[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-11-gbc3e43d
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-11-gbc3e43d |
|
Date: |
Sun, 29 Nov 2009 10:54:02 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=bc3e43d5f121e404aa32212dcfcc5027de807056
The branch, master has been updated
via bc3e43d5f121e404aa32212dcfcc5027de807056 (commit)
from 0477fd0883cbd9cd9809c3b8029ce146187b5431 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit bc3e43d5f121e404aa32212dcfcc5027de807056
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Nov 29 12:08:44 2009 +0200
Merged the two internal hash API functions, to simplify and reduce code.
gnutls_hmac* and gnutls_hash* were merged to gnutls_hash API.
-----------------------------------------------------------------------
Summary of changes:
lib/crypto-api.c | 37 ++++++
lib/crypto.c | 106 ++--------------
lib/crypto.h | 5 +-
lib/ext_session_ticket.c | 16 +-
lib/gnutls_algorithms.c | 54 ++++----
lib/gnutls_algorithms.h | 16 +-
lib/gnutls_cipher.c | 36 +++---
lib/gnutls_cipher_int.c | 2 +-
lib/gnutls_cipher_int.h | 2 +-
lib/gnutls_constate.c | 8 +-
lib/gnutls_constate.h | 4 +-
lib/gnutls_handshake.c | 16 +-
lib/gnutls_hash_int.c | 268 +++++++++++---------------------------
lib/gnutls_hash_int.h | 39 ++----
lib/gnutls_int.h | 14 +-
lib/gnutls_priority.c | 2 +-
lib/gnutls_psk_netconf.c | 6 +-
lib/gnutls_sig.c | 34 +++---
lib/gnutls_srp.c | 10 +-
lib/gnutls_state.c | 30 ++--
lib/gnutls_ui.c | 4 +-
lib/includes/gnutls/crypto.h | 47 ++++----
lib/includes/gnutls/gnutls.h.in | 51 ++++----
lib/mac-libgcrypt.c | 16 +--
lib/opencdk/dummy.c | 2 +-
lib/opencdk/filters.h | 6 +-
lib/opencdk/hash.c | 2 +-
lib/opencdk/kbnode.c | 2 +-
lib/opencdk/main.h | 12 +-
lib/opencdk/opencdk.h | 4 +-
lib/opencdk/pubkey.c | 4 +-
lib/opencdk/sig-check.c | 14 +-
lib/opencdk/verify.c | 4 +-
lib/x509/crq.c | 4 +-
lib/x509/pbkdf2-sha1.c | 4 +-
lib/x509/pkcs12.c | 16 +-
lib/x509/pkcs12_encr.c | 6 +-
lib/x509/privkey.c | 4 +-
lib/x509/sign.c | 10 +-
lib/x509/verify.c | 14 +-
lib/x509/x509.c | 6 +-
lib/x509/x509_int.h | 2 +-
libextra/fipsmd5.c | 80 ++----------
libextra/gnutls_openssl.c | 12 +-
44 files changed, 399 insertions(+), 632 deletions(-)
diff --git a/lib/crypto-api.c b/lib/crypto-api.c
index 853dbc6..4f9025a 100644
--- a/lib/crypto-api.c
+++ b/lib/crypto-api.c
@@ -59,3 +59,40 @@ gnutls_cipher_deinit (gnutls_cipher_hd_t handle)
{
return _gnutls_cipher_deinit((cipher_hd_st*)handle);
}
+
+/* HMAC */
+int
+gnutls_hash_init (gnutls_hash_hd_t * dig, gnutls_digest_algorithm_t algorithm,
+ const void *key, int keylen)
+{
+ *dig = gnutls_malloc(sizeof(hash_hd_st));
+ if (*dig == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return _gnutls_hash_init(((hash_hd_st*)*dig), algorithm, key, keylen);
+}
+
+int gnutls_hash (gnutls_hash_hd_t handle, const void *text, size_t textlen)
+{
+ return _gnutls_hash((hash_hd_st*)handle, text, textlen);
+}
+
+void
+gnutls_hash_output (gnutls_hash_hd_t handle, void *digest)
+{
+ return _gnutls_hash_output((hash_hd_st*)handle, digest);
+}
+
+void
+gnutls_hash_reset (gnutls_hash_hd_t handle)
+{
+ _gnutls_hash_reset((hash_hd_st*)handle);
+}
+
+void
+gnutls_hash_deinit (gnutls_hash_hd_t handle, void *digest)
+{
+ _gnutls_hash_deinit((hash_hd_st*)handle, digest);
+}
diff --git a/lib/crypto.c b/lib/crypto.c
index 628fc39..94fab51 100644
--- a/lib/crypto.c
+++ b/lib/crypto.c
@@ -35,7 +35,7 @@ typedef struct algo_list
{
int algorithm;
int priority;
- void *alg_data;
+ const void *alg_data;
struct algo_list *next;
} algo_list;
@@ -44,7 +44,7 @@ typedef struct algo_list
#define digest_list algo_list
static int
-_algo_register (algo_list * al, int algorithm, int priority, void *s)
+_algo_register (algo_list * al, int algorithm, int priority, const void *s)
{
algo_list *cl;
algo_list *last_cl = al;
@@ -92,7 +92,7 @@ _algo_register (algo_list * al, int algorithm, int priority,
void *s)
}
-static void *
+static const void *
_get_algo (algo_list * al, int algo)
{
cipher_list *cl;
@@ -166,7 +166,7 @@ _gnutls_crypto_deregister (void)
int
gnutls_crypto_single_cipher_register2 (gnutls_cipher_algorithm_t algorithm,
int priority, int version,
- const gnutls_crypto_single_cipher_st * s)
+ const gnutls_crypto_cipher_st * s)
{
if (version != GNUTLS_CRYPTO_API_VERSION)
{
@@ -177,7 +177,7 @@ gnutls_crypto_single_cipher_register2
(gnutls_cipher_algorithm_t algorithm,
return _algo_register (&glob_cl, algorithm, priority, s);
}
-gnutls_crypto_single_cipher_st *
+const gnutls_crypto_cipher_st *
_gnutls_get_crypto_cipher (gnutls_cipher_algorithm_t algo)
{
return _get_algo (&glob_cl, algo);
@@ -225,7 +225,7 @@ gnutls_crypto_rnd_register2 (int priority, int version,
}
/**
- * gnutls_crypto_single_mac_register2 - register a MAC algorithm
+ * gnutls_crypto_single_digest_register2 - register a MAC algorithm
* @algorithm: is the gnutls algorithm identifier
* @priority: is the priority of the algorithm
* @version: should be set to %GNUTLS_CRYPTO_API_VERSION
@@ -239,16 +239,16 @@ gnutls_crypto_rnd_register2 (int priority, int version,
* This function should be called before gnutls_global_init().
*
* For simplicity you can use the convenience
- * gnutls_crypto_single_mac_register() macro.
+ * gnutls_crypto_single_digest_register() macro.
*
* Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
*
* Since: 2.6.0
**/
int
-gnutls_crypto_single_mac_register2 (gnutls_mac_algorithm_t algorithm,
+gnutls_crypto_single_digest_register2 (gnutls_digest_algorithm_t algorithm,
int priority, int version,
- const gnutls_crypto_single_mac_st * s)
+ const gnutls_crypto_digest_st * s)
{
if (version != GNUTLS_CRYPTO_API_VERSION)
{
@@ -259,55 +259,13 @@ gnutls_crypto_single_mac_register2
(gnutls_mac_algorithm_t algorithm,
return _algo_register (&glob_ml, algorithm, priority, s);
}
-gnutls_crypto_single_mac_st *
-_gnutls_get_crypto_mac (gnutls_mac_algorithm_t algo)
+const gnutls_crypto_digest_st *
+_gnutls_get_crypto_mac (gnutls_digest_algorithm_t algo)
{
return _get_algo (&glob_ml, algo);
}
/**
- * gnutls_crypto_single_digest_register2 - register a digest algorithm
- * @algorithm: is the gnutls algorithm identifier
- * @priority: is the priority of the algorithm
- * @version: should be set to %GNUTLS_CRYPTO_API_VERSION
- * @s: is a structure holding new algorithms's data
- *
- * This function will register a digest (hash) algorithm to be used by
- * gnutls. Any algorithm registered will override the included
- * algorithms and by convention kernel implemented algorithms have
- * priority of 90. The algorithm with the lowest priority will be
- * used by gnutls.
- *
- * This function should be called before gnutls_global_init().
- *
- * For simplicity you can use the convenience
- * gnutls_crypto_single_digest_register() macro.
- *
- * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
- *
- * Since: 2.6.0
- **/
-int
-gnutls_crypto_single_digest_register2 (gnutls_digest_algorithm_t algorithm,
- int priority, int version,
- const gnutls_crypto_single_digest_st * s)
-{
- if (version != GNUTLS_CRYPTO_API_VERSION)
- {
- gnutls_assert ();
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
- }
-
- return _algo_register (&glob_dl, algorithm, priority, s);
-}
-
-gnutls_crypto_single_digest_st *
-_gnutls_get_crypto_digest (gnutls_digest_algorithm_t algo)
-{
- return _get_algo (&glob_dl, algo);
-}
-
-/**
* gnutls_crypto_bigint_register2 - register a bigint interface
* @priority: is the priority of the interface
* @version: should be set to %GNUTLS_CRYPTO_API_VERSION
@@ -459,7 +417,7 @@ gnutls_crypto_cipher_register2 (int priority, int version,
**/
int
gnutls_crypto_mac_register2 (int priority, int version,
- const gnutls_crypto_mac_st * s)
+ const gnutls_crypto_digest_st * s)
{
if (version != GNUTLS_CRYPTO_API_VERSION)
{
@@ -477,43 +435,3 @@ gnutls_crypto_mac_register2 (int priority, int version,
return GNUTLS_E_CRYPTO_ALREADY_REGISTERED;
}
-/**
- * gnutls_crypto_digest_register2 - register a digest interface
- * @priority: is the priority of the digest interface
- * @version: should be set to %GNUTLS_CRYPTO_API_VERSION
- * @s: is a structure holding new interface's data
- *
- * This function will register a digest interface to be used by
- * gnutls. Any interface registered will override the included engine
- * and by convention kernel implemented interfaces should have
- * priority of 90. The interface with the lowest priority will be used
- * by gnutls.
- *
- * This function should be called before gnutls_global_init().
- *
- * For simplicity you can use the convenience
- * gnutls_crypto_digest_register() macro.
- *
- * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
- *
- * Since: 2.6.0
- **/
-int
-gnutls_crypto_digest_register2 (int priority, int version,
- const gnutls_crypto_digest_st * s)
-{
- if (version != GNUTLS_CRYPTO_API_VERSION)
- {
- gnutls_assert ();
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
- }
-
- if (crypto_digest_prio > priority)
- {
- memcpy (&_gnutls_digest_ops, s, sizeof (*s));
- crypto_digest_prio = priority;
- return 0;
- }
-
- return GNUTLS_E_CRYPTO_ALREADY_REGISTERED;
-}
diff --git a/lib/crypto.h b/lib/crypto.h
index f93ac1e..31be199 100644
--- a/lib/crypto.h
+++ b/lib/crypto.h
@@ -25,9 +25,8 @@
#ifndef CRYPTO_H
# define CRYPTO_H
-gnutls_crypto_single_cipher_st *_gnutls_get_crypto_cipher(
gnutls_cipher_algorithm_t algo);
-gnutls_crypto_single_digest_st *_gnutls_get_crypto_digest(
gnutls_digest_algorithm_t algo);
-gnutls_crypto_single_mac_st *_gnutls_get_crypto_mac( gnutls_mac_algorithm_t
algo);
+const gnutls_crypto_cipher_st *_gnutls_get_crypto_cipher(
gnutls_cipher_algorithm_t algo);
+const gnutls_crypto_digest_st *_gnutls_get_crypto_mac(
gnutls_digest_algorithm_t algo);
void _gnutls_crypto_deregister(void);
#endif /* CRYPTO_H */
diff --git a/lib/ext_session_ticket.c b/lib/ext_session_ticket.c
index f51c2b8..d9cf760 100644
--- a/lib/ext_session_ticket.c
+++ b/lib/ext_session_ticket.c
@@ -55,24 +55,24 @@ static int
digest_ticket (const gnutls_datum_t * key, struct ticket *ticket,
opaque * digest)
{
- digest_hd_st digest_hd;
+ hash_hd_st digest_hd;
uint16_t length16;
int ret;
- ret = _gnutls_hmac_init (&digest_hd, GNUTLS_MAC_SHA256, key->data,
+ ret = _gnutls_hash_init (&digest_hd, GNUTLS_MAC_SHA256, key->data,
key->size);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
- _gnutls_hmac (&digest_hd, ticket->key_name, KEY_NAME_SIZE);
- _gnutls_hmac (&digest_hd, ticket->IV, IV_SIZE);
+ _gnutls_hash (&digest_hd, ticket->key_name, KEY_NAME_SIZE);
+ _gnutls_hash (&digest_hd, ticket->IV, IV_SIZE);
length16 = _gnutls_conv_uint16 (ticket->encrypted_state_len);
- _gnutls_hmac (&digest_hd, &length16, 2);
- _gnutls_hmac (&digest_hd, ticket->encrypted_state,
+ _gnutls_hash (&digest_hd, &length16, 2);
+ _gnutls_hash (&digest_hd, ticket->encrypted_state,
ticket->encrypted_state_len);
- _gnutls_hmac_deinit (&digest_hd, digest);
+ _gnutls_hash_deinit (&digest_hd, digest);
return 0;
}
@@ -461,7 +461,7 @@ _gnutls_send_new_session_ticket (gnutls_session_t session,
int again)
struct ticket ticket;
uint16_t ticket_len;
gnutls_cipher_algorithm_t write_bulk_cipher_algorithm;
- gnutls_mac_algorithm_t write_mac_algorithm;
+ gnutls_digest_algorithm_t write_mac_algorithm;
gnutls_compression_method_t write_compression_algorithm;
#define SAVE_WRITE_SECURITY_PARAMETERS \
diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c
index f5d7807..e7b28f5 100644
--- a/lib/gnutls_algorithms.c
+++ b/lib/gnutls_algorithms.c
@@ -222,7 +222,7 @@ struct gnutls_hash_entry
{
const char *name;
const char *oid;
- gnutls_mac_algorithm_t id;
+ gnutls_digest_algorithm_t id;
size_t key_size; /* in case of mac */
};
typedef struct gnutls_hash_entry gnutls_hash_entry;
@@ -240,7 +240,7 @@ static const gnutls_hash_entry hash_algorithms[] = {
};
/* Keep the contents of this struct the same as the previous one. */
-static const gnutls_mac_algorithm_t supported_macs[] = {
+static const gnutls_digest_algorithm_t supported_macs[] = {
GNUTLS_MAC_SHA1,
GNUTLS_MAC_MD5,
GNUTLS_MAC_SHA256,
@@ -346,7 +346,7 @@ typedef struct
cipher_suite_st id;
gnutls_cipher_algorithm_t block_algorithm;
gnutls_kx_algorithm_t kx_algorithm;
- gnutls_mac_algorithm_t mac_algorithm;
+ gnutls_digest_algorithm_t mac_algorithm;
gnutls_protocol_t version; /* this cipher suite is supported
* from 'version' and above;
*/
@@ -677,7 +677,7 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
int
_gnutls_mac_priority (gnutls_session_t session,
- gnutls_mac_algorithm_t algorithm)
+ gnutls_digest_algorithm_t algorithm)
{ /* actually returns the priority */
unsigned int i;
for (i = 0; i < session->internals.priorities.mac.algorithms; i++)
@@ -692,13 +692,13 @@ _gnutls_mac_priority (gnutls_session_t session,
* gnutls_mac_get_name - Returns a string with the name of the specified mac
algorithm
* @algorithm: is a MAC algorithm
*
- * Convert a #gnutls_mac_algorithm_t value to a string.
