compress-2.s:148:115: Error: : no such instruction: `sha256msg1 %xmm2,%xmm1' Error: sha256-compress-2.sno such instruction: `sha1msg2 %xmm1,%xmm2':153: Error: no such instruction: `sha256rnds2 %xmm5,%xmm6' sha256-compress-2.ssha1-compress-2.s:155: Error: :116: no such instruction: `sha256rnds2 %xmm6,%xmm5' Error: no such instruction: `sha1rnds4 $1,%xmm6,%xmm4' sha1-compress-2.s:117: Error: sha256-compress-2.sno such instruction: `sha1msg1 %xmm1,%xmm0':159: Error: no such instruction: `sha256msg2 %xmm3,%xmm4' sha256-compress-2.s:160sha1-compress-2.s: Error: no such instruction: `sha256msg1 %xmm3,%xmm2' :121: Error: no such instruction: `sha1nexte %xmm2,%xmm5'sha256-compress-2.s :165: Error: no such instruction: `sha256rnds2 %xmm5,%xmm6' sha1-compress-2.ssha256-compress-2.s:123: Error: no such instruction: `sha1msg2 %xmm2,%xmm3' sha1-compress-2.s:167: Error: no such instruction: `sha256rnds2 %xmm6,%xmm5':124 : Error: no such instruction: `sha1rnds4 $1,%xmm5,%xmm4' sha256-compress-2.ssha1-compress-2.s:125:171: : Error: no such instruction: `sha256msg2 %xmm4,%xmm1'Error: no such instruction: `sha1msg1 %xmm2,%xmm1' sha256-compress-2.s:172: Error: sha1-compress-2.s:129no such instruction: `sha256msg1 %xmm4,%xmm3' : Error: no such instruction: `sha1nexte %xmm3,%xmm6'sha256-compress-2.s :177: sha1-compress-2.sError: no such instruction: `sha256rnds2 %xmm5,%xmm6' :131: Error: sha256-compress-2.sno such instruction: `sha1msg2 %xmm3,%xmm0':179 : Error: no such instruction: `sha256rnds2 %xmm6,%xmm5'sha1-compress-2.s :132: Error: no such instruction: `sha1rnds4 $1,%xmm6,%xmm4' sha256-compress-2.s:183: Error: sha1-compress-2.s:133no such instruction: `sha256msg2 %xmm1,%xmm2' : sha256-compress-2.sError: :184no such instruction: `sha1msg1 %xmm3,%xmm2' : Error: no such instruction: `sha256msg1 %xmm1,%xmm4' sha1-compress-2.s:137: Error: no such instruction: `sha1nexte %xmm0,%xmm5' sha1-compress-2.s:139: sha256-compress-2.sError: no such instruction: `sha1msg2 %xmm0,%xmm1':189: Error: no such instruction: `sha256rnds2 %xmm5,%xmm6' sha1-compress-2.s:140sha256-compress-2.s:191: : Error: no such instruction: `sha256rnds2 %xmm6,%xmm5'Error: no such instruction: `sha1rnds4 $1,%xmm5,%xmm4' sha1-compress-2.ssha256-compress-2.s:141: :195: Error: Error: no such instruction: `sha1msg1 %xmm0,%xmm3'no such instruction: `sha256msg2 %xmm2,%xmm3' sha256-compress-2.s:196sha1-compress-2.s:145: : Error: no such instruction: `sha256msg1 %xmm2,%xmm1' Error: no such instruction: `sha1nexte %xmm1,%xmm6' sha256-compress-2.s:201: Error: no such instruction: `sha256rnds2 %xmm5,%xmm6'sha1-compress-2.s:147 : Error: sha256-compress-2.s:203: Error: no such instruction: `sha1msg2 %xmm1,%xmm2'no such instruction: `sha256rnds2 %xmm6,%xmm5' sha256-compress-2.ssha1-compress-2.s:148:207: : Error: Error: no such instruction: `sha256msg2 %xmm3,%xmm4' sha256-compress-2.s:208: Error: no such instruction: `sha256msg1 %xmm3,%xmm2' sha256-compress-2.s:213: Error: no such instruction: `sha256rnds2 %xmm5,%xmm6' sha256-compress-2.s:215: Error: no such instruction: `sha256rnds2 %xmm6,%xmm5' sha256-compress-2.s:219: Error: no such instruction: `sha256msg2 %xmm4,%xmm1' sha256-compress-2.s:220: Error: no such instruction: `sha256msg1 %xmm4,%xmm3' sha256-compress-2.s:225: Error: no such instruction: `sha256rnds2 %xmm5,%xmm6' sha256-compress-2.s:227: Error: no such instruction: `sha256rnds2 %xmm6,%xmm5' sha256-compress-2.s:231: Error: no such instruction: `sha256msg2 %xmm1,%xmm2' sha256-compress-2.s:232: Error: no such instruction: `sha256msg1 %xmm1,%xmm4' sha256-compress-2.s:237: Error: no such instruction: `sha256rnds2 %xmm5,%xmm6' sha256-compress-2.s:239: Error: no such instruction: `sha256rnds2 %xmm6,%xmm5' sha256-compress-2.s:243: Error: no such instruction: `sha256msg2 %xmm2,%xmm3' sha256-compress-2.s:247: Error: no such instruction: `sha256rnds2 %xmm5,%xmm6' sha256-compress-2.s:249: Error: no such instruction: `sha256rnds2 %xmm6,%xmm5' sha256-compress-2.s:253: Error: no such instruction: `sha256msg2 %xmm3,%xmm4' sha256-compress-2.s:257: Error: no such instruction: `sha256rnds2 %xmm5,%xmm6' sha256-compress-2.s:259: Error: no such instruction: `sha256rnds2 %xmm6,%xmm5' no such instruction: `sha1rnds4 $1,%xmm6,%xmm4' sha1-compress-2.s:149: Error: no such instruction: `sha1msg1 %xmm1,%xmm0' sha1-compress-2.s:154: Error: no such instruction: `sha1nexte %xmm2,%xmm5' sha1-compress-2.s:156: Error: no such instruction: `sha1msg2 %xmm2,%xmm3' sha1-compress-2.s:157: Error: no such instruction: `sha1rnds4 $2,%xmm5,%xmm4' sha1-compress-2.s:158: Error: no such instruction: `sha1msg1 %xmm2,%xmm1' sha1-compress-2.s:162: Error: no such instruction: `sha1nexte %xmm3,%xmm6' sha1-compress-2.s:164: Error: no such instruction: `sha1msg2 %xmm3,%xmm0' sha1-compress-2.s:165: Error: no such instruction: `sha1rnds4 $2,%xmm6,%xmm4' sha1-compress-2.s:166: Error: no such instruction: `sha1msg1 %xmm3,%xmm2' sha1-compress-2.s:170: Error: no such instruction: `sha1nexte %xmm0,%xmm5' sha1-compress-2.s:172: Error: no such instruction: `sha1msg2 %xmm0,%xmm1' sha1-compress-2.s:173: Error: no such instruction: `sha1rnds4 $2,%xmm5,%xmm4' sha1-compress-2.s:174: Error: no such instruction: `sha1msg1 %xmm0,%xmm3' sha1-compress-2.s:178: Error: no such instruction: `sha1nexte %xmm1,%xmm6' sha1-compress-2.s:180: Error: no such instruction: `sha1msg2 %xmm1,%xmm2' sha1-compress-2.s:181: Error: no such instruction: `sha1rnds4 $2,%xmm6,%xmm4' sha1-compress-2.s:182: Error: no such instruction: `sha1msg1 %xmm1,%xmm0' sha1-compress-2.s:186: Error: no such instruction: `sha1nexte %xmm2,%xmm5' sha1-compress-2.s:188: Error: no such instruction: `sha1msg2 %xmm2,%xmm3' sha1-compress-2.s:189: Error: no such instruction: `sha1rnds4 $2,%xmm5,%xmm4' sha1-compress-2.s:190: Error: no such instruction: `sha1msg1 %xmm2,%xmm1' sha1-compress-2.s:195: Error: no such instruction: `sha1nexte %xmm3,%xmm6' sha1-compress-2.s:197: Error: no such instruction: `sha1msg2 %xmm3,%xmm0' sha1-compress-2.s:198: Error: no such instruction: `sha1rnds4 $3,%xmm6,%xmm4' sha1-compress-2.s:199: Error: no such instruction: `sha1msg1 %xmm3,%xmm2' sha1-compress-2.s:203: Error: no such instruction: `sha1nexte %xmm0,%xmm5' sha1-compress-2.s:205: Error: no such instruction: `sha1msg2 %xmm0,%xmm1' sha1-compress-2.s:206: Error: no such instruction: `sha1rnds4 $3,%xmm5,%xmm4' sha1-compress-2.s:207: Error: no such instruction: `sha1msg1 %xmm0,%xmm3' sha1-compress-2.s:211: Error: no such instruction: `sha1nexte %xmm1,%xmm6' sha1-compress-2.s:213: Error: no such instruction: `sha1msg2 %xmm1,%xmm2' sha1-compress-2.s:214: Error: no such instruction: `sha1rnds4 $3,%xmm6,%xmm4' sha1-compress-2.s:217: Error: no such instruction: `sha1nexte %xmm2,%xmm5' sha1-compress-2.s:219: Error: no such instruction: `sha1msg2 %xmm2,%xmm3' sha1-compress-2.s:220: Error: no such instruction: `sha1rnds4 $3,%xmm5,%xmm4' sha1-compress-2.s:222: Error: no such instruction: `sha1nexte %xmm3,%xmm6' sha1-compress-2.s:224: Error: no such instruction: `sha1rnds4 $3,%xmm6,%xmm4' sha1-compress-2.s:226: Error: no such instruction: `sha1nexte %xmm8,%xmm5' gmake[1]: *** [sha1-compress-2.o] Error 1 gmake[1]: *** Waiting for unfinished jobs.... Jeff [View Less]

