diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-06-05 13:07:33 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-06-05 13:15:18 +0200 |
commit | df0362a3170776164a79305b2472b284c3cb83fc (patch) | |
tree | 45218a3f9d11867d59c9ce711d6440a8eb64b1ae | |
parent | ca099b6b66858beba31d3209e616a655fa58175f (diff) | |
download | gnutls-df0362a3170776164a79305b2472b284c3cb83fc.tar.gz |
do not use NETTLE_LIBS to include hogweed and gmp.
removed ENABLE_CAMELLIA and NETTLE_GCM.
-rw-r--r-- | lib/Makefile.am | 2 | ||||
-rw-r--r-- | lib/algorithms/ciphers.c | 2 | ||||
-rw-r--r-- | lib/algorithms/ciphersuites.c | 16 | ||||
-rw-r--r-- | lib/gcrypt/cipher.c | 2 | ||||
-rw-r--r-- | lib/nettle/cipher.c | 13 | ||||
-rw-r--r-- | m4/hooks.m4 | 34 |
6 files changed, 4 insertions, 65 deletions
diff --git a/lib/Makefile.am b/lib/Makefile.am index 48bf7528cf..133fddb974 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -135,7 +135,7 @@ libgnutls_la_LDFLAGS += $(LTLIBTASN1) endif if ENABLE_NETTLE -libgnutls_la_LDFLAGS += $(LTLIBNETTLE) $(NETTLE_LIBS) +libgnutls_la_LDFLAGS += $(LTLIBNETTLE) libgnutls_la_LIBADD += nettle/libcrypto.la else libgnutls_la_LDFLAGS += $(LTLIBGCRYPT) diff --git a/lib/algorithms/ciphers.c b/lib/algorithms/ciphers.c index 88c045ea42..7b845f9bfa 100644 --- a/lib/algorithms/ciphers.c +++ b/lib/algorithms/ciphers.c @@ -57,12 +57,10 @@ static const gnutls_cipher_entry algorithms[] = { {"ARCFOUR-128", GNUTLS_CIPHER_ARCFOUR_128, 1, 16, CIPHER_STREAM, 0, 0, 0}, {"ARCFOUR-40", GNUTLS_CIPHER_ARCFOUR_40, 1, 5, CIPHER_STREAM, 0, 1, 0}, {"RC2-40", GNUTLS_CIPHER_RC2_40_CBC, 8, 5, CIPHER_BLOCK, 8, 1, 0}, -#ifdef ENABLE_CAMELLIA {"CAMELLIA-256-CBC", GNUTLS_CIPHER_CAMELLIA_256_CBC, 16, 32, CIPHER_BLOCK, 16, 0, 0}, {"CAMELLIA-128-CBC", GNUTLS_CIPHER_CAMELLIA_128_CBC, 16, 16, CIPHER_BLOCK, 16, 0, 0}, -#endif #ifdef ENABLE_OPENPGP {"IDEA-PGP-CFB", GNUTLS_CIPHER_IDEA_PGP_CFB, 8, 16, CIPHER_BLOCK, 8, 0, 0}, diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c index ed9855730a..3946cb799c 100644 --- a/lib/algorithms/ciphersuites.c +++ b/lib/algorithms/ciphersuites.c @@ -74,10 +74,8 @@ typedef struct #define GNUTLS_ANON_DH_AES_256_CBC_SHA1 { 0x00, 0x3A } /* rfc4132 */ -#ifdef ENABLE_CAMELLIA #define GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1 { 0x00,0x46 } #define GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1 { 0x00,0x89 } -#endif #define GNUTLS_ANON_DH_AES_128_CBC_SHA256 { 0x00, 0x6C } #define GNUTLS_ANON_DH_AES_256_CBC_SHA256 { 0x00, 0x6D } @@ -124,10 +122,8 @@ typedef struct #define GNUTLS_RSA_AES_256_CBC_SHA1 { 0x00, 0x35 } /* rfc4132 */ -#ifdef ENABLE_CAMELLIA #define GNUTLS_RSA_CAMELLIA_128_CBC_SHA1 { 0x00,0x41 } #define GNUTLS_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x84 } -#endif #define GNUTLS_RSA_AES_128_CBC_SHA256 { 0x00, 0x3C } #define GNUTLS_RSA_AES_256_CBC_SHA256 { 0x00, 0x3D } @@ -149,10 +145,8 @@ typedef struct #define GNUTLS_DHE_DSS_AES_128_CBC_SHA1 { 0x00, 0x32 } /* rfc4132 */ -#ifdef ENABLE_CAMELLIA #define GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1 { 0x00,0x44 } #define GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1 { 0x00,0x87 } -#endif #define GNUTLS_DHE_DSS_AES_128_CBC_SHA256 { 0x00, 0x40 } #define GNUTLS_DHE_DSS_AES_256_CBC_SHA256 { 0x00, 