+ * Convert a #gnutls_digest_algorithm_t value to a string.
*
* Returns: a string that contains the name of the specified MAC
* algorithm, or %NULL.
**/
const char *
-gnutls_mac_get_name (gnutls_mac_algorithm_t algorithm)
+gnutls_mac_get_name (gnutls_digest_algorithm_t algorithm)
{
const char *ret = NULL;
@@ -712,16 +712,16 @@ gnutls_mac_get_name (gnutls_mac_algorithm_t algorithm)
* gnutls_mac_get_id - Returns the gnutls id of the specified in string
algorithm
* @name: is a MAC algorithm name
*
- * Convert a string to a #gnutls_mac_algorithm_t value. The names are
+ * Convert a string to a #gnutls_digest_algorithm_t value. The names are
* compared in a case insensitive way.
*
- * Returns: a #gnutls_mac_algorithm_t id of the specified MAC
+ * Returns: a #gnutls_digest_algorithm_t id of the specified MAC
* algorithm string, or %GNUTLS_MAC_UNKNOWN on failures.
**/
-gnutls_mac_algorithm_t
+gnutls_digest_algorithm_t
gnutls_mac_get_id (const char *name)
{
- gnutls_mac_algorithm_t ret = GNUTLS_MAC_UNKNOWN;
+ gnutls_digest_algorithm_t ret = GNUTLS_MAC_UNKNOWN;
GNUTLS_HASH_LOOP (if (strcasecmp (p->name, name) == 0) ret = p->id);
@@ -738,7 +738,7 @@ gnutls_mac_get_id (const char *name)
* given MAC algorithm is invalid.
**/
size_t
-gnutls_mac_get_key_size (gnutls_mac_algorithm_t algorithm)
+gnutls_mac_get_key_size (gnutls_digest_algorithm_t algorithm)
{
size_t ret = 0;
@@ -756,17 +756,17 @@ gnutls_mac_get_key_size (gnutls_mac_algorithm_t algorithm)
* example, MD2 is not supported as a cipher suite, but is supported
* for other purposes (e.g., X.509 signature verification or similar).
*
- * Returns: Return a zero-terminated list of #gnutls_mac_algorithm_t
+ * Returns: Return a zero-terminated list of #gnutls_digest_algorithm_t
* integers indicating the available MACs.
**/
-const gnutls_mac_algorithm_t *
+const gnutls_digest_algorithm_t *
gnutls_mac_list (void)
{
return supported_macs;
}
const char *
-_gnutls_x509_mac_to_oid (gnutls_mac_algorithm_t algorithm)
+_gnutls_x509_mac_to_oid (gnutls_digest_algorithm_t algorithm)
{
const char *ret = NULL;
@@ -776,10 +776,10 @@ _gnutls_x509_mac_to_oid (gnutls_mac_algorithm_t algorithm)
return ret;
}
-gnutls_mac_algorithm_t
+gnutls_digest_algorithm_t
_gnutls_x509_oid2mac_algorithm (const char *oid)
{
- gnutls_mac_algorithm_t ret = 0;
+ gnutls_digest_algorithm_t ret = 0;
GNUTLS_HASH_LOOP (if (p->oid && strcmp (oid, p->oid) == 0)
{
@@ -793,7 +793,7 @@ _gnutls_x509_oid2mac_algorithm (const char *oid)
int
-_gnutls_mac_is_ok (gnutls_mac_algorithm_t algorithm)
+_gnutls_mac_is_ok (gnutls_digest_algorithm_t algorithm)
{
ssize_t ret = -1;
GNUTLS_HASH_ALG_LOOP (ret = p->id);
@@ -1327,7 +1327,7 @@ _gnutls_cipher_suite_get_kx_algo (const cipher_suite_st *
suite)
}
-gnutls_mac_algorithm_t
+gnutls_digest_algorithm_t
_gnutls_cipher_suite_get_mac_algo (const cipher_suite_st * suite)
{ /* In bytes */
int ret = 0;
@@ -1362,7 +1362,7 @@ _gnutls_cipher_suite_get_name (cipher_suite_st * suite)
const char *
gnutls_cipher_suite_get_name (gnutls_kx_algorithm_t kx_algorithm,
gnutls_cipher_algorithm_t cipher_algorithm,
- gnutls_mac_algorithm_t mac_algorithm)
+ gnutls_digest_algorithm_t mac_algorithm)
{
const char *ret = NULL;
@@ -1398,7 +1398,7 @@ gnutls_cipher_suite_info (size_t idx,
char *cs_id,
gnutls_kx_algorithm_t * kx,
gnutls_cipher_algorithm_t * cipher,
- gnutls_mac_algorithm_t * mac,
+ gnutls_digest_algorithm_t * mac,
gnutls_protocol_t * version)
{
if (idx >= CIPHER_SUITES_COUNT)
@@ -1529,9 +1529,9 @@ _gnutls_compare_algo (gnutls_session_t session, const
void *i_A1,
_gnutls_cipher_suite_get_cipher_algo ((const cipher_suite_st *) i_A1);
gnutls_cipher_algorithm_t cA2 =
_gnutls_cipher_suite_get_cipher_algo ((const cipher_suite_st *) i_A2);
- gnutls_mac_algorithm_t mA1 =
+ gnutls_digest_algorithm_t mA1 =
_gnutls_cipher_suite_get_mac_algo ((const cipher_suite_st *) i_A1);
- gnutls_mac_algorithm_t mA2 =
+ gnutls_digest_algorithm_t mA2 =
_gnutls_cipher_suite_get_mac_algo ((const cipher_suite_st *) i_A2);
int p1 = (_gnutls_kx_priority (session, kA1) + 1) * 64;
@@ -1811,7 +1811,7 @@ struct gnutls_sign_entry
const char *oid;
gnutls_sign_algorithm_t id;
gnutls_pk_algorithm_t pk;
- gnutls_mac_algorithm_t mac;
+ gnutls_digest_algorithm_t mac;
/* See RFC 5246 HashAlgorithm and SignatureAlgorithm
for values to use in aid struct. */
sign_algorithm_st aid;
@@ -1960,7 +1960,7 @@ _gnutls_x509_oid2sign_algorithm (const char *oid)
}
gnutls_sign_algorithm_t
-_gnutls_x509_pk_to_sign (gnutls_pk_algorithm_t pk, gnutls_mac_algorithm_t mac)
+_gnutls_x509_pk_to_sign (gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t
mac)
{
gnutls_sign_algorithm_t ret = 0;
@@ -1976,7 +1976,7 @@ _gnutls_x509_pk_to_sign (gnutls_pk_algorithm_t pk,
gnutls_mac_algorithm_t mac)
const char *
_gnutls_x509_sign_to_oid (gnutls_pk_algorithm_t pk,
- gnutls_mac_algorithm_t mac)
+ gnutls_digest_algorithm_t mac)
{
gnutls_sign_algorithm_t sign;
const char *ret = NULL;
@@ -1989,10 +1989,10 @@ _gnutls_x509_sign_to_oid (gnutls_pk_algorithm_t pk,
return ret;
}
-gnutls_mac_algorithm_t
+gnutls_digest_algorithm_t
_gnutls_sign_get_hash_algorithm (gnutls_sign_algorithm_t sign)
{
- gnutls_mac_algorithm_t ret = GNUTLS_DIG_UNKNOWN;
+ gnutls_digest_algorithm_t ret = GNUTLS_DIG_UNKNOWN;
GNUTLS_SIGN_ALG_LOOP (ret = p->mac);
diff --git a/lib/gnutls_algorithms.h b/lib/gnutls_algorithms.h
index a64e592..dea0731 100644
--- a/lib/gnutls_algorithms.h
+++ b/lib/gnutls_algorithms.h
@@ -46,9 +46,9 @@ int _gnutls_version_has_explicit_iv (gnutls_protocol_t
version);
int _gnutls_version_has_variable_padding (gnutls_protocol_t version);
/* Functions for MACs. */
-int _gnutls_mac_is_ok (gnutls_mac_algorithm_t algorithm);
-gnutls_mac_algorithm_t _gnutls_x509_oid2mac_algorithm (const char *oid);
-const char *_gnutls_x509_mac_to_oid (gnutls_mac_algorithm_t mac);
+int _gnutls_mac_is_ok (gnutls_digest_algorithm_t algorithm);
+gnutls_digest_algorithm_t _gnutls_x509_oid2mac_algorithm (const char *oid);
+const char *_gnutls_x509_mac_to_oid (gnutls_digest_algorithm_t mac);
/* Functions for cipher suites. */
int _gnutls_supported_ciphersuites (gnutls_session_t session,
@@ -61,7 +61,7 @@ gnutls_cipher_algorithm_t
_gnutls_cipher_suite_get_cipher_algo (const
* algorithm);
gnutls_kx_algorithm_t _gnutls_cipher_suite_get_kx_algo (const cipher_suite_st
* algorithm);
-gnutls_mac_algorithm_t _gnutls_cipher_suite_get_mac_algo (const
+gnutls_digest_algorithm_t _gnutls_cipher_suite_get_mac_algo (const
cipher_suite_st *
algorithm);
gnutls_protocol_t _gnutls_cipher_suite_get_version (const cipher_suite_st *
@@ -102,17 +102,17 @@ enum encipher_type _gnutls_kx_encipher_type
(gnutls_kx_algorithm_t algorithm);
/* Functions for sign algorithms. */
gnutls_sign_algorithm_t _gnutls_x509_oid2sign_algorithm (const char *oid);
gnutls_sign_algorithm_t _gnutls_x509_pk_to_sign (gnutls_pk_algorithm_t pk,
- gnutls_mac_algorithm_t mac);
+ gnutls_digest_algorithm_t mac);
gnutls_pk_algorithm_t _gnutls_x509_sign_to_pk (gnutls_sign_algorithm_t sign);
const char *_gnutls_x509_sign_to_oid (gnutls_pk_algorithm_t,
- gnutls_mac_algorithm_t mac);
+ gnutls_digest_algorithm_t mac);
gnutls_sign_algorithm_t _gnutls_tls_aid_to_sign (const sign_algorithm_st* aid);
sign_algorithm_st _gnutls_sign_to_tls_aid (gnutls_sign_algorithm_t sign);
-gnutls_mac_algorithm_t _gnutls_sign_get_hash_algorithm
(gnutls_sign_algorithm_t);
+gnutls_digest_algorithm_t _gnutls_sign_get_hash_algorithm
(gnutls_sign_algorithm_t);
gnutls_pk_algorithm_t _gnutls_sign_get_pk_algorithm (gnutls_sign_algorithm_t);
int _gnutls_mac_priority (gnutls_session_t session,
- gnutls_mac_algorithm_t algorithm);
+ gnutls_digest_algorithm_t algorithm);
int _gnutls_cipher_priority (gnutls_session_t session,
gnutls_cipher_algorithm_t algorithm);
int _gnutls_kx_priority (gnutls_session_t session,
diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
index 4d0dda2..bdfdbaa 100644
--- a/lib/gnutls_cipher.c
+++ b/lib/gnutls_cipher.c
@@ -194,7 +194,7 @@ _gnutls_decrypt (gnutls_session_t session, opaque *
ciphertext,
}
inline static int
-mac_init (digest_hd_st * td, gnutls_mac_algorithm_t mac, opaque * secret,
+mac_init (hash_hd_st * td, gnutls_digest_algorithm_t mac, opaque * secret,
int secret_size, int ver)
{
int ret = 0;
@@ -210,14 +210,14 @@ mac_init (digest_hd_st * td, gnutls_mac_algorithm_t mac,
opaque * secret,
}
else
{ /* TLS 1.x */
- ret = _gnutls_hmac_init (td, mac, secret, secret_size);
+ ret = _gnutls_hash_init (td, mac, secret, secret_size);
}
return ret;
}
static void
-mac_deinit (digest_hd_st * td, opaque * res, int ver)
+mac_deinit (hash_hd_st * td, opaque * res, int ver)
{
if (ver == GNUTLS_SSL3)
{ /* SSL 3.0 */
@@ -225,7 +225,7 @@ mac_deinit (digest_hd_st * td, opaque * res, int ver)
}
else
{
- _gnutls_hmac_deinit (td, res);
+ _gnutls_hash_deinit (td, res);
}
}
@@ -302,7 +302,7 @@ _gnutls_compressed2ciphertext (gnutls_session_t session,
uint16_t c_length;
uint8_t pad;
int length, ret;
- digest_hd_st td;
+ hash_hd_st td;
uint8_t type = _type;
uint8_t major, minor;
int hash_size =
@@ -339,18 +339,18 @@ _gnutls_compressed2ciphertext (gnutls_session_t session,
if (session->security_parameters.write_mac_algorithm != GNUTLS_MAC_NULL)
{ /* actually when the algorithm in not the NULL
one */
- _gnutls_hmac (&td,
+ _gnutls_hash (&td,
UINT64DATA (session->connection_state.
