do not use NETTLE_LIBS to include hogweed and gmp.

removed ENABLE_CAMELLIA and NETTLE_GCM.

6 files changed, 4 insertions, 65 deletions

diff --git a/lib/Makefile.am b/lib/Makefile.am
index 48bf7528cf..133fddb974 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -135,7 +135,7 @@ libgnutls_la_LDFLAGS += $(LTLIBTASN1)
 endif
 
 if ENABLE_NETTLE
-libgnutls_la_LDFLAGS += $(LTLIBNETTLE) $(NETTLE_LIBS)
+libgnutls_la_LDFLAGS += $(LTLIBNETTLE)
 libgnutls_la_LIBADD += nettle/libcrypto.la
 else
 libgnutls_la_LDFLAGS += $(LTLIBGCRYPT)
diff --git a/lib/algorithms/ciphers.c b/lib/algorithms/ciphers.c
index 88c045ea42..7b845f9bfa 100644
--- a/lib/algorithms/ciphers.c
+++ b/lib/algorithms/ciphers.c
@@ -57,12 +57,10 @@ static const gnutls_cipher_entry algorithms[] = {
   {"ARCFOUR-128", GNUTLS_CIPHER_ARCFOUR_128, 1, 16, CIPHER_STREAM, 0, 0, 0},
   {"ARCFOUR-40", GNUTLS_CIPHER_ARCFOUR_40, 1, 5, CIPHER_STREAM, 0, 1, 0},
   {"RC2-40", GNUTLS_CIPHER_RC2_40_CBC, 8, 5, CIPHER_BLOCK, 8, 1, 0},
-#ifdef	ENABLE_CAMELLIA
   {"CAMELLIA-256-CBC", GNUTLS_CIPHER_CAMELLIA_256_CBC, 16, 32, CIPHER_BLOCK,
    16, 0, 0},
   {"CAMELLIA-128-CBC", GNUTLS_CIPHER_CAMELLIA_128_CBC, 16, 16, CIPHER_BLOCK,
    16, 0, 0},
-#endif
 
 #ifdef ENABLE_OPENPGP
   {"IDEA-PGP-CFB", GNUTLS_CIPHER_IDEA_PGP_CFB, 8, 16, CIPHER_BLOCK, 8, 0, 0},
diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c
index ed9855730a..3946cb799c 100644
--- a/lib/algorithms/ciphersuites.c
+++ b/lib/algorithms/ciphersuites.c
@@ -74,10 +74,8 @@ typedef struct
 #define GNUTLS_ANON_DH_AES_256_CBC_SHA1 { 0x00, 0x3A }
 
 /* rfc4132 */
-#ifdef	ENABLE_CAMELLIA
 #define GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1 { 0x00,0x46 }
 #define GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1 { 0x00,0x89 }
-#endif
 
 #define GNUTLS_ANON_DH_AES_128_CBC_SHA256 { 0x00, 0x6C }
 #define GNUTLS_ANON_DH_AES_256_CBC_SHA256 { 0x00, 0x6D }
@@ -124,10 +122,8 @@ typedef struct
 #define GNUTLS_RSA_AES_256_CBC_SHA1 { 0x00, 0x35 }
 
 /* rfc4132 */
-#ifdef	ENABLE_CAMELLIA
 #define GNUTLS_RSA_CAMELLIA_128_CBC_SHA1 { 0x00,0x41 }
 #define GNUTLS_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x84 }
-#endif
 
 #define GNUTLS_RSA_AES_128_CBC_SHA256 { 0x00, 0x3C }
 #define GNUTLS_RSA_AES_256_CBC_SHA256 { 0x00, 0x3D }
@@ -149,10 +145,8 @@ typedef struct
 #define GNUTLS_DHE_DSS_AES_128_CBC_SHA1 { 0x00, 0x32 }
 
 /* rfc4132 */
-#ifdef	ENABLE_CAMELLIA
 #define GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1 { 0x00,0x44 }
 #define GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1 { 0x00,0x87 }
-#endif
 
 #define GNUTLS_DHE_DSS_AES_128_CBC_SHA256 { 0x00, 0x40 }
 #define GNUTLS_DHE_DSS_AES_256_CBC_SHA256 { 0x00, 0x6A }
@@ -167,10 +161,8 @@ typedef struct
 #define GNUTLS_DHE_RSA_AES_256_CBC_SHA1 { 0x00, 0x39 }
 
 /* rfc4132 */
-#ifdef	ENABLE_CAMELLIA
 #define GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1 { 0x00,0x45 }
 #define GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x88 }
-#endif
 
