Only list algorithms if they are implemented.

9 files changed, 120 insertions, 12 deletions

diff --git a/lib/algorithms/ciphers.c b/lib/algorithms/ciphers.c
index b09608642c..788b27de0c 100644
--- a/lib/algorithms/ciphers.c
+++ b/lib/algorithms/ciphers.c
@@ -249,7 +249,10 @@ static gnutls_cipher_algorithm_t supported_ciphers[MAX_ALGOS] = {0};
     {
       int i = 0;
 
-      GNUTLS_CIPHER_LOOP (supported_ciphers[i++]=p->id);
+      GNUTLS_CIPHER_LOOP (
+        if (_gnutls_cipher_exists(p->id))
+          supported_ciphers[i++]=p->id;
+      );
       supported_ciphers[i++]=0;
     }
 
diff --git a/lib/algorithms/mac.c b/lib/algorithms/mac.c
index 27b6ca425a..e60555aae9 100644
--- a/lib/algorithms/mac.c
+++ b/lib/algorithms/mac.c
@@ -31,20 +31,21 @@ struct gnutls_hash_entry
   const char *oid;
   gnutls_mac_algorithm_t id;
   size_t key_size;              /* in case of mac */
+  unsigned placeholder; /* if set, then not a real MAC */
 };
 typedef struct gnutls_hash_entry gnutls_hash_entry;
 
 static const gnutls_hash_entry hash_algorithms[] = {
-  {"SHA1", HASH_OID_SHA1, GNUTLS_MAC_SHA1, 20},
-  {"MD5", HASH_OID_MD5, GNUTLS_MAC_MD5, 16},
-  {"SHA256", HASH_OID_SHA256, GNUTLS_MAC_SHA256, 32},
-  {"SHA384", HASH_OID_SHA384, GNUTLS_MAC_SHA384, 48},
-  {"SHA512", HASH_OID_SHA512, GNUTLS_MAC_SHA512, 64},
-  {"SHA224", HASH_OID_SHA224, GNUTLS_MAC_SHA224, 28},
-  {"AEAD", NULL, GNUTLS_MAC_AEAD, 0},
-  {"MD2", HASH_OID_MD2, GNUTLS_MAC_MD2, 0},     /* not used as MAC */
-  {"RIPEMD160", HASH_OID_RMD160, GNUTLS_MAC_RMD160, 20},
-  {"MAC-NULL", NULL, GNUTLS_MAC_NULL, 0},
+  {"SHA1", HASH_OID_SHA1, GNUTLS_MAC_SHA1, 20, 0},
+  {"MD5", HASH_OID_MD5, GNUTLS_MAC_MD5, 16, 0},
+  {"SHA256", HASH_OID_SHA256, GNUTLS_MAC_SHA256, 32, 0},
+  {"SHA384", HASH_OID_SHA384, GNUTLS_MAC_SHA384, 48, 0},
+  {"SHA512", HASH_OID_SHA512, GNUTLS_MAC_SHA512, 64, 0},
+  {"SHA224", HASH_OID_SHA224, GNUTLS_MAC_SHA224, 28, 0},
+  {"AEAD", NULL, GNUTLS_MAC_AEAD, 0, 1},
+  {"MD2", HASH_OID_MD2, GNUTLS_MAC_MD2, 0, 0},     /* not used as MAC */
+  {"RIPEMD160", HASH_OID_RMD160, GNUTLS_MAC_RMD160, 20, 0},
+  {"MAC-NULL", NULL, GNUTLS_MAC_NULL, 0, 0},
   {0, 0, 0, 0}
 };
 
@@ -157,7 +158,10 @@ static gnutls_mac_algorithm_t supported_macs[MAX_ALGOS] = { 0 };
     {
       int i = 0;
 
-      GNUTLS_HASH_LOOP ( supported_macs[i++]=p->id);
+      GNUTLS_HASH_LOOP ( 
+        if (p->placeholder != 0 || _gnutls_hmac_exists(p->id))
+          supported_macs[i++]=p->id;
+      );
       supported_macs[i++]=0;
     }
 
diff --git a/lib/crypto-backend.h b/lib/crypto-backend.h
index a49b48826c..677d4551bd 100644
--- a/lib/crypto-backend.h
+++ b/lib/crypto-backend.h
@@ -41,6 +41,10 @@
     int (*auth) (void *ctx, const void *data, size_t datasize);
     void (*tag) (void *ctx, void *tag, size_t tagsize);
     void (*deinit) (void *ctx);
+    
+    /* Not needed for registered on run-time. Only included
+     * should define it. */
+    int (*exists) (gnutls_cipher_algorithm_t); /* true/false */
   } gnutls_crypto_cipher_st;
 