write_sequence_number), 8);
- _gnutls_hmac (&td, &type, 1);
+ _gnutls_hash (&td, &type, 1);
if (_gnutls_version_has_variable_padding (ver))
{ /* TLS 1.0 or higher */
- _gnutls_hmac (&td, &major, 1);
- _gnutls_hmac (&td, &minor, 1);
+ _gnutls_hash (&td, &major, 1);
+ _gnutls_hash (&td, &minor, 1);
}
- _gnutls_hmac (&td, &c_length, 2);
- _gnutls_hmac (&td, compressed.data, compressed.size);
+ _gnutls_hash (&td, &c_length, 2);
+ _gnutls_hash (&td, compressed.data, compressed.size);
mac_deinit (&td, MAC, ver);
}
@@ -435,7 +435,7 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
uint16_t c_length;
uint8_t pad;
int length;
- digest_hd_st td;
+ hash_hd_st td;
uint16_t blocksize;
int ret, i, pad_failed = 0;
uint8_t major, minor;
@@ -565,20 +565,20 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
*/
if (session->security_parameters.read_mac_algorithm != GNUTLS_MAC_NULL)
{
- _gnutls_hmac (&td,
+ _gnutls_hash (&td,
UINT64DATA (session->connection_state.
read_sequence_number), 8);
- _gnutls_hmac (&td, &type, 1);
+ _gnutls_hash (&td, &type, 1);
if (_gnutls_version_has_variable_padding (ver))
{ /* TLS 1.x */
- _gnutls_hmac (&td, &major, 1);
- _gnutls_hmac (&td, &minor, 1);
+ _gnutls_hash (&td, &major, 1);
+ _gnutls_hash (&td, &minor, 1);
}
- _gnutls_hmac (&td, &c_length, 2);
+ _gnutls_hash (&td, &c_length, 2);
if (length > 0)
- _gnutls_hmac (&td, ciphertext.data, length);
+ _gnutls_hash (&td, ciphertext.data, length);
mac_deinit (&td, MAC, ver);
}
diff --git a/lib/gnutls_cipher_int.c b/lib/gnutls_cipher_int.c
index d370d84..b496c68 100644
--- a/lib/gnutls_cipher_int.c
+++ b/lib/gnutls_cipher_int.c
@@ -40,7 +40,7 @@ _gnutls_cipher_init (cipher_hd_st * handle,
gnutls_cipher_algorithm_t cipher,
const gnutls_datum_t * key, const gnutls_datum_t * iv)
{
int ret = GNUTLS_E_INTERNAL_ERROR;
- gnutls_crypto_single_cipher_st *cc = NULL;
+ const gnutls_crypto_cipher_st *cc = NULL;
/* check if a cipher has been registered
*/
diff --git a/lib/gnutls_cipher_int.h b/lib/gnutls_cipher_int.h
index f004f55..d6c3018 100644
--- a/lib/gnutls_cipher_int.h
+++ b/lib/gnutls_cipher_int.h
@@ -31,7 +31,7 @@ extern int crypto_cipher_prio;
extern gnutls_crypto_cipher_st _gnutls_cipher_ops;
typedef struct {
- gnutls_crypto_single_cipher_st* cc;
+ const gnutls_crypto_cipher_st* cc;
void* ctx;
} reg_hd;
diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c
index d3fd256..4dbc44d 100644
--- a/lib/gnutls_constate.c
+++ b/lib/gnutls_constate.c
@@ -345,7 +345,7 @@ _gnutls_set_read_keys (gnutls_session_t session)
int IV_size;
int key_size, export_flag;
gnutls_cipher_algorithm_t algo;
- gnutls_mac_algorithm_t mac_algo;
+ gnutls_digest_algorithm_t mac_algo;
mac_algo = session->security_parameters.read_mac_algorithm;
algo = session->security_parameters.read_bulk_cipher_algorithm;
@@ -366,7 +366,7 @@ _gnutls_set_write_keys (gnutls_session_t session)
int IV_size;
int key_size, export_flag;
gnutls_cipher_algorithm_t algo;
- gnutls_mac_algorithm_t mac_algo;
+ gnutls_digest_algorithm_t mac_algo;
mac_algo = session->security_parameters.write_mac_algorithm;
algo = session->security_parameters.write_bulk_cipher_algorithm;
@@ -934,7 +934,7 @@ _gnutls_set_kx (gnutls_session_t session,
gnutls_kx_algorithm_t algo)
/* Sets the specified mac algorithm into pending session */
int
-_gnutls_set_read_mac (gnutls_session_t session, gnutls_mac_algorithm_t algo)
+_gnutls_set_read_mac (gnutls_session_t session, gnutls_digest_algorithm_t algo)
{
if (_gnutls_mac_is_ok (algo) == 0)
@@ -958,7 +958,7 @@ _gnutls_set_read_mac (gnutls_session_t session,
gnutls_mac_algorithm_t algo)
}
int
-_gnutls_set_write_mac (gnutls_session_t session, gnutls_mac_algorithm_t algo)
+_gnutls_set_write_mac (gnutls_session_t session, gnutls_digest_algorithm_t
algo)
{
if (_gnutls_mac_is_ok (algo) == 0)
diff --git a/lib/gnutls_constate.h b/lib/gnutls_constate.h
index f58c8b1..771c03a 100644
--- a/lib/gnutls_constate.h
+++ b/lib/gnutls_constate.h
@@ -28,11 +28,11 @@ int _gnutls_write_connection_state_init (gnutls_session_t
session);
int _gnutls_set_write_cipher (gnutls_session_t session,
gnutls_cipher_algorithm_t algo);
int _gnutls_set_write_mac (gnutls_session_t session,
- gnutls_mac_algorithm_t algo);
+ gnutls_digest_algorithm_t algo);
int _gnutls_set_read_cipher (gnutls_session_t session,
gnutls_cipher_algorithm_t algo);
int _gnutls_set_read_mac (gnutls_session_t session,
- gnutls_mac_algorithm_t algo);
+ gnutls_digest_algorithm_t algo);
int _gnutls_set_read_compression (gnutls_session_t session,
gnutls_compression_method_t algo);
int _gnutls_set_write_compression (gnutls_session_t session,
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index aca1aab..300ee28 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -166,8 +166,8 @@ static int
_gnutls_ssl3_finished (gnutls_session_t session, int type, opaque * ret)
{
const int siz = SSL_MSG_LEN;
- digest_hd_st td_md5;
- digest_hd_st td_sha;
+ hash_hd_st td_md5;
+ hash_hd_st td_sha;
const char *mesg;
int rc;
@@ -235,8 +235,8 @@ _gnutls_finished (gnutls_session_t session, int type, void
*ret)
opaque concat[MAX_HASH_SIZE + 16 /*MD5 */ ];
size_t len = 20 + 16;
const char *mesg;
- digest_hd_st td_md5;
- digest_hd_st td_sha;
+ hash_hd_st td_md5;
+ hash_hd_st td_sha;
int rc;
if (session->security_parameters.handshake_mac_handle_type ==
@@ -2301,7 +2301,7 @@ _gnutls_handshake_hash_init (gnutls_session_t session)
{
ret =
_gnutls_hash_init (&session->internals.handshake_mac_handle.
- tls10.md5, GNUTLS_MAC_MD5);
+ tls10.md5, GNUTLS_MAC_MD5, NULL, 0);
if (ret < 0)
{
@@ -2311,7 +2311,7 @@ _gnutls_handshake_hash_init (gnutls_session_t session)
ret =
_gnutls_hash_init (&session->internals.handshake_mac_handle.
- tls10.sha, GNUTLS_MAC_SHA1);
+ tls10.sha, GNUTLS_MAC_SHA1, NULL, 0);
if (ret < 0)
{
gnutls_assert ();
@@ -2328,7 +2328,7 @@ _gnutls_handshake_hash_init (gnutls_session_t session)
SHA256. */
ret =
_gnutls_hash_init (&session->internals.handshake_mac_handle.
- tls12.sha256, GNUTLS_DIG_SHA256);
+ tls12.sha256, GNUTLS_DIG_SHA256, NULL, 0);
if (ret < 0)
{
gnutls_assert ();
@@ -2337,7 +2337,7 @@ _gnutls_handshake_hash_init (gnutls_session_t session)
ret =
_gnutls_hash_init (&session->internals.handshake_mac_handle.
- tls12.sha1, GNUTLS_DIG_SHA1);
+ tls12.sha1, GNUTLS_DIG_SHA1, NULL, 0);
if (ret < 0)
{
gnutls_assert ();
diff --git a/lib/gnutls_hash_int.c b/lib/gnutls_hash_int.c
index 7f3b322..1c79e3a 100644
--- a/lib/gnutls_hash_int.c
+++ b/lib/gnutls_hash_int.c
@@ -57,45 +57,8 @@ digest_length (gnutls_digest_algorithm_t algo)
}
}
-int
-_gnutls_hash_init (digest_hd_st * dig, gnutls_digest_algorithm_t algorithm)
-{
- int result;
- gnutls_crypto_single_digest_st *cc = NULL;
-
- dig->algorithm = algorithm;
-
- /* check if a digest has been registered
- */
- cc = _gnutls_get_crypto_digest (algorithm);
- if (cc != NULL)
- {
- dig->registered = 1;
- dig->hd.rh.cc = cc;
- if (cc->init (algorithm, &dig->hd.rh.ctx) < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_HASH_FAILED;
- }
- dig->active = 1;
- return 0;
- }
-
- dig->registered = 0;
-
- result = _gnutls_digest_ops.init (algorithm, &dig->hd.gc);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- dig->active = 1;
- return 0;
-}
+/* HMAC interface */
-/* returns the output size of the given hash/mac algorithm
- */
int
_gnutls_hash_get_algo_len (gnutls_digest_algorithm_t algorithm)
{
@@ -103,97 +66,13 @@ _gnutls_hash_get_algo_len (gnutls_digest_algorithm_t
algorithm)
}
int
-_gnutls_hash (const digest_hd_st * handle, const void *text, size_t textlen)
-{
- if (textlen > 0)
- {
- if (handle->registered)
- {
- return handle->hd.rh.cc->hash (handle->hd.rh.ctx, text, textlen);
- }
- return _gnutls_digest_ops.hash (handle->hd.gc, text, textlen);
- }
- return 0;
-}
-
-int
-_gnutls_hash_copy (digest_hd_st * dst, digest_hd_st * src)
-{
- int result;
-
- memset (dst, 0, sizeof (*dst));
- dst->algorithm = src->algorithm;
- dst->registered = src->registered;
- dst->active = 1;
-
- if (src->registered)
- {
- dst->hd.rh.cc = src->hd.rh.cc;
- return src->hd.rh.cc->copy (&dst->hd.rh.ctx, src->hd.rh.ctx);
- }
-
- result = _gnutls_digest_ops.copy (&dst->hd.gc, src->hd.gc);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
-}
-
-/* when the current output is needed without calling deinit
- */
-void
-_gnutls_hash_output (digest_hd_st * handle, void *digest)
-{
- size_t maclen;
-
- maclen = _gnutls_hash_get_algo_len (handle->algorithm);
-
- if (handle->registered && handle->hd.rh.ctx != NULL)
- {
- if (digest != NULL)
- handle->hd.rh.cc->output (handle->hd.rh.ctx, digest, maclen);
- return;
- }
-
- if (digest != NULL)
- {
- _gnutls_digest_ops.output (handle->hd.gc, digest, maclen);
- }
-}
-
-void
-_gnutls_hash_deinit (digest_hd_st * handle, void *digest)
-{
- if (handle->active != 1)
- {
- return;
- }
-
- if (digest != NULL)
- _gnutls_hash_output (handle, digest);
-
- handle->active = 0;
-
- if (handle->registered && handle->hd.rh.ctx != NULL)
- {
- handle->hd.rh.cc->deinit (handle->hd.rh.ctx);
- return;
- }
-
- _gnutls_digest_ops.deinit (handle->hd.gc);
-}
-
-int
-_gnutls_hash_fast (gnutls_digest_algorithm_t algorithm,
- const void *text, size_t textlen, void *digest)
+_gnutls_hash_fast (gnutls_digest_algorithm_t algorithm, const void *key,
+ int keylen, const void *text, size_t textlen, void *digest)
{
- digest_hd_st dig;
+ hash_hd_st dig;
int ret;
- ret = _gnutls_hash_init (&dig, algorithm);
+ ret = _gnutls_hash_init (&dig, algorithm, key, keylen);
if (ret < 0)
{
gnutls_assert ();
@@ -212,47 +91,12 @@ _gnutls_hash_fast (gnutls_digest_algorithm_t algorithm,
return 0;
}
-
-/* HMAC interface */
-
-int
-_gnutls_hmac_get_algo_len (gnutls_mac_algorithm_t algorithm)
-{
- return digest_length (algorithm);
-}
-
int
-_gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm, const void *key,
- int keylen, const void *text, size_t textlen, void *digest)
-{
- digest_hd_st dig;
- int ret;
-
- ret = _gnutls_hmac_init (&dig, algorithm, key, keylen);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_hmac (&dig, text, textlen);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_hmac_deinit (&dig, NULL);
- return ret;
- }
-
- _gnutls_hmac_deinit (&dig, digest);
- return 0;
-}
-
-int
-_gnutls_hmac_init (digest_hd_st * dig, gnutls_mac_algorithm_t algorithm,
+_gnutls_hash_init (hash_hd_st * dig, gnutls_digest_algorithm_t algorithm,
const void *key, int keylen)
{
int result;
- gnutls_crypto_single_mac_st *cc = NULL;
+ const gnutls_crypto_digest_st *cc = NULL;
dig->algorithm = algorithm;
dig->key = key;
@@ -272,11 +116,14 @@ _gnutls_hmac_init (digest_hd_st * dig,
gnutls_mac_algorithm_t algorithm,
return GNUTLS_E_HASH_FAILED;
}
- if (cc->setkey (dig->hd.rh.ctx, key, keylen) < 0)
+ if (key)
{
- gnutls_assert ();
- cc->deinit (dig->hd.rh.ctx);
- return GNUTLS_E_HASH_FAILED;
+ if (cc->setkey == NULL || cc->setkey (dig->hd.rh.ctx, key, keylen) <
0)
+ {
+ gnutls_assert ();
+ cc->deinit (dig->hd.rh.ctx);
+ return GNUTLS_E_HASH_FAILED;
+ }
}
dig->active = 1;
@@ -292,14 +139,17 @@ _gnutls_hmac_init (digest_hd_st * dig,
