#include <nettle/sha2.h>
#include <nettle/macros.h>
#include <nettle/nettle-meta.h>
+#include <nettle/version.h>
#include "sha-aarch64.h"
#include "aarch64-common.h"
if (digestsize < ctx->length)
return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+#if NETTLE_VERSION_MAJOR >= 4
+ if (digestsize != ctx->length) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ ctx->digest(ctx->ctx_ptr, digest);
+#else
ctx->digest(ctx->ctx_ptr, digestsize, digest);
+#endif
return 0;
}
return gnutls_assert_val(ret);
ctx.update(&ctx, text_size, text);
+#if NETTLE_VERSION_MAJOR >= 4
+ ctx.digest(&ctx, digest);
+#else
ctx.digest(&ctx, ctx.length, digest);
+#endif
+ zeroize_key(&ctx, sizeof(ctx));
return 0;
}
#include <nettle/sha2.h>
#include <nettle/hmac.h>
#include <nettle/macros.h>
+#include <nettle/version.h>
#include "aes-padlock.h"
#include <assert.h>
#include "sha-padlock.h"
}
}
-static void padlock_sha1_digest(struct sha1_ctx *ctx, size_t length,
- uint8_t *digest)
+static void _padlock_sha1_digest(struct sha1_ctx *ctx, size_t length,
+ uint8_t *digest)
{
uint64_t bit_count;
_nettle_write_be32(length, digest, ctx->state);
}
-static void padlock_sha256_digest(struct sha256_ctx *ctx, size_t length,
- uint8_t *digest)
+static void _padlock_sha256_digest(struct sha256_ctx *ctx, size_t length,
+ uint8_t *digest)
{
uint64_t bit_count;
_nettle_write_be32(length, digest, ctx->state);
}
-static void padlock_sha512_digest(struct sha512_ctx *ctx, size_t length,
- uint8_t *digest)
+static void _padlock_sha512_digest(struct sha512_ctx *ctx, size_t length,
+ uint8_t *digest)
{
uint64_t high, low;
}
}
+#if NETTLE_VERSION_MAJOR >= 4
+static void padlock_sha1_digest(struct sha1_ctx *ctx, uint8_t *digest)
+{
+ _padlock_sha1_digest(ctx, SHA1_DIGEST_SIZE, digest);
+}
+static void padlock_sha256_digest(struct sha256_ctx *ctx, uint8_t *digest)
+{
+ _padlock_sha256_digest(ctx, SHA256_DIGEST_SIZE, digest);
+}
+static void padlock_sha512_digest(struct sha512_ctx *ctx, uint8_t *digest)
+{
+ _padlock_sha512_digest(ctx, SHA512_DIGEST_SIZE, digest);
+}
+#else
+#define padlock_sha1_digest _padlock_sha1_digest
+#define padlock_sha256_digest _padlock_sha256_digest
+#define padlock_sha512_digest _padlock_sha512_digest
+#endif
+
static int _ctx_init(gnutls_digest_algorithm_t algo,
struct padlock_hash_ctx *ctx)
{
if (digestsize < ctx->length)
return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+#if NETTLE_VERSION_MAJOR >= 4
+ if (digestsize != ctx->length) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ ctx->digest(ctx->ctx_ptr, digest);
+#else
ctx->digest(ctx->ctx_ptr, digestsize, digest);
+#endif
ctx->init(ctx->ctx_ptr);
#include <nettle/sha2.h>
#include <nettle/macros.h>
#include <nettle/nettle-meta.h>
+#include <nettle/version.h>
#include "sha-x86.h"
#include "x86-common.h"
if (digestsize < ctx->length)
return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+#if NETTLE_VERSION_MAJOR >= 4
