summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/crypto-api.c37
-rw-r--r--lib/crypto.c110
-rw-r--r--lib/crypto.h5
-rw-r--r--lib/ext_session_ticket.c16
-rw-r--r--lib/gnutls_algorithms.c54
-rw-r--r--lib/gnutls_algorithms.h16
-rw-r--r--lib/gnutls_cipher.c14
-rw-r--r--lib/gnutls_cipher_int.c2
-rw-r--r--lib/gnutls_cipher_int.h2
-rw-r--r--lib/gnutls_constate.c8
-rw-r--r--lib/gnutls_constate.h4
-rw-r--r--lib/gnutls_handshake.c16
-rw-r--r--lib/gnutls_hash_int.c267
-rw-r--r--lib/gnutls_hash_int.h41
-rw-r--r--lib/gnutls_int.h14
-rw-r--r--lib/gnutls_priority.c2
-rw-r--r--lib/gnutls_psk_netconf.c6
-rw-r--r--lib/gnutls_sig.c34
-rw-r--r--lib/gnutls_srp.c10
-rw-r--r--lib/gnutls_state.c30
-rw-r--r--lib/gnutls_ui.c4
-rw-r--r--lib/includes/gnutls/crypto.h49
-rw-r--r--lib/includes/gnutls/gnutls.h.in51
-rw-r--r--lib/mac-libgcrypt.c57
-rw-r--r--lib/opencdk/dummy.c2
-rw-r--r--lib/opencdk/filters.h6
-rw-r--r--lib/opencdk/hash.c2
-rw-r--r--lib/opencdk/kbnode.c2
-rw-r--r--lib/opencdk/main.h12
-rw-r--r--lib/opencdk/opencdk.h4
-rw-r--r--lib/opencdk/pubkey.c4
-rw-r--r--lib/opencdk/sig-check.c14
-rw-r--r--lib/opencdk/verify.c4
-rw-r--r--lib/x509/crq.c4
-rw-r--r--lib/x509/pbkdf2-sha1.c4
-rw-r--r--lib/x509/pkcs12.c16
-rw-r--r--lib/x509/pkcs12_encr.c6
-rw-r--r--lib/x509/privkey.c4
-rw-r--r--lib/x509/sign.c10
-rw-r--r--lib/x509/verify.c14
-rw-r--r--lib/x509/x509.c6
-rw-r--r--lib/x509/x509_int.h2
-rw-r--r--libextra/fipsmd5.c80
-rw-r--r--libextra/gnutls_openssl.c12
44 files changed, 667 insertions, 390 deletions
diff --git a/lib/crypto-api.c b/lib/crypto-api.c
index 4f9025a008..853dbc6774 100644
--- a/lib/crypto-api.c
+++ b/lib/crypto-api.c
@@ -59,40 +59,3 @@ gnutls_cipher_deinit (gnutls_cipher_hd_t handle)
{
return _gnutls_cipher_deinit((cipher_hd_st*)handle);
}
-
-/* HMAC */
-int
-gnutls_hash_init (gnutls_hash_hd_t * dig, gnutls_digest_algorithm_t algorithm,
- const void *key, int keylen)
-{
- *dig = gnutls_malloc(sizeof(hash_hd_st));
- if (*dig == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- return _gnutls_hash_init(((hash_hd_st*)*dig), algorithm, key, keylen);
-}
-
-int gnutls_hash (gnutls_hash_hd_t handle, const void *text, size_t textlen)
-{
- return _gnutls_hash((hash_hd_st*)handle, text, textlen);
-}
-
-void
-gnutls_hash_output (gnutls_hash_hd_t handle, void *digest)
-{
- return _gnutls_hash_output((hash_hd_st*)handle, digest);
-}
-
-void
-gnutls_hash_reset (gnutls_hash_hd_t handle)
-{
- _gnutls_hash_reset((hash_hd_st*)handle);
-}
-
-void
-gnutls_hash_deinit (gnutls_hash_hd_t handle, void *digest)
-{
- _gnutls_hash_deinit((hash_hd_st*)handle, digest);
-}
diff --git a/lib/crypto.c b/lib/crypto.c
index a2db9e0c57..0a84dd4270 100644
--- a/lib/crypto.c
+++ b/lib/crypto.c
@@ -35,7 +35,7 @@ typedef struct algo_list
{
int algorithm;
int priority;
- const void *alg_data;
+ void *alg_data;
struct algo_list *next;
} algo_list;
@@ -44,7 +44,7 @@ typedef struct algo_list
#define digest_list algo_list
static int
-_algo_register (algo_list * al, int algorithm, int priority, const void *s)
+_algo_register (algo_list * al, int algorithm, int priority, void *s)
{
algo_list *cl;
algo_list *last_cl = al;
@@ -92,7 +92,7 @@ _algo_register (algo_list * al, int algorithm, int priority, const void *s)
}
-static const void *
+static void *
_get_algo (algo_list * al, int algo)
{
cipher_list *cl;
@@ -166,7 +166,7 @@ _gnutls_crypto_deregister (void)
int
gnutls_crypto_single_cipher_register2 (gnutls_cipher_algorithm_t algorithm,
int priority, int version,
- const gnutls_crypto_cipher_st * s)
+ const gnutls_crypto_single_cipher_st * s)
{
if (version != GNUTLS_CRYPTO_API_VERSION)
{
@@ -177,7 +177,7 @@ gnutls_crypto_single_cipher_register2 (gnutls_cipher_algorithm_t algorithm,
return _algo_register (&glob_cl, algorithm, priority, s);
}
-const gnutls_crypto_cipher_st *
+gnutls_crypto_single_cipher_st *
_gnutls_get_crypto_cipher (gnutls_cipher_algorithm_t algo)
{
return _get_algo (&glob_cl, algo);
@@ -225,7 +225,7 @@ gnutls_crypto_rnd_register2 (int priority, int version,
}
/**
- * gnutls_crypto_single_digest_register2 - register a MAC algorithm
+ * gnutls_crypto_single_mac_register2 - register a MAC algorithm
* @algorithm: is the gnutls algorithm identifier
* @priority: is the priority of the algorithm
* @version: should be set to %GNUTLS_CRYPTO_API_VERSION
@@ -239,16 +239,16 @@ gnutls_crypto_rnd_register2 (int priority, int version,
* This function should be called before gnutls_global_init().
*
* For simplicity you can use the convenience
- * gnutls_crypto_single_digest_register() macro.
+ * gnutls_crypto_single_mac_register() macro.
*
* Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
*
* Since: 2.6.0
**/
int
-gnutls_crypto_single_digest_register2 (gnutls_digest_algorithm_t algorithm,
+gnutls_crypto_single_mac_register2 (gnutls_mac_algorithm_t algorithm,
int priority, int version,
- const gnutls_crypto_digest_st * s)
+ const gnutls_crypto_single_mac_st * s)
{
if (version != GNUTLS_CRYPTO_API_VERSION)
{
@@ -259,13 +259,55 @@ gnutls_crypto_single_digest_register2 (gnutls_digest_algorithm_t algorithm,
return _algo_register (&glob_ml, algorithm, priority, s);
}
-const gnutls_crypto_digest_st *
-_gnutls_get_crypto_mac (gnutls_digest_algorithm_t algo)
+gnutls_crypto_single_mac_st *
+_gnutls_get_crypto_mac (gnutls_mac_algorithm_t algo)
{
return _get_algo (&glob_ml, algo);
}
/**
+ * gnutls_crypto_single_digest_register2 - register a digest algorithm
+ * @algorithm: is the gnutls algorithm identifier
+ * @priority: is the priority of the algorithm
+ * @version: should be set to %GNUTLS_CRYPTO_API_VERSION
+ * @s: is a structure holding new algorithms's data
+ *
+ * This function will register a digest (hash) algorithm to be used by
+ * gnutls. Any algorithm registered will override the included
+ * algorithms and by convention kernel implemented algorithms have
+ * priority of 90. The algorithm with the lowest priority will be
+ * used by gnutls.
+ *
+ * This function should be called before gnutls_global_init().