gnutls_mac_algorithm_t algorithm,
return result;
}
- _gnutls_mac_ops.setkey (dig->hd.gc, key, keylen);
+ if (key)
+ {
+ _gnutls_mac_ops.setkey (dig->hd.gc, key, keylen);
+ }
dig->active = 1;
return 0;
}
int
-_gnutls_hmac (const digest_hd_st * handle, const void *text, size_t textlen)
+_gnutls_hash (const hash_hd_st * handle, const void *text, size_t textlen)
{
if (textlen > 0)
{
@@ -313,11 +163,11 @@ _gnutls_hmac (const digest_hd_st * handle, const void
*text, size_t textlen)
}
void
-_gnutls_hmac_output (digest_hd_st * handle, void *digest)
+_gnutls_hash_output (hash_hd_st * handle, void *digest)
{
int maclen;
- maclen = _gnutls_hmac_get_algo_len (handle->algorithm);
+ maclen = _gnutls_hash_get_algo_len (handle->algorithm);
if (handle->registered && handle->hd.rh.ctx != NULL)
{
@@ -332,8 +182,46 @@ _gnutls_hmac_output (digest_hd_st * handle, void *digest)
}
}
+int
+_gnutls_hash_copy (hash_hd_st * dst, hash_hd_st * src)
+{
+ int result;
+
+ memset (dst, 0, sizeof (*dst));
+ dst->algorithm = src->algorithm;
+ dst->registered = src->registered;
+ dst->active = 1;
+
+ if (src->registered)
+ {
+ dst->hd.rh.cc = src->hd.rh.cc;
+ return src->hd.rh.cc->copy (&dst->hd.rh.ctx, src->hd.rh.ctx);
+ }
+
+ result = _gnutls_mac_ops.copy (&dst->hd.gc, src->hd.gc);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ return 0;
+}
+
void
-_gnutls_hmac_deinit (digest_hd_st * handle, void *digest)
+_gnutls_hash_reset (hash_hd_st * handle)
+{
+ if (handle->registered && handle->hd.rh.ctx != NULL)
+ {
+ handle->hd.rh.cc->reset (handle->hd.rh.ctx);
+ return;
+ }
+
+ _gnutls_mac_ops.reset (handle->hd.gc);
+}
+
+void
+_gnutls_hash_deinit (hash_hd_st * handle, void *digest)
{
if (handle->active != 1)
{
@@ -341,7 +229,7 @@ _gnutls_hmac_deinit (digest_hd_st * handle, void *digest)
}
if (digest)
- _gnutls_hmac_output (handle, digest);
+ _gnutls_hash_output (handle, digest);
handle->active = 0;
if (handle->registered && handle->hd.rh.ctx != NULL)
@@ -354,7 +242,7 @@ _gnutls_hmac_deinit (digest_hd_st * handle, void *digest)
}
inline static int
-get_padsize (gnutls_mac_algorithm_t algorithm)
+get_padsize (gnutls_digest_algorithm_t algorithm)
{
switch (algorithm)
{
@@ -372,7 +260,7 @@ get_padsize (gnutls_mac_algorithm_t algorithm)
*/
int
-_gnutls_mac_init_ssl3 (digest_hd_st * ret, gnutls_mac_algorithm_t algorithm,
+_gnutls_mac_init_ssl3 (hash_hd_st * ret, gnutls_digest_algorithm_t algorithm,
void *key, int keylen)
{
opaque ipad[48];
@@ -387,7 +275,7 @@ _gnutls_mac_init_ssl3 (digest_hd_st * ret,
gnutls_mac_algorithm_t algorithm,
memset (ipad, 0x36, padsize);
- result = _gnutls_hash_init (ret, algorithm);
+ result = _gnutls_hash_init (ret, algorithm, NULL, 0);
if (result < 0)
{
gnutls_assert ();
@@ -405,10 +293,10 @@ _gnutls_mac_init_ssl3 (digest_hd_st * ret,
gnutls_mac_algorithm_t algorithm,
}
void
-_gnutls_mac_deinit_ssl3 (digest_hd_st * handle, void *digest)
+_gnutls_mac_deinit_ssl3 (hash_hd_st * handle, void *digest)
{
opaque ret[MAX_HASH_SIZE];
- digest_hd_st td;
+ hash_hd_st td;
opaque opad[48];
int padsize;
int block, rc;
@@ -423,7 +311,7 @@ _gnutls_mac_deinit_ssl3 (digest_hd_st * handle, void
*digest)
memset (opad, 0x5C, padsize);
- rc = _gnutls_hash_init (&td, handle->algorithm);
+ rc = _gnutls_hash_init (&td, handle->algorithm, NULL, 0);
if (rc < 0)
{
gnutls_assert ();
@@ -435,7 +323,7 @@ _gnutls_mac_deinit_ssl3 (digest_hd_st * handle, void
*digest)
_gnutls_hash (&td, handle->key, handle->keysize);
_gnutls_hash (&td, opad, padsize);
- block = _gnutls_hmac_get_algo_len (handle->algorithm);
+ block = _gnutls_hash_get_algo_len (handle->algorithm);
_gnutls_hash_deinit (handle, ret); /* get the previous hash */
_gnutls_hash (&td, ret, block);
@@ -445,12 +333,12 @@ _gnutls_mac_deinit_ssl3 (digest_hd_st * handle, void
*digest)
}
void
-_gnutls_mac_deinit_ssl3_handshake (digest_hd_st * handle,
+_gnutls_mac_deinit_ssl3_handshake (hash_hd_st * handle,
void *digest, opaque * key,
uint32_t key_size)
{
opaque ret[MAX_HASH_SIZE];
- digest_hd_st td;
+ hash_hd_st td;
opaque opad[48];
opaque ipad[48];
int padsize;
@@ -466,7 +354,7 @@ _gnutls_mac_deinit_ssl3_handshake (digest_hd_st * handle,
memset (opad, 0x5C, padsize);
memset (ipad, 0x36, padsize);
- rc = _gnutls_hash_init (&td, handle->algorithm);
+ rc = _gnutls_hash_init (&td, handle->algorithm, NULL, 0);
if (rc < 0)
{
gnutls_assert ();
@@ -477,7 +365,7 @@ _gnutls_mac_deinit_ssl3_handshake (digest_hd_st * handle,
_gnutls_hash (&td, key, key_size);
_gnutls_hash (&td, opad, padsize);
- block = _gnutls_hmac_get_algo_len (handle->algorithm);
+ block = _gnutls_hash_get_algo_len (handle->algorithm);
if (key_size > 0)
_gnutls_hash (handle, key, key_size);
@@ -498,14 +386,14 @@ ssl3_sha (int i, opaque * secret, int secret_len,
int j, ret;
opaque text1[26];
- digest_hd_st td;
+ hash_hd_st td;
for (j = 0; j < i + 1; j++)
{
text1[j] = 65 + i; /* A==65 */
}
- ret = _gnutls_hash_init (&td, GNUTLS_MAC_SHA1);
+ ret = _gnutls_hash_init (&td, GNUTLS_MAC_SHA1, NULL, 0);
if (ret < 0)
{
gnutls_assert ();
@@ -525,10 +413,10 @@ ssl3_md5 (int i, opaque * secret, int secret_len,
opaque * rnd, int rnd_len, void *digest)
{
opaque tmp[MAX_HASH_SIZE];
- digest_hd_st td;
+ hash_hd_st td;
int ret;
- ret = _gnutls_hash_init (&td, GNUTLS_MAC_MD5);
+ ret = _gnutls_hash_init (&td, GNUTLS_MAC_MD5, NULL, 0);
if (ret < 0)
{
gnutls_assert ();
@@ -557,11 +445,11 @@ _gnutls_ssl3_hash_md5 (const void *first, int first_len,
int ret_len, opaque * ret)
{
opaque digest[MAX_HASH_SIZE];
- digest_hd_st td;
+ hash_hd_st td;
int block = _gnutls_hash_get_algo_len (GNUTLS_MAC_MD5);
int rc;
- rc = _gnutls_hash_init (&td, GNUTLS_MAC_MD5);
+ rc = _gnutls_hash_init (&td, GNUTLS_MAC_MD5, NULL, 0);
if (rc < 0)
{
gnutls_assert ();
diff --git a/lib/gnutls_hash_int.h b/lib/gnutls_hash_int.h
index ed38d56..841ff10 100644
--- a/lib/gnutls_hash_int.h
+++ b/lib/gnutls_hash_int.h
@@ -32,13 +32,10 @@
/* for message digests */
extern int crypto_mac_prio;
-extern gnutls_crypto_mac_st _gnutls_mac_ops;
-
-extern int crypto_digest_prio;
-extern gnutls_crypto_digest_st _gnutls_digest_ops;
+extern gnutls_crypto_digest_st _gnutls_mac_ops;
typedef struct {
- gnutls_crypto_single_mac_st* cc;
+ const gnutls_crypto_digest_st* cc;
void* ctx;
} digest_reg_hd;
@@ -49,37 +46,29 @@ typedef struct
void* gc; /* when not registered */
digest_reg_hd rh; /* when registered */
} hd;
- gnutls_mac_algorithm_t algorithm;
+ gnutls_digest_algorithm_t algorithm;
const void *key;
int keysize;
int active;
-} digest_hd_st;
+} hash_hd_st;
/* basic functions */
-int _gnutls_hmac_init (digest_hd_st*, gnutls_mac_algorithm_t algorithm,
+int _gnutls_hash_init (hash_hd_st*, gnutls_digest_algorithm_t algorithm,
const void *key, int keylen);
-int _gnutls_hmac_get_algo_len (gnutls_mac_algorithm_t algorithm);
-int _gnutls_hmac (const digest_hd_st* handle, const void *text,
+int _gnutls_hash_get_algo_len (gnutls_digest_algorithm_t algorithm);
+int _gnutls_hmac (hash_hd_st* handle, const void *text,
size_t textlen);
-int _gnutls_hmac_fast( gnutls_mac_algorithm_t algorithm, const void* key, int
keylen,
+int _gnutls_hash_fast( gnutls_digest_algorithm_t algorithm, const void* key,
int keylen,
const void* text, size_t textlen, void* digest);
-void _gnutls_hmac_deinit (digest_hd_st* handle, void *digest);
-void _gnutls_hmac_output (digest_hd_st* handle, void *digest);
-
-int _gnutls_hash_init (digest_hd_st*, gnutls_digest_algorithm_t algorithm);
-int _gnutls_hash_get_algo_len (gnutls_digest_algorithm_t algorithm);
-int _gnutls_hash (const digest_hd_st* handle, const void *text,
- size_t textlen);
-void _gnutls_hash_deinit (digest_hd_st* handle, void *digest);
-void _gnutls_hash_output (digest_hd_st* handle, void *digest);
-
+void _gnutls_hash_deinit (hash_hd_st* handle, void *digest);
+void _gnutls_hash_output (hash_hd_st* handle, void *digest);
/* help functions */
-int _gnutls_mac_init_ssl3 (digest_hd_st*, gnutls_mac_algorithm_t algorithm,
void *key,
+int _gnutls_mac_init_ssl3 (hash_hd_st*, gnutls_digest_algorithm_t algorithm,
void *key,
int keylen);
-void _gnutls_mac_deinit_ssl3 (digest_hd_st* handle, void *digest);
+void _gnutls_mac_deinit_ssl3 (hash_hd_st* handle, void *digest);
int _gnutls_ssl3_generate_random (void *secret, int secret_len,
void *rnd, int random_len, int bytes,
@@ -88,9 +77,9 @@ int _gnutls_ssl3_hash_md5 (const void *first, int first_len,
const void *second, int second_len,
int ret_len, opaque * ret);
-void _gnutls_mac_deinit_ssl3_handshake (digest_hd_st* handle, void *digest,
+void _gnutls_mac_deinit_ssl3_handshake (hash_hd_st* handle, void *digest,
opaque * key, uint32_t key_size);
-int _gnutls_hash_copy (digest_hd_st* dst_handle, digest_hd_st * src_handle);
+int _gnutls_hash_copy (hash_hd_st* dst_handle, hash_hd_st * src_handle);
#endif /* GNUTLS_HASH_INT_H */
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index a097bea..c2ad8f5 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -133,7 +133,7 @@ typedef struct
#define DECR_LENGTH_RET(len, x, RET) do { len-=x; if (len<0) {gnutls_assert();
return RET;} } while (0)
#define DECR_LENGTH_COM(len, x, COM) do { len-=x; if (len<0) {gnutls_assert();
COM;} } while (0)
-#define HASH2MAC(x) ((gnutls_mac_algorithm_t)x)
+#define HASH2MAC(x) ((gnutls_digest_algorithm_t)x)
#define GNUTLS_POINTER_TO_INT(_) ((int) GNUTLS_POINTER_TO_INT_CAST (_))
#define GNUTLS_INT_TO_POINTER(_) ((void*) GNUTLS_POINTER_TO_INT_CAST (_))
@@ -366,11 +366,11 @@ typedef struct
* null cipher and we don't
*/
gnutls_cipher_algorithm_t read_bulk_cipher_algorithm;
- gnutls_mac_algorithm_t read_mac_algorithm;
+ gnutls_digest_algorithm_t read_mac_algorithm;
gnutls_compression_method_t read_compression_algorithm;
gnutls_cipher_algorithm_t write_bulk_cipher_algorithm;
- gnutls_mac_algorithm_t write_mac_algorithm;
+ gnutls_digest_algorithm_t write_mac_algorithm;
gnutls_compression_method_t write_compression_algorithm;
handshake_mac_type_t handshake_mac_handle_type; /* one of HANDSHAKE_TYPE_10
and HANDSHAKE_TYPE_12 */
@@ -491,13 +491,13 @@ typedef struct
{
struct
{
- digest_hd_st sha; /* hash of the handshake messages */
- digest_hd_st md5; /* hash of the handshake messages */
+ hash_hd_st sha; /* hash of the handshake messages */
+ hash_hd_st md5; /* hash of the handshake messages */
} tls10;
struct
{
- digest_hd_st sha1; /* hash of the handshake messages for TLS 1.2+
*/
- digest_hd_st sha256; /* hash of the handshake messages for TLS 1.2+
*/
+ hash_hd_st sha1; /* hash of the handshake messages for TLS 1.2+
*/
+ hash_hd_st sha256; /* hash of the handshake messages for TLS 1.2+
*/
} tls12;
} handshake_mac_handle;
int handshake_mac_handle_init; /* 1 when the previous union and type were
initialized */
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index 7fab2c7..4c21564 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -111,7 +111,7 @@ gnutls_kx_set_priority (gnutls_session_t session, const int
*list)
/**
* gnutls_mac_set_priority - Sets the priority on the mac algorithms
supported by gnutls.