+ if (digestsize != ctx->length) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ ctx->digest(ctx->ctx_ptr, digest);
+#else
ctx->digest(ctx->ctx_ptr, digestsize, digest);
+#endif
return 0;
}
return gnutls_assert_val(ret);
ctx.update(&ctx, text_size, text);
+#if NETTLE_VERSION_MAJOR >= 4
+ ctx.digest(&ctx, digest);
+#else
ctx.digest(&ctx, ctx.length, digest);
+#endif
+ zeroize_key(&ctx, sizeof(ctx));
return 0;
}
CMAC128_UPDATE(ctx, kuznyechik_encrypt, length, data);
}
+#if NETTLE_VERSION_MAJOR >= 4
+void cmac_kuznyechik_digest(struct cmac_kuznyechik_ctx *ctx, uint8_t *digest)
+{
+ CMAC128_DIGEST(ctx, kuznyechik_encrypt, digest);
+}
+#else
void cmac_kuznyechik_digest(struct cmac_kuznyechik_ctx *ctx, size_t length,
uint8_t *digest)
{
CMAC128_DIGEST(ctx, kuznyechik_encrypt, length, digest);
}
#endif
+
+#endif
CMAC64_UPDATE(ctx, magma_encrypt, length, data);
}
+#if NETTLE_VERSION_MAJOR >= 4
+void cmac_magma_digest(struct cmac_magma_ctx *ctx, uint8_t *digest)
+{
+ CMAC64_DIGEST(ctx, magma_encrypt, digest);
+}
+#else
void cmac_magma_digest(struct cmac_magma_ctx *ctx, size_t length,
uint8_t *digest)
{
CMAC64_DIGEST(ctx, magma_encrypt, length, digest);
}
#endif
+
+#endif
#ifndef HAVE_NETTLE_CMAC_MAGMA_UPDATE
#include "magma.h"
+#include <nettle/version.h>
+
#ifdef __cplusplus
extern "C" {
#endif
void cmac_magma_update(struct cmac_magma_ctx *ctx, size_t length,
const uint8_t *data);
+#if NETTLE_VERSION_MAJOR >= 4
+void cmac_magma_digest(struct cmac_magma_ctx *ctx, uint8_t *digest);
+#else
void cmac_magma_digest(struct cmac_magma_ctx *ctx, size_t length,
uint8_t *digest);
+#endif
#ifdef __cplusplus
}
void cmac_kuznyechik_update(struct cmac_kuznyechik_ctx *ctx, size_t length,
const uint8_t *data);
+#if NETTLE_VERSION_MAJOR >= 4
+void cmac_kuznyechik_digest(struct cmac_kuznyechik_ctx *ctx, uint8_t *digest);
+#else
void cmac_kuznyechik_digest(struct cmac_kuznyechik_ctx *ctx, size_t length,
uint8_t *digest);
+#endif
#ifdef __cplusplus
}
gost28147_imit_set_param(&ictx, param);
gost28147_imit_set_nonce(&ictx, ukm);
gost28147_imit_update(&ictx, GOST28147_KEY_SIZE, cek);
+#if NETTLE_VERSION_MAJOR >= 4
+ gost28147_imit_digest(&ictx, imit);
+#else
gost28147_imit_digest(&ictx, GOST28147_IMIT_DIGEST_SIZE, imit);
+#endif
}
int gost28147_key_unwrap_cryptopro(const struct gost28147_param *param,
gost28147_imit_set_param(&ictx, param);
gost28147_imit_set_nonce(&ictx, ukm);
gost28147_imit_update(&ictx, GOST28147_KEY_SIZE, cek);
+#if NETTLE_VERSION_MAJOR >= 4
+ gost28147_imit_digest(&ictx, mac);
+#else
gost28147_imit_digest(&ictx, GOST28147_IMIT_DIGEST_SIZE, mac);
+#endif
return memeql_sec(mac, imit, GOST28147_IMIT_DIGEST_SIZE);
}
MD_UPDATE(ctx, length, data, gost28147_imit_compress, ctx->count++);
}
-void gost28147_imit_digest(struct gost28147_imit_ctx *ctx, size_t length,
- uint8_t *digest)
+static void _gost28147_imit_digest(struct gost28147_imit_ctx *ctx,
+ size_t length, uint8_t *digest)
{
