updated to 3.3.22
This commit is contained in:
parent
60658bc060
commit
49d7558474
|
@ -57,3 +57,4 @@ gnutls-2.10.1-nosrp.tar.bz2
|
|||
/gnutls-3.3.19-hobbled.tar.xz
|
||||
/gnutls-3.3.20-hobbled.tar.xz
|
||||
/gnutls-3.3.21-hobbled.tar.xz
|
||||
/gnutls-3.3.22-hobbled.tar.xz
|
||||
|
|
|
@ -1,825 +0,0 @@
|
|||
diff --git a/lib/accelerated/x86/hmac-padlock.c b/lib/accelerated/x86/hmac-padlock.c
|
||||
index e516c38..a18fdbb 100644
|
||||
--- a/lib/accelerated/x86/hmac-padlock.c
|
||||
+++ b/lib/accelerated/x86/hmac-padlock.c
|
||||
@@ -33,6 +33,7 @@
|
||||
#include <aes-padlock.h>
|
||||
#include <sha-padlock.h>
|
||||
#include <algorithms.h>
|
||||
+#include <x86-common.h>
|
||||
|
||||
#ifdef HAVE_LIBNETTLE
|
||||
|
||||
@@ -40,9 +41,9 @@
|
||||
#define OPAD 0x5c
|
||||
#define MAX_SHA_DIGEST_SIZE (512/8)
|
||||
|
||||
-typedef void (*update_func) (void *, unsigned, const uint8_t *);
|
||||
-typedef void (*digest_func) (void *, unsigned, uint8_t *);
|
||||
-typedef void (*set_key_func) (void *, unsigned, const uint8_t *);
|
||||
+typedef void (*update_func) (void *, size_t, const uint8_t *);
|
||||
+typedef void (*digest_func) (void *, size_t, uint8_t *);
|
||||
+typedef void (*set_key_func) (void *, size_t, const uint8_t *);
|
||||
|
||||
struct padlock_hmac_ctx {
|
||||
union {
|
||||
@@ -63,91 +64,91 @@ struct padlock_hmac_ctx {
|
||||
|
||||
static void
|
||||
padlock_hmac_sha1_set_key(struct hmac_sha1_ctx *ctx,
|
||||
- unsigned key_length, const uint8_t * key)
|
||||
+ size_t key_length, const uint8_t * key)
|
||||
{
|
||||
HMAC_SET_KEY(ctx, &padlock_sha1, key_length, key);
|
||||
}
|
||||
|
||||
static void
|
||||
padlock_hmac_sha1_update(struct hmac_sha1_ctx *ctx,
|
||||
- unsigned length, const uint8_t * data)
|
||||
+ size_t length, const uint8_t * data)
|
||||
{
|
||||
padlock_sha1_update(&ctx->state, length, data);
|
||||
}
|
||||
|
||||
static void
|
||||
padlock_hmac_sha1_digest(struct hmac_sha1_ctx *ctx,
|
||||
- unsigned length, uint8_t * digest)
|
||||
+ size_t length, uint8_t * digest)
|
||||
{
|
||||
HMAC_DIGEST(ctx, &padlock_sha1, length, digest);
|
||||
}
|
||||
|
||||
static void
|
||||
padlock_hmac_sha256_set_key(struct hmac_sha256_ctx *ctx,
|
||||
- unsigned key_length, const uint8_t * key)
|
||||
+ size_t key_length, const uint8_t * key)
|
||||
{
|
||||
HMAC_SET_KEY(ctx, &padlock_sha256, key_length, key);
|
||||
}
|
||||
|
||||
static void
|
||||
padlock_hmac_sha256_update(struct hmac_sha256_ctx *ctx,
|
||||
- unsigned length, const uint8_t * data)
|
||||
+ size_t length, const uint8_t * data)
|
||||
{
|
||||
padlock_sha256_update(&ctx->state, length, data);
|
||||
}
|
||||
|
||||
static void
|
||||
padlock_hmac_sha256_digest(struct hmac_sha256_ctx *ctx,
|
||||
- unsigned length, uint8_t * digest)
|
||||
+ size_t length, uint8_t * digest)
|
||||
{
|
||||
HMAC_DIGEST(ctx, &padlock_sha256, length, digest);
|
||||
}
|
||||
|
||||
static void
|
||||
padlock_hmac_sha224_set_key(struct hmac_sha224_ctx *ctx,
|
||||
- unsigned key_length, const uint8_t * key)
|
||||
+ size_t key_length, const uint8_t * key)
|
||||
{
|
||||
HMAC_SET_KEY(ctx, &padlock_sha224, key_length, key);
|
||||
}
|
||||
|
||||
static void
|
||||
padlock_hmac_sha224_digest(struct hmac_sha224_ctx *ctx,
|
||||
- unsigned length, uint8_t * digest)
|
||||
+ size_t length, uint8_t * digest)
|
||||
{
|
||||
HMAC_DIGEST(ctx, &padlock_sha224, length, digest);
|
||||
}
|
||||
|
||||
static void
|
||||
padlock_hmac_sha384_set_key(struct hmac_sha384_ctx *ctx,
|
||||
- unsigned key_length, const uint8_t * key)
|
||||
+ size_t key_length, const uint8_t * key)
|
||||
{
|
||||
HMAC_SET_KEY(ctx, &padlock_sha384, key_length, key);
|
||||
}
|
||||
|
||||
static void
|
||||
padlock_hmac_sha384_digest(struct hmac_sha384_ctx *ctx,
|
||||
- unsigned length, uint8_t * digest)
|
||||
+ size_t length, uint8_t * digest)
|
||||
{
|
||||