+ *
+ * For simplicity you can use the convenience
+ * gnutls_crypto_single_digest_register() macro.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
+ *
+ * Since: 2.6.0
+ **/
+int
+gnutls_crypto_single_digest_register2 (gnutls_digest_algorithm_t algorithm,
+ int priority, int version,
+ const gnutls_crypto_single_digest_st * s)
+{
+ if (version != GNUTLS_CRYPTO_API_VERSION)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ }
+
+ return _algo_register (&glob_dl, algorithm, priority, s);
+}
+
+gnutls_crypto_single_digest_st *
+_gnutls_get_crypto_digest (gnutls_digest_algorithm_t algo)
+{
+ return _get_algo (&glob_dl, algo);
+}
+
+/**
* gnutls_crypto_bigint_register2 - register a bigint interface
* @priority: is the priority of the interface
* @version: should be set to %GNUTLS_CRYPTO_API_VERSION
@@ -395,7 +437,7 @@ gnutls_crypto_cipher_register2 (int priority, int version,
}
/**
- * gnutls_crypto_digest_register2 - register a mac interface
+ * gnutls_crypto_mac_register2 - register a mac interface
* @priority: is the priority of the mac interface
* @version: should be set to %GNUTLS_CRYPTO_API_VERSION
* @s: is a structure holding new interface's data
@@ -416,8 +458,8 @@ gnutls_crypto_cipher_register2 (int priority, int version,
* Since: 2.6.0
**/
int
-gnutls_crypto_digest_register2 (int priority, int version,
- const gnutls_crypto_digest_st * s)
+gnutls_crypto_mac_register2 (int priority, int version,
+ const gnutls_crypto_mac_st * s)
{
if (version != GNUTLS_CRYPTO_API_VERSION)
{
@@ -435,3 +477,43 @@ gnutls_crypto_digest_register2 (int priority, int version,
return GNUTLS_E_CRYPTO_ALREADY_REGISTERED;
}
+/**
+ * gnutls_crypto_digest_register2 - register a digest interface
+ * @priority: is the priority of the digest interface
+ * @version: should be set to %GNUTLS_CRYPTO_API_VERSION
+ * @s: is a structure holding new interface's data
+ *
+ * This function will register a digest interface to be used by
+ * gnutls. Any interface registered will override the included engine
+ * and by convention kernel implemented interfaces should have
+ * priority of 90. The interface with the lowest priority will be used
+ * by gnutls.
+ *
+ * This function should be called before gnutls_global_init().
+ *
+ * For simplicity you can use the convenience
+ * gnutls_crypto_digest_register() macro.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
+ *
+ * Since: 2.6.0
+ **/
+int
+gnutls_crypto_digest_register2 (int priority, int version,
+ const gnutls_crypto_digest_st * s)
+{
+ if (version != GNUTLS_CRYPTO_API_VERSION)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ }
+
+ if (crypto_digest_prio > priority)
+ {
+ memcpy (&_gnutls_digest_ops, s, sizeof (*s));
+ crypto_digest_prio = priority;
+ return 0;
+ }
+
+ return GNUTLS_E_CRYPTO_ALREADY_REGISTERED;
+}
diff --git a/lib/crypto.h b/lib/crypto.h
index 31be19917a..f93ac1e550 100644
--- a/lib/crypto.h
+++ b/lib/crypto.h
@@ -25,8 +25,9 @@
#ifndef CRYPTO_H
# define CRYPTO_H
-const gnutls_crypto_cipher_st *_gnutls_get_crypto_cipher( gnutls_cipher_algorithm_t algo);
-const gnutls_crypto_digest_st *_gnutls_get_crypto_mac( gnutls_digest_algorithm_t algo);
+gnutls_crypto_single_cipher_st *_gnutls_get_crypto_cipher( gnutls_cipher_algorithm_t algo);
+gnutls_crypto_single_digest_st *_gnutls_get_crypto_digest( gnutls_digest_algorithm_t algo);
+gnutls_crypto_single_mac_st *_gnutls_get_crypto_mac( gnutls_mac_algorithm_t algo);
void _gnutls_crypto_deregister(void);
#endif /* CRYPTO_H */
diff --git a/lib/ext_session_ticket.c b/lib/ext_session_ticket.c
index 42ffadd02d..e7a2891535 100644
--- a/lib/ext_session_ticket.c
+++ b/lib/ext_session_ticket.c
@@ -55,24 +55,24 @@ static int
digest_ticket (const gnutls_datum_t * key, struct ticket *ticket,
opaque * digest)
{
- hash_hd_st digest_hd;
+ digest_hd_st digest_hd;
uint16_t length16;
int ret;
- ret = _gnutls_hash_init (&digest_hd, GNUTLS_MAC_SHA256, key->data,
+ ret = _gnutls_hmac_init (&digest_hd, GNUTLS_MAC_SHA256, key->data,
key->size);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
- _gnutls_hash (&digest_hd, ticket->key_name, KEY_NAME_SIZE);
- _gnutls_hash (&digest_hd, ticket->IV, IV_SIZE);
+ _gnutls_hmac (&digest_hd, ticket->key_name, KEY_NAME_SIZE);
+ _gnutls_hmac (&digest_hd, ticket->IV, IV_SIZE);
length16 = _gnutls_conv_uint16 (ticket->encrypted_state_len);
- _gnutls_hash (&digest_hd, &length16, 2);
- _gnutls_hash (&digest_hd, ticket->encrypted_state,
+ _gnutls_hmac (&digest_hd, &length16, 2);
+ _gnutls_hmac (&digest_hd, ticket->encrypted_state,
ticket->encrypted_state_len);
- _gnutls_hash_deinit (&digest_hd, digest);
+ _gnutls_hmac_deinit (&digest_hd, digest);
return 0;
}
@@ -461,7 +461,7 @@ _gnutls_send_new_session_ticket (gnutls_session_t session, int again)
struct ticket ticket;
uint16_t ticket_len;
gnutls_cipher_algorithm_t write_bulk_cipher_algorithm;
- gnutls_digest_algorithm_t write_mac_algorithm;
+ gnutls_mac_algorithm_t write_mac_algorithm;
gnutls_compression_method_t write_compression_algorithm;
#define SAVE_WRITE_SECURITY_PARAMETERS \
diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c
index d9a0d835a3..0faf4acdb7 100644
--- a/lib/gnutls_algorithms.c
+++ b/lib/gnutls_algorithms.c
@@ -222,7 +222,7 @@ struct gnutls_hash_entry
{
const char *name;
const char *oid;
- gnutls_digest_algorithm_t id;
+ gnutls_mac_algorithm_t id;
size_t key_size; /* in case of mac */
};
typedef struct gnutls_hash_entry gnutls_hash_entry;
@@ -240,7 +240,7 @@ static const gnutls_hash_entry hash_algorithms[] = {
};
/* Keep the contents of this struct the same as the previous one. */
-static const gnutls_digest_algorithm_t supported_macs[] = {
+static const gnutls_mac_algorithm_t supported_macs[] = {
GNUTLS_MAC_SHA1,
GNUTLS_MAC_MD5,
GNUTLS_MAC_SHA256,
@@ -346,7 +346,7 @@ typedef struct
cipher_suite_st id;
gnutls_cipher_algorithm_t block_algorithm;
gnutls_kx_algorithm_t kx_algorithm;
- gnutls_digest_algorithm_t mac_algorithm;
+ gnutls_mac_algorithm_t mac_algorithm;
gnutls_protocol_t version; /* this cipher suite is supported
* from 'version' and above;
*/
@@ -677,7 +677,7 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
int
_gnutls_mac_priority (gnutls_session_t session,
- gnutls_digest_algorithm_t algorithm)
+ gnutls_mac_algorithm_t algorithm)
{ /* actually returns the priority */
unsigned int i;
for (i = 0; i < session->internals.priorities.mac.algorithms; i++)
@@ -692,13 +692,13 @@ _gnutls_mac_priority (gnutls_session_t session,
* gnutls_mac_get_name - Returns a string with the name of the specified mac algorithm
* @algorithm: is a MAC algorithm
*
- * Convert a #gnutls_digest_algorithm_t value to a string.
+ * Convert a #gnutls_mac_algorithm_t value to a string.
*
* Returns: a string that contains the name of the specified MAC
* algorithm, or %NULL.
**/
const char *
-gnutls_mac_get_name (gnutls_digest_algorithm_t algorithm)
+gnutls_mac_get_name (gnutls_mac_algorithm_t algorithm)
{
const char *ret = NULL;
@@ -712,16 +712,16 @@ gnutls_mac_get_name (gnutls_digest_algorithm_t algorithm)
* gnutls_mac_get_id - Returns the gnutls id of the specified in string algorithm
* @name: is a MAC algorithm name
*
- * Convert a string to a #gnutls_digest_algorithm_t value. The names are
+ * Convert a string to a #gnutls_mac_algorithm_t value. The names are
* compared in a case insensitive way.
*
- * Returns: a #gnutls_digest_algorithm_t id of the specified MAC
+ * Returns: a #gnutls_mac_algorithm_t id of the specified MAC
* algorithm string, or %GNUTLS_MAC_UNKNOWN on failures.
**/
-gnutls_digest_algorithm_t
+gnutls_mac_algorithm_t
gnutls_mac_get_id (const char *name)
{
- gnutls_digest_algorithm_t ret = GNUTLS_MAC_UNKNOWN;
+ gnutls_mac_algorithm_t ret = GNUTLS_MAC_UNKNOWN;
GNUTLS_HASH_LOOP (if (strcasecmp (p->name, name) == 0) ret = p->id);
@@ -738,7 +738,7 @@ gnutls_mac_get_id (const char *name)
* given MAC algorithm is invalid.
