algorithms: compile out GOST algorithm IDs if they are disabled

When compiled with --disable-gost, gnutls-cli --list still prints GOST
algorithms for public key systems and signatures.  This change adds
compile time checks to suppress them.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

diff --git a/lib/algorithms/ciphers.c b/lib/algorithms/ciphers.c
index 0ffa1f651fe45aa83de4b608c397c9ecc0791c1a..ca00cfb5a688798b08ab88214839bf651e8d54fc 100644 (file)
--- a/lib/algorithms/ciphers.c
+++ b/lib/algorithms/ciphers.c
@@ -208,6 +208,7 @@ static const cipher_entry_st algorithms[] = {
          .explicit_iv = 8,
          .cipher_iv = 12,
          .tagsize = 16},
+#ifdef ENABLE_GOST
        { .name = "GOST28147-TC26Z-CFB",
          .id = GNUTLS_CIPHER_GOST28147_TC26Z_CFB,
          .blocksize = 8,
@@ -243,7 +244,7 @@ static const cipher_entry_st algorithms[] = {
          .type = CIPHER_STREAM,
          .implicit_iv = 8,
          .cipher_iv = 8},
-
+#endif
        { .name = "AES-128-CFB8",
          .id = GNUTLS_CIPHER_AES_128_CFB8,
          .blocksize = 16,
@@ -297,6 +298,7 @@ static const cipher_entry_st algorithms[] = {
          .cipher_iv = 16,
          .flags = GNUTLS_CIPHER_FLAG_ONLY_AEAD,
          .tagsize = 16},
+#ifdef ENABLE_GOST
        { .name = "GOST28147-TC26Z-CNT",
          .id = GNUTLS_CIPHER_GOST28147_TC26Z_CNT,
          .blocksize = 8,
@@ -318,6 +320,7 @@ static const cipher_entry_st algorithms[] = {
          .type = CIPHER_STREAM,
          .implicit_iv = 8,
          .cipher_iv = 16},
+#endif
        { .name = "3DES-CBC",
          .id = GNUTLS_CIPHER_3DES_CBC,
          .blocksize = 8,

diff --git a/lib/algorithms/mac.c b/lib/algorithms/mac.c
index a2c66e76bbaffdaa3d5c34ca79f3a02f670e2401..41904cad33eab8a2f5dd2df8acf2440835d1f1b4 100644 (file)
--- a/lib/algorithms/mac.c
+++ b/lib/algorithms/mac.c
@@ -134,6 +134,7 @@ mac_entry_st hash_algorithms[] = {
         .key_size = 20,
         .block_size = 64
        },
+#ifdef ENABLE_GOST
        {.name = "GOSTR341194",
         .oid = HASH_OID_GOST_R_3411_94,
         .mac_oid = MAC_OID_GOST_R_3411_94,
@@ -157,6 +158,7 @@ mac_entry_st hash_algorithms[] = {
         .output_size = 64,
         .key_size = 64,
         .block_size = 64},
+#endif
        {.name = "AES-CMAC-128",
         .id = GNUTLS_MAC_AES_CMAC_128,
         .output_size = 16,
@@ -180,12 +182,14 @@ mac_entry_st hash_algorithms[] = {
         .output_size = 16,
         .key_size = 32,
         .nonce_size = 12},
+#ifdef ENABLE_GOST
        {.name = "GOST28147-TC26Z-IMIT",
         .id = GNUTLS_MAC_GOST28147_TC26Z_IMIT,
         .output_size = 4,
         .key_size = 32,
         .block_size = 8,
         .flags = GNUTLS_MAC_FLAG_CONTINUOUS_MAC},
+#endif
        {.name = "SHAKE-128",
         .oid = HASH_OID_SHAKE_128,
         .id = GNUTLS_MAC_SHAKE_128,
@@ -194,6 +198,7 @@ mac_entry_st hash_algorithms[] = {
         .oid = HASH_OID_SHAKE_256,
         .id = GNUTLS_MAC_SHAKE_256,
         .block_size = 136},
+#ifdef ENABLE_GOST
        {.name = "OMAC-MAGMA",
         .id = GNUTLS_MAC_MAGMA_OMAC,
         .output_size = 8,
@@ -204,6 +209,7 @@ mac_entry_st hash_algorithms[] = {
         .output_size = 16,
         .key_size = 32,
         .block_size = 16},
+#endif
        {.name = "MAC-NULL",
         .id = GNUTLS_MAC_NULL},
        {0, 0, 0, 0, 0, 0, 0, 0, 0}

diff --git a/lib/algorithms/publickey.c b/lib/algorithms/publickey.c
index b4cd6b1df0b3d8886ac413f3dffeeedb88e99f66..b20280c3580e29341764c971835ef50cff7b3618 100644 (file)
--- a/lib/algorithms/publickey.c
+++ b/lib/algorithms/publickey.c
@@ -130,6 +130,7 @@ static const gnutls_pk_entry pk_algorithms[] = {
           .curve = GNUTLS_ECC_CURVE_INVALID }, /* some other broken certificates set RSA with SHA1 as an indicator of RSA */
        { .name = "DSA", .oid = PK_DSA_OID, .id = GNUTLS_PK_DSA,
           .curve = GNUTLS_ECC_CURVE_INVALID },
+#ifdef ENABLE_GOST
        { .name = "GOST R 34.10-2012-512", .oid = PK_GOST_R3410_2012_512_OID, .id = GNUTLS_PK_GOST_12_512,
           .curve = GNUTLS_ECC_CURVE_INVALID },
        { .name = "GOST R 34.10-2012-256", .oid = PK_GOST_R3410_2012_256_OID, .id = GNUTLS_PK_GOST_12_256,
@@ -138,6 +139,7 @@ static const gnutls_pk_entry pk_algorithms[] = {
           .curve = GNUTLS_ECC_CURVE_INVALID },
        { .name = "GOST R 34.10-94", .oid = PK_GOST_R3410_94_OID, .id = GNUTLS_PK_UNKNOWN,
           .curve = GNUTLS_ECC_CURVE_INVALID },
+#endif
        { .name = "EC/ECDSA", .oid = "1.2.840.10045.2.1", .id = GNUTLS_PK_ECDSA,
           .curve = GNUTLS_ECC_CURVE_INVALID },
        { .name = "EdDSA (Ed25519)", .oid = SIG_EDDSA_SHA512_OID, .id = GNUTLS_PK_EDDSA_ED25519, 

diff --git a/lib/algorithms/sign.c b/lib/algorithms/sign.c
index 543bd19bb5c9f63c2d4e98e1a2960b16e963ed0a..1f419b38a1f7f9a49906df88b6f58d175d1ad2eb 100644 (file)
--- a/lib/algorithms/sign.c
+++ b/lib/algorithms/sign.c
@@ -359,6 +359,7 @@ gnutls_sign_entry_st sign_algorithms[] = {
         .pk = GNUTLS_PK_EC,
         .hash = GNUTLS_DIG_SHA224,
         .aid = TLS_SIGN_AID_UNKNOWN},
+#ifdef ENABLE_GOST
        /* GOST R 34.10-2012-512 */
        {.name = "GOSTR341012-512",
         .oid = SIG_GOST_R3410_2012_512_OID,
@@ -390,6 +391,7 @@ gnutls_sign_entry_st sign_algorithms[] = {
         .pk = 0,
         .hash = 0,
         .aid = TLS_SIGN_AID_UNKNOWN},
+#endif
        {.name = "DSA-SHA384",
         .oid = SIG_DSA_SHA384_OID,
         .id = GNUTLS_SIGN_DSA_SHA384,