HMAC_DIGEST(ctx, &padlock_sha384, length, digest);
|
||||
}
|
||||
|
||||
static void
|
||||
padlock_hmac_sha512_set_key(struct hmac_sha512_ctx *ctx,
|
||||
- unsigned key_length, const uint8_t * key)
|
||||
+ size_t key_length, const uint8_t * key)
|
||||
{
|
||||
HMAC_SET_KEY(ctx, &padlock_sha512, key_length, key);
|
||||
}
|
||||
|
||||
static void
|
||||
padlock_hmac_sha512_update(struct hmac_sha512_ctx *ctx,
|
||||
- unsigned length, const uint8_t * data)
|
||||
+ size_t length, const uint8_t * data)
|
||||
{
|
||||
padlock_sha512_update(&ctx->state, length, data);
|
||||
}
|
||||
|
||||
static void
|
||||
padlock_hmac_sha512_digest(struct hmac_sha512_ctx *ctx,
|
||||
- unsigned length, uint8_t * digest)
|
||||
+ size_t length, uint8_t * digest)
|
||||
{
|
||||
HMAC_DIGEST(ctx, &padlock_sha512, length, digest);
|
||||
}
|
||||
@@ -237,7 +238,7 @@ wrap_padlock_hmac_update(void *_ctx, const void *text, size_t textsize)
|
||||
{
|
||||
struct padlock_hmac_ctx *ctx = _ctx;
|
||||
|
||||
- ctx->update(ctx->ctx_ptr, textsize, text);
|
||||
+ _NETTLE_UPDATE(ctx->update, ctx->ctx_ptr, textsize, text);
|
||||
|
||||
return GNUTLS_E_SUCCESS;
|
||||
}
|
||||
diff --git a/lib/accelerated/x86/hmac-x86-ssse3.c b/lib/accelerated/x86/hmac-x86-ssse3.c
|
||||
index 0d5004d..76894de 100644
|
||||
--- a/lib/accelerated/x86/hmac-x86-ssse3.c
|
||||
+++ b/lib/accelerated/x86/hmac-x86-ssse3.c
|
||||
@@ -33,12 +33,13 @@
|
||||
#include <aes-x86.h>
|
||||
#include <sha-x86.h>
|
||||
#include <algorithms.h>
|
||||
+#include <x86-common.h>
|
||||
|
||||
#ifdef HAVE_LIBNETTLE
|
||||
|
||||
-typedef void (*update_func) (void *, unsigned, const uint8_t *);
|
||||
-typedef void (*digest_func) (void *, unsigned, uint8_t *);
|
||||
-typedef void (*set_key_func) (void *, unsigned, const uint8_t *);
|
||||
+typedef void (*update_func) (void *, size_t, const uint8_t *);
|
||||
+typedef void (*digest_func) (void *, size_t, uint8_t *);
|
||||
+typedef void (*set_key_func) (void *, size_t, const uint8_t *);
|
||||
|
||||
struct x86_hmac_ctx {
|
||||
union {
|
||||
@@ -61,56 +62,56 @@ struct x86_hmac_ctx {
|
||||
|
||||
static void
|
||||
x86_hmac_sha1_set_key(struct hmac_sha1_ctx *ctx,
|
||||
- unsigned key_length, const uint8_t * key)
|
||||
+ size_t key_length, const uint8_t * key)
|
||||
{
|
||||
HMAC_SET_KEY(ctx, &x86_sha1, key_length, key);
|
||||
}
|
||||
|
||||
static void
|
||||
x86_hmac_sha1_update(struct hmac_sha1_ctx *ctx,
|
||||
- unsigned length, const uint8_t * data)
|
||||
+ size_t length, const uint8_t * data)
|
||||
{
|
||||
x86_sha1_update(&ctx->state, length, data);
|
||||
}
|
||||
|
||||
static void
|
||||
x86_hmac_sha1_digest(struct hmac_sha1_ctx *ctx,
|
||||
- unsigned length, uint8_t * digest)
|
||||
+ size_t length, uint8_t * digest)
|
||||
{
|
||||
HMAC_DIGEST(ctx, &x86_sha1, length, digest);
|
||||
}
|
||||
|
||||
static void
|
||||
x86_hmac_sha256_set_key(struct hmac_sha256_ctx *ctx,
|
||||
- unsigned key_length, const uint8_t * key)
|
||||
+ size_t key_length, const uint8_t * key)
|
||||
{
|
||||
HMAC_SET_KEY(ctx, &x86_sha256, key_length, key);
|
||||
}
|
||||
|
||||
static void
|
||||
x86_hmac_sha256_update(struct hmac_sha256_ctx *ctx,
|
||||
- unsigned length, const uint8_t * data)
|
||||
+ size_t length, const uint8_t * data)
|
||||
{
|
||||
x86_sha256_update(&ctx->state, length, data);
|
||||
}
|
||||
|
||||
static void
|
||||
x86_hmac_sha256_digest(struct hmac_sha256_ctx *ctx,
|
||||
- unsigned length, uint8_t * digest)
|
||||
+ size_t length, uint8_t * digest)
|
||||
{
|
||||
HMAC_DIGEST(ctx, &x86_sha256, length, digest);
|
||||
}
|
||||
|
||||
static void
|
||||
x86_hmac_sha224_set_key(struct hmac_sha224_ctx *ctx,
|
||||
- unsigned key_length, const uint8_t * key)
|
||||
+ size_t key_length, const uint8_t * key)
|
||||
{
|
||||
HMAC_SET_KEY(ctx, &x86_sha224, key_length, key);
|
||||
}
|
||||
|
||||
static void
|