**/
size_t
-gnutls_mac_get_key_size (gnutls_digest_algorithm_t algorithm)
+gnutls_mac_get_key_size (gnutls_mac_algorithm_t algorithm)
{
size_t ret = 0;
@@ -756,17 +756,17 @@ gnutls_mac_get_key_size (gnutls_digest_algorithm_t algorithm)
* example, MD2 is not supported as a cipher suite, but is supported
* for other purposes (e.g., X.509 signature verification or similar).
*
- * Returns: Return a zero-terminated list of #gnutls_digest_algorithm_t
+ * Returns: Return a zero-terminated list of #gnutls_mac_algorithm_t
* integers indicating the available MACs.
**/
-const gnutls_digest_algorithm_t *
+const gnutls_mac_algorithm_t *
gnutls_mac_list (void)
{
return supported_macs;
}
const char *
-_gnutls_x509_mac_to_oid (gnutls_digest_algorithm_t algorithm)
+_gnutls_x509_mac_to_oid (gnutls_mac_algorithm_t algorithm)
{
const char *ret = NULL;
@@ -776,10 +776,10 @@ _gnutls_x509_mac_to_oid (gnutls_digest_algorithm_t algorithm)
return ret;
}
-gnutls_digest_algorithm_t
+gnutls_mac_algorithm_t
_gnutls_x509_oid2mac_algorithm (const char *oid)
{
- gnutls_digest_algorithm_t ret = 0;
+ gnutls_mac_algorithm_t ret = 0;
GNUTLS_HASH_LOOP (if (p->oid && strcmp (oid, p->oid) == 0)
{
@@ -793,7 +793,7 @@ _gnutls_x509_oid2mac_algorithm (const char *oid)
int
-_gnutls_mac_is_ok (gnutls_digest_algorithm_t algorithm)
+_gnutls_mac_is_ok (gnutls_mac_algorithm_t algorithm)
{
ssize_t ret = -1;
GNUTLS_HASH_ALG_LOOP (ret = p->id);
@@ -1327,7 +1327,7 @@ _gnutls_cipher_suite_get_kx_algo (const cipher_suite_st * suite)
}
-gnutls_digest_algorithm_t
+gnutls_mac_algorithm_t
_gnutls_cipher_suite_get_mac_algo (const cipher_suite_st * suite)
{ /* In bytes */
int ret = 0;
@@ -1362,7 +1362,7 @@ _gnutls_cipher_suite_get_name (cipher_suite_st * suite)
const char *
gnutls_cipher_suite_get_name (gnutls_kx_algorithm_t kx_algorithm,
gnutls_cipher_algorithm_t cipher_algorithm,
- gnutls_digest_algorithm_t mac_algorithm)
+ gnutls_mac_algorithm_t mac_algorithm)
{
const char *ret = NULL;
@@ -1398,7 +1398,7 @@ gnutls_cipher_suite_info (size_t idx,
char *cs_id,
gnutls_kx_algorithm_t * kx,
gnutls_cipher_algorithm_t * cipher,
- gnutls_digest_algorithm_t * mac,
+ gnutls_mac_algorithm_t * mac,
gnutls_protocol_t * version)
{
if (idx >= CIPHER_SUITES_COUNT)
@@ -1529,9 +1529,9 @@ _gnutls_compare_algo (gnutls_session_t session, const void *i_A1,
_gnutls_cipher_suite_get_cipher_algo ((const cipher_suite_st *) i_A1);
gnutls_cipher_algorithm_t cA2 =
_gnutls_cipher_suite_get_cipher_algo ((const cipher_suite_st *) i_A2);
- gnutls_digest_algorithm_t mA1 =
+ gnutls_mac_algorithm_t mA1 =
_gnutls_cipher_suite_get_mac_algo ((const cipher_suite_st *) i_A1);
- gnutls_digest_algorithm_t mA2 =
+ gnutls_mac_algorithm_t mA2 =
_gnutls_cipher_suite_get_mac_algo ((const cipher_suite_st *) i_A2);
int p1 = (_gnutls_kx_priority (session, kA1) + 1) * 64;
@@ -1811,7 +1811,7 @@ struct gnutls_sign_entry
const char *oid;
gnutls_sign_algorithm_t id;
gnutls_pk_algorithm_t pk;
- gnutls_digest_algorithm_t mac;
+ gnutls_mac_algorithm_t mac;
/* See RFC 5246 HashAlgorithm and SignatureAlgorithm
for values to use in aid struct. */
sign_algorithm_st aid;
@@ -1960,7 +1960,7 @@ _gnutls_x509_oid2sign_algorithm (const char *oid)
}
gnutls_sign_algorithm_t
-_gnutls_x509_pk_to_sign (gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t mac)
+_gnutls_x509_pk_to_sign (gnutls_pk_algorithm_t pk, gnutls_mac_algorithm_t mac)
{
gnutls_sign_algorithm_t ret = 0;
@@ -1976,7 +1976,7 @@ _gnutls_x509_pk_to_sign (gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t mac
const char *
_gnutls_x509_sign_to_oid (gnutls_pk_algorithm_t pk,
- gnutls_digest_algorithm_t mac)
+ gnutls_mac_algorithm_t mac)
{
gnutls_sign_algorithm_t sign;
const char *ret = NULL;
@@ -1989,10 +1989,10 @@ _gnutls_x509_sign_to_oid (gnutls_pk_algorithm_t pk,
return ret;
}
-gnutls_digest_algorithm_t
+gnutls_mac_algorithm_t
_gnutls_sign_get_hash_algorithm (gnutls_sign_algorithm_t sign)
{
- gnutls_digest_algorithm_t ret = GNUTLS_DIG_UNKNOWN;
+ gnutls_mac_algorithm_t ret = GNUTLS_DIG_UNKNOWN;
GNUTLS_SIGN_ALG_LOOP (ret = p->mac);
diff --git a/lib/gnutls_algorithms.h b/lib/gnutls_algorithms.h
index aa9038a4fc..2b59908846 100644
--- a/lib/gnutls_algorithms.h
+++ b/lib/gnutls_algorithms.h
@@ -46,9 +46,9 @@ int _gnutls_version_has_explicit_iv (gnutls_protocol_t version);
int _gnutls_version_has_variable_padding (gnutls_protocol_t version);
/* Functions for MACs. */
-int _gnutls_mac_is_ok (gnutls_digest_algorithm_t algorithm);
-gnutls_digest_algorithm_t _gnutls_x509_oid2mac_algorithm (const char *oid);
-const char *_gnutls_x509_mac_to_oid (gnutls_digest_algorithm_t mac);
+int _gnutls_mac_is_ok (gnutls_mac_algorithm_t algorithm);
+gnutls_mac_algorithm_t _gnutls_x509_oid2mac_algorithm (const char *oid);
+const char *_gnutls_x509_mac_to_oid (gnutls_mac_algorithm_t mac);
/* Functions for cipher suites. */
int _gnutls_supported_ciphersuites (gnutls_session_t session,
@@ -61,7 +61,7 @@ gnutls_cipher_algorithm_t _gnutls_cipher_suite_get_cipher_algo (const
* algorithm);
gnutls_kx_algorithm_t _gnutls_cipher_suite_get_kx_algo (const cipher_suite_st
* algorithm);
-gnutls_digest_algorithm_t _gnutls_cipher_suite_get_mac_algo (const
+gnutls_mac_algorithm_t _gnutls_cipher_suite_get_mac_algo (const
cipher_suite_st *
algorithm);
gnutls_protocol_t _gnutls_cipher_suite_get_version (const cipher_suite_st *
@@ -101,17 +101,17 @@ enum encipher_type _gnutls_kx_encipher_type (gnutls_kx_algorithm_t algorithm);
/* Functions for sign algorithms. */
gnutls_sign_algorithm_t _gnutls_x509_oid2sign_algorithm (const char *oid);
gnutls_sign_algorithm_t _gnutls_x509_pk_to_sign (gnutls_pk_algorithm_t pk,
- gnutls_digest_algorithm_t mac);
+ gnutls_mac_algorithm_t mac);
gnutls_pk_algorithm_t _gnutls_x509_sign_to_pk (gnutls_sign_algorithm_t sign);
const char *_gnutls_x509_sign_to_oid (gnutls_pk_algorithm_t,
- gnutls_digest_algorithm_t mac);
+ gnutls_mac_algorithm_t mac);
gnutls_sign_algorithm_t _gnutls_tls_aid_to_sign (const sign_algorithm_st* aid);
sign_algorithm_st _gnutls_sign_to_tls_aid (gnutls_sign_algorithm_t sign);
-gnutls_digest_algorithm_t _gnutls_sign_get_hash_algorithm (gnutls_sign_algorithm_t);
+gnutls_mac_algorithm_t _gnutls_sign_get_hash_algorithm (gnutls_sign_algorithm_t);
gnutls_pk_algorithm_t _gnutls_sign_get_pk_algorithm (gnutls_sign_algorithm_t);
int _gnutls_mac_priority (gnutls_session_t session,
- gnutls_digest_algorithm_t algorithm);
+ gnutls_mac_algorithm_t algorithm);
int _gnutls_cipher_priority (gnutls_session_t session,
gnutls_cipher_algorithm_t algorithm);
int _gnutls_kx_priority (gnutls_session_t session,
diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
index 746a58ba87..d470f3aef3 100644
--- a/lib/gnutls_cipher.c
+++ b/lib/gnutls_cipher.c
@@ -194,7 +194,7 @@ _gnutls_decrypt (gnutls_session_t session, opaque * ciphertext,
}
inline static int
-mac_init (hash_hd_st * td, gnutls_digest_algorithm_t mac, opaque * secret,
+mac_init (digest_hd_st * td, gnutls_mac_algorithm_t mac, opaque * secret,
int secret_size, int ver)
{
int ret = 0;
@@ -210,14 +210,14 @@ mac_init (hash_hd_st * td, gnutls_digest_algorithm_t mac, opaque * secret,
}
else
{ /* TLS 1.x */
- ret = _gnutls_hash_init (td, mac, secret, secret_size);
+ ret = _gnutls_hmac_init (td, mac, secret, secret_size);
}
return ret;
}
static void
-mac_deinit (hash_hd_st * td, opaque * res, int ver)
+mac_deinit (digest_hd_st * td, opaque * res, int ver)
{
if (ver == GNUTLS_SSL3)
{ /* SSL 3.0 */
@@ -225,7 +225,7 @@ mac_deinit (hash_hd_st * td, opaque * res, int ver)
}
else
{
- _gnutls_hash_deinit (td, res);
+ _gnutls_hmac_deinit (td, res);
}
}
@@ -344,7 +344,7 @@ _gnutls_compressed2ciphertext (gnutls_session_t session,
if (session->security_parameters.write_mac_algorithm != GNUTLS_MAC_NULL)
{ /* actually when the algorithm in not the NULL one */
- hash_hd_st td;
+ digest_hd_st td;
ret = mac_init (&td, session->security_parameters.write_mac_algorithm,
session->connection_state.write_mac_secret.data,
@@ -541,7 +541,7 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
*/
if (session->security_parameters.read_mac_algorithm != GNUTLS_MAC_NULL)
{
- hash_hd_st td;
+ digest_hd_st td;
ret = mac_init (&td, session->security_parameters.read_mac_algorithm,
session->connection_state.read_mac_secret.data,
@@ -556,7 +556,7 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
preamble_size = make_preamble( UINT64DATA (session->connection_state.read_sequence_number), type, c_length, ver, preamble);
_gnutls_hash (&td, preamble, preamble_size);
if (length > 0)
- _gnutls_hash (&td, ciphertext.data, length);
+ _gnutls_hmac (&td, ciphertext.data, length);
mac_deinit (&td, MAC, ver);
}
diff --git a/lib/gnutls_cipher_int.c b/lib/gnutls_cipher_int.c
index b496c688ff..d370d849e0 100644
--- a/lib/gnutls_cipher_int.c
+++ b/lib/gnutls_cipher_int.c
@@ -40,7 +40,7 @@ _gnutls_cipher_init (cipher_hd_st * handle, gnutls_cipher_algorithm_t cipher,
const gnutls_datum_t * key, const gnutls_datum_t * iv)
{
int ret = GNUTLS_E_INTERNAL_ERROR;
- const gnutls_crypto_cipher_st *cc = NULL;
+ gnutls_crypto_single_cipher_st *cc = NULL;
/* check if a cipher has been registered
*/
diff --git a/lib/gnutls_cipher_int.h b/lib/gnutls_cipher_int.h
index d6c3018bbd..f004f55b27 100644
--- a/lib/gnutls_cipher_int.h
+++ b/lib/gnutls_cipher_int.h
@@ -31,7 +31,7 @@ extern int crypto_cipher_prio;
extern gnutls_crypto_cipher_st _gnutls_cipher_ops;
typedef struct {
- const gnutls_crypto_cipher_st* cc;
+ gnutls_crypto_single_cipher_st* cc;
void* ctx;
} reg_hd;
diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c
index 4dbc44d08f..d3fd25646b 100644
--- a/lib/gnutls_constate.c
+++ b/lib/gnutls_constate.c
@@ -345,7 +345,7 @@ _gnutls_set_read_keys (gnutls_session_t session)
int IV_size;
int key_size, export_flag;
gnutls_cipher_algorithm_t algo;
- gnutls_digest_algorithm_t mac_algo;
+ gnutls_mac_algorithm_t mac_algo;
mac_algo = session->security_parameters.read_mac_algorithm;
algo = session->security_parameters.read_bulk_cipher_algorithm;
@@ -366,7 +366,7 @@ _gnutls_set_write_keys (gnutls_session_t session)
int IV_size;
int key_size, export_flag;
gnutls_cipher_algorithm_t algo;
- gnutls_digest_algorithm_t mac_algo;
+ gnutls_mac_algorithm_t mac_algo;
mac_algo = session->security_parameters.write_mac_algorithm;
algo = session->security_parameters.write_bulk_cipher_algorithm;
@@ -934,7 +934,7 @@ _gnutls_set_kx (gnutls_session_t session, gnutls_kx_algorithm_t algo)
/* Sets the specified mac algorithm into pending session */
int
-_gnutls_set_read_mac (gnutls_session_t session, gnutls_digest_algorithm_t algo)
+_gnutls_set_read_mac (gnutls_session_t session, gnutls_mac_algorithm_t algo)
{
if (_gnutls_mac_is_ok (algo) == 0)
@@ -958,7 +958,7 @@ _gnutls_set_read_mac (gnutls_session_t session, gnutls_digest_algorithm_t algo)
}
int
-_gnutls_set_write_mac (gnutls_session_t session, gnutls_digest_algorithm_t algo)
+_gnutls_set_write_mac (gnutls_session_t session, gnutls_mac_algorithm_t algo)
{
if (_gnutls_mac_is_ok (algo) == 0)
diff --git a/lib/gnutls_constate.h b/lib/gnutls_constate.h
index 771c03a1b4..f58c8b1486 100644
--- a/lib/gnutls_constate.h
+++ b/lib/gnutls_constate.h
@@ -28,11 +28,11 @@ int _gnutls_write_connection_state_init (gnutls_session_t session);
int _gnutls_set_write_cipher (gnutls_session_t session,
gnutls_cipher_algorithm_t algo);
int _gnutls_set_write_mac (gnutls_session_t session,
- gnutls_digest_algorithm_t algo);
+ gnutls_mac_algorithm_t algo);
int _gnutls_set_read_cipher (gnutls_session_t session,
gnutls_cipher_algorithm_t algo);
int _gnutls_set_read_mac (gnutls_session_t session,
- gnutls_digest_algorithm_t algo);
+ gnutls_mac_algorithm_t algo);
int _gnutls_set_read_compression (gnutls_session_t session,
gnutls_compression_method_t algo);
int _gnutls_set_write_compression (gnutls_session_t session,
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 300ee283ab..aca1aab73f 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -166,8 +166,8 @@ static int
_gnutls_ssl3_finished (gnutls_session_t session, int type, opaque * ret)
{
const int siz = SSL_MSG_LEN;
- hash_hd_st td_md5;
- hash_hd_st td_sha;
+ digest_hd_st td_md5;
+ digest_hd_st td_sha;
const char *mesg;
int rc;
@@ -235,8 +235,8 @@ _gnutls_finished (gnutls_session_t session, int type, void *ret)
opaque concat[MAX_HASH_SIZE + 16 /*MD5 */ ];
size_t len = 20 + 16;
const char *mesg;
- hash_hd_st td_md5;
- hash_hd_st td_sha;
+ digest_hd_st td_md5;
+ digest_hd_st td_sha;
int rc;
if (session->security_parameters.handshake_mac_handle_type ==
@@ -2301,7 +2301,7 @@ _gnutls_handshake_hash_init (gnutls_session_t session)
{
ret =
_gnutls_hash_init (&session->internals.handshake_mac_handle.
- tls10.md5, GNUTLS_MAC_MD5, NULL, 0);
+ tls10.md5, GNUTLS_MAC_MD5);
if (ret < 0)
{
@@ -2311,7 +2311,7 @@ _gnutls_handshake_hash_init (gnutls_session_t session)
ret =
_gnutls_hash_init (&session->internals.handshake_mac_handle.
- tls10.sha, GNUTLS_MAC_SHA1, NULL, 0);
+ tls10.sha, GNUTLS_MAC_SHA1);
if (ret < 0)
{
gnutls_assert ();
@@ -2328,7 +2328,7 @@ _gnutls_handshake_hash_init (gnutls_session_t session)
SHA256. */
ret =
_gnutls_hash_init (&session->internals.handshake_mac_handle.
