Nikos Mavrogiannopoulos n.mavrogiannopoulos@gmail.com writes:
I think the best approach is not to export such functions at all if they are not intended to be used.
I can understand that point of view, but it's not going to happen to Nettle any time soon.
Breaking the ABI it for a security fix is not that nice.
It's possible to do a "security fix-only" release which only enables crt hardening for rsa_pkcs1_sign_tr (basically, your patch from a few weeks ago). Do you think that is motivated? In that case, I agree that we shouldn't make any incompatible changes to internal but visible functions.
My plan has been to *not* do any bug-fix-only relase, but do do a new regular release reasonably soon, including the crt-related improvements, the updated sha3, and possibly some other minor improvements.
As for _rsa_blind, my thinking is that it's a bit bad to change it's behaviour not because it will break applications that misuse internal functions, but because it might break such applications in unovious ways. So I'm now leaning towards simply removing those functions (making them static), which should offending applications fail obviously, with a link failure.
We made similar changes fairly recently (pkcs1_signature_prefix, dropped in the 2.5 release three years ago), and as far as I remember, there were no big problems with that.
Regards, /Niels