0x6A } @@ -167,10 +161,8 @@ typedef struct #define GNUTLS_DHE_RSA_AES_256_CBC_SHA1 { 0x00, 0x39 } /* rfc4132 */ -#ifdef ENABLE_CAMELLIA #define GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1 { 0x00,0x45 } #define GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x88 } -#endif #define GNUTLS_DHE_RSA_AES_128_CBC_SHA256 { 0x00, 0x67 } #define GNUTLS_DHE_RSA_AES_256_CBC_SHA256 { 0x00, 0x6B } @@ -254,7 +246,6 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1), -#ifdef ENABLE_CAMELLIA GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ANON_DH, @@ -265,7 +256,6 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_KX_ANON_DH, GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_VERSION_MAX, 1), -#endif GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_128_CBC_SHA256, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, @@ -396,7 +386,6 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1), -#ifdef ENABLE_CAMELLIA GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_DHE_DSS, @@ -407,7 +396,6 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_KX_DHE_DSS, GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_VERSION_MAX, 1), -#endif GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA256, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, @@ -429,7 +417,6 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1), -#ifdef ENABLE_CAMELLIA GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_DHE_RSA, @@ -440,7 +427,6 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_KX_DHE_RSA, GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_VERSION_MAX, 1), -#endif GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA256, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, @@ -490,7 +476,6 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1), -#ifdef ENABLE_CAMELLIA GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_128_CBC_SHA1, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_TLS1, @@ -499,7 +484,6 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_VERSION_MAX, 1), -#endif GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_128_CBC_SHA256, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, diff --git a/lib/gcrypt/cipher.c b/lib/gcrypt/cipher.c index 965d8db093..340aec6abc 100644 --- a/lib/gcrypt/cipher.c +++ b/lib/gcrypt/cipher.c @@ -84,7 +84,6 @@ wrap_gcry_cipher_init (gnutls_cipher_algorithm_t algo, void **ctx) GCRY_CIPHER_MODE_CBC, 0); break; -#ifdef ENABLE_CAMELLIA case GNUTLS_CIPHER_CAMELLIA_128_CBC: err = gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_CAMELLIA128, @@ -96,7 +95,6 @@ wrap_gcry_cipher_init (gnutls_cipher_algorithm_t algo, void **ctx) gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_CAMELLIA256, GCRY_CIPHER_MODE_CBC, 0); break; -#endif default: gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c index 9c8d1267ca..46e8c8fd73 100644 --- a/lib/nettle/cipher.c +++ b/lib/nettle/cipher.c @@ -35,9 +35,7 @@ #include <nettle/des.h> #include <nettle/nettle-meta.h> #include <nettle/cbc.h> -# ifdef NETTLE_GCM #include <nettle/gcm.h> -# endif /* Functions that refer to the libgcrypt library. */ @@ -128,9 +126,7 @@ struct nettle_cipher_ctx struct arctwo_ctx arctwo; struct des3_ctx des3; struct des_ctx des; -#ifdef NETTLE_GCM struct gcm_aes_ctx