* @session: is a #gnutls_session_t structure.
- * @list: is a 0 terminated list of gnutls_mac_algorithm_t elements.
+ * @list: is a 0 terminated list of gnutls_digest_algorithm_t elements.
*
* Sets the priority on the mac algorithms supported by gnutls.
* Priority is higher for elements specified before others.
diff --git a/lib/gnutls_psk_netconf.c b/lib/gnutls_psk_netconf.c
index 967a964..85978d9 100644
--- a/lib/gnutls_psk_netconf.c
+++ b/lib/gnutls_psk_netconf.c
@@ -54,7 +54,7 @@ gnutls_psk_netconf_derive_key (const char *password,
const char netconf_key_pad[] = "Key Pad for Netconf";
size_t sha1len = _gnutls_hash_get_algo_len (GNUTLS_DIG_SHA1);
size_t hintlen = strlen (psk_identity_hint);
- digest_hd_st dig;
+ hash_hd_st dig;
char *inner;
size_t innerlen;
int rc;
@@ -65,7 +65,7 @@ gnutls_psk_netconf_derive_key (const char *password,
*
*/
- rc = _gnutls_hash_init (&dig, GNUTLS_DIG_SHA1);
+ rc = _gnutls_hash_init (&dig, GNUTLS_DIG_SHA1, NULL, 0);
if (rc < 0)
{
gnutls_assert ();
@@ -107,7 +107,7 @@ gnutls_psk_netconf_derive_key (const char *password,
memcpy (inner + sha1len, psk_identity_hint, hintlen);
- rc = _gnutls_hash_init (&dig, GNUTLS_DIG_SHA1);
+ rc = _gnutls_hash_init (&dig, GNUTLS_DIG_SHA1, NULL, 0);
if (rc < 0)
{
gnutls_assert ();
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index f75a705..d7d6d11 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -57,7 +57,7 @@ _gnutls_tls_sign (gnutls_session_t session,
* See RFC 5246 DigitallySigned for the actual format.
*/
static int
-_gnutls_rsa_encode_sig (gnutls_mac_algorithm_t algo,
+_gnutls_rsa_encode_sig (gnutls_digest_algorithm_t algo,
const gnutls_datum_t * hash,
gnutls_datum_t * signature)
{
@@ -132,7 +132,7 @@ _gnutls_handshake_sign_data (gnutls_session_t session,
gnutls_cert * cert,
{
gnutls_datum_t dconcat;
int ret;
- digest_hd_st td_sha;
+ hash_hd_st td_sha;
opaque concat[MAX_SIG_SIZE];
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
gnutls_digest_algorithm_t hash_algo;
@@ -146,7 +146,7 @@ _gnutls_handshake_sign_data (gnutls_session_t session,
gnutls_cert * cert,
return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
}
- ret = _gnutls_hash_init (&td_sha, hash_algo);
+ ret = _gnutls_hash_init (&td_sha, hash_algo, NULL, 0);
if (ret < 0)
{
gnutls_assert ();
@@ -164,9 +164,9 @@ _gnutls_handshake_sign_data (gnutls_session_t session,
gnutls_cert * cert,
case GNUTLS_PK_RSA:
if (!_gnutls_version_has_selectable_prf (ver))
{
- digest_hd_st td_md5;
+ hash_hd_st td_md5;
- ret = _gnutls_hash_init (&td_md5, GNUTLS_MAC_MD5);
+ ret = _gnutls_hash_init (&td_md5, GNUTLS_MAC_MD5, NULL, 0);
if (ret < 0)
{
gnutls_assert ();
@@ -386,8 +386,8 @@ _gnutls_handshake_verify_data (gnutls_session_t session,
gnutls_cert * cert,
{
gnutls_datum_t dconcat;
int ret;
- digest_hd_st td_md5;
- digest_hd_st td_sha;
+ hash_hd_st td_md5;
+ hash_hd_st td_sha;
opaque concat[MAX_SIG_SIZE];
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
gnutls_digest_algorithm_t hash_algo = GNUTLS_DIG_SHA1;
@@ -401,7 +401,7 @@ _gnutls_handshake_verify_data (gnutls_session_t session,
gnutls_cert * cert,
if (!_gnutls_version_has_selectable_prf (ver))
{
- ret = _gnutls_hash_init (&td_md5, GNUTLS_MAC_MD5);
+ ret = _gnutls_hash_init (&td_md5, GNUTLS_MAC_MD5, NULL, 0);
if (ret < 0)
{
gnutls_assert ();
@@ -418,7 +418,7 @@ _gnutls_handshake_verify_data (gnutls_session_t session,
gnutls_cert * cert,
if (algo != GNUTLS_SIGN_UNKNOWN)
hash_algo = _gnutls_sign_get_hash_algorithm (algo);
- ret = _gnutls_hash_init (&td_sha, hash_algo);
+ ret = _gnutls_hash_init (&td_sha, hash_algo, NULL, 0);
if (ret < 0)
{
gnutls_assert ();
@@ -481,11 +481,11 @@ _gnutls_handshake_verify_cert_vrfy12 (gnutls_session_t
session,
{
int ret;
opaque concat[MAX_SIG_SIZE];
- digest_hd_st td;
+ hash_hd_st td;
gnutls_datum_t dconcat;
gnutls_sign_algorithm_t _sign_algo;
gnutls_digest_algorithm_t hash_algo;
- digest_hd_st *handshake_td;
+ hash_hd_st *handshake_td;
handshake_td = &session->internals.handshake_mac_handle.tls12.sha1;
hash_algo = handshake_td->algorithm;
@@ -541,8 +541,8 @@ _gnutls_handshake_verify_cert_vrfy (gnutls_session_t
session,
{
int ret;
opaque concat[MAX_SIG_SIZE];
- digest_hd_st td_md5;
- digest_hd_st td_sha;
+ hash_hd_st td_md5;
+ hash_hd_st td_sha;
gnutls_datum_t dconcat;
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
@@ -626,10 +626,10 @@ _gnutls_handshake_sign_cert_vrfy12 (gnutls_session_t
session,
gnutls_datum_t dconcat;
int ret;
opaque concat[MAX_SIG_SIZE];
- digest_hd_st td;
+ hash_hd_st td;
gnutls_sign_algorithm_t sign_algo;
gnutls_digest_algorithm_t hash_algo;
- digest_hd_st *handshake_td;
+ hash_hd_st *handshake_td;
handshake_td = &session->internals.handshake_mac_handle.tls12.sha1;
hash_algo = handshake_td->algorithm;
@@ -707,8 +707,8 @@ _gnutls_handshake_sign_cert_vrfy (gnutls_session_t session,
gnutls_datum_t dconcat;
int ret;
opaque concat[MAX_SIG_SIZE];
- digest_hd_st td_md5;
- digest_hd_st td_sha;
+ hash_hd_st td_md5;
+ hash_hd_st td_sha;
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
if (session->security_parameters.handshake_mac_handle_type ==
diff --git a/lib/gnutls_srp.c b/lib/gnutls_srp.c
index 3131083..4e2a270 100644
--- a/lib/gnutls_srp.c
+++ b/lib/gnutls_srp.c
@@ -166,7 +166,7 @@ _gnutls_calc_srp_u (bigint_t A, bigint_t B, bigint_t n)
size_t b_size, a_size;
opaque *holder, hd[MAX_HASH_SIZE];
size_t holder_size, hash_size, n_size;
- digest_hd_st td;
+ hash_hd_st td;
int ret;
bigint_t res;
@@ -191,7 +191,7 @@ _gnutls_calc_srp_u (bigint_t A, bigint_t B, bigint_t n)
_gnutls_mpi_print (A, &holder[n_size - a_size], &a_size);
_gnutls_mpi_print (B, &holder[n_size + n_size - b_size], &b_size);
- ret = _gnutls_hash_init (&td, GNUTLS_MAC_SHA1);
+ ret = _gnutls_hash_init (&td, GNUTLS_MAC_SHA1, NULL, 0);
if (ret < 0)
{
gnutls_free (holder);
@@ -289,13 +289,13 @@ _gnutls_calc_srp_sha (const char *username, const char
*password,
opaque * salt, int salt_size, size_t * size,
void *digest)
{
- digest_hd_st td;
+ hash_hd_st td;
opaque res[MAX_HASH_SIZE];
int ret;
*size = 20;
- ret = _gnutls_hash_init (&td, GNUTLS_MAC_SHA1);
+ ret = _gnutls_hash_init (&td, GNUTLS_MAC_SHA1, NULL, 0);
if (ret < 0)
{
return GNUTLS_E_MEMORY_ERROR;
@@ -306,7 +306,7 @@ _gnutls_calc_srp_sha (const char *username, const char
*password,
_gnutls_hash_deinit (&td, res);
- ret = _gnutls_hash_init (&td, GNUTLS_MAC_SHA1);
+ ret = _gnutls_hash_init (&td, GNUTLS_MAC_SHA1, NULL, 0);
if (ret < 0)
{
return GNUTLS_E_MEMORY_ERROR;
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index 3ba533b..a1f574f 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -113,9 +113,9 @@ gnutls_kx_get (gnutls_session_t session)
* Get currently used MAC algorithm.
*
* Returns: the currently used mac algorithm, a
- * #gnutls_mac_algorithm_t value.
+ * #gnutls_digest_algorithm_t value.