- tls12.sha256, GNUTLS_DIG_SHA256, NULL, 0);
+ tls12.sha256, GNUTLS_DIG_SHA256);
if (ret < 0)
{
gnutls_assert ();
@@ -2337,7 +2337,7 @@ _gnutls_handshake_hash_init (gnutls_session_t session)
ret =
_gnutls_hash_init (&session->internals.handshake_mac_handle.
- tls12.sha1, GNUTLS_DIG_SHA1, NULL, 0);
+ tls12.sha1, GNUTLS_DIG_SHA1);
if (ret < 0)
{
gnutls_assert ();
diff --git a/lib/gnutls_hash_int.c b/lib/gnutls_hash_int.c
index c70fa8f81b..7f3b322049 100644
--- a/lib/gnutls_hash_int.c
+++ b/lib/gnutls_hash_int.c
@@ -57,8 +57,45 @@ digest_length (gnutls_digest_algorithm_t algo)
}
}
-/* HMAC interface */
+int
+_gnutls_hash_init (digest_hd_st * dig, gnutls_digest_algorithm_t algorithm)
+{
+ int result;
+ gnutls_crypto_single_digest_st *cc = NULL;
+
+ dig->algorithm = algorithm;
+
+ /* check if a digest has been registered
+ */
+ cc = _gnutls_get_crypto_digest (algorithm);
+ if (cc != NULL)
+ {
+ dig->registered = 1;
+ dig->hd.rh.cc = cc;
+ if (cc->init (algorithm, &dig->hd.rh.ctx) < 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_HASH_FAILED;
+ }
+ dig->active = 1;
+ return 0;
+ }
+
+ dig->registered = 0;
+
+ result = _gnutls_digest_ops.init (algorithm, &dig->hd.gc);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ dig->active = 1;
+ return 0;
+}
+/* returns the output size of the given hash/mac algorithm
+ */
int
_gnutls_hash_get_algo_len (gnutls_digest_algorithm_t algorithm)
{
@@ -66,13 +103,97 @@ _gnutls_hash_get_algo_len (gnutls_digest_algorithm_t algorithm)
}
int
-_gnutls_hash_fast (gnutls_digest_algorithm_t algorithm, const void *key,
- int keylen, const void *text, size_t textlen, void *digest)
+_gnutls_hash (const digest_hd_st * handle, const void *text, size_t textlen)
+{
+ if (textlen > 0)
+ {
+ if (handle->registered)
+ {
+ return handle->hd.rh.cc->hash (handle->hd.rh.ctx, text, textlen);
+ }
+ return _gnutls_digest_ops.hash (handle->hd.gc, text, textlen);
+ }
+ return 0;
+}
+
+int
+_gnutls_hash_copy (digest_hd_st * dst, digest_hd_st * src)
+{
+ int result;
+
+ memset (dst, 0, sizeof (*dst));
+ dst->algorithm = src->algorithm;
+ dst->registered = src->registered;
+ dst->active = 1;
+
+ if (src->registered)
+ {
+ dst->hd.rh.cc = src->hd.rh.cc;
+ return src->hd.rh.cc->copy (&dst->hd.rh.ctx, src->hd.rh.ctx);
+ }
+
+ result = _gnutls_digest_ops.copy (&dst->hd.gc, src->hd.gc);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ return 0;
+}
+
+/* when the current output is needed without calling deinit
+ */
+void
+_gnutls_hash_output (digest_hd_st * handle, void *digest)
+{
+ size_t maclen;
+
+ maclen = _gnutls_hash_get_algo_len (handle->algorithm);
+
+ if (handle->registered && handle->hd.rh.ctx != NULL)
+ {
+ if (digest != NULL)
+ handle->hd.rh.cc->output (handle->hd.rh.ctx, digest, maclen);
+ return;
+ }
+
+ if (digest != NULL)
+ {
+ _gnutls_digest_ops.output (handle->hd.gc, digest, maclen);
+ }
+}
+
+void
+_gnutls_hash_deinit (digest_hd_st * handle, void *digest)
+{
+ if (handle->active != 1)
+ {
+ return;
+ }
+
+ if (digest != NULL)
+ _gnutls_hash_output (handle, digest);
+
+ handle->active = 0;
+
+ if (handle->registered && handle->hd.rh.ctx != NULL)
+ {
+ handle->hd.rh.cc->deinit (handle->hd.rh.ctx);
+ return;
+ }
+
+ _gnutls_digest_ops.deinit (handle->hd.gc);
+}
+
+int
+_gnutls_hash_fast (gnutls_digest_algorithm_t algorithm,
+ const void *text, size_t textlen, void *digest)
{
- hash_hd_st dig;
+ digest_hd_st dig;
int ret;
- ret = _gnutls_hash_init (&dig, algorithm, key, keylen);
+ ret = _gnutls_hash_init (&dig, algorithm);
if (ret < 0)
{
gnutls_assert ();
@@ -91,12 +212,47 @@ _gnutls_hash_fast (gnutls_digest_algorithm_t algorithm, const void *key,
return 0;
}
+
+/* HMAC interface */
+
int
-_gnutls_hash_init (hash_hd_st * dig, gnutls_digest_algorithm_t algorithm,
+_gnutls_hmac_get_algo_len (gnutls_mac_algorithm_t algorithm)
+{
+ return digest_length (algorithm);
+}
+
+int
+_gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm, const void *key,
+ int keylen, const void *text, size_t textlen, void *digest)
+{
+ digest_hd_st dig;
+ int ret;
+
+ ret = _gnutls_hmac_init (&dig, algorithm, key, keylen);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = _gnutls_hmac (&dig, text, textlen);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_hmac_deinit (&dig, NULL);
+ return ret;
+ }
+
+ _gnutls_hmac_deinit (&dig, digest);
+ return 0;
+}
+
+int
+_gnutls_hmac_init (digest_hd_st * dig, gnutls_mac_algorithm_t algorithm,
const void *key, int keylen)
{
int result;
- const gnutls_crypto_digest_st *cc = NULL;
+ gnutls_crypto_single_mac_st *cc = NULL;
dig->algorithm = algorithm;
dig->key = key;
@@ -116,14 +272,11 @@ _gnutls_hash_init (hash_hd_st * dig, gnutls_digest_algorithm_t algorithm,
return GNUTLS_E_HASH_FAILED;
}
- if (key)
+ if (cc->setkey (dig->hd.rh.ctx, key, keylen) < 0)
{
- if (cc->setkey == NULL || cc->setkey (dig->hd.rh.ctx, key, keylen) < 0)
- {
- gnutls_assert ();
- cc->deinit (dig->hd.rh.ctx);
- return GNUTLS_E_HASH_FAILED;
- }
+ gnutls_assert ();
+ cc->deinit (dig->hd.rh.ctx);
+ return GNUTLS_E_HASH_FAILED;
}
dig->active = 1;
@@ -139,17 +292,14 @@ _gnutls_hash_init (hash_hd_st * dig, gnutls_digest_algorithm_t algorithm,
return result;
}
- if (key)
- {
- _gnutls_mac_ops.setkey (dig->hd.gc, key, keylen);
- }
+ _gnutls_mac_ops.setkey (dig->hd.gc, key, keylen);
dig->active = 1;
return 0;
}
int
-_gnutls_hash (hash_hd_st * handle, const void *text, size_t textlen)
+_gnutls_hmac (const digest_hd_st * handle, const void *text, size_t textlen)
{
if (textlen > 0)
{
@@ -163,11 +313,11 @@ _gnutls_hash (hash_hd_st * handle, const void *text, size_t textlen)
}
void
-_gnutls_hash_output (hash_hd_st * handle, void *digest)
+_gnutls_hmac_output (digest_hd_st * handle, void *digest)
{
int maclen;
- maclen = _gnutls_hash_get_algo_len (handle->algorithm);
+ maclen = _gnutls_hmac_get_algo_len (handle->algorithm);
if (handle->registered && handle->hd.rh.ctx != NULL)
{
@@ -182,45 +332,8 @@ _gnutls_hash_output (hash_hd_st * handle, void *digest)
}
}
-int
-_gnutls_hash_copy (hash_hd_st * dst, hash_hd_st * src)
-{
- int result;
-
- memset (dst, 0, sizeof (*dst));
- dst->algorithm = src->algorithm;
- dst->registered = src->registered;
- dst->active = 1;
-
- if (src->registered)
- {
- dst->hd.rh.cc = src->hd.rh.cc;
- return src->hd.rh.cc->copy (&dst->hd.rh.ctx, src->hd.rh.ctx);
- }
-
- result = _gnutls_mac_ops.copy (&dst->hd.gc, src->hd.gc);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
-}
-
-void _gnutls_hash_reset (hash_hd_st * handle)
-{
- if (handle->registered && handle->hd.rh.ctx != NULL)
- {