   typedef struct
@@ -52,6 +56,10 @@
     int (*output) (void *src_ctx, void *digest, size_t digestsize);
     void (*deinit) (void *ctx);
     int (*fast)(gnutls_mac_algorithm_t, const void *key, size_t keysize, const void *text, size_t textsize, void *digest);
+
+    /* Not needed for registered on run-time. Only included
+     * should define it. */
+    int (*exists) (gnutls_mac_algorithm_t);
   } gnutls_crypto_mac_st;
 
   typedef struct
@@ -63,6 +71,10 @@
     int (*output) (void *src_ctx, void *digest, size_t digestsize);
     void (*deinit) (void *ctx);
     int (*fast)(gnutls_digest_algorithm_t, const void *src, size_t srcsize, void *digest);
+
+    /* Not needed for registered on run-time. Only included
+     * should define it. */
+    int (*exists) (gnutls_digest_algorithm_t);
   } gnutls_crypto_digest_st;
 
   typedef struct gnutls_crypto_rnd
diff --git a/lib/gnutls_cipher_int.c b/lib/gnutls_cipher_int.c
index 5814d5127c..1a5346b82b 100644
--- a/lib/gnutls_cipher_int.c
+++ b/lib/gnutls_cipher_int.c
@@ -34,6 +34,21 @@
   goto cleanup; \
   }
 
+/* Returns true(non-zero) or false(0) if the 
+ * provided cipher exists
+ */
+int _gnutls_cipher_exists(gnutls_cipher_algorithm_t cipher)
+{
+  const gnutls_crypto_cipher_st *cc;
+  int ret;
+  
+  cc = _gnutls_get_crypto_cipher (cipher);
+  if (cc != NULL) return 1;
+  
+  ret = _gnutls_cipher_ops.exists(cipher);
+  return ret;
+}
+
 int
 _gnutls_cipher_init (cipher_hd_st * handle, gnutls_cipher_algorithm_t cipher,
                      const gnutls_datum_t * key, const gnutls_datum_t * iv, int enc)
diff --git a/lib/gnutls_cipher_int.h b/lib/gnutls_cipher_int.h
index 301bce8268..ce51588df8 100644
--- a/lib/gnutls_cipher_int.h
+++ b/lib/gnutls_cipher_int.h
@@ -100,6 +100,7 @@ _gnutls_cipher_deinit (cipher_hd_st * handle)
     }
 }
 
+int _gnutls_cipher_exists(gnutls_cipher_algorithm_t cipher);
 inline static unsigned int _gnutls_cipher_tag_len( cipher_hd_st * handle)
 {
   return handle->tag_size;
diff --git a/lib/gnutls_hash_int.c b/lib/gnutls_hash_int.c
index b316ece0f8..be676b5b00 100644
--- a/lib/gnutls_hash_int.c
+++ b/lib/gnutls_hash_int.c
@@ -57,6 +57,7 @@ digest_length (int algo)
     }
 }
 
+
 int
 _gnutls_hash_init (digest_hd_st * dig, gnutls_digest_algorithm_t algorithm)
 {
@@ -207,6 +208,19 @@ _gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm, const void *key,
 
 }
 
+/* Returns true(non-zero) or false(0) if the 
+ * provided hash exists
+ */
+int _gnutls_hmac_exists(gnutls_mac_algorithm_t algo)
+{
+  const gnutls_crypto_mac_st *cc = NULL;
+
+  cc = _gnutls_get_crypto_mac (algo);
+  if (cc != NULL) return 1;
+
+  return _gnutls_mac_ops.exists (algo);
+}
+
 int
 _gnutls_hmac_init (digest_hd_st * dig, gnutls_mac_algorithm_t algorithm,
                    const void *key, int keylen)
diff --git a/lib/gnutls_hash_int.h b/lib/gnutls_hash_int.h
index 9780fffd5b..83dea8d4ba 100644
--- a/lib/gnutls_hash_int.h
+++ b/lib/gnutls_hash_int.h
@@ -58,6 +58,7 @@ typedef struct
 } digest_hd_st;
 