**/
-gnutls_mac_algorithm_t
+gnutls_digest_algorithm_t
gnutls_mac_get (gnutls_session_t session)
{
return session->security_parameters.read_mac_algorithm;
@@ -761,22 +761,22 @@ gnutls_handshake_set_private_extensions (gnutls_session_t
session, int allow)
}
inline static int
-_gnutls_cal_PRF_A (gnutls_mac_algorithm_t algorithm,
+_gnutls_cal_PRF_A (gnutls_digest_algorithm_t algorithm,
const void *secret, int secret_size,
const void *seed, int seed_size, void *result)
{
- digest_hd_st td1;
+ hash_hd_st td1;
int ret;
- ret = _gnutls_hmac_init (&td1, algorithm, secret, secret_size);
+ ret = _gnutls_hash_init (&td1, algorithm, secret, secret_size);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
- _gnutls_hmac (&td1, seed, seed_size);
- _gnutls_hmac_deinit (&td1, result);
+ _gnutls_hash (&td1, seed, seed_size);
+ _gnutls_hash_deinit (&td1, result);
return 0;
}
@@ -787,13 +787,13 @@ _gnutls_cal_PRF_A (gnutls_mac_algorithm_t algorithm,
* (used in the PRF function)
*/
static int
-_gnutls_P_hash (gnutls_mac_algorithm_t algorithm,
+_gnutls_P_hash (gnutls_digest_algorithm_t algorithm,
const opaque * secret, int secret_size,
const opaque * seed, int seed_size,
int total_bytes, opaque * ret)
{
- digest_hd_st td2;
+ hash_hd_st td2;
int i, times, how, blocksize, A_size;
opaque final[MAX_HASH_SIZE], Atmp[MAX_SEED_SIZE];
int output_bytes, result;
@@ -804,7 +804,7 @@ _gnutls_P_hash (gnutls_mac_algorithm_t algorithm,
return GNUTLS_E_INTERNAL_ERROR;
}
- blocksize = _gnutls_hmac_get_algo_len (algorithm);
+ blocksize = _gnutls_hash_get_algo_len (algorithm);
output_bytes = 0;
do
@@ -822,7 +822,7 @@ _gnutls_P_hash (gnutls_mac_algorithm_t algorithm,
for (i = 0; i < times; i++)
{
- result = _gnutls_hmac_init (&td2, algorithm, secret, secret_size);
+ result = _gnutls_hash_init (&td2, algorithm, secret, secret_size);
if (result < 0)
{
gnutls_assert ();
@@ -835,15 +835,15 @@ _gnutls_P_hash (gnutls_mac_algorithm_t algorithm,
A_size, Atmp)) < 0)
{
gnutls_assert ();
- _gnutls_hmac_deinit (&td2, final);
+ _gnutls_hash_deinit (&td2, final);
return result;
}
A_size = blocksize;
- _gnutls_hmac (&td2, Atmp, A_size);
- _gnutls_hmac (&td2, seed, seed_size);
- _gnutls_hmac_deinit (&td2, final);
+ _gnutls_hash (&td2, Atmp, A_size);
+ _gnutls_hash (&td2, seed, seed_size);
+ _gnutls_hash_deinit (&td2, final);
if ((1 + i) * blocksize < total_bytes)
{
diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c
index baed5fa..66bac34 100644
--- a/lib/gnutls_ui.c
+++ b/lib/gnutls_ui.c
@@ -557,7 +557,7 @@ gnutls_fingerprint (gnutls_digest_algorithm_t algo,
const gnutls_datum_t * data, void *result,
size_t * result_size)
{
- digest_hd_st td;
+ hash_hd_st td;
int hash_len = _gnutls_hash_get_algo_len (HASH2MAC (algo));
if (hash_len < 0 || (unsigned) hash_len > *result_size || result == NULL)
@@ -569,7 +569,7 @@ gnutls_fingerprint (gnutls_digest_algorithm_t algo,
if (result)
{
- int ret = _gnutls_hash_init (&td, HASH2MAC (algo));
+ int ret = _gnutls_hash_init (&td, HASH2MAC (algo), NULL, 0);
if (ret < 0)
{
gnutls_assert ();
diff --git a/lib/includes/gnutls/crypto.h b/lib/includes/gnutls/crypto.h
index 9040952..4e82a3b 100644
--- a/lib/includes/gnutls/crypto.h
+++ b/lib/includes/gnutls/crypto.h
@@ -35,14 +35,26 @@ int gnutls_cipher_decrypt (const gnutls_cipher_hd_t handle,
void *ciphertext,
int ciphertextlen);
void gnutls_cipher_deinit (gnutls_cipher_hd_t handle);
+/* HMAC */
+typedef struct hash_hd_st* gnutls_hash_hd_t;
+
+/* if key is non null then HMAC instead of hash */
+int gnutls_hash_init (gnutls_hash_hd_t*, gnutls_mac_algorithm_t algorithm,
+ const void *key, int keylen);
+int gnutls_hash_get_algo_len (gnutls_mac_algorithm_t algorithm);
+int gnutls_hash (gnutls_hash_hd_t handle, const void *text,
+ size_t textlen);
+int gnutls_hash_fast( gnutls_mac_algorithm_t algorithm, const void* key, int
keylen,
+ const void* text, size_t textlen, void* digest);
+void gnutls_hash_deinit (gnutls_hash_hd_t handle, void *digest);
+void gnutls_hash_output (gnutls_hash_hd_t handle, void *digest);
+void gnutls_hash_reset (gnutls_hash_hd_t handle);
+
/* register ciphers */
#define GNUTLS_CRYPTO_API_VERSION 0x02
-#define gnutls_crypto_single_cipher_st gnutls_crypto_cipher_st
-#define gnutls_crypto_single_mac_st gnutls_crypto_mac_st
-
typedef struct
{
int (*init) (gnutls_cipher_algorithm_t, void **ctx);
@@ -62,12 +74,9 @@ typedef struct
int (*hash) (void *ctx, const void *text, size_t textsize);
int (*copy) (void **dst_ctx, void *src_ctx);
int (*output) (void *src_ctx, void *digest, size_t digestsize);
+ void (*reset) (void *ctx);
void (*deinit) (void *ctx);
-} gnutls_crypto_mac_st;
-
-/* the same... setkey should be null */
-typedef gnutls_crypto_single_mac_st gnutls_crypto_single_digest_st;
-typedef gnutls_crypto_mac_st gnutls_crypto_digest_st;
+} gnutls_crypto_digest_st;
typedef enum gnutls_rnd_level
{
@@ -241,36 +250,26 @@ typedef struct gnutls_crypto_pk
# define gnutls_crypto_single_cipher_register(algo, prio, st) \
gnutls_crypto_single_cipher_register2 (algo, prio, \
GNUTLS_CRYPTO_API_VERSION, st)
-# define gnutls_crypto_single_mac_register(algo, prio, st) \
- gnutls_crypto_single_mac_register2 (algo, prio, \
- GNUTLS_CRYPTO_API_VERSION, st)
# define gnutls_crypto_single_digest_register(algo, prio, st) \
- gnutls_crypto_single_digest_register2(algo, prio, \
- GNUTLS_CRYPTO_API_VERSION, st)
+ gnutls_crypto_single_digest_register2 (algo, prio, \
+ GNUTLS_CRYPTO_API_VERSION, st)
int gnutls_crypto_single_cipher_register2 (gnutls_cipher_algorithm_t algorithm,
int priority, int version,
- const gnutls_crypto_single_cipher_st
*s);
-int gnutls_crypto_single_mac_register2 (gnutls_mac_algorithm_t algorithm,
+ const gnutls_crypto_cipher_st *s);
+int gnutls_crypto_single_digest_register2 (gnutls_mac_algorithm_t algorithm,
int priority, int version,
- const gnutls_crypto_single_mac_st * s);
-int gnutls_crypto_single_digest_register2 (gnutls_digest_algorithm_t algorithm,
- int priority, int version,
- const gnutls_crypto_single_digest_st
*s);
+ const gnutls_crypto_digest_st * s);
# define gnutls_crypto_cipher_register(prio, st) \
gnutls_crypto_cipher_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st)
# define gnutls_crypto_mac_register(prio, st) \
gnutls_crypto_mac_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st)
-# define gnutls_crypto_digest_register(prio, st) \
- gnutls_crypto_digest_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st)
int gnutls_crypto_cipher_register2 (int priority, int version,
const gnutls_crypto_cipher_st * s);
int gnutls_crypto_mac_register2 (int priority, int version,
- const gnutls_crypto_mac_st * s);
-int gnutls_crypto_digest_register2 (int priority, int version,
- const gnutls_crypto_digest_st * s);
+ const gnutls_crypto_digest_st * s);
# define gnutls_crypto_rnd_register(prio, st) \
gnutls_crypto_rnd_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st)
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 6361e50..375669e 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -127,35 +127,34 @@ extern "C" {
typedef enum
{
- GNUTLS_MAC_UNKNOWN = 0,
- GNUTLS_MAC_NULL = 1,
- GNUTLS_MAC_MD5,
- GNUTLS_MAC_SHA1,
- GNUTLS_MAC_RMD160,
- GNUTLS_MAC_MD2,
- GNUTLS_MAC_SHA256,
- GNUTLS_MAC_SHA384,
- GNUTLS_MAC_SHA512
+ GNUTLS_DIG_UNKNOWN = 0,
+ GNUTLS_DIG_NULL = 1,
+ GNUTLS_DIG_MD5,
+ GNUTLS_DIG_SHA1,
+ GNUTLS_DIG_RMD160,
+ GNUTLS_DIG_MD2,
+ GNUTLS_DIG_SHA256,
+ GNUTLS_DIG_SHA384,
+ GNUTLS_DIG_SHA512,
+ GNUTLS_DIG_SHA224, /* unsupported in TLS */
/* If you add anything here, make sure you align with
gnutls_digest_algorithm_t, in particular SHA-224. */
- } gnutls_mac_algorithm_t;
+ } gnutls_digest_algorithm_t;
- /* The enumerations here should have the same value with
- gnutls_mac_algorithm_t.
+ /* These are compatibility definitions.
*/
- typedef enum
- {
- GNUTLS_DIG_UNKNOWN = GNUTLS_MAC_UNKNOWN,
- GNUTLS_DIG_NULL = GNUTLS_MAC_NULL,
- GNUTLS_DIG_MD5 = GNUTLS_MAC_MD5,
- GNUTLS_DIG_SHA1 = GNUTLS_MAC_SHA1,
- GNUTLS_DIG_RMD160 = GNUTLS_MAC_RMD160,
- GNUTLS_DIG_MD2 = GNUTLS_MAC_MD2,
- GNUTLS_DIG_SHA256 = GNUTLS_MAC_SHA256,
- GNUTLS_DIG_SHA384 = GNUTLS_MAC_SHA384,
- GNUTLS_DIG_SHA512 = GNUTLS_MAC_SHA512,
- GNUTLS_DIG_SHA224
- } gnutls_digest_algorithm_t;
+#define gnutls_mac_algorithm_t gnutls_digest_algorithm_t
+
+#define GNUTLS_MAC_UNKNOWN GNUTLS_DIG_UNKNOWN
+#define GNUTLS_MAC_NULL GNUTLS_DIG_NULL
+#define GNUTLS_MAC_MD5 GNUTLS_DIG_MD5
+#define GNUTLS_MAC_SHA1 GNUTLS_DIG_SHA1
+#define GNUTLS_MAC_RMD160 GNUTLS_DIG_RMD160
+#define GNUTLS_MAC_MD2 GNUTLS_DIG_MD2
+#define GNUTLS_MAC_SHA256 GNUTLS_DIG_SHA256
+#define GNUTLS_MAC_SHA384 GNUTLS_DIG_SHA384
+#define GNUTLS_MAC_SHA512 GNUTLS_DIG_SHA512
+#define GNUTLS_MAC_SHA224 GNUTLS_DIG_SHA224
/* exported for other gnutls headers. This is the maximum number of
* algorithms (ciphers, kx or macs).
@@ -937,7 +936,7 @@ extern "C" {
/* fingerprint
* Actually this function returns the hash of the given data.
*/
- int gnutls_fingerprint (gnutls_digest_algorithm_t algo,
+ int gnutls_fingerprint (gnutls_mac_algorithm_t algo,
const gnutls_datum_t * data, void *result,
size_t * result_size);
diff --git a/lib/mac-libgcrypt.c b/lib/mac-libgcrypt.c
index 8f8d01a..28184ef 100644
--- a/lib/mac-libgcrypt.c
+++ b/lib/mac-libgcrypt.c
@@ -31,7 +31,7 @@
#include <gcrypt.h>
static int
-wrap_gcry_mac_init (gnutls_mac_algorithm_t algo, void **ctx)
+wrap_gcry_mac_init (gnutls_digest_algorithm_t algo, void **ctx)
{
int err;
unsigned int flags = GCRY_MD_FLAG_HMAC;
@@ -97,7 +97,7 @@ wrap_gcry_md_close (void *hd)
}
static int
-wrap_gcry_hash_init (gnutls_mac_algorithm_t algo, void **ctx)
+wrap_gcry_hash_init (gnutls_digest_algorithm_t algo, void **ctx)
{
int err;
unsigned int flags = 0;
@@ -161,7 +161,7 @@ wrap_gcry_mac_output (void *src_ctx, void *digest, size_t
digestsize)
int crypto_mac_prio = INT_MAX;
-gnutls_crypto_mac_st _gnutls_mac_ops = {
+gnutls_crypto_digest_st _gnutls_mac_ops = {
.init = wrap_gcry_mac_init,
.setkey = wrap_gcry_md_setkey,
.hash = wrap_gcry_md_write,
@@ -170,13 +170,3 @@ gnutls_crypto_mac_st _gnutls_mac_ops = {
.deinit = wrap_gcry_md_close,
};
-int crypto_digest_prio = INT_MAX;
-
-gnutls_crypto_digest_st _gnutls_digest_ops = {
- .init = wrap_gcry_hash_init,
- .setkey = NULL,
- .hash = wrap_gcry_md_write,
- .copy = wrap_gcry_md_copy,
- .output = wrap_gcry_mac_output,
- .deinit = wrap_gcry_md_close,
-};
diff --git a/lib/opencdk/dummy.c b/lib/opencdk/dummy.c
index 0ede7ed..6ee043a 100644
--- a/lib/opencdk/dummy.c
+++ b/lib/opencdk/dummy.c
@@ -9,7 +9,7 @@
cdk_error_t
_cdk_proc_packets (cdk_ctx_t hd, cdk_stream_t inp, cdk_stream_t data,
const char *output, cdk_stream_t outstream,
- digest_hd_st * md)
+ hash_hd_st * md)
{
return 0;
}
diff --git a/lib/opencdk/filters.h b/lib/opencdk/filters.h
index d5a63af..d110085 100644
--- a/lib/opencdk/filters.h
+++ b/lib/opencdk/filters.h
@@ -32,7 +32,7 @@ enum {
typedef struct {
cipher_hd_st hd;
- digest_hd_st mdc;
+ hash_hd_st mdc;
int mdc_method;
u32 datalen;
struct {
@@ -45,7 +45,7 @@ typedef struct {
typedef struct {
int digest_algo;
- digest_hd_st md;
+ hash_hd_st md;
int md_initialized;
} md_filter_t;
@@ -61,7 +61,7 @@ typedef struct {
cdk_lit_format_t mode;
char *orig_filename; /* This original name of the input file. */
char *filename;
- digest_hd_st md;
+ hash_hd_st md;
int md_initialized;
struct {
size_t on;
diff --git a/lib/opencdk/hash.c b/lib/opencdk/hash.c
index 21e0d4f..320744f 100644
--- a/lib/opencdk/hash.c
+++ b/lib/opencdk/hash.c
@@ -49,7 +49,7 @@ hash_encode (void *data, FILE * in, FILE * out)
if (!mfx->md_initialized)
{
- err = _gnutls_hash_init (&mfx->md, mfx->digest_algo);
+ err = _gnutls_hash_init (&mfx->md, mfx->digest_algo, NULL, 0);
if (err < 0)
{
gnutls_assert ();
diff --git a/lib/opencdk/kbnode.c b/lib/opencdk/kbnode.c
index cd8e939..f3e8c9a 100644
--- a/lib/opencdk/kbnode.c
+++ b/lib/opencdk/kbnode.c
@@ -578,7 +578,7 @@ cdk_kbnode_write_to_mem (cdk_kbnode_t node, byte * buf,
size_t * r_nbytes)
* is extracted from it.
