nettle: support truncated authentication tag in Nettle 4 build

Reported by Joshua Rogers.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c
index da583c5f6d57f687614e2397532f607b3e8b5046..08a8dbfbfa950ebdce5da4a98bf702a4f59c830c 100644 (file)
--- a/lib/nettle/cipher.c
+++ b/lib/nettle/cipher.c
@@ -1441,6 +1441,7 @@ static int wrap_nettle_cipher_aead_encrypt(void *_ctx, const void *nonce,
 
        if (ctx->cipher->aead_encrypt == NULL) {
                /* proper AEAD cipher */
+               uint8_t tag[MAX_HASH_SIZE];
                unsigned max_iv;
 
                if (encr_size < plain_size + tag_size)
@@ -1459,11 +1460,11 @@ static int wrap_nettle_cipher_aead_encrypt(void *_ctx, const void *nonce,
                ctx->cipher->encrypt(ctx, plain_size, encr, plain);
 
 #if NETTLE_VERSION_MAJOR >= 4
-               ctx->cipher->tag(ctx->ctx_ptr, ((uint8_t *)encr) + plain_size);
+               ctx->cipher->tag(ctx->ctx_ptr, tag);
 #else
-               ctx->cipher->tag(ctx->ctx_ptr, tag_size,
-                                ((uint8_t *)encr) + plain_size);
+               ctx->cipher->tag(ctx->ctx_ptr, tag_size, tag);
 #endif
+               memcpy(((uint8_t *)encr) + plain_size, tag, tag_size);
        } else {
                /* CCM-style cipher */
 
@@ -1614,12 +1615,14 @@ static int wrap_nettle_cipher_auth(void *_ctx, const void *plain,
 static void wrap_nettle_cipher_tag(void *_ctx, void *tag, size_t tag_size)
 {
        struct nettle_cipher_ctx *ctx = _ctx;
+       uint8_t buf[MAX_HASH_SIZE];
 
 #if NETTLE_VERSION_MAJOR >= 4
-       ctx->cipher->tag(ctx->ctx_ptr, tag);
+       ctx->cipher->tag(ctx->ctx_ptr, buf);
 #else
-       ctx->cipher->tag(ctx->ctx_ptr, tag_size, tag);
+       ctx->cipher->tag(ctx->ctx_ptr, tag_size, buf);
 #endif
+       memcpy(tag, buf, tag_size);
 }
 
 static void wrap_nettle_cipher_close(void *_ctx)