||||
x86_hmac_sha224_digest(struct hmac_sha224_ctx *ctx,
|
||||
- unsigned length, uint8_t * digest)
|
||||
+ size_t length, uint8_t * digest)
|
||||
{
|
||||
HMAC_DIGEST(ctx, &x86_sha224, length, digest);
|
||||
}
|
||||
@@ -118,35 +119,35 @@ x86_hmac_sha224_digest(struct hmac_sha224_ctx *ctx,
|
||||
#ifdef ENABLE_SHA512
|
||||
static void
|
||||
x86_hmac_sha384_set_key(struct hmac_sha384_ctx *ctx,
|
||||
- unsigned key_length, const uint8_t * key)
|
||||
+ size_t key_length, const uint8_t * key)
|
||||
{
|
||||
HMAC_SET_KEY(ctx, &x86_sha384, key_length, key);
|
||||
}
|
||||
|
||||
static void
|
||||
x86_hmac_sha384_digest(struct hmac_sha384_ctx *ctx,
|
||||
- unsigned length, uint8_t * digest)
|
||||
+ size_t length, uint8_t * digest)
|
||||
{
|
||||
HMAC_DIGEST(ctx, &x86_sha384, length, digest);
|
||||
}
|
||||
|
||||
static void
|
||||
x86_hmac_sha512_set_key(struct hmac_sha512_ctx *ctx,
|
||||
- unsigned key_length, const uint8_t * key)
|
||||
+ size_t key_length, const uint8_t * key)
|
||||
{
|
||||
HMAC_SET_KEY(ctx, &x86_sha512, key_length, key);
|
||||
}
|
||||
|
||||
static void
|
||||
x86_hmac_sha512_update(struct hmac_sha512_ctx *ctx,
|
||||
- unsigned length, const uint8_t * data)
|
||||
+ size_t length, const uint8_t * data)
|
||||
{
|
||||
x86_sha512_update(&ctx->state, length, data);
|
||||
}
|
||||
|
||||
static void
|
||||
x86_hmac_sha512_digest(struct hmac_sha512_ctx *ctx,
|
||||
- unsigned length, uint8_t * digest)
|
||||
+ size_t length, uint8_t * digest)
|
||||
{
|
||||
HMAC_DIGEST(ctx, &x86_sha512, length, digest);
|
||||
}
|
||||
@@ -239,7 +240,7 @@ wrap_x86_hmac_update(void *_ctx, const void *text, size_t textsize)
|
||||
{
|
||||
struct x86_hmac_ctx *ctx = _ctx;
|
||||
|
||||
- ctx->update(ctx->ctx_ptr, textsize, text);
|
||||
+ _NETTLE_UPDATE(ctx->update, ctx->ctx_ptr, textsize, text);
|
||||
|
||||
return GNUTLS_E_SUCCESS;
|
||||
}
|
||||
@@ -279,7 +280,7 @@ static int wrap_x86_hmac_fast(gnutls_mac_algorithm_t algo,
|
||||
return gnutls_assert_val(ret);
|
||||
|
||||
ctx.setkey(&ctx, key_size, key);
|
||||
- ctx.update(&ctx, text_size, text);
|
||||
+ _NETTLE_UPDATE(ctx.update, &ctx, text_size, text);
|
||||
ctx.digest(&ctx, ctx.length, digest);
|
||||
|
||||
zeroize_temp_key(&ctx, sizeof(ctx));
|
||||
diff --git a/lib/accelerated/x86/sha-padlock.c b/lib/accelerated/x86/sha-padlock.c
|
||||
index 70defe4..76a862a 100644
|
||||
--- a/lib/accelerated/x86/sha-padlock.c
|
||||
+++ b/lib/accelerated/x86/sha-padlock.c
|
||||
@@ -34,9 +34,9 @@
|
||||
|
||||
#ifdef HAVE_LIBNETTLE
|
||||
|
||||
-typedef void (*update_func) (void *, unsigned, const uint8_t *);
|
||||
-typedef void (*digest_func) (void *, unsigned, uint8_t *);
|
||||
-typedef void (*set_key_func) (void *, unsigned, const uint8_t *);
|
||||
+typedef void (*update_func) (void *, size_t, const uint8_t *);
|
||||
+typedef void (*digest_func) (void *, size_t, uint8_t *);
|
||||
+typedef void (*set_key_func) (void *, size_t, const uint8_t *);
|
||||
typedef void (*init_func) (void *);
|
||||
|
||||
struct padlock_hash_ctx {
|
||||
@@ -60,7 +60,7 @@ wrap_padlock_hash_update(void *_ctx, const void *text, size_t textsize)
|
||||
{
|
||||
struct padlock_hash_ctx *ctx = _ctx;
|
||||
|
||||
- ctx->update(ctx->ctx_ptr, textsize, text);
|
||||
+ _NETTLE_UPDATE(ctx->update, ctx->ctx_ptr, textsize, text);
|
||||
|
||||
return GNUTLS_E_SUCCESS;
|
||||
}
|
||||
@@ -81,21 +81,21 @@ static void wrap_padlock_hash_deinit(void *hd)
|
||||
|
||||
void
|
||||
padlock_sha1_update(struct sha1_ctx *ctx,
|
||||
- unsigned length, const uint8_t * data)
|
||||
+ _NETTLE_SIZE_T length, const uint8_t * data)
|
||||
{
|
||||
MD_UPDATE(ctx, length, data, SHA1_COMPRESS, MD1_INCR(ctx));
|
||||
}
|
||||
|
||||
void
|
||||
padlock_sha256_update(struct sha256_ctx *ctx,
|
||||
- unsigned length, const uint8_t * data)
|
||||
+ _NETTLE_SIZE_T length, const uint8_t * data)