**/
cdk_error_t
-cdk_kbnode_hash (cdk_kbnode_t node, digest_hd_st * md, int is_v4,
+cdk_kbnode_hash (cdk_kbnode_t node, hash_hd_st * md, int is_v4,
cdk_packet_type_t pkttype, int flags)
{
cdk_packet_t pkt;
diff --git a/lib/opencdk/main.h b/lib/opencdk/main.h
index 613bc94..ca3c609 100644
--- a/lib/opencdk/main.h
+++ b/lib/opencdk/main.h
@@ -108,7 +108,7 @@ FILE *_cdk_tmpfile (void);
cdk_error_t _cdk_proc_packets (cdk_ctx_t hd, cdk_stream_t inp,
cdk_stream_t data,
const char *output, cdk_stream_t outstream,
- digest_hd_st*md);
+ hash_hd_st*md);
cdk_error_t _cdk_pkt_write2 (cdk_stream_t out, int pkttype, void *pktctx);
/*-- pubkey.c --*/
@@ -125,10 +125,10 @@ void _cdk_pkt_detach_free (cdk_packet_t pkt, int
*r_pkttype, void **ctx);
/*-- sig-check.c --*/
cdk_error_t _cdk_sig_check (cdk_pkt_pubkey_t pk, cdk_pkt_signature_t sig,
- digest_hd_st*digest, int * r_expired);
-cdk_error_t _cdk_hash_sig_data (cdk_pkt_signature_t sig, digest_hd_st*hd);
-cdk_error_t _cdk_hash_userid (cdk_pkt_userid_t uid, int sig_version,
digest_hd_st*md);
-cdk_error_t _cdk_hash_pubkey (cdk_pkt_pubkey_t pk, digest_hd_st *md,
+ hash_hd_st*digest, int * r_expired);
+cdk_error_t _cdk_hash_sig_data (cdk_pkt_signature_t sig, hash_hd_st*hd);
+cdk_error_t _cdk_hash_userid (cdk_pkt_userid_t uid, int sig_version,
hash_hd_st*md);
+cdk_error_t _cdk_hash_pubkey (cdk_pkt_pubkey_t pk, hash_hd_st *md,
int use_fpr);
cdk_error_t _cdk_pk_check_sig (cdk_keydb_hd_t hd,
cdk_kbnode_t knode,
@@ -159,7 +159,7 @@ int _cdk_sig_hash_for (cdk_pkt_pubkey_t pk);
void _cdk_trim_string (char * s, int canon);
cdk_error_t _cdk_sig_create (cdk_pkt_pubkey_t pk, cdk_pkt_signature_t sig);
cdk_error_t _cdk_sig_complete (cdk_pkt_signature_t sig, cdk_pkt_seckey_t sk,
- digest_hd_st *hd);
+ hash_hd_st *hd);
/*-- stream.c --*/
void _cdk_stream_set_compress_algo (cdk_stream_t s, int algo);
diff --git a/lib/opencdk/opencdk.h b/lib/opencdk/opencdk.h
index 0ba17af..da0f0aa 100644
--- a/lib/opencdk/opencdk.h
+++ b/lib/opencdk/opencdk.h
@@ -960,7 +960,7 @@ cdk_kbnode_t cdk_kbnode_find_prev (cdk_kbnode_t root,
cdk_kbnode_t node,
cdk_packet_type_t pkttype);
cdk_kbnode_t cdk_kbnode_find_next (cdk_kbnode_t node,
cdk_packet_type_t pkttype);
-cdk_error_t cdk_kbnode_hash (cdk_kbnode_t node, digest_hd_st * md, int is_v4,
+cdk_error_t cdk_kbnode_hash (cdk_kbnode_t node, hash_hd_st * md, int is_v4,
cdk_packet_type_t pkttype, int flags);
/* Check each signature in the key node and return a summary of the
@@ -989,7 +989,7 @@ cdk_error_t cdk_sklist_build (cdk_keylist_t * ret_skl,
int unlock, unsigned int use);
void cdk_sklist_release (cdk_keylist_t skl);
cdk_error_t cdk_sklist_write (cdk_keylist_t skl, cdk_stream_t outp,
- digest_hd_st * mdctx, int sigclass, int sigver);
+ hash_hd_st * mdctx, int sigclass, int sigver);
cdk_error_t cdk_sklist_write_onepass (cdk_keylist_t skl, cdk_stream_t outp,
int sigclass, int mdalgo);
diff --git a/lib/opencdk/pubkey.c b/lib/opencdk/pubkey.c
index 0ee122b..c37391f 100644
--- a/lib/opencdk/pubkey.c
+++ b/lib/opencdk/pubkey.c
@@ -421,7 +421,7 @@ _cdk_sk_get_csum (cdk_pkt_seckey_t sk)
cdk_error_t
cdk_pk_get_fingerprint (cdk_pubkey_t pk, byte * fpr)
{
- digest_hd_st hd;
+ hash_hd_st hd;
int md_algo;
int dlen = 0;
int err;
@@ -434,7 +434,7 @@ cdk_pk_get_fingerprint (cdk_pubkey_t pk, byte * fpr)
else
md_algo = GNUTLS_DIG_SHA1;
dlen = _gnutls_hash_get_algo_len (md_algo);
- err = _gnutls_hash_init (&hd, md_algo);
+ err = _gnutls_hash_init (&hd, md_algo, NULL, 0);
if (err < 0)
return map_gnutls_error (err);
_cdk_hash_pubkey (pk, &hd, 1);
diff --git a/lib/opencdk/sig-check.c b/lib/opencdk/sig-check.c
index 5dc9da6..c189947 100644
--- a/lib/opencdk/sig-check.c
+++ b/lib/opencdk/sig-check.c
@@ -36,7 +36,7 @@
/* Hash all multi precision integers of the key PK with the given
message digest context MD. */
static int
-hash_mpibuf (cdk_pubkey_t pk, digest_hd_st * md, int usefpr)
+hash_mpibuf (cdk_pubkey_t pk, hash_hd_st * md, int usefpr)
{
byte buf[MAX_MPI_BYTES]; /* FIXME: do not use hardcoded length. */
size_t nbytes;
@@ -66,7 +66,7 @@ hash_mpibuf (cdk_pubkey_t pk, digest_hd_st * md, int usefpr)
MD. The @usefpr param is only valid for version 3 keys because of
the different way to calculate the fingerprint. */
cdk_error_t
-_cdk_hash_pubkey (cdk_pubkey_t pk, digest_hd_st * md, int usefpr)
+_cdk_hash_pubkey (cdk_pubkey_t pk, hash_hd_st * md, int usefpr)
{
byte buf[12];
size_t i, n, npkey;
@@ -113,7 +113,7 @@ _cdk_hash_pubkey (cdk_pubkey_t pk, digest_hd_st * md, int
usefpr)
/* Hash the user ID @uid with the given message digest @md.
Use openpgp mode if @is_v4 is 1. */
cdk_error_t
-_cdk_hash_userid (cdk_pkt_userid_t uid, int is_v4, digest_hd_st * md)
+_cdk_hash_userid (cdk_pkt_userid_t uid, int is_v4, hash_hd_st * md)
{
const byte *data;
byte buf[5];
@@ -144,7 +144,7 @@ _cdk_hash_userid (cdk_pkt_userid_t uid, int is_v4,
digest_hd_st * md)
/* Hash all parts of the signature which are needed to derive
the correct message digest to verify the sig. */
cdk_error_t
-_cdk_hash_sig_data (cdk_pkt_signature_t sig, digest_hd_st * md)
+_cdk_hash_sig_data (cdk_pkt_signature_t sig, hash_hd_st * md)
{
byte buf[4];
byte tmp;
@@ -227,7 +227,7 @@ cache_sig_result (cdk_pkt_signature_t sig, int res)
Use the digest handle @digest. */
cdk_error_t
_cdk_sig_check (cdk_pubkey_t pk, cdk_pkt_signature_t sig,
- digest_hd_st * digest, int *r_expired)
+ hash_hd_st * digest, int *r_expired)
{
cdk_error_t rc;
byte md[MAX_DIGEST_LEN];
@@ -272,7 +272,7 @@ _cdk_pk_check_sig (cdk_keydb_hd_t keydb,
cdk_kbnode_t knode, cdk_kbnode_t snode, int *is_selfsig,
char **ret_uid)
{
- digest_hd_st md;
+ hash_hd_st md;
int err;
cdk_pubkey_t pk;
cdk_pkt_signature_t sig;
@@ -297,7 +297,7 @@ _cdk_pk_check_sig (cdk_keydb_hd_t keydb,
pk = knode->pkt->pkt.public_key;
sig = snode->pkt->pkt.signature;
- err = _gnutls_hash_init (&md, sig->digest_algo);
+ err = _gnutls_hash_init (&md, sig->digest_algo, NULL, 0);
if (err < 0)
{
gnutls_assert ();
diff --git a/lib/opencdk/verify.c b/lib/opencdk/verify.c
index 1b17940..b2d046e 100644
--- a/lib/opencdk/verify.c
+++ b/lib/opencdk/verify.c
@@ -170,7 +170,7 @@ static cdk_error_t
file_verify_clearsign (cdk_ctx_t hd, const char *file, const char *output)
{
cdk_stream_t inp = NULL, out = NULL, tmp = NULL;
- digest_hd_st md;
+ hash_hd_st md;
char buf[512], chk[512];
const char *s;
int i, is_signed = 0, nbytes;
@@ -241,7 +241,7 @@ file_verify_clearsign (cdk_ctx_t hd, const char *file,
const char *output)
if (!digest_algo)
digest_algo = GNUTLS_DIG_MD5;
- err = _gnutls_hash_init (&md, digest_algo);
+ err = _gnutls_hash_init (&md, digest_algo, NULL, 0);
if (err < 0)
{
rc = map_gnutls_error (err);
diff --git a/lib/x509/crq.c b/lib/x509/crq.c
index 0702a2c..a069be4 100644
--- a/lib/x509/crq.c
+++ b/lib/x509/crq.c
@@ -2293,7 +2293,7 @@ rsadsa_crq_get_key_id (gnutls_x509_crq_t crq, int pk,
int params_size = MAX_PUBLIC_PARAMS_SIZE;
int i, result = 0;
gnutls_datum_t der = { NULL, 0 };
- digest_hd_st hd;
+ hash_hd_st hd;
result = _gnutls_x509_crq_get_mpis (crq, params, ¶ms_size);
if (result < 0)
@@ -2323,7 +2323,7 @@ rsadsa_crq_get_key_id (gnutls_x509_crq_t crq, int pk,
else
return GNUTLS_E_INTERNAL_ERROR;
- result = _gnutls_hash_init (&hd, GNUTLS_MAC_SHA1);
+ result = _gnutls_hash_init (&hd, GNUTLS_MAC_SHA1, NULL, 0);
if (result < 0)
{
gnutls_assert ();
diff --git a/lib/x509/pbkdf2-sha1.c b/lib/x509/pbkdf2-sha1.c
index f63a23f..f45f4d5 100644
--- a/lib/x509/pbkdf2-sha1.c
+++ b/lib/x509/pbkdf2-sha1.c
@@ -172,10 +172,10 @@ _gnutls_pbkdf2_sha1 (const char *P, size_t Plen,
tmp[Slen + 3] = (i & 0x000000ff) >> 0;
rc =
- _gnutls_hmac_fast (GNUTLS_MAC_SHA1, P, Plen, tmp, tmplen, U);
+ _gnutls_hash_fast (GNUTLS_MAC_SHA1, P, Plen, tmp, tmplen, U);
}
else
- rc = _gnutls_hmac_fast (GNUTLS_MAC_SHA1, P, Plen, U, hLen, U);
+ rc = _gnutls_hash_fast (GNUTLS_MAC_SHA1, P, Plen, U, hLen, U);
if (rc < 0)
{
diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c
index 18d455d..6e04795 100644
--- a/lib/x509/pkcs12.c
+++ b/lib/x509/pkcs12.c
@@ -871,7 +871,7 @@ gnutls_pkcs12_generate_mac (gnutls_pkcs12_t pkcs12, const
char *pass)
opaque salt[8], key[20];
int result;
const int iter = 1;
- digest_hd_st td1;
+ hash_hd_st td1;
gnutls_datum_t tmp = { NULL, 0 };
opaque sha_mac[20];
@@ -937,17 +937,17 @@ gnutls_pkcs12_generate_mac (gnutls_pkcs12_t pkcs12, const
char *pass)
/* MAC the data
*/
- result = _gnutls_hmac_init (&td1, GNUTLS_MAC_SHA1, key, sizeof (key));
+ result = _gnutls_hash_init (&td1, GNUTLS_MAC_SHA1, key, sizeof (key));
if (result < 0)
{
gnutls_assert ();
goto cleanup;
}
- _gnutls_hmac (&td1, tmp.data, tmp.size);
+ _gnutls_hash (&td1, tmp.data, tmp.size);
_gnutls_free_datum (&tmp);
- _gnutls_hmac_deinit (&td1, sha_mac);
+ _gnutls_hash_deinit (&td1, sha_mac);
result =
@@ -1005,7 +1005,7 @@ gnutls_pkcs12_verify_mac (gnutls_pkcs12_t pkcs12, const
char *pass)
int result;
unsigned int iter;
int len;
- digest_hd_st td1;
+ hash_hd_st td1;
gnutls_datum_t tmp = { NULL, 0 }, salt =
{
NULL, 0};
@@ -1063,17 +1063,17 @@ gnutls_pkcs12_verify_mac (gnutls_pkcs12_t pkcs12, const
char *pass)
/* MAC the data
*/
- result = _gnutls_hmac_init (&td1, GNUTLS_MAC_SHA1, key, sizeof (key));
+ result = _gnutls_hash_init (&td1, GNUTLS_MAC_SHA1, key, sizeof (key));
if (result < 0)
{
gnutls_assert ();
goto cleanup;
}
- _gnutls_hmac (&td1, tmp.data, tmp.size);
+ _gnutls_hash (&td1, tmp.data, tmp.size);
_gnutls_free_datum (&tmp);
- _gnutls_hmac_deinit (&td1, sha_mac);
+ _gnutls_hash_deinit (&td1, sha_mac);
len = sizeof (sha_mac_orig);
result =
diff --git a/lib/x509/pkcs12_encr.c b/lib/x509/pkcs12_encr.c
index 5569eba..e1ab6bb 100644
--- a/lib/x509/pkcs12_encr.c
+++ b/lib/x509/pkcs12_encr.c
@@ -60,7 +60,7 @@ _gnutls_pkcs12_string_to_key (unsigned int id, const opaque *