assert(length <= GOST28147_IMIT_DIGEST_SIZE);
const uint8_t zero[GOST28147_IMIT_BLOCK_SIZE] = { 0 };
_nettle_write_le32(length, digest, ctx->state);
_gost28147_imit_reinit(ctx);
}
+
+#if NETTLE_VERSION_MAJOR >= 4
+void gost28147_imit_digest(struct gost28147_imit_ctx *ctx, uint8_t *digest)
+{
+ _gost28147_imit_digest(ctx, GOST28147_IMIT_DIGEST_SIZE, digest);
+}
+#else
+void gost28147_imit_digest(struct gost28147_imit_ctx *ctx, size_t length,
+ uint8_t *digest)
+{
+ _gost28147_imit_digest(ctx, length, digest);
+}
+#endif
+
#endif
#ifndef HAVE_NETTLE_GOST28147_SET_KEY
#include <nettle/nettle-types.h>
+#include <nettle/version.h>
#ifdef __cplusplus
extern "C" {
void gost28147_imit_update(struct gost28147_imit_ctx *ctx, size_t length,
const uint8_t *data);
+#if NETTLE_VERSION_MAJOR >= 4
+void gost28147_imit_digest(struct gost28147_imit_ctx *ctx, uint8_t *digest);
+#else
void gost28147_imit_digest(struct gost28147_imit_ctx *ctx, size_t length,
uint8_t *digest);
+#endif
#ifdef __cplusplus
}
#include "gost/cmac.h"
#endif
#include <nettle/gcm.h>
+#include <nettle/version.h>
+
+#if NETTLE_VERSION_MAJOR < 4
+typedef void nettle_output_func(void *ctx, size_t length, uint8_t *dst);
+#endif
/* Can't use nettle_set_key_func as it doesn't have the second argument */
typedef void (*set_key_func)(void *, size_t, const uint8_t *);
size_t length;
nettle_hash_update_func *update;
nettle_hash_digest_func *digest;
+ nettle_output_func *output;
nettle_hash_init_func *init;
finished_func finished;
};
ctx->pos = length;
}
+#if NETTLE_VERSION_MAJOR >= 4
+static void _wrap_gmac_digest(void *_ctx, uint8_t *digest)
+{
+ struct gmac_ctx *ctx = _ctx;
+
+ if (ctx->pos)
+ gcm_update(&ctx->ctx, &ctx->key, ctx->pos, ctx->buffer);
+
+ gcm_digest(&ctx->ctx, &ctx->key, &ctx->cipher, ctx->encrypt, digest);
+
+ ctx->pos = 0;
+}
+#else
static void _wrap_gmac_digest(void *_ctx, size_t length, uint8_t *digest)
{
struct gmac_ctx *ctx = _ctx;
if (ctx->pos)
gcm_update(&ctx->ctx, &ctx->key, ctx->pos, ctx->buffer);
+
gcm_digest(&ctx->ctx, &ctx->key, &ctx->cipher, ctx->encrypt, length,
digest);
+
ctx->pos = 0;
}
+#endif
static int _mac_ctx_init(gnutls_mac_algorithm_t algo,
struct nettle_mac_ctx *ctx)
ctx.set_nonce(&ctx, nonce_size, nonce);
}
ctx.update(&ctx, text_size, text);
+#if NETTLE_VERSION_MAJOR >= 4
+ ctx.digest(&ctx, digest);
+#else
ctx.digest(&ctx, ctx.length, digest);
+#endif
zeroize_key(&ctx, sizeof(ctx));
static int wrap_nettle_mac_output(void *src_ctx, void *digest,
size_t digestsize)
{
- struct nettle_mac_ctx *ctx;
- ctx = src_ctx;
+ struct nettle_mac_ctx *ctx = src_ctx;
if (digestsize < ctx->length) {
gnutls_assert();
return GNUTLS_E_SHORT_MEMORY_BUFFER;
}
+#if NETTLE_VERSION_MAJOR >= 4
+ if (digestsize != ctx->length) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ ctx->digest(ctx->ctx_ptr, digest);
+#else
ctx->digest(ctx->ctx_ptr, digestsize, digest);
+#endif
return 0;
}
sha1_update(&ctx->sha1, len, data);
}