|
||||
{
|
||||
MD_UPDATE(ctx, length, data, SHA256_COMPRESS, MD1_INCR(ctx));
|
||||
}
|
||||
|
||||
void
|
||||
padlock_sha512_update(struct sha512_ctx *ctx,
|
||||
- unsigned length, const uint8_t * data)
|
||||
+ _NETTLE_SIZE_T length, const uint8_t * data)
|
||||
{
|
||||
MD_UPDATE(ctx, length, data, SHA512_COMPRESS, MD_INCR(ctx));
|
||||
}
|
||||
@@ -136,7 +136,7 @@ _nettle_write_be32(unsigned length, uint8_t * dst, uint32_t * src)
|
||||
|
||||
static void
|
||||
padlock_sha1_digest(struct sha1_ctx *ctx,
|
||||
- unsigned length, uint8_t * digest)
|
||||
+ size_t length, uint8_t * digest)
|
||||
{
|
||||
#ifdef USE_NETTLE3
|
||||
uint64_t bit_count;
|
||||
@@ -167,7 +167,7 @@ padlock_sha1_digest(struct sha1_ctx *ctx,
|
||||
|
||||
static void
|
||||
padlock_sha256_digest(struct sha256_ctx *ctx,
|
||||
- unsigned length, uint8_t * digest)
|
||||
+ size_t length, uint8_t * digest)
|
||||
{
|
||||
#ifdef USE_NETTLE3
|
||||
uint64_t bit_count;
|
||||
@@ -200,7 +200,7 @@ padlock_sha256_digest(struct sha256_ctx *ctx,
|
||||
|
||||
static void
|
||||
padlock_sha512_digest(struct sha512_ctx *ctx,
|
||||
- unsigned length, uint8_t * digest)
|
||||
+ size_t length, uint8_t * digest)
|
||||
{
|
||||
uint64_t high, low;
|
||||
|
||||
diff --git a/lib/accelerated/x86/sha-padlock.h b/lib/accelerated/x86/sha-padlock.h
|
||||
index 5cbe1d1..ce18ef8 100644
|
||||
--- a/lib/accelerated/x86/sha-padlock.h
|
||||
+++ b/lib/accelerated/x86/sha-padlock.h
|
||||
@@ -2,6 +2,7 @@
|
||||
#define SHA_PADLOCK_H
|
||||
|
||||
#include <nettle/sha.h>
|
||||
+#include "nettle/gnettle.h"
|
||||
|
||||
void padlock_sha1_oneshot(void *ctx, const void *inp, size_t len);
|
||||
void padlock_sha256_oneshot(void *ctx, const void *inp, size_t len);
|
||||
@@ -18,11 +19,11 @@ int wrap_padlock_hash_fast(gnutls_digest_algorithm_t algo,
|
||||
void *digest);
|
||||
|
||||
void padlock_sha1_update(struct sha1_ctx *ctx,
|
||||
- unsigned length, const uint8_t * data);
|
||||
+ _NETTLE_SIZE_T length, const uint8_t * data);
|
||||
void padlock_sha256_update(struct sha256_ctx *ctx,
|
||||
- unsigned length, const uint8_t * data);
|
||||
+ _NETTLE_SIZE_T length, const uint8_t * data);
|
||||
void padlock_sha512_update(struct sha512_ctx *ctx,
|
||||
- unsigned length, const uint8_t * data);
|
||||
+ _NETTLE_SIZE_T length, const uint8_t * data);
|
||||
|
||||
extern const struct nettle_hash padlock_sha1;
|
||||
extern const struct nettle_hash padlock_sha224;
|
||||
diff --git a/lib/accelerated/x86/sha-x86-ssse3.c b/lib/accelerated/x86/sha-x86-ssse3.c
|
||||
index 4fc106c..efcb5ab 100644
|
||||
--- a/lib/accelerated/x86/sha-x86-ssse3.c
|
||||
+++ b/lib/accelerated/x86/sha-x86-ssse3.c
|
||||
@@ -35,9 +35,9 @@ void sha1_block_data_order(void *c, const void *p, size_t len);
|
||||
void sha256_block_data_order(void *c, const void *p, size_t len);
|
||||
void sha512_block_data_order(void *c, const void *p, size_t len);
|
||||
|
||||
-typedef void (*update_func) (void *, unsigned, const uint8_t *);
|
||||
-typedef void (*digest_func) (void *, unsigned, uint8_t *);
|
||||
-typedef void (*set_key_func) (void *, unsigned, const uint8_t *);
|
||||
+typedef void (*update_func) (void *, size_t, const uint8_t *);
|
||||
+typedef void (*digest_func) (void *, size_t, uint8_t *);
|
||||
+typedef void (*set_key_func) (void *, size_t, const uint8_t *);
|
||||
typedef void (*init_func) (void *);
|
||||
|
||||
struct x86_hash_ctx {
|
||||
@@ -63,7 +63,7 @@ wrap_x86_hash_update(void *_ctx, const void *text, size_t textsize)
|
||||
{
|
||||
struct x86_hash_ctx *ctx = _ctx;
|
||||
|
||||
- ctx->update(ctx->ctx_ptr, textsize, text);
|
||||
+ _NETTLE_UPDATE(ctx->update, ctx->ctx_ptr, textsize, text);
|
||||
|
||||
return GNUTLS_E_SUCCESS;
|
||||
}
|
||||
@@ -73,7 +73,7 @@ static void wrap_x86_hash_deinit(void *hd)
|
||||
gnutls_free(hd);
|
||||
}
|
||||
|
||||
