Merge branch 'tmp-update-nettle-compat' into 'master'

fix nettle 3.5 issues/warnings

Closes #835

See merge request gnutls/gnutls!1067

4 files changed, 16 insertions, 26 deletions

diff --git a/configure.ac b/configure.ac
index 71e655771d..72eee10d58 100644
--- a/configure.ac
+++ b/configure.ac
@@ -562,7 +562,7 @@ AC_ARG_ENABLE(non-suiteb-curves,
 
 if test "$enable_non_suiteb" = "yes";then
 	dnl nettle_secp_192r1 is not really a function
-	AC_CHECK_LIB(hogweed, nettle_secp_192r1, enable_non_suiteb=yes, enable_non_suiteb=no, [$HOGWEED_LIBS $NETTLE_LIBS])
+	AC_CHECK_LIB(hogweed, nettle_get_secp_192r1, enable_non_suiteb=yes, enable_non_suiteb=no, [$HOGWEED_LIBS $NETTLE_LIBS])
 
 	if test "$enable_non_suiteb" = "yes";then
 		AC_DEFINE([ENABLE_NON_SUITEB_CURVES], 1, [Enable all curves])
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index b2d27cf74a..b65b1b2465 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -1327,16 +1327,6 @@ _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo,
 	return ret;
 }
 
-#if !defined(NETTLE_VERSION_MAJOR) || (NETTLE_VERSION_MAJOR < 3 || (NETTLE_VERSION_MAJOR == 3 && NETTLE_VERSION_MINOR < 4))
-# ifdef ENABLE_NON_SUITEB_CURVES
-#  define nettle_get_secp_192r1() &nettle_secp_192r1
-#  define nettle_get_secp_224r1() &nettle_secp_224r1
-# endif
-# define nettle_get_secp_256r1() &nettle_secp_256r1
-# define nettle_get_secp_384r1() &nettle_secp_384r1
-# define nettle_get_secp_521r1() &nettle_secp_521r1
-#endif
-
 static inline const struct ecc_curve *get_supported_nist_curve(int curve)
 {
 	switch (curve) {
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 075c2728f3..f08f76d0dd 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -174,7 +174,7 @@ ctests += mini-record-2 simple gnutls_hmac_fast set_pkcs12_cred cert certuniquei
 	 tls13-cert-key-exchange x509-cert-callback-ocsp gnutls_ocsp_resp_list_import2 \
 	 server-sign-md5-rep privkey-keygen mini-tls-nonblock no-signal pkcs7-gen dtls-etm \
 	 x509sign-verify-rsa x509sign-verify-ecdsa x509sign-verify-gost \
-	 mini-alignment oids atfork prf psk-file priority-init2 post-client-hello-change-prio \
+	 cipher-alignment oids atfork prf psk-file priority-init2 post-client-hello-change-prio \
 	 status-request status-request-ok rfc7633-missing sign-verify-ext \
 	 fallback-scsv pkcs8-key-decode urls dtls-rehandshake-cert rfc7633-ok \
 	 key-usage-rsa key-usage-ecdhe-rsa mini-session-verify-function auto-verify \
diff --git a/tests/mini-alignment.c b/tests/cipher-alignment.c
index 96f3d5b93a..0537c58186 100644
--- a/tests/mini-alignment.c
+++ b/tests/cipher-alignment.c
@@ -60,7 +60,7 @@ int main(int argc, char **argv)
 #include "ex-session-info.c"
 #include "ex-x509-info.c"
 
-pid_t child;
+static pid_t child;
 
 static void tls_log_func(int level, const char *str)
 {
@@ -68,10 +68,6 @@ static void tls_log_func(int level, const char *str)
 		str);
 }
 
-/* A very basic TLS client, with anonymous authentication.
- */
-
-
 #define MAX_BUF 1024
 #define MSG "Hello TLS"
 
@@ -125,18 +121,17 @@ static unsigned char key_pem[] =
 const gnutls_datum_t key = { key_pem, sizeof(key_pem) };
 
 struct myaes_ctx {
-	struct aes_ctx aes;
+	struct aes128_ctx aes;
 	unsigned char iv[16];
 	int enc;
 };
 
+static unsigned aes_init = 0;
+
 static int
 myaes_init(gnutls_cipher_algorithm_t algorithm, void **_ctx, int enc)
 {
-	/* we use key size to distinguish */
-	if (algorithm != GNUTLS_CIPHER_AES_128_CBC
-	    && algorithm != GNUTLS_CIPHER_AES_192_CBC
-	    && algorithm != GNUTLS_CIPHER_AES_256_CBC)
+	if (algorithm != GNUTLS_CIPHER_AES_128_CBC)
 		return GNUTLS_E_INVALID_REQUEST;
 
 	*_ctx = calloc(1, sizeof(struct myaes_ctx));
@@ -145,6 +140,7 @@ myaes_init(gnutls_cipher_algorithm_t algorithm, void **_ctx, int enc)
 	}
 
 	((struct myaes_ctx *) (*_ctx))->enc = enc;
+	aes_init = 1;
 
 	return 0;
 }
@@ -154,10 +150,12 @@ myaes_setkey(void *_ctx, const void *userkey, size_t keysize)
 {
 	struct myaes_ctx *ctx = _ctx;
 
+	assert(keysize == 16);
+
 	if (ctx->enc)
-		aes_set_encrypt_key(&ctx->aes, keysize, userkey);
+		aes128_set_encrypt_key(&ctx->aes, userkey);
 	else
-		aes_set_decrypt_key(&ctx->aes, keysize, userkey);
+		aes128_set_decrypt_key(&ctx->aes, userkey);
 
 	return 0;
 }
@@ -186,7 +184,7 @@ myaes_encrypt(void *_ctx, const void *src, size_t src_size,
 		fail("encrypt: dest is not 16-byte aligned: %lu\n", ((unsigned long)dst)%16);
 	}
 
-	cbc_encrypt(&ctx->aes, (nettle_cipher_func*)aes_encrypt, 16, ctx->iv, src_size, dst, src);
+	cbc_encrypt(&ctx->aes, (nettle_cipher_func*)aes128_encrypt, 16, ctx->iv, src_size, dst, src);
 	return 0;
 }
 
@@ -206,7 +204,7 @@ myaes_decrypt(void *_ctx, const void *src, size_t src_size,
 	}
 #endif
 
-	cbc_decrypt(&ctx->aes, (nettle_cipher_func*)aes_decrypt, 16, ctx->iv, src_size, dst, src);
+	cbc_decrypt(&ctx->aes, (nettle_cipher_func*)aes128_decrypt, 16, ctx->iv, src_size, dst, src);
 
 	return 0;
 }
@@ -516,6 +514,8 @@ void doit(void)
 	start("NORMAL:-CIPHER-ALL:+AES-128-CBC:-VERS-ALL:+VERS-TLS1.1");
 	start("NORMAL:-CIPHER-ALL:+AES-128-CBC:-VERS-ALL:+VERS-TLS1.2");
 
+	assert(aes_init != 0);
+
 	gnutls_global_deinit();
 }