2 6

Status update
by nisse＠lysator.liu.se 07 Mar '21

07 Mar '21

I've haven't had much hacking time since the 3.7.1 bug fix rel1ease. I'm aware of the following recent issues that need review/work: 1. New Arm64 code (don't recall current status off the top of my head). 2. s390x testing. I'd prefer to not run a git checkout on the s390x test machine, but have the ci job make a tarball, ssh it over to the test machine, unpack in a fresh directory for build and test. This needs to be in place before adding s390x specific code. When done, could … [View More]

3 6

ANNOUNCE: Nettle-3.7.1
by nisse＠lysator.liu.se 17 Feb '21

17 Feb '21

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I'd like to announce a new release of GNU Nettle, a low-level cryptographics library. This release fixes a few problem in Nettle-3.7, in particular, a bug affecting GnuTLS on powerpc64 platforms. See NEWS entries below. The Nettle home page can be found at https://www.lysator.liu.se/~nisse/nettle/, and the manual at https://www.lysator.liu.se/~nisse/nettle/nettle.html. The release can be downloaded from https://ftp.gnu.org/gnu/nettle/nettle-… [View More]3.7.1.tar.gz ftp://ftp.gnu.org/gnu/nettle/nettle-3.7.1.tar.gz https://www.lysator.liu.se/~nisse/archive/nettle-3.7.1.tar.gz Happy hacking, /Niels Möller NEWS for the Nettle 3.7.1 release This is primarily a bug fix release, fixing a couple of problems found in Nettle-3.7. The new version is intended to be fully source and binary compatible with Nettle-3.6. The shared library names are libnettle.so.8.2 and libhogweed.so.6.2, with sonames libnettle.so.8 and libhogweed.so.6. Bug fixes: * Fix bug in chacha counter update logic. The problem affected ppc64 and ppc64el, with the new altivec assembly code enabled. Reported by Andreas Metzler, after breakage in GnuTLS tests on ppc64. * Support for big-endian ARM platforms has been restored. Fixes contributed by Michael Weiser. * Fix build problem on OpenBSD/powerpc64, reported by Jasper Lievisse Adriaanse. * Fix corner case bug in ECDSA verify, it would produce incorrect result in the unlikely case of an all-zero message hash. Reported by Guido Vranken. New features: * Support for pbkdf2_hmac_sha384 and pbkdf2_hmac_sha512, contributed by Nicolas Mora. Miscellaneous: * Poorly performing ARM Neon code for doing single-block Salsa20 and Chacha has been deleted. The code to do two or three blocks in parallel, introduced in Nettle-3.7, is unchanged. - -- Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677. Internet email is subject to wholesale government surveillance. -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEy0li0HDXfX/Li6Nicdjx/zaMZncFAmAtgJMACgkQcdjx/zaM ZnfTEQf+KdzEoCkSHZfOFQ9qreKfY4ZVzxO3Nbh8wBiQYbueUw2X9kNxh+ErL4M7 FL2ovRbE3vLsWft5Y+rWg7wmDPUCwOdVsovURwENB6l+kbynksG+DWhIfg6hcjQ4 qqlhSArW/2UtIlswMj1hfh/g//aUDl0gigZX0C1LmCIlr4IzZvmMk5+9ZsR+9cXT +R/gdh2Hxw/DzMT8yB/J5wP5/5IzA5xkV2LhBKqS538bFEVsE7t+DInEjoUYhmtv st5VuyUxstKxqtp6RB+RfVcWDwpyyMi6/wn8fKfv5UkdVVgOHsXwY2Ls2YG6oKvs XswtEhTV17sYMTlVNtLKm8vOLnLYPA== =E0qp -----END PGP SIGNATURE----- [View Less]

1 0

Arcfour status
by nisse＠lysator.liu.se 14 Feb '21

14 Feb '21

I've had a report (from Matthew Kempe) about another problem with the openssl benchmarking code. It fails on FreeBSD, because there (and possible in other environments too) openssl has been configured without RC4 (aka arcfour) support. I'm considering just deleting code to benchmark openssl arcfour; I don't plan any improvements of Nettle's arcfour performance, and I would be surprised if the openssl people do. I do intend to keep arcfour support in Nettle for the foreseeable future, to … [View More]

2 1

GnuTLS testsuite error on ppc64 after nettle upgrade
by Andreas Metzler 10 Feb '21

10 Feb '21

Hello, Upgrading nettle from 3.6 to 3.7 triggers a GnuTLS 3.7.0 testsuite error on both ppc64 and ppc64el: (sid_ppc64el-dchroot)ametzler@plummer:~/GNUTLS/gnutls28-3.7.0/b4deb/tests$ ./min i-record-2 testing aes-cbc testing aes-cbc-sha256 testing aes-gcm testing aes-ccm testing aes-ccm-8 testing null-sha1 testing arcfour-sha1 testing arcfour-md5 testing chacha20-poly1305 testing tls13-chacha20-poly1305 server:330: client: Error: An unexpected TLS packet was received. Running the same binary … [View More]

4 10

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

nettle-bugs February 2021