- handle->hd.rh.cc->reset (handle->hd.rh.ctx);
- return;
- }
-
- _gnutls_mac_ops.reset (handle->hd.gc);
-}
-
void
-_gnutls_hash_deinit (hash_hd_st * handle, void *digest)
+_gnutls_hmac_deinit (digest_hd_st * handle, void *digest)
{
if (handle->active != 1)
{
@@ -228,7 +341,7 @@ _gnutls_hash_deinit (hash_hd_st * handle, void *digest)
}
if (digest)
- _gnutls_hash_output (handle, digest);
+ _gnutls_hmac_output (handle, digest);
handle->active = 0;
if (handle->registered && handle->hd.rh.ctx != NULL)
@@ -241,7 +354,7 @@ _gnutls_hash_deinit (hash_hd_st * handle, void *digest)
}
inline static int
-get_padsize (gnutls_digest_algorithm_t algorithm)
+get_padsize (gnutls_mac_algorithm_t algorithm)
{
switch (algorithm)
{
@@ -259,7 +372,7 @@ get_padsize (gnutls_digest_algorithm_t algorithm)
*/
int
-_gnutls_mac_init_ssl3 (hash_hd_st * ret, gnutls_digest_algorithm_t algorithm,
+_gnutls_mac_init_ssl3 (digest_hd_st * ret, gnutls_mac_algorithm_t algorithm,
void *key, int keylen)
{
opaque ipad[48];
@@ -274,7 +387,7 @@ _gnutls_mac_init_ssl3 (hash_hd_st * ret, gnutls_digest_algorithm_t algorithm,
memset (ipad, 0x36, padsize);
- result = _gnutls_hash_init (ret, algorithm, NULL, 0);
+ result = _gnutls_hash_init (ret, algorithm);
if (result < 0)
{
gnutls_assert ();
@@ -292,10 +405,10 @@ _gnutls_mac_init_ssl3 (hash_hd_st * ret, gnutls_digest_algorithm_t algorithm,
}
void
-_gnutls_mac_deinit_ssl3 (hash_hd_st * handle, void *digest)
+_gnutls_mac_deinit_ssl3 (digest_hd_st * handle, void *digest)
{
opaque ret[MAX_HASH_SIZE];
- hash_hd_st td;
+ digest_hd_st td;
opaque opad[48];
int padsize;
int block, rc;
@@ -310,7 +423,7 @@ _gnutls_mac_deinit_ssl3 (hash_hd_st * handle, void *digest)
memset (opad, 0x5C, padsize);
- rc = _gnutls_hash_init (&td, handle->algorithm, NULL, 0);
+ rc = _gnutls_hash_init (&td, handle->algorithm);
if (rc < 0)
{
gnutls_assert ();
@@ -322,7 +435,7 @@ _gnutls_mac_deinit_ssl3 (hash_hd_st * handle, void *digest)
_gnutls_hash (&td, handle->key, handle->keysize);
_gnutls_hash (&td, opad, padsize);
- block = _gnutls_hash_get_algo_len (handle->algorithm);
+ block = _gnutls_hmac_get_algo_len (handle->algorithm);
_gnutls_hash_deinit (handle, ret); /* get the previous hash */
_gnutls_hash (&td, ret, block);
@@ -332,12 +445,12 @@ _gnutls_mac_deinit_ssl3 (hash_hd_st * handle, void *digest)
}
void
-_gnutls_mac_deinit_ssl3_handshake (hash_hd_st * handle,
+_gnutls_mac_deinit_ssl3_handshake (digest_hd_st * handle,
void *digest, opaque * key,
uint32_t key_size)
{
opaque ret[MAX_HASH_SIZE];
- hash_hd_st td;
+ digest_hd_st td;
opaque opad[48];
opaque ipad[48];
int padsize;
@@ -353,7 +466,7 @@ _gnutls_mac_deinit_ssl3_handshake (hash_hd_st * handle,
memset (opad, 0x5C, padsize);
memset (ipad, 0x36, padsize);
- rc = _gnutls_hash_init (&td, handle->algorithm, NULL, 0);
+ rc = _gnutls_hash_init (&td, handle->algorithm);
if (rc < 0)
{
gnutls_assert ();
@@ -364,7 +477,7 @@ _gnutls_mac_deinit_ssl3_handshake (hash_hd_st * handle,
_gnutls_hash (&td, key, key_size);
_gnutls_hash (&td, opad, padsize);
- block = _gnutls_hash_get_algo_len (handle->algorithm);
+ block = _gnutls_hmac_get_algo_len (handle->algorithm);
if (key_size > 0)
_gnutls_hash (handle, key, key_size);
@@ -385,14 +498,14 @@ ssl3_sha (int i, opaque * secret, int secret_len,
int j, ret;
opaque text1[26];
- hash_hd_st td;
+ digest_hd_st td;
for (j = 0; j < i + 1; j++)
{
text1[j] = 65 + i; /* A==65 */
}
- ret = _gnutls_hash_init (&td, GNUTLS_MAC_SHA1, NULL, 0);
+ ret = _gnutls_hash_init (&td, GNUTLS_MAC_SHA1);
if (ret < 0)
{
gnutls_assert ();
@@ -412,10 +525,10 @@ ssl3_md5 (int i, opaque * secret, int secret_len,
opaque * rnd, int rnd_len, void *digest)
{
opaque tmp[MAX_HASH_SIZE];
- hash_hd_st td;
+ digest_hd_st td;
int ret;
- ret = _gnutls_hash_init (&td, GNUTLS_MAC_MD5, NULL, 0);
+ ret = _gnutls_hash_init (&td, GNUTLS_MAC_MD5);
if (ret < 0)
{
gnutls_assert ();
@@ -444,11 +557,11 @@ _gnutls_ssl3_hash_md5 (const void *first, int first_len,
int ret_len, opaque * ret)
{
opaque digest[MAX_HASH_SIZE];
- hash_hd_st td;
+ digest_hd_st td;
int block = _gnutls_hash_get_algo_len (GNUTLS_MAC_MD5);
int rc;
- rc = _gnutls_hash_init (&td, GNUTLS_MAC_MD5, NULL, 0);
+ rc = _gnutls_hash_init (&td, GNUTLS_MAC_MD5);
if (rc < 0)
{
gnutls_assert ();
diff --git a/lib/gnutls_hash_int.h b/lib/gnutls_hash_int.h
index bc39a1a769..c91fd85329 100644
--- a/lib/gnutls_hash_int.h
+++ b/lib/gnutls_hash_int.h
@@ -32,10 +32,13 @@
/* for message digests */
extern int crypto_mac_prio;
-extern gnutls_crypto_digest_st _gnutls_mac_ops;
+extern gnutls_crypto_mac_st _gnutls_mac_ops;
+
+extern int crypto_digest_prio;
+extern gnutls_crypto_digest_st _gnutls_digest_ops;
typedef struct {
- const gnutls_crypto_digest_st* cc;
+ gnutls_crypto_single_mac_st* cc;
void* ctx;
} digest_reg_hd;
@@ -46,28 +49,36 @@ typedef struct
void* gc; /* when not registered */
digest_reg_hd rh; /* when registered */
} hd;
- gnutls_digest_algorithm_t algorithm;
+ gnutls_mac_algorithm_t algorithm;
const void *key;
int keysize;
int active;
-} hash_hd_st;
+} digest_hd_st;
/* basic functions */
-int _gnutls_hash_init (hash_hd_st*, gnutls_digest_algorithm_t algorithm,
+int _gnutls_hmac_init (digest_hd_st*, gnutls_mac_algorithm_t algorithm,
const void *key, int keylen);
-int _gnutls_hash_get_algo_len (gnutls_digest_algorithm_t algorithm);
-int _gnutls_hash (hash_hd_st * handle, const void *text, size_t textlen);
-int _gnutls_hash_fast( gnutls_digest_algorithm_t algorithm, const void* key, int keylen,
+int _gnutls_hmac_get_algo_len (gnutls_mac_algorithm_t algorithm);
+int _gnutls_hmac (const digest_hd_st* handle, const void *text,
+ size_t textlen);
+
+int _gnutls_hmac_fast( gnutls_mac_algorithm_t algorithm, const void* key, int keylen,
const void* text, size_t textlen, void* digest);
-void _gnutls_hash_deinit (hash_hd_st* handle, void *digest);
-void _gnutls_hash_output (hash_hd_st* handle, void *digest);
-void _gnutls_hash_reset (hash_hd_st * handle);
+void _gnutls_hmac_deinit (digest_hd_st* handle, void *digest);
+void _gnutls_hmac_output (digest_hd_st* handle, void *digest);
+
+int _gnutls_hash_init (digest_hd_st*, gnutls_digest_algorithm_t algorithm);
+int _gnutls_hash_get_algo_len (gnutls_digest_algorithm_t algorithm);
+int _gnutls_hash (const digest_hd_st* handle, const void *text,
+ size_t textlen);
+void _gnutls_hash_deinit (digest_hd_st* handle, void *digest);
+void _gnutls_hash_output (digest_hd_st* handle, void *digest);
/* help functions */
-int _gnutls_mac_init_ssl3 (hash_hd_st*, gnutls_digest_algorithm_t algorithm, void *key,
+int _gnutls_mac_init_ssl3 (digest_hd_st*, gnutls_mac_algorithm_t algorithm, void *key,