salt,
{
int rc;
unsigned int i, j;
- digest_hd_st md;
+ hash_hd_st md;
bigint_t num_b1 = NULL, num_ij = NULL;
bigint_t mpi512 = NULL;
unsigned int pwlen;
@@ -121,7 +121,7 @@ _gnutls_pkcs12_string_to_key (unsigned int id, const opaque
* salt,
for (;;)
{
- rc = _gnutls_hash_init (&md, GNUTLS_MAC_SHA1);
+ rc = _gnutls_hash_init (&md, GNUTLS_MAC_SHA1, NULL, 0);
if (rc < 0)
{
gnutls_assert ();
@@ -136,7 +136,7 @@ _gnutls_pkcs12_string_to_key (unsigned int id, const opaque
* salt,
_gnutls_hash_deinit (&md, hash);
for (i = 1; i < iter; i++)
{
- rc = _gnutls_hash_init (&md, GNUTLS_MAC_SHA1);
+ rc = _gnutls_hash_init (&md, GNUTLS_MAC_SHA1, NULL, 0);
if (rc < 0)
{
gnutls_assert ();
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index 517e287..c713e77 100644
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -1402,7 +1402,7 @@ gnutls_x509_privkey_get_key_id (gnutls_x509_privkey_t key,
size_t * output_data_size)
{
int result;
- digest_hd_st hd;
+ hash_hd_st hd;
gnutls_datum_t der = { NULL, 0 };
if (key == NULL || key->crippled)
@@ -1442,7 +1442,7 @@ gnutls_x509_privkey_get_key_id (gnutls_x509_privkey_t key,
else
return GNUTLS_E_INTERNAL_ERROR;
- result = _gnutls_hash_init (&hd, GNUTLS_MAC_SHA1);
+ result = _gnutls_hash_init (&hd, GNUTLS_MAC_SHA1, NULL, 0);
if (result < 0)
{
gnutls_assert ();
diff --git a/lib/x509/sign.c b/lib/x509/sign.c
index 53e223c..1b83dde 100644
--- a/lib/x509/sign.c
+++ b/lib/x509/sign.c
@@ -52,7 +52,7 @@ encode_ber_digest_info (gnutls_digest_algorithm_t hash,
int result;
const char *algo;
- algo = _gnutls_x509_mac_to_oid ((gnutls_mac_algorithm_t) hash);
+ algo = _gnutls_x509_mac_to_oid ((gnutls_digest_algorithm_t) hash);
if (algo == NULL)
{
gnutls_assert ();
@@ -133,10 +133,10 @@ pkcs1_rsa_sign (gnutls_digest_algorithm_t hash, const
gnutls_datum_t * text,
{
int ret;
opaque _digest[MAX_HASH_SIZE];
- digest_hd_st hd;
+ hash_hd_st hd;
gnutls_datum_t digest, info;
- ret = _gnutls_hash_init (&hd, HASH2MAC (hash));
+ ret = _gnutls_hash_init (&hd, HASH2MAC (hash), NULL, 0);
if (ret < 0)
{
gnutls_assert ();
@@ -177,10 +177,10 @@ dsa_sign (const gnutls_datum_t * text,
{
int ret;
opaque _digest[MAX_HASH_SIZE];
- digest_hd_st hd;
+ hash_hd_st hd;
gnutls_datum_t digest;
- ret = _gnutls_hash_init (&hd, GNUTLS_MAC_SHA1);
+ ret = _gnutls_hash_init (&hd, GNUTLS_MAC_SHA1, NULL, 0);
if (ret < 0)
{
gnutls_assert ();
diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index 2f8bc5c..4b78480 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -553,7 +553,7 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t *
certificate_list,
*/
static int
decode_ber_digest_info (const gnutls_datum_t * info,
- gnutls_mac_algorithm_t * hash,
+ gnutls_digest_algorithm_t * hash,
opaque * digest, int *digest_size)
{
ASN1_TYPE dinfo = ASN1_TYPE_EMPTY;
@@ -635,11 +635,11 @@ _pkcs1_rsa_verify_sig (const gnutls_datum_t * text,
const gnutls_datum_t * signature, bigint_t * params,
int params_len)
{
- gnutls_mac_algorithm_t hash = GNUTLS_MAC_UNKNOWN;
+ gnutls_digest_algorithm_t hash = GNUTLS_MAC_UNKNOWN;
int ret;
opaque digest[MAX_HASH_SIZE], md[MAX_HASH_SIZE], *cmp;
int digest_size;
- digest_hd_st hd;
+ hash_hd_st hd;
gnutls_datum_t decrypted;
ret =
@@ -682,7 +682,7 @@ _pkcs1_rsa_verify_sig (const gnutls_datum_t * text,
return GNUTLS_E_INVALID_REQUEST;
}
- ret = _gnutls_hash_init (&hd, hash);
+ ret = _gnutls_hash_init (&hd, hash, NULL, 0);
if (ret < 0)
{
gnutls_assert ();
@@ -715,7 +715,7 @@ dsa_verify_sig (const gnutls_datum_t * text,
int ret;
opaque _digest[MAX_HASH_SIZE];
gnutls_datum_t digest;
- digest_hd_st hd;
+ hash_hd_st hd;
if (hash && hash->data && hash->size == 20)
{
@@ -723,7 +723,7 @@ dsa_verify_sig (const gnutls_datum_t * text,
}
else
{
- ret = _gnutls_hash_init (&hd, GNUTLS_MAC_SHA1);
+ ret = _gnutls_hash_init (&hd, GNUTLS_MAC_SHA1, NULL, 0);
if (ret < 0)
{
gnutls_assert ();
@@ -785,7 +785,7 @@ verify_sig (const gnutls_datum_t * tbs,
}
int
-_gnutls_x509_verify_algorithm (gnutls_mac_algorithm_t * hash,
+_gnutls_x509_verify_algorithm (gnutls_digest_algorithm_t * hash,
const gnutls_datum_t * signature,
const gnutls_x509_crt_t issuer)
{
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index dfd5787..172a64b 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -2213,7 +2213,7 @@ rsadsa_get_key_id (gnutls_x509_crt_t crt, int pk,
int params_size = MAX_PUBLIC_PARAMS_SIZE;
int i, result = 0;
gnutls_datum_t der = { NULL, 0 };
- digest_hd_st hd;
+ hash_hd_st hd;
result = _gnutls_x509_crt_get_mpis (crt, params, ¶ms_size);
if (result < 0)
@@ -2243,7 +2243,7 @@ rsadsa_get_key_id (gnutls_x509_crt_t crt, int pk,
else
return GNUTLS_E_INTERNAL_ERROR;
- result = _gnutls_hash_init (&hd, GNUTLS_MAC_SHA1);
+ result = _gnutls_hash_init (&hd, GNUTLS_MAC_SHA1, NULL, 0);
if (result < 0)
{
gnutls_assert ();
@@ -2496,7 +2496,7 @@ gnutls_x509_crt_get_verify_algorithm (gnutls_x509_crt_t
crt,
return GNUTLS_E_INVALID_REQUEST;
}
- return _gnutls_x509_verify_algorithm ((gnutls_mac_algorithm_t *) hash,
+ return _gnutls_x509_verify_algorithm ((gnutls_digest_algorithm_t *) hash,
signature, crt);
}
diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h
index c749123..f3b3016 100644
--- a/lib/x509/x509_int.h
+++ b/lib/x509/x509_int.h
@@ -184,7 +184,7 @@ int _gnutls_parse_general_name (ASN1_TYPE src, const char
*src_name,
/* verify.c */
int gnutls_x509_crt_is_issuer (gnutls_x509_crt_t cert,
gnutls_x509_crt_t issuer);
-int _gnutls_x509_verify_algorithm(gnutls_mac_algorithm_t *hash,
+int _gnutls_x509_verify_algorithm(gnutls_digest_algorithm_t *hash,
const gnutls_datum_t * signature,
const gnutls_x509_crt_t crt);
int _gnutls_x509_verify_signature (const gnutls_datum_t * tbs,
diff --git a/libextra/fipsmd5.c b/libextra/fipsmd5.c
index 43939c8..a0853ba 100644
--- a/libextra/fipsmd5.c
+++ b/libextra/fipsmd5.c
@@ -27,48 +27,6 @@
#include <md5.h>
#include <hmac.h>
-static int
-md5init (void **ctx)
-{
- *ctx = gnutls_malloc (sizeof (struct md5_ctx));
- if (!*ctx)
- return GNUTLS_E_MEMORY_ERROR;
- md5_init_ctx (*ctx);
- return 0;
-}
-
-static int
-md5hash (void *ctx, const void *text, size_t textsize)
-{
- md5_process_bytes (text, textsize, ctx);
- return 0;
-}
-
-static int
-md5copy (void **dst_ctx, void *src_ctx)
-{
- *dst_ctx = gnutls_malloc (sizeof (struct md5_ctx));
- if (!*dst_ctx)
- return GNUTLS_E_MEMORY_ERROR;
- memcpy (*dst_ctx, src_ctx, sizeof (struct md5_ctx));
- return 0;
-}
-
-static int
-md5output (void *src_ctx, void *digest, size_t digestsize)
-{
- char out[MD5_DIGEST_SIZE];
- md5_finish_ctx (src_ctx, out);
- memcpy (digest, out, digestsize);
- return 0;
-}
-
-static void
-md5deinit (void *ctx)
-{
- gnutls_free (ctx);
-}
-
struct hmacctx
{
char *data;
@@ -78,7 +36,7 @@ struct hmacctx
};
static int
-hmacmd5init (void **ctx)
+hmacmd5init (gnutls_digest_algorithm_t ign, void **ctx)
{
struct hmacctx *p;
@@ -138,7 +96,7 @@ hmacmd5copy (void **dst_ctx, void *src_ctx)
struct hmacctx *p = src_ctx;
struct hmacctx *q;
- q = gnutls_malloc (sizeof (struct hmacctx));
+ q = gnutls_calloc (1, sizeof (struct hmacctx));
if (!q)
return -1;
@@ -151,15 +109,18 @@ hmacmd5copy (void **dst_ctx, void *src_ctx)
memcpy (q->data, p->data, p->datasize);
q->datasize = p->datasize;
- q->key = gnutls_malloc (p->keysize);
- if (!q->key)
+ if (p->key)
{
- gnutls_free (q);
- gnutls_free (q->data);
- return -1;
+ q->key = gnutls_malloc (p->keysize);
+ if (!q->key)
+ {
+ gnutls_free (q);
+ gnutls_free (q->data);
+ return -1;
+ }
+ memcpy (q->key, p->key, p->keysize);
+ q->keysize = p->keysize;
}
- memcpy (q->key, p->key, p->keysize);
- q->keysize = p->keysize;
*dst_ctx = q;
@@ -195,16 +156,7 @@ hmacmd5deinit (void *ctx)
gnutls_free (p);
}
-static gnutls_crypto_single_digest_st dig = {
- md5init,
- NULL,
- md5hash,
- md5copy,
- md5output,
- md5deinit
-};
-
-static gnutls_crypto_single_mac_st mac = {
+static gnutls_crypto_digest_st mac = {
hmacmd5init,
hmacmd5setkey,
hmacmd5hash,
@@ -230,11 +182,7 @@ gnutls_register_md5_handler (void)
{
int ret;
- ret = gnutls_crypto_single_digest_register (GNUTLS_DIG_MD5, INT_MAX, &dig);
- if (ret)
- return ret;
-
- ret = gnutls_crypto_single_mac_register (GNUTLS_MAC_MD5, INT_MAX, &mac);
+ ret = gnutls_crypto_single_digest_register (GNUTLS_DIG_MD5, INT_MAX, &mac);
if (ret)
return ret;
diff --git a/libextra/gnutls_openssl.c b/libextra/gnutls_openssl.c
index fee62f6..56aa0db 100644
--- a/libextra/gnutls_openssl.c
+++ b/libextra/gnutls_openssl.c
@@ -1009,10 +1009,10 @@ RAND_egd_bytes (const char *path, int bytes)
void
MD5_Init (MD5_CTX * ctx)
{
- ctx->handle = gnutls_malloc (sizeof (digest_hd_st));
+ ctx->handle = gnutls_malloc (sizeof (hash_hd_st));
if (!ctx->handle)
abort ();
- _gnutls_hash_init (ctx->handle, GNUTLS_DIG_MD5);
+ _gnutls_hash_init (ctx->handle, GNUTLS_DIG_MD5, NULL, 0);
}
void
@@ -1034,7 +1034,7 @@ MD5 (const unsigned char *buf, unsigned long len,
unsigned char *md)
if (!md)
return NULL;
- _gnutls_hash_fast (GNUTLS_DIG_MD5, buf, len, md);
+ _gnutls_hash_fast (GNUTLS_DIG_MD5, buf, len, NULL, 0, md);
return md;
}
@@ -1042,10 +1042,10 @@ MD5 (const unsigned char *buf, unsigned long len,
unsigned char *md)
void
RIPEMD160_Init (RIPEMD160_CTX * ctx)
{
- ctx->handle = gnutls_malloc (sizeof (digest_hd_st));
+ ctx->handle = gnutls_malloc (sizeof (hash_hd_st));
if (!ctx->handle)
abort ();
- _gnutls_hash_init (ctx->handle, GNUTLS_DIG_RMD160);
+ _gnutls_hash_init (ctx->handle, GNUTLS_DIG_RMD160, NULL, 0);
}
void
@@ -1067,7 +1067,7 @@ RIPEMD160 (const unsigned char *buf, unsigned long len,
unsigned char *md)
if (!md)
return NULL;
- _gnutls_hash_fast (GNUTLS_DIG_RMD160, buf, len, md);
+ _gnutls_hash_fast (GNUTLS_DIG_RMD160, buf, len, NULL, 0, md);
return md;
}
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-11-gbc3e43d,
Nikos Mavrogiannopoulos <=