-void x86_sha1_update(struct sha1_ctx *ctx, size_t length,
|
||||
+void x86_sha1_update(struct sha1_ctx *ctx, _NETTLE_SIZE_T length,
|
||||
const uint8_t * data)
|
||||
{
|
||||
struct {
|
||||
@@ -136,7 +136,7 @@ void x86_sha1_update(struct sha1_ctx *ctx, size_t length,
|
||||
|
||||
}
|
||||
|
||||
-void x86_sha256_update(struct sha256_ctx *ctx, size_t length,
|
||||
+void x86_sha256_update(struct sha256_ctx *ctx, _NETTLE_SIZE_T length,
|
||||
const uint8_t * data)
|
||||
{
|
||||
struct {
|
||||
@@ -189,7 +189,7 @@ void x86_sha256_update(struct sha256_ctx *ctx, size_t length,
|
||||
}
|
||||
|
||||
#ifdef ENABLE_SHA512
|
||||
-void x86_sha512_update(struct sha512_ctx *ctx, size_t length,
|
||||
+void x86_sha512_update(struct sha512_ctx *ctx, _NETTLE_SIZE_T length,
|
||||
const uint8_t * data)
|
||||
{
|
||||
struct {
|
||||
@@ -344,7 +344,7 @@ static int wrap_x86_hash_fast(gnutls_digest_algorithm_t algo,
|
||||
if (ret < 0)
|
||||
return gnutls_assert_val(ret);
|
||||
|
||||
- ctx.update(&ctx, text_size, text);
|
||||
+ _NETTLE_UPDATE(ctx.update, &ctx, text_size, text);
|
||||
ctx.digest(&ctx, ctx.length, digest);
|
||||
|
||||
return 0;
|
||||
diff --git a/lib/accelerated/x86/sha-x86.h b/lib/accelerated/x86/sha-x86.h
|
||||
index 3304212..245fe32 100644
|
||||
--- a/lib/accelerated/x86/sha-x86.h
|
||||
+++ b/lib/accelerated/x86/sha-x86.h
|
||||
@@ -2,6 +2,7 @@
|
||||
#define SHA_X86_H
|
||||
|
||||
#include <nettle/sha.h>
|
||||
+#include "nettle/gnettle.h"
|
||||
|
||||
/* nettle's SHA512 is faster than openssl's */
|
||||
#undef ENABLE_SHA512
|
||||
@@ -12,9 +13,9 @@ extern const struct nettle_hash x86_sha256;
|
||||
extern const struct nettle_hash x86_sha384;
|
||||
extern const struct nettle_hash x86_sha512;
|
||||
|
||||
-void x86_sha1_update(struct sha1_ctx *ctx, size_t length, const uint8_t * data);
|
||||
-void x86_sha256_update(struct sha256_ctx *ctx, size_t length, const uint8_t * data);
|
||||
-void x86_sha512_update(struct sha512_ctx *ctx, size_t length, const uint8_t * data);
|
||||
+void x86_sha1_update(struct sha1_ctx *ctx, _NETTLE_SIZE_T length, const uint8_t * data);
|
||||
+void x86_sha256_update(struct sha256_ctx *ctx, _NETTLE_SIZE_T length, const uint8_t * data);
|
||||
+void x86_sha512_update(struct sha512_ctx *ctx, _NETTLE_SIZE_T length, const uint8_t * data);
|
||||
|
||||
extern const gnutls_crypto_digest_st _gnutls_sha_x86_ssse3;
|
||||
extern const gnutls_crypto_mac_st _gnutls_hmac_sha_x86_ssse3;
|
||||
diff --git a/lib/accelerated/x86/x86-common.h b/lib/accelerated/x86/x86-common.h
|
||||
index 3c3f6e8..6261bce 100644
|
||||
--- a/lib/accelerated/x86/x86-common.h
|
||||
+++ b/lib/accelerated/x86/x86-common.h
|
||||
@@ -22,6 +22,8 @@
|
||||
|
||||
#include <config.h>
|
||||
|
||||
+#include "nettle/gnettle.h"
|
||||
+
|
||||
extern unsigned int _gnutls_x86_cpuid_s[3];
|
||||
|
||||
#if defined(ASM_X86)
|
||||
diff --git a/lib/nettle/gnettle.h b/lib/nettle/gnettle.h
|
||||
index e27149c..7616dea 100644
|
||||
--- a/lib/nettle/gnettle.h
|
||||
+++ b/lib/nettle/gnettle.h
|
||||
@@ -1,3 +1,30 @@
|
||||
+#ifndef GNETTLE_H
|
||||
+# define GNETTLE_H
|
||||
+
|
||||
+#include <config.h>
|
||||
+#include <minmax.h>
|
||||
+#include <limits.h>
|
||||
+
|
||||
#define PRIME_CHECK_PARAM 8
|
||||
#define TOMPZ(x) ((__mpz_struct*)(x))
|
||||
#define SIZEOF_MPZT sizeof(__mpz_struct)
|
||||
+
|
||||
+#ifdef USE_NETTLE3
|
||||
+# define _NETTLE_SIZE_T size_t
|
||||
+# define _NETTLE_UPDATE(func, ctx, size, data) func(ctx, size, data)
|
||||
+#else
|
||||
+# define _NETTLE_SIZE_T unsigned
|
||||
+#define _NETTLE_UPDATE(func, ptr, size, data) { \
|
||||
+ size_t _rsize = size; \
|
||||
+ const uint8_t *_t = text; \
|
||||
+ while(size > 0) { \
|
||||
+ _rsize = MIN(size, UINT_MAX); \
|
||||
+ func(ptr, _rsize, _t); \
|
||||
+ size -= _rsize; \
|
||||
+ _t += _rsize; \
|
||||
+ } \
|
||||
+}
|
||||
+
|