 #define GNUTLS_DHE_RSA_AES_128_CBC_SHA256 { 0x00, 0x67 }
 #define GNUTLS_DHE_RSA_AES_256_CBC_SHA256 { 0x00, 0x6B }
@@ -254,7 +246,6 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
                              GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
                              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                              GNUTLS_VERSION_MAX, 1),
-#ifdef	ENABLE_CAMELLIA
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1,
                              GNUTLS_CIPHER_CAMELLIA_128_CBC,
                              GNUTLS_KX_ANON_DH,
@@ -265,7 +256,6 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
                              GNUTLS_KX_ANON_DH,
                              GNUTLS_MAC_SHA1, GNUTLS_TLS1,
                              GNUTLS_VERSION_MAX, 1),
-#endif
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_128_CBC_SHA256,
                              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
                              GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
@@ -396,7 +386,6 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
                              GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
                              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                              GNUTLS_VERSION_MAX, 1),
-#ifdef	ENABLE_CAMELLIA
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1,
                              GNUTLS_CIPHER_CAMELLIA_128_CBC,
                              GNUTLS_KX_DHE_DSS,
@@ -407,7 +396,6 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
                              GNUTLS_KX_DHE_DSS,
                              GNUTLS_MAC_SHA1, GNUTLS_TLS1,
                              GNUTLS_VERSION_MAX, 1),
-#endif
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA256,
                              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
                              GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
@@ -429,7 +417,6 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
                              GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
                              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                              GNUTLS_VERSION_MAX, 1),
-#ifdef	ENABLE_CAMELLIA
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1,
                              GNUTLS_CIPHER_CAMELLIA_128_CBC,
                              GNUTLS_KX_DHE_RSA,
@@ -440,7 +427,6 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
                              GNUTLS_KX_DHE_RSA,
                              GNUTLS_MAC_SHA1, GNUTLS_TLS1,
                              GNUTLS_VERSION_MAX, 1),
-#endif
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA256,
                              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
                              GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
@@ -490,7 +476,6 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
                              GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
                              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                              GNUTLS_VERSION_MAX, 1),
-#ifdef	ENABLE_CAMELLIA
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_128_CBC_SHA1,
                              GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA,
                              GNUTLS_MAC_SHA1, GNUTLS_TLS1,
@@ -499,7 +484,6 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
                              GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA,
                              GNUTLS_MAC_SHA1, GNUTLS_TLS1,
                              GNUTLS_VERSION_MAX, 1),
-#endif
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_128_CBC_SHA256,
                              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
                              GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
diff --git a/lib/gcrypt/cipher.c b/lib/gcrypt/cipher.c
index 965d8db093..340aec6abc 100644
--- a/lib/gcrypt/cipher.c
+++ b/lib/gcrypt/cipher.c
@@ -84,7 +84,6 @@ wrap_gcry_cipher_init (gnutls_cipher_algorithm_t algo, void **ctx)
                           GCRY_CIPHER_MODE_CBC, 0);
       break;
 
-#ifdef	ENABLE_CAMELLIA
     case GNUTLS_CIPHER_CAMELLIA_128_CBC:
       err =
         gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_CAMELLIA128,
@@ -96,7 +95,6 @@ wrap_gcry_cipher_init (gnutls_cipher_algorithm_t algo, void **ctx)
         gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_CAMELLIA256,
                           GCRY_CIPHER_MODE_CBC, 0);
       break;
-#endif
     default:
       gnutls_assert ();
       return GNUTLS_E_INVALID_REQUEST;
diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c
index 9c8d1267ca..46e8c8fd73 100644
--- a/lib/nettle/cipher.c
+++ b/lib/nettle/cipher.c
@@ -35,9 +35,7 @@
 #include <nettle/des.h>
 #include <nettle/nettle-meta.h>
 #include <nettle/cbc.h>
-# ifdef NETTLE_GCM
 #include <nettle/gcm.h>
-# endif
 
 /* Functions that refer to the libgcrypt library.
  */
@@ -128,9 +126,7 @@ struct nettle_cipher_ctx
     struct arctwo_ctx arctwo;
     struct des3_ctx des3;
     struct des_ctx des;
-#ifdef NETTLE_GCM
     struct gcm_aes_ctx aes_gcm;
-#endif
   } ctx;
   void *ctx_ptr;
   uint8_t iv[MAX_BLOCK_SIZE];
@@ -144,7 +140,6 @@ struct nettle_cipher_ctx
   tag_func tag;
 };
 
-#ifdef NETTLE_GCM
 #define GCM_DEFAULT_NONCE_SIZE 12
 
 static void _gcm_encrypt(void *_ctx, nettle_crypt_func f,  
@@ -163,8 +158,6 @@ static void _gcm_decrypt(void *_ctx, nettle_crypt_func f,
   return gcm_aes_decrypt(_ctx, length, dst, src);
 }
 