int keylen);
-void _gnutls_mac_deinit_ssl3 (hash_hd_st* handle, void *digest);
+void _gnutls_mac_deinit_ssl3 (digest_hd_st* handle, void *digest);
int _gnutls_ssl3_generate_random (void *secret, int secret_len,
void *rnd, int random_len, int bytes,
@@ -76,9 +87,9 @@ int _gnutls_ssl3_hash_md5 (const void *first, int first_len,
const void *second, int second_len,
int ret_len, opaque * ret);
-void _gnutls_mac_deinit_ssl3_handshake (hash_hd_st* handle, void *digest,
+void _gnutls_mac_deinit_ssl3_handshake (digest_hd_st* handle, void *digest,
opaque * key, uint32_t key_size);
-int _gnutls_hash_copy (hash_hd_st* dst_handle, hash_hd_st * src_handle);
+int _gnutls_hash_copy (digest_hd_st* dst_handle, digest_hd_st * src_handle);
#endif /* GNUTLS_HASH_INT_H */
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index c2ad8f5d6a..a097bea1c8 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -133,7 +133,7 @@ typedef struct
#define DECR_LENGTH_RET(len, x, RET) do { len-=x; if (len<0) {gnutls_assert(); return RET;} } while (0)
#define DECR_LENGTH_COM(len, x, COM) do { len-=x; if (len<0) {gnutls_assert(); COM;} } while (0)
-#define HASH2MAC(x) ((gnutls_digest_algorithm_t)x)
+#define HASH2MAC(x) ((gnutls_mac_algorithm_t)x)
#define GNUTLS_POINTER_TO_INT(_) ((int) GNUTLS_POINTER_TO_INT_CAST (_))
#define GNUTLS_INT_TO_POINTER(_) ((void*) GNUTLS_POINTER_TO_INT_CAST (_))
@@ -366,11 +366,11 @@ typedef struct
* null cipher and we don't
*/
gnutls_cipher_algorithm_t read_bulk_cipher_algorithm;
- gnutls_digest_algorithm_t read_mac_algorithm;
+ gnutls_mac_algorithm_t read_mac_algorithm;
gnutls_compression_method_t read_compression_algorithm;
gnutls_cipher_algorithm_t write_bulk_cipher_algorithm;
- gnutls_digest_algorithm_t write_mac_algorithm;
+ gnutls_mac_algorithm_t write_mac_algorithm;
gnutls_compression_method_t write_compression_algorithm;
handshake_mac_type_t handshake_mac_handle_type; /* one of HANDSHAKE_TYPE_10 and HANDSHAKE_TYPE_12 */
@@ -491,13 +491,13 @@ typedef struct
{
struct
{
- hash_hd_st sha; /* hash of the handshake messages */
- hash_hd_st md5; /* hash of the handshake messages */
+ digest_hd_st sha; /* hash of the handshake messages */
+ digest_hd_st md5; /* hash of the handshake messages */
} tls10;
struct
{
- hash_hd_st sha1; /* hash of the handshake messages for TLS 1.2+ */
- hash_hd_st sha256; /* hash of the handshake messages for TLS 1.2+ */
+ digest_hd_st sha1; /* hash of the handshake messages for TLS 1.2+ */
+ digest_hd_st sha256; /* hash of the handshake messages for TLS 1.2+ */
} tls12;
} handshake_mac_handle;
int handshake_mac_handle_init; /* 1 when the previous union and type were initialized */
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index 4c2156499b..7fab2c797d 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -111,7 +111,7 @@ gnutls_kx_set_priority (gnutls_session_t session, const int *list)
/**
* gnutls_mac_set_priority - Sets the priority on the mac algorithms supported by gnutls.
* @session: is a #gnutls_session_t structure.
- * @list: is a 0 terminated list of gnutls_digest_algorithm_t elements.
+ * @list: is a 0 terminated list of gnutls_mac_algorithm_t elements.
*
* Sets the priority on the mac algorithms supported by gnutls.
* Priority is higher for elements specified before others.
diff --git a/lib/gnutls_psk_netconf.c b/lib/gnutls_psk_netconf.c
index 85978d98e6..967a964279 100644
--- a/lib/gnutls_psk_netconf.c
+++ b/lib/gnutls_psk_netconf.c
@@ -54,7 +54,7 @@ gnutls_psk_netconf_derive_key (const char *password,
const char netconf_key_pad[] = "Key Pad for Netconf";
size_t sha1len = _gnutls_hash_get_algo_len (GNUTLS_DIG_SHA1);
size_t hintlen = strlen (psk_identity_hint);
- hash_hd_st dig;
+ digest_hd_st dig;
char *inner;
size_t innerlen;
int rc;
@@ -65,7 +65,7 @@ gnutls_psk_netconf_derive_key (const char *password,
*
*/
- rc = _gnutls_hash_init (&dig, GNUTLS_DIG_SHA1, NULL, 0);
+ rc = _gnutls_hash_init (&dig, GNUTLS_DIG_SHA1);
if (rc < 0)
{
gnutls_assert ();
@@ -107,7 +107,7 @@ gnutls_psk_netconf_derive_key (const char *password,
memcpy (inner + sha1len, psk_identity_hint, hintlen);
- rc = _gnutls_hash_init (&dig, GNUTLS_DIG_SHA1, NULL, 0);
+ rc = _gnutls_hash_init (&dig, GNUTLS_DIG_SHA1);
if (rc < 0)
{
gnutls_assert ();
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index d7d6d1147a..f75a705ac6 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -57,7 +57,7 @@ _gnutls_tls_sign (gnutls_session_t session,
* See RFC 5246 DigitallySigned for the actual format.
*/
static int
-_gnutls_rsa_encode_sig (gnutls_digest_algorithm_t algo,
+_gnutls_rsa_encode_sig (gnutls_mac_algorithm_t algo,
const gnutls_datum_t * hash,
gnutls_datum_t * signature)
{
@@ -132,7 +132,7 @@ _gnutls_handshake_sign_data (gnutls_session_t session, gnutls_cert * cert,
{
gnutls_datum_t dconcat;
int ret;
- hash_hd_st td_sha;
+ digest_hd_st td_sha;
opaque concat[MAX_SIG_SIZE];
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
gnutls_digest_algorithm_t hash_algo;
@@ -146,7 +146,7 @@ _gnutls_handshake_sign_data (gnutls_session_t session, gnutls_cert * cert,
return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
}
- ret = _gnutls_hash_init (&td_sha, hash_algo, NULL, 0);
+ ret = _gnutls_hash_init (&td_sha, hash_algo);
if (ret < 0)
{
gnutls_assert ();
@@ -164,9 +164,9 @@ _gnutls_handshake_sign_data (gnutls_session_t session, gnutls_cert * cert,
case GNUTLS_PK_RSA:
if (!_gnutls_version_has_selectable_prf (ver))
{
- hash_hd_st td_md5;
+ digest_hd_st td_md5;
- ret = _gnutls_hash_init (&td_md5, GNUTLS_MAC_MD5, NULL, 0);
+ ret = _gnutls_hash_init (&td_md5, GNUTLS_MAC_MD5);
if (ret < 0)
{
gnutls_assert ();
@@ -386,8 +386,8 @@ _gnutls_handshake_verify_data (gnutls_session_t session, gnutls_cert * cert,
{
gnutls_datum_t dconcat;
int ret;
- hash_hd_st td_md5;
- hash_hd_st td_sha;
+ digest_hd_st td_md5;
+ digest_hd_st td_sha;
opaque concat[MAX_SIG_SIZE];
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
gnutls_digest_algorithm_t hash_algo = GNUTLS_DIG_SHA1;
@@ -401,7 +401,7 @@ _gnutls_handshake_verify_data (gnutls_session_t session, gnutls_cert * cert,
if (!_gnutls_version_has_selectable_prf (ver))
{
- ret = _gnutls_hash_init (&td_md5, GNUTLS_MAC_MD5, NULL, 0);
+ ret = _gnutls_hash_init (&td_md5, GNUTLS_MAC_MD5);
if (ret < 0)
{
gnutls_assert ();
@@ -418,7 +418,7 @@ _gnutls_handshake_verify_data (gnutls_session_t session, gnutls_cert * cert,
if (algo != GNUTLS_SIGN_UNKNOWN)
hash_algo = _gnutls_sign_get_hash_algorithm (algo);
- ret = _gnutls_hash_init (&td_sha, hash_algo, NULL, 0);