aes_gcm; -#endif } ctx; void *ctx_ptr; uint8_t iv[MAX_BLOCK_SIZE]; @@ -144,7 +140,6 @@ struct nettle_cipher_ctx tag_func tag; }; -#ifdef NETTLE_GCM #define GCM_DEFAULT_NONCE_SIZE 12 static void _gcm_encrypt(void *_ctx, nettle_crypt_func f, @@ -163,8 +158,6 @@ static void _gcm_decrypt(void *_ctx, nettle_crypt_func f, return gcm_aes_decrypt(_ctx, length, dst, src); } -#endif - static int wrap_nettle_cipher_init (gnutls_cipher_algorithm_t algo, void **_ctx) { @@ -181,7 +174,6 @@ wrap_nettle_cipher_init (gnutls_cipher_algorithm_t algo, void **_ctx) switch (algo) { -#ifdef NETTLE_GCM case GNUTLS_CIPHER_AES_128_GCM: case GNUTLS_CIPHER_AES_256_GCM: ctx->encrypt = _gcm_encrypt; @@ -192,7 +184,6 @@ wrap_nettle_cipher_init (gnutls_cipher_algorithm_t algo, void **_ctx) ctx->ctx_ptr = &ctx->ctx.aes_gcm; ctx->block_size = AES_BLOCK_SIZE; break; -#endif case GNUTLS_CIPHER_CAMELLIA_128_CBC: case GNUTLS_CIPHER_CAMELLIA_256_CBC: ctx->encrypt = cbc_encrypt; @@ -263,12 +254,10 @@ wrap_nettle_cipher_setkey (void *_ctx, const void *key, size_t keysize) switch (ctx->algo) { -#ifdef NETTLE_GCM case GNUTLS_CIPHER_AES_128_GCM: case GNUTLS_CIPHER_AES_256_GCM: gcm_aes_set_key(&ctx->ctx.aes_gcm, keysize, key); break; -#endif case GNUTLS_CIPHER_AES_128_CBC: case GNUTLS_CIPHER_AES_192_CBC: case GNUTLS_CIPHER_AES_256_CBC: @@ -331,7 +320,6 @@ struct nettle_cipher_ctx *ctx = _ctx; switch (ctx->algo) { -#ifdef NETTLE_GCM case GNUTLS_CIPHER_AES_128_GCM: case GNUTLS_CIPHER_AES_256_GCM: if (ivsize != GCM_DEFAULT_NONCE_SIZE) @@ -342,7 +330,6 @@ struct nettle_cipher_ctx *ctx = _ctx; gcm_aes_set_iv(&ctx->ctx.aes_gcm, GCM_DEFAULT_NONCE_SIZE, iv); break; -#endif default: if (ivsize > ctx->block_size) { diff --git a/m4/hooks.m4 b/m4/hooks.m4 index bf9a42a615..ac36a14cc7 100644 --- a/m4/hooks.m4 +++ b/m4/hooks.m4 @@ -80,28 +80,17 @@ dnl fi AC_MSG_CHECKING([whether to use nettle]) if test "$cryptolib" = "nettle";then AC_MSG_RESULT(yes) - AC_LIB_HAVE_LINKFLAGS([nettle],, [#include <nettle/aes.h>], - [nettle_aes_invert_key (0, 0)]) + AC_LIB_HAVE_LINKFLAGS([nettle], [hogweed gmp], [#include <nettle/gcm.h>], + [gcm_set_iv (0, 0, 0, 0)]) if test "$ac_cv_libnettle" != yes; then AC_MSG_ERROR([[ *** - *** Libnettle 2.1 was not found. + *** Libnettle 2.2 was not found. ]]) fi - AC_TRY_COMPILE(, - [ - #include <nettle/gcm.h> - gcm_set_nonce(0, 0, 0); - return 0; - ], [ - AC_DEFINE([NETTLE_GCM], 1, [Nettle supports GCM]) - ], [ - ]) - NETTLE_LIBS="-lgmp -lhogweed" else AC_MSG_RESULT(no) fi - AC_SUBST(NETTLE_LIBS) AM_CONDITIONAL(ENABLE_NETTLE, test "$cryptolib" = "nettle") AC_ARG_WITH(included-libtasn1, @@ -184,23 +173,6 @@ fi fi AM_CONDITIONAL(ENABLE_ANON, test "$ac_enable_anon" != "no") - # Allow disabling Camellia - if test "$nettle" != "yes";then - AC_ARG_ENABLE(camellia, - AS_HELP_STRING([--disable-camellia], [disable Camellia cipher]), - enable_camellia=$enableval, enable_camellia=yes) - else - enable_camellia=no - fi - - AC_MSG_CHECKING([whether to disable Camellia cipher]) - if test "$enable_camellia" != "no"; then - AC_MSG_RESULT([no]) - AC_DEFINE([ENABLE_CAMELLIA], 1, [enable camellia block cipher]) - else - AC_MSG_RESULT([yes]) - fi - AC_MSG_CHECKING([whether to disable extra PKI stuff]) AC_ARG_ENABLE(extra-pki, AS_HELP_STRING([--disable-extra-pki], |