-#endif
-
 static int
 wrap_nettle_cipher_init (gnutls_cipher_algorithm_t algo, void **_ctx)
 {
@@ -181,7 +174,6 @@ wrap_nettle_cipher_init (gnutls_cipher_algorithm_t algo, void **_ctx)
 
   switch (algo)
     {
-#ifdef NETTLE_GCM
     case GNUTLS_CIPHER_AES_128_GCM:
     case GNUTLS_CIPHER_AES_256_GCM:
       ctx->encrypt = _gcm_encrypt;
@@ -192,7 +184,6 @@ wrap_nettle_cipher_init (gnutls_cipher_algorithm_t algo, void **_ctx)
       ctx->ctx_ptr = &ctx->ctx.aes_gcm;
       ctx->block_size = AES_BLOCK_SIZE;
       break;
-#endif
     case GNUTLS_CIPHER_CAMELLIA_128_CBC:
     case GNUTLS_CIPHER_CAMELLIA_256_CBC:
       ctx->encrypt = cbc_encrypt;
@@ -263,12 +254,10 @@ wrap_nettle_cipher_setkey (void *_ctx, const void *key, size_t keysize)
 
   switch (ctx->algo)
     {
-#ifdef NETTLE_GCM
     case GNUTLS_CIPHER_AES_128_GCM:
     case GNUTLS_CIPHER_AES_256_GCM:
       gcm_aes_set_key(&ctx->ctx.aes_gcm, keysize, key);
       break;
-#endif
     case GNUTLS_CIPHER_AES_128_CBC:
     case GNUTLS_CIPHER_AES_192_CBC:
     case GNUTLS_CIPHER_AES_256_CBC:
@@ -331,7 +320,6 @@ struct nettle_cipher_ctx *ctx = _ctx;
 
   switch (ctx->algo)
     {
-#ifdef NETTLE_GCM
     case GNUTLS_CIPHER_AES_128_GCM:
     case GNUTLS_CIPHER_AES_256_GCM:
       if (ivsize != GCM_DEFAULT_NONCE_SIZE)
@@ -342,7 +330,6 @@ struct nettle_cipher_ctx *ctx = _ctx;
 
       gcm_aes_set_iv(&ctx->ctx.aes_gcm, GCM_DEFAULT_NONCE_SIZE, iv);
       break;
-#endif
     default:
       if (ivsize > ctx->block_size)
         {
diff --git a/m4/hooks.m4 b/m4/hooks.m4
index bf9a42a615..ac36a14cc7 100644
--- a/m4/hooks.m4
+++ b/m4/hooks.m4
@@ -80,28 +80,17 @@ dnl    fi
   AC_MSG_CHECKING([whether to use nettle])
 if test "$cryptolib" = "nettle";then
   AC_MSG_RESULT(yes)
-    AC_LIB_HAVE_LINKFLAGS([nettle],, [#include <nettle/aes.h>],
-                          [nettle_aes_invert_key (0, 0)])
+    AC_LIB_HAVE_LINKFLAGS([nettle], [hogweed gmp], [#include <nettle/gcm.h>],
+                          [gcm_set_iv (0, 0, 0, 0)])
     if test "$ac_cv_libnettle" != yes; then
       AC_MSG_ERROR([[
   *** 
-  *** Libnettle 2.1 was not found. 
+  *** Libnettle 2.2 was not found. 
   ]])
     fi
-    AC_TRY_COMPILE(,
-  [
-    #include <nettle/gcm.h> 
-    gcm_set_nonce(0, 0, 0);
-    return 0;
-  ], [
-    AC_DEFINE([NETTLE_GCM], 1, [Nettle supports GCM])
-  ], [
-  ])
-    NETTLE_LIBS="-lgmp -lhogweed"
 else
   AC_MSG_RESULT(no)
 fi
-    AC_SUBST(NETTLE_LIBS)
   AM_CONDITIONAL(ENABLE_NETTLE, test "$cryptolib" = "nettle")
 
   AC_ARG_WITH(included-libtasn1,
@@ -184,23 +173,6 @@ fi
   fi
   AM_CONDITIONAL(ENABLE_ANON, test "$ac_enable_anon" != "no")
   
-  # Allow disabling Camellia
-  if test "$nettle" != "yes";then
-  AC_ARG_ENABLE(camellia,
-    AS_HELP_STRING([--disable-camellia], [disable Camellia cipher]),
-    enable_camellia=$enableval, enable_camellia=yes)
-  else
-    enable_camellia=no
-  fi
-
-  AC_MSG_CHECKING([whether to disable Camellia cipher])
-  if test "$enable_camellia" != "no"; then
-   AC_MSG_RESULT([no])
-   AC_DEFINE([ENABLE_CAMELLIA], 1, [enable camellia block cipher])
-  else
-   AC_MSG_RESULT([yes])
-  fi
-  
   AC_MSG_CHECKING([whether to disable extra PKI stuff])
   AC_ARG_ENABLE(extra-pki,
     AS_HELP_STRING([--disable-extra-pki],