||||
+#endif
|
||||
+
|
||||
+#endif
|
||||
diff --git a/lib/nettle/mac.c b/lib/nettle/mac.c
|
||||
index cfa37e3..cf4fd70 100644
|
||||
--- a/lib/nettle/mac.c
|
||||
+++ b/lib/nettle/mac.c
|
||||
@@ -31,12 +31,13 @@
|
||||
#include <nettle/sha.h>
|
||||
#include <nettle/hmac.h>
|
||||
#include <nettle/umac.h>
|
||||
+#include "gnettle.h"
|
||||
#include <fips.h>
|
||||
|
||||
-typedef void (*update_func) (void *, unsigned, const uint8_t *);
|
||||
-typedef void (*digest_func) (void *, unsigned, uint8_t *);
|
||||
-typedef void (*set_key_func) (void *, unsigned, const uint8_t *);
|
||||
-typedef void (*set_nonce_func) (void *, unsigned, const uint8_t *);
|
||||
+typedef void (*update_func) (void *, _NETTLE_SIZE_T, const uint8_t *);
|
||||
+typedef void (*digest_func) (void *, _NETTLE_SIZE_T, uint8_t *);
|
||||
+typedef void (*set_key_func) (void *, _NETTLE_SIZE_T, const uint8_t *);
|
||||
+typedef void (*set_nonce_func) (void *, _NETTLE_SIZE_T, const uint8_t *);
|
||||
|
||||
static int wrap_nettle_hash_init(gnutls_digest_algorithm_t algo,
|
||||
void **_ctx);
|
||||
@@ -80,7 +81,7 @@ struct nettle_mac_ctx {
|
||||
};
|
||||
|
||||
static void
|
||||
-_wrap_umac96_set_key(void *ctx, unsigned len, const uint8_t * key)
|
||||
+_wrap_umac96_set_key(void *ctx, _NETTLE_SIZE_T len, const uint8_t * key)
|
||||
{
|
||||
if (unlikely(len != 16))
|
||||
abort();
|
||||
@@ -88,7 +89,7 @@ _wrap_umac96_set_key(void *ctx, unsigned len, const uint8_t * key)
|
||||
}
|
||||
|
||||
static void
|
||||
-_wrap_umac128_set_key(void *ctx, unsigned len, const uint8_t * key)
|
||||
+_wrap_umac128_set_key(void *ctx, _NETTLE_SIZE_T len, const uint8_t * key)
|
||||
{
|
||||
if (unlikely(len != 16))
|
||||
abort();
|
||||
@@ -188,7 +189,7 @@ static int wrap_nettle_mac_fast(gnutls_mac_algorithm_t algo,
|
||||
if (ctx.set_nonce)
|
||||
ctx.set_nonce(&ctx, nonce_size, nonce);
|
||||
ctx.set_key(&ctx, key_size, key);
|
||||
- ctx.update(&ctx, text_size, text);
|
||||
+ _NETTLE_UPDATE(ctx.update, &ctx, text_size, text);
|
||||
ctx.digest(&ctx, ctx.length, digest);
|
||||
|
||||
zeroize_temp_key(&ctx, sizeof(ctx));
|
||||
@@ -269,7 +270,7 @@ wrap_nettle_mac_update(void *_ctx, const void *text, size_t textsize)
|
||||
{
|
||||
struct nettle_mac_ctx *ctx = _ctx;
|
||||
|
||||
- ctx->update(ctx->ctx_ptr, textsize, text);
|
||||
+ _NETTLE_UPDATE(ctx->update, ctx->ctx_ptr, textsize, text);
|
||||
|
||||
return GNUTLS_E_SUCCESS;
|
||||
}
|
||||
@@ -305,7 +306,7 @@ wrap_nettle_hash_update(void *_ctx, const void *text, size_t textsize)
|
||||
{
|
||||
struct nettle_hash_ctx *ctx = _ctx;
|
||||
|
||||
- ctx->update(ctx->ctx_ptr, textsize, text);
|
||||
+ _NETTLE_UPDATE(ctx->update, ctx->ctx_ptr, textsize, text);
|
||||
|
||||
return GNUTLS_E_SUCCESS;
|
||||
}
|
||||
@@ -411,7 +412,7 @@ static int wrap_nettle_hash_fast(gnutls_digest_algorithm_t algo,
|
||||
if (ret < 0)
|
||||
return gnutls_assert_val(ret);
|
||||
|
||||
- ctx.update(&ctx, text_size, text);
|
||||
+ _NETTLE_UPDATE(ctx.update, &ctx, text_size, text);
|
||||
ctx.digest(&ctx, ctx.length, digest);
|
||||
|
||||
return 0;
|
||||
diff --git a/tests/slow/Makefile.am b/tests/slow/Makefile.am
|
||||
index 1b82e17..2511e7e 100644
|
||||
--- a/tests/slow/Makefile.am
|
||||
+++ b/tests/slow/Makefile.am
|
||||
@@ -40,8 +40,8 @@ endif
|
||||
|
||||
ctests = gendh keygen cipher-test
|
||||
|
||||
-check_PROGRAMS = $(ctests)
|
||||
-TESTS = $(ctests)
|
||||
+check_PROGRAMS = $(ctests) hash-large
|
||||
+TESTS = $(ctests) test-hash-large
|
||||
|
||||
EXTRA_DIST = README
|
||||
|
||||
diff --git a/tests/slow/hash-large.c b/tests/slow/hash-large.c
|
||||
new file mode 100644
|
||||
index 0000000..41c2bd5
|
||||
--- /dev/null
|
||||
+++ b/tests/slow/hash-large.c
|
||||
@@ -0,0 +1,134 @@
|
||||
+/*
|
||||
+ * Copyright (C) 2016 Nikos Mavrogiannopoulos
|
||||
+ *
|
||||
+ * This file is part of GnuTLS.