 /* basic functions */
+int _gnutls_hmac_exists(gnutls_mac_algorithm_t algorithm);
 int _gnutls_hmac_init (digest_hd_st *, gnutls_mac_algorithm_t algorithm,
                        const void *key, int keylen);
 int _gnutls_hash_get_algo_len (gnutls_digest_algorithm_t algorithm);
diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c
index 83da47379a..245af21087 100644
--- a/lib/nettle/cipher.c
+++ b/lib/nettle/cipher.c
@@ -101,6 +101,28 @@ static void _gcm_decrypt(void *_ctx, nettle_crypt_func f,
   return gcm_aes_decrypt(_ctx, length, dst, src);
 }
 
+static int wrap_nettle_cipher_exists(gnutls_cipher_algorithm_t algo)
+{
+  switch (algo)
+    {
+    case GNUTLS_CIPHER_AES_128_GCM:
+    case GNUTLS_CIPHER_AES_256_GCM:
+    case GNUTLS_CIPHER_CAMELLIA_128_CBC:
+    case GNUTLS_CIPHER_CAMELLIA_256_CBC:
+    case GNUTLS_CIPHER_AES_128_CBC:
+    case GNUTLS_CIPHER_AES_192_CBC:
+    case GNUTLS_CIPHER_AES_256_CBC:
+    case GNUTLS_CIPHER_3DES_CBC:
+    case GNUTLS_CIPHER_DES_CBC:
+    case GNUTLS_CIPHER_ARCFOUR_128:
+    case GNUTLS_CIPHER_ARCFOUR_40:
+    case GNUTLS_CIPHER_RC2_40_CBC:
+      return 1;
+    default:
+      return 0;
+    }
+}
+
 static int
 wrap_nettle_cipher_init (gnutls_cipher_algorithm_t algo, void **_ctx, int enc)
 {
@@ -345,6 +367,7 @@ wrap_nettle_cipher_close (void *h)
 
 gnutls_crypto_cipher_st _gnutls_cipher_ops = {
   .init = wrap_nettle_cipher_init,
+  .exists = wrap_nettle_cipher_exists,
   .setiv = wrap_nettle_cipher_setiv,
   .setkey = wrap_nettle_cipher_setkey,
   .encrypt = wrap_nettle_cipher_encrypt,
diff --git a/lib/nettle/mac.c b/lib/nettle/mac.c
index 4a77895a27..d36c1d4dd3 100644
--- a/lib/nettle/mac.c
+++ b/lib/nettle/mac.c
@@ -160,6 +160,22 @@ static int wrap_nettle_hmac_fast(gnutls_mac_algorithm_t algo,
   return 0;
 }
 
+static int wrap_nettle_hmac_exists(gnutls_mac_algorithm_t algo)
+{
+  switch (algo)
+    {
+    case GNUTLS_MAC_MD5:
+    case GNUTLS_MAC_SHA1:
+    case GNUTLS_MAC_SHA224:
+    case GNUTLS_MAC_SHA256:
+    case GNUTLS_MAC_SHA384:
+    case GNUTLS_MAC_SHA512:
+      return 1;
+    default:
+      return 0;
+    }
+}
+
 static int
 wrap_nettle_hmac_init (gnutls_mac_algorithm_t algo, void **_ctx)
 {
@@ -279,6 +295,23 @@ wrap_nettle_hash_deinit (void *hd)
   gnutls_free (hd);
 }
 
+static int wrap_nettle_hash_exists(gnutls_digest_algorithm_t algo)
+{
+  switch (algo)
+    {
+    case GNUTLS_DIG_MD5:
+    case GNUTLS_DIG_SHA1:
+    case GNUTLS_DIG_MD2:
+    case GNUTLS_DIG_SHA224:
+    case GNUTLS_DIG_SHA256:
+    case GNUTLS_DIG_SHA384:
+    case GNUTLS_DIG_SHA512:
+      return 1;
+    default:
+      return 0;
+    }
+}
+
 static int _ctx_init(gnutls_digest_algorithm_t algo, struct nettle_hash_ctx *ctx)
 {
   switch (algo)
@@ -419,6 +452,7 @@ gnutls_crypto_mac_st _gnutls_mac_ops = {
   .output = wrap_nettle_hmac_output,
   .deinit = wrap_nettle_hmac_deinit,
   .fast = wrap_nettle_hmac_fast,
+  .exists = wrap_nettle_hmac_exists,
 };
 
 gnutls_crypto_digest_st _gnutls_digest_ops = {
@@ -429,4 +463,5 @@ gnutls_crypto_digest_st _gnutls_digest_ops = {
   .output = wrap_nettle_hash_output,
   .deinit = wrap_nettle_hash_deinit,
   .fast = wrap_nettle_hash_fast,
+  .exists = wrap_nettle_hash_exists,
 };