On Thu, 2017-09-28 at 21:48 +0200, Niels Möller wrote:
There are several unfinished projects, curve448, gost cryptos, skein,...
But there are also a few new features completed since the nettle-3.3 release: rsa-pss, and hkdf. And a couple of bugfixes. And we have the ABI problems which are only half way fixed, and which I think are pretty important.
So I'm thinking, maybe we should try to fix the ABI issue and get in shape for release, and not try to get more new features in 3.4?
The existing code in nettle seems to be sufficient for a TLS-1.3 release of gnutls. There is already a merge request which can use the GOST code, and ed/x448 would be nice to have.
To get minimal ABI breakage, I also suspect we would need a release branch where I revert recent changes that grow the size of struct ecc_curve; my idea is to introduce functions returning pointers to the instances of this struct. But as long as applications are using the data symbols directly as advertised in ecc-curves.h, executables with R_X86_64_COPY relocations will break, in the same way as arrays like nettle_hashes.
I agree that this is the most important to address. I don't think I have any good suggestion in addressing that.
See https://www.lysator.liu.se/~nisse/nettle/plan.html for current list.
(it seems to have a typo and list plan for 3.3)
armv8-linux-gnu (qemu) x86_64-freebsd
I have already two such systems for gnutls' CI. I could send a patch on .gitlab-ci.yml for nettle to run there too.
regards, Nikos