|
||||
+ *
|
||||
+ * GnuTLS is free software; you can redistribute it and/or modify
|
||||
+ * it under the terms of the GNU General Public License as published by
|
||||
+ * the Free Software Foundation; either version 3 of the License, or
|
||||
+ * (at your option) any later version.
|
||||
+ *
|
||||
+ * GnuTLS is distributed in the hope that it will be useful,
|
||||
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
+ * GNU General Public License for more details.
|
||||
+ *
|
||||
+ * You should have received a copy of the GNU General Public License
|
||||
+ * along with this program; if not, write to the Free Software
|
||||
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
|
||||
+ */
|
||||
+
|
||||
+#ifdef HAVE_CONFIG_H
|
||||
+#include <config.h>
|
||||
+#endif
|
||||
+
|
||||
+#include <stdio.h>
|
||||
+#include <stdlib.h>
|
||||
+#include <gnutls/gnutls.h>
|
||||
+#include <gnutls/crypto.h>
|
||||
+#include <limits.h>
|
||||
+#include "utils.h"
|
||||
+
|
||||
+#define MIN(x,y) ((x)<(y))?(x):(y)
|
||||
+
|
||||
+/* Test hashing on large buffers */
|
||||
+
|
||||
+void doit(void)
|
||||
+{
|
||||
+ unsigned char digest[32];
|
||||
+ int err;
|
||||
+ char *buf, *p;
|
||||
+ ssize_t size, left, size2;
|
||||
+ gnutls_hash_hd_t td;
|
||||
+
|
||||
+ if (sizeof(size) <= 4)
|
||||
+ exit(77);
|
||||
+
|
||||
+ global_init();
|
||||
+
|
||||
+ size = (ssize_t)UINT_MAX + (ssize_t)64*1024;
|
||||
+ buf = calloc(1, size);
|
||||
+ if (buf == NULL)
|
||||
+ exit(77);
|
||||
+
|
||||
+ if (size < (ssize_t)UINT_MAX)
|
||||
+ exit(77);
|
||||
+
|
||||
+
|
||||
+ err =
|
||||
+ gnutls_hash_fast(GNUTLS_DIG_SHA256, buf, size,
|
||||
+ digest);
|
||||
+ if (err < 0)
|
||||
+ fail("gnutls_hash_fast(SHA256) failed: %d\n", err);
|
||||
+ else {
|
||||
+#define SHA256_HASH "\x80\x92\xd9\xbe\x54\xa0\xe9\xd7\x7c\xb8\xe4\x2d\xd3\x7c\x19\xfe\x4e\x68\x84\x33\x71\xef\x1c\x81\xd6\x44\x36\x52\x06\xd8\x4b\x8a"
|
||||
+ if (memcmp(digest, SHA256_HASH, 32) == 0) {
|
||||
+ if (debug)
|
||||
+ success("gnutls_hash_fast(SHA256) %lu OK\n", (unsigned long)size);
|
||||
+ } else {
|
||||
+ hexprint(digest, 32);
|
||||
+ fail("gnutls_hash_fast(SHA256) failure\n");
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ err = gnutls_hash_init(&td, GNUTLS_DIG_SHA256);
|
||||
+ if (err < 0) {
|
||||
+ fail("failed in %d\n", __LINE__);
|
||||
+ }
|
||||
+
|
||||
+ size2 = size;
|
||||
+ p = buf;
|
||||
+ while(size2 > 0) {
|
||||
+ left = MIN(64*1024, size2);
|
||||
+ gnutls_hash(td, p, left);
|
||||
+ size2 -= left;
|
||||
+ p += left;
|
||||
+ }
|
||||
+
|
||||
+ gnutls_hash_output(td, digest);
|
||||
+ gnutls_hash_deinit(td, NULL);
|
||||
+ if (memcmp(digest, SHA256_HASH, 32) == 0) {
|
||||
+ if (debug)
|
||||
+ success("gnutls_hash_fast(SHA256) %lu OK\n", (unsigned long)size);
|
||||
+ } else {
|
||||
+ hexprint(digest, 32);
|
||||
+ fail("gnutls_hash(SHA256) failure\n");
|
||||
+ }
|
||||
+
|
||||
+ /* SHA1 */
|
||||
+
|
||||
+ err =
|
||||
+ gnutls_hash_fast(GNUTLS_MAC_SHA1, buf, size,
|
||||
+ digest);
|
||||
+ if (err < 0)
|
||||
+ fail("gnutls_hash_fast(SHA1) failed: %d\n", err);
|
||||
+ else {
|
||||
+#define SHA1_HASH "\x75\xd2\x67\x3f\xec\x73\xe4\x57\xb8\x40\xb3\xb5\xf1\xc7\xa8\x1a\x2d\x11\x7e\xd9"
|
||||
+ if (memcmp(digest, SHA1_HASH, 20) == 0) {
|
||||
+ if (debug)
|
||||
+ success("gnutls_hash_fast(SHA1) OK\n");
|
||||
+ } else {
|
||||
+ hexprint(digest, 20);
|
||||
+ fail("gnutls_hash_fast(SHA1) failure\n");
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ err =
|
||||
+ gnutls_hmac_fast(GNUTLS_MAC_SHA1, "keykeykey", 9, buf, size,
|
||||
+ digest);
|
||||
+ if (err < 0)
|
||||
+ fail("gnutls_hmac_fast(SHA1) failed: %d\n", err);
|
||||
+ else {
|
||||
+#define SHA1_MAC "\xe2\xe9\x84\x48\x53\xe3\x0b\xfe\x45\x04\xf6\x6b\x5b\x6d\x4d\x2c\xa3\x0f\xcf\x23"
|
||||
+ if (memcmp(digest, SHA1_MAC, 20) == 0) {
|
||||
+ if (debug)
|
||||
+ success("gnutls_hmac_fast(SHA1) OK\n");
|
||||
+ } else {
|
||||
+ hexprint(digest, 20);
|
||||
+ fail("gnutls_hmac_fast(SHA1) failure\n");
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ free(buf);
|
||||
+ gnutls_global_deinit();
|
||||
+}
|
||||
diff --git a/tests/slow/test-hash-large b/tests/slow/test-hash-large
|
||||
new file mode 100755
|
||||
index 0000000..e09579a
|
||||
--- /dev/null
|
||||
+++ b/tests/slow/test-hash-large
|
||||
@@ -0,0 +1,64 @@
|
||||
+#!/bin/sh
|
||||
+
|
||||
+# Copyright (C) 2016 Nikos Mavrogiannopoulos
|
||||
+#
|
||||
+# Author: Nikos Mavrogiannopoulos
|
||||
+#
|
||||
+# This file is part of GnuTLS.
