[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Sun, 19 Nov 2017 15:08:02 +0100
Gnus/5.13 (Gnus v5.13) Emacs/25.3 (berkeley-unix)
I'm happy to announce a new release of GNU Nettle, a low-level
cryptographics library. This release includes a couple of bugfixes and
new features. Next release is likely to break ABI compatibility, to make
that transition easier, applications are encourraged to adopt the new
accessor functions introduced in this release.
The Nettle home page can be found at
https://www.lysator.liu.se/~nisse/nettle/, and the manual at
The release can be downloaded from
NEWS for the Nettle 3.4 release
This release fixes bugs and adds a few new features. It also
addresses an ABI compatibility issue affecting Nettle-3.1 and
later, see below.
* Fixed an improper use of GMP mpn_mul, breaking curve2559 and
eddsa on certain platforms. Reported by Sergei Trofimovich.
* Fixed memory leak when handling invalid signatures in
ecdsa_verify. Fix contributed by Nikos Mavrogiannopoulos.
* Fix compilation error with --enable-fat om ARM. Fix
contributed by Andreas Schneider.
* Reorganized the way certain data items are made available.
Short version: Nettle header files now define the symbols
nettle_hashes, nettle_ciphers, and nettle_aeads, as
preprocessor macros invoking a corresponding accessor
function. For backwards ABI compatibility, the symbols are
still present in the compiled libraries, and with the same
sizes as in nettle-3.3.
* Support for RSA-PSS signatures, contributed by Daiki Ueno.
* Support for the HKDF key derivation function, defined by RFC
5869. Contributed by Nikos Mavrogiannopoulos.
* Support for the Cipher Feedback Mode (CFB), contributed by
* New accessor functions: nettle_get_hashes,
nettle_get_ciphers, nettle_get_aeads, nettle_get_secp_192r1,
For source-level compatibility with future versions,
applications are encouraged to migrate to using these
functions instead of referring to the corresponding data
* The base16 and base64 functions now use the type char * for
ascii data, rather than uint8_t *. This eliminates the last
pointer-signedness warnings when building Nettle. This is a
minor API change, and applications may need to be adjusted,
but the ABI is unaffected on all platforms I'm aware of.
* The contents of the header file nettle/version.h is now
architecture independent, except in --enable-mini-gmp
Since the breakage was a bit subtle, let me document it
here. The nettle and hogweed libraries export a couple of
data symbols, and for some of these, the size was never
intended to be part of the ABI. E.g.,
extern const struct nettle_hash * const nettle_hashes;
which is an NULL-terminated array.
It turns out the sizes nevertheless may leak into the ABI, and
that increasing the sizes can break old executables linked
with a newer version of the library.
When linking a classic non-PIE executable with a shared
library, we get ELF relocations of type R_X86_64_COPY for
references to data items. These mean that the linker allocates
space for the data item in the data segment of executable, at
a fixed address determined at link-time, and with size
extracted from the version of the .so-file seen when linking.
At load time, the run time linker then copies the contents of
the symbol from the .so file to that location, and uses the
copy instead of the version loaded with the .so-file. And if
the data item in the .so file used at load time is larger than
the data item seen at link time, it is silently truncated in
So when SHA3 hashes were was added to the nettle_hashes array
in the nettle-3.3 release, this way of linking produces a
truncated array at load time, no longer NULL-terminated.
We will get similar problems for planned extensions of the
internal struct ecc_curve, and exported data items like
extern const struct ecc_curve nettle_secp_256r1;
where the ecc_curve struct is only forward declared in the
public headers. To prepare, applications should migrate to
using the new function nettle_get_secp_256r1, and similarly
for the other curves.
In some future version, the plan is to add a leading
underscore to the name of the actual data items. E.g.,
nettle_hashes --> _nettle_hashes, breaking the ABI, while
keeping the nettle_get_hashes function and the nettle_hashes
macro as the supported ways to access it. We will also
rename nettle_secp_256r1 --> _nettle_secp_256r1, breaking
both ABI and API.
Note that data items like nettle_sha256 are *not* affected,
since the size and layout of this struct is considered part
of the ABI, and R_X86_64_COPY-relocations then work fine.
The shared library names are libnettle.so.6.4 and
libhogweed.so.4.4, with sonames still libnettle.so.6 and
libhogweed.so.4. It is intended to be fully binary compatible
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
Description: PGP signature
|[Prev in Thread]
||[Next in Thread]|
- ANNOUNCE: Nettle-3.4,
Niels Möller <=