-static void _md5_sha1_digest(void *_ctx, size_t len, uint8_t *digest)
+#if NETTLE_VERSION_MAJOR >= 4
+static void _md5_sha1_digest(void *_ctx, uint8_t *digest)
{
struct md5_sha1_ctx *ctx = _ctx;
- md5_digest(&ctx->md5, len <= MD5_DIGEST_SIZE ? len : MD5_DIGEST_SIZE,
- digest);
+ md5_digest(&ctx->md5, digest);
+ sha1_digest(&ctx->sha1, digest + MD5_DIGEST_SIZE);
+}
+#else
+static void _md5_sha1_digest(void *_ctx, size_t len, uint8_t *digest)
+{
+ struct md5_sha1_ctx *ctx = _ctx;
- if (len > MD5_DIGEST_SIZE)
- sha1_digest(&ctx->sha1, len - MD5_DIGEST_SIZE,
- digest + MD5_DIGEST_SIZE);
+ /* The caller should be responsible for any truncation */
+ assert(len == MD5_DIGEST_SIZE + SHA1_DIGEST_SIZE);
+ md5_digest(&ctx->md5, MD5_DIGEST_SIZE, digest);
+ sha1_digest(&ctx->sha1, SHA1_DIGEST_SIZE, digest + MD5_DIGEST_SIZE);
}
+#endif
static void _md5_sha1_init(void *_ctx)
{
/* Any FIPS140-2 related enforcement is performed on
* gnutls_hash_init() and gnutls_hmac_init() */
+ ctx->output = NULL;
ctx->finished = NULL;
switch (algo) {
case GNUTLS_DIG_MD5:
case GNUTLS_DIG_SHAKE_128:
ctx->init = (nettle_hash_init_func *)sha3_128_init;
ctx->update = (nettle_hash_update_func *)sha3_128_update;
- ctx->digest = (nettle_hash_digest_func *)sha3_128_shake_output;
+ ctx->digest = NULL; /* unused */
+ ctx->output = (nettle_output_func *)sha3_128_shake_output;
ctx->finished = _wrap_sha3_128_shake_finished;
ctx->ctx_ptr = &ctx->ctx.sha3_128;
ctx->length = 0; /* unused */
case GNUTLS_DIG_SHAKE_256:
ctx->init = (nettle_hash_init_func *)sha3_256_init;
ctx->update = (nettle_hash_update_func *)sha3_256_update;
- ctx->digest = (nettle_hash_digest_func *)sha3_256_shake_output;
+ ctx->digest = NULL; /* unused */
+ ctx->output = (nettle_output_func *)sha3_256_shake_output;
ctx->finished = _wrap_sha3_256_shake_finished;
ctx->ctx_ptr = &ctx->ctx.sha3_256;
ctx->length = 0; /* unused */
if (text_size > 0) {
ctx.update(&ctx, text_size, text);
}
+ if (!ctx.digest)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+#if NETTLE_VERSION_MAJOR >= 4
+ ctx.digest(&ctx, digest);
+#else
ctx.digest(&ctx, ctx.length, digest);
+#endif
zeroize_key(&ctx, sizeof(ctx));
return 0;
return 0;
}
+ if (ctx->output) {
+ ctx->output(ctx->ctx_ptr, digestsize, digest);
+ return 0;
+ }
+
if (ctx->length > 0 && digestsize < ctx->length) {
gnutls_assert();
return GNUTLS_E_SHORT_MEMORY_BUFFER;
}
+#if NETTLE_VERSION_MAJOR >= 4
+ if (digestsize != ctx->length) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ ctx->digest(ctx->ctx_ptr, digest);
+#else
ctx->digest(ctx->ctx_ptr, digestsize, digest);
+#endif
return 0;
}
return gnutls_assert_val(ret);
ctx.set_key(&ctx, saltsize, salt);
+#if NETTLE_VERSION_MAJOR >= 4
+ hkdf_extract(&ctx.ctx, ctx.update, ctx.digest, keysize, key, output);
+#else
hkdf_extract(&ctx.ctx, ctx.update, ctx.digest, ctx.length, keysize, key,
output);
+#endif
zeroize_key(&ctx, sizeof(ctx));
return 0;
projects / thirdparty / gnutls.git / commitdiff