|
||||
+#
|
||||
+# GnuTLS is free software; you can redistribute it and/or modify it
|
||||
+# under the terms of the GNU General Public License as published by the
|
||||
+# Free Software Foundation; either version 3 of the License, or (at
|
||||
+# your option) any later version.
|
||||
+#
|
||||
+# GnuTLS is distributed in the hope that it will be useful, but
|
||||
+# WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
+# General Public License for more details.
|
||||
+#
|
||||
+# You should have received a copy of the GNU General Public License
|
||||
+# along with GnuTLS; if not, write to the Free Software Foundation,
|
||||
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
+
|
||||
+PROG=./hash-large${EXEEXT}
|
||||
+unset RETCODE
|
||||
+if ! test -z "${VALGRIND}"; then
|
||||
+ VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
|
||||
+fi
|
||||
+
|
||||
+${PROG}
|
||||
+ret=$?
|
||||
+if test $ret != 0; then
|
||||
+ echo "default cipher tests failed"
|
||||
+ exit $ret
|
||||
+fi
|
||||
+
|
||||
+GNUTLS_CPUID_OVERRIDE=0x1 ${PROG}
|
||||
+ret=$?
|
||||
+if test $ret != 0; then
|
||||
+ echo "included cipher tests failed"
|
||||
+ exit $ret
|
||||
+fi
|
||||
+
|
||||
+GNUTLS_CPUID_OVERRIDE=0x4 ${PROG}
|
||||
+ret=$?
|
||||
+if test $ret != 0; then
|
||||
+ echo "SSSE3 cipher tests failed"
|
||||
+ exit $ret
|
||||
+fi
|
||||
+
|
||||
+GNUTLS_CPUID_OVERRIDE=0x200000 ${PROG}
|
||||
+ret=$?
|
||||
+if test $ret != 0; then
|
||||
+ echo "padlock PHE cipher tests failed"
|
||||
+ exit $ret
|
||||
+fi
|
||||
+
|
||||
+GNUTLS_CPUID_OVERRIDE=0x400000 ${PROG}
|
||||
+ret=$?
|
||||
+if test $ret != 0; then
|
||||
+ echo "padlock PHE SHA512 cipher tests failed"
|
||||
+ exit $ret
|
||||
+fi
|
||||
+
|
||||
+exit 0
|
10
gnutls.spec
10
gnutls.spec
|
@ -2,8 +2,8 @@
|
|||
%bcond_without guile
|
||||
Summary: A TLS protocol implementation
|
||||
Name: gnutls
|
||||
Version: 3.3.21
|
||||
Release: 2%{?dist}
|
||||
Version: 3.3.22
|
||||
Release: 1%{?dist}
|
||||
# The libraries are LGPLv2.1+, utilities are GPLv3+
|
||||
License: GPLv3+ and LGPLv2+
|
||||
Group: System Environment/Libraries
|
||||
|
@ -33,7 +33,6 @@ Source0: %{name}-%{version}-hobbled.tar.xz
|
|||
Source1: libgnutls-config
|
||||
Source2: hobble-gnutls
|
||||
Patch1: gnutls-3.2.7-rpath.patch
|
||||
Patch2: gnutls-3.3.21-hash-truncation.patch
|
||||
Patch3: gnutls-3.1.11-nosrp.patch
|
||||
Patch4: gnutls-3.3.19-default-policy.patch
|
||||
|
||||
|
@ -136,7 +135,6 @@ This package contains Guile bindings for the library.
|
|||
%setup -q
|
||||
|
||||
%patch1 -p1 -b .rpath
|
||||
%patch2 -p1 -b .hash-truncation
|
||||
%patch3 -p1 -b .nosrp
|
||||
%patch4 -p1 -b .default-policy
|
||||
|
||||
|
@ -173,6 +171,7 @@ export LDFLAGS="-Wl,--no-add-needed"
|
|||
--disable-dane \
|
||||
%endif
|
||||
--with-arcfour128 \
|
||||
--with-ssl3 \
|
||||
--disable-rpath
|
||||
make %{?_smp_mflags} V=1
|
||||
|
||||
|
@ -275,6 +274,9 @@ fi
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Fri Mar 11 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.3.22-1
|
||||
- updated to 3.3.22
|
||||
|
||||
* Fri Feb 19 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.3.21-2
|
||||
- Fix issue with hash truncation on large input (#1310103)
|
||||
|
||||
|
|
Loading…
Reference in New Issue