+ ret = _gnutls_hash_init (&td_sha, hash_algo);
if (ret < 0)
{
gnutls_assert ();
@@ -481,11 +481,11 @@ _gnutls_handshake_verify_cert_vrfy12 (gnutls_session_t session,
{
int ret;
opaque concat[MAX_SIG_SIZE];
- hash_hd_st td;
+ digest_hd_st td;
gnutls_datum_t dconcat;
gnutls_sign_algorithm_t _sign_algo;
gnutls_digest_algorithm_t hash_algo;
- hash_hd_st *handshake_td;
+ digest_hd_st *handshake_td;
handshake_td = &session->internals.handshake_mac_handle.tls12.sha1;
hash_algo = handshake_td->algorithm;
@@ -541,8 +541,8 @@ _gnutls_handshake_verify_cert_vrfy (gnutls_session_t session,
{
int ret;
opaque concat[MAX_SIG_SIZE];
- hash_hd_st td_md5;
- hash_hd_st td_sha;
+ digest_hd_st td_md5;
+ digest_hd_st td_sha;
gnutls_datum_t dconcat;
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
@@ -626,10 +626,10 @@ _gnutls_handshake_sign_cert_vrfy12 (gnutls_session_t session,
gnutls_datum_t dconcat;
int ret;
opaque concat[MAX_SIG_SIZE];
- hash_hd_st td;
+ digest_hd_st td;
gnutls_sign_algorithm_t sign_algo;
gnutls_digest_algorithm_t hash_algo;
- hash_hd_st *handshake_td;
+ digest_hd_st *handshake_td;
handshake_td = &session->internals.handshake_mac_handle.tls12.sha1;
hash_algo = handshake_td->algorithm;
@@ -707,8 +707,8 @@ _gnutls_handshake_sign_cert_vrfy (gnutls_session_t session,
gnutls_datum_t dconcat;
int ret;
opaque concat[MAX_SIG_SIZE];
- hash_hd_st td_md5;
- hash_hd_st td_sha;
+ digest_hd_st td_md5;
+ digest_hd_st td_sha;
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
if (session->security_parameters.handshake_mac_handle_type ==
diff --git a/lib/gnutls_srp.c b/lib/gnutls_srp.c
index 4e2a270959..3131083596 100644
--- a/lib/gnutls_srp.c
+++ b/lib/gnutls_srp.c
@@ -166,7 +166,7 @@ _gnutls_calc_srp_u (bigint_t A, bigint_t B, bigint_t n)
size_t b_size, a_size;
opaque *holder, hd[MAX_HASH_SIZE];
size_t holder_size, hash_size, n_size;
- hash_hd_st td;
+ digest_hd_st td;
int ret;
bigint_t res;
@@ -191,7 +191,7 @@ _gnutls_calc_srp_u (bigint_t A, bigint_t B, bigint_t n)
_gnutls_mpi_print (A, &holder[n_size - a_size], &a_size);
_gnutls_mpi_print (B, &holder[n_size + n_size - b_size], &b_size);
- ret = _gnutls_hash_init (&td, GNUTLS_MAC_SHA1, NULL, 0);
+ ret = _gnutls_hash_init (&td, GNUTLS_MAC_SHA1);
if (ret < 0)
{
gnutls_free (holder);
@@ -289,13 +289,13 @@ _gnutls_calc_srp_sha (const char *username, const char *password,
opaque * salt, int salt_size, size_t * size,
void *digest)
{
- hash_hd_st td;
+ digest_hd_st td;
opaque res[MAX_HASH_SIZE];
int ret;
*size = 20;
- ret = _gnutls_hash_init (&td, GNUTLS_MAC_SHA1, NULL, 0);
+ ret = _gnutls_hash_init (&td, GNUTLS_MAC_SHA1);
if (ret < 0)
{
return GNUTLS_E_MEMORY_ERROR;
@@ -306,7 +306,7 @@ _gnutls_calc_srp_sha (const char *username, const char *password,
_gnutls_hash_deinit (&td, res);
- ret = _gnutls_hash_init (&td, GNUTLS_MAC_SHA1, NULL, 0);
+ ret = _gnutls_hash_init (&td, GNUTLS_MAC_SHA1);
if (ret < 0)
{
return GNUTLS_E_MEMORY_ERROR;
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index a1f574f7eb..3ba533b3c6 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -113,9 +113,9 @@ gnutls_kx_get (gnutls_session_t session)
* Get currently used MAC algorithm.
*
* Returns: the currently used mac algorithm, a
- * #gnutls_digest_algorithm_t value.
+ * #gnutls_mac_algorithm_t value.
**/
-gnutls_digest_algorithm_t
+gnutls_mac_algorithm_t
gnutls_mac_get (gnutls_session_t session)
{
return session->security_parameters.read_mac_algorithm;
@@ -761,22 +761,22 @@ gnutls_handshake_set_private_extensions (gnutls_session_t session, int allow)
}
inline static int
-_gnutls_cal_PRF_A (gnutls_digest_algorithm_t algorithm,
+_gnutls_cal_PRF_A (gnutls_mac_algorithm_t algorithm,
const void *secret, int secret_size,
const void *seed, int seed_size, void *result)
{
- hash_hd_st td1;
+ digest_hd_st td1;
int ret;
- ret = _gnutls_hash_init (&td1, algorithm, secret, secret_size);
+ ret = _gnutls_hmac_init (&td1, algorithm, secret, secret_size);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
- _gnutls_hash (&td1, seed, seed_size);
- _gnutls_hash_deinit (&td1, result);
+ _gnutls_hmac (&td1, seed, seed_size);
+ _gnutls_hmac_deinit (&td1, result);
return 0;
}
@@ -787,13 +787,13 @@ _gnutls_cal_PRF_A (gnutls_digest_algorithm_t algorithm,
* (used in the PRF function)
*/
static int
-_gnutls_P_hash (gnutls_digest_algorithm_t algorithm,
+_gnutls_P_hash (gnutls_mac_algorithm_t algorithm,
const opaque * secret, int secret_size,
const opaque * seed, int seed_size,
int total_bytes, opaque * ret)
{
- hash_hd_st td2;
+ digest_hd_st td2;
int i, times, how, blocksize, A_size;
opaque final[MAX_HASH_SIZE], Atmp[MAX_SEED_SIZE];
int output_bytes, result;
@@ -804,7 +804,7 @@ _gnutls_P_hash (gnutls_digest_algorithm_t algorithm,
return GNUTLS_E_INTERNAL_ERROR;
}
- blocksize = _gnutls_hash_get_algo_len (algorithm);
+ blocksize = _gnutls_hmac_get_algo_len (algorithm);
output_bytes = 0;
do
@@ -822,7 +822,7 @@ _gnutls_P_hash (gnutls_digest_algorithm_t algorithm,
for (i = 0; i < times; i++)
{
- result = _gnutls_hash_init (&td2, algorithm, secret, secret_size);
+ result = _gnutls_hmac_init (&td2, algorithm, secret, secret_size);
if (result < 0)
{
gnutls_assert ();
@@ -835,15 +835,15 @@ _gnutls_P_hash (gnutls_digest_algorithm_t algorithm,
A_size, Atmp)) < 0)
{
gnutls_assert ();
- _gnutls_hash_deinit (&td2, final);
+ _gnutls_hmac_deinit (&td2, final);
return result;
}
A_size = blocksize;
- _gnutls_hash (&td2, Atmp, A_size);
- _gnutls_hash (&td2, seed, seed_size);
- _gnutls_hash_deinit (&td2, final);
+ _gnutls_hmac (&td2, Atmp, A_size);
+ _gnutls_hmac (&td2, seed, seed_size);
+ _gnutls_hmac_deinit (&td2, final);
if ((1 + i) * blocksize < total_bytes)
{
diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c
index 66bac34242..baed5fa556 100644
--- a/lib/gnutls_ui.c
+++ b/lib/gnutls_ui.c
@@ -557,7 +557,7 @@ gnutls_fingerprint (gnutls_digest_algorithm_t algo,
const gnutls_datum_t * data, void *result,
size_t * result_size)
{
- hash_hd_st td;
+ digest_hd_st td;
int hash_len = _gnutls_hash_get_algo_len (HASH2MAC (algo));
if (hash_len < 0 || (unsigned) hash_len > *result_size || result == NULL)
@@ -569,7 +569,7 @@ gnutls_fingerprint (gnutls_digest_algorithm_t algo,
if (result)
{
- int ret = _gnutls_hash_init (&td, HASH2MAC (algo), NULL, 0);
+ int ret = _gnutls_hash_init (&td, HASH2MAC (algo));
if (ret < 0)
{
gnutls_assert ();
diff --git a/lib/includes/gnutls/crypto.h b/lib/includes/gnutls/crypto.h
index d348864519..824ca66687 100644
--- a/lib/includes/gnutls/crypto.h
+++ b/lib/includes/gnutls/crypto.h
@@ -36,26 +36,14 @@ int gnutls_cipher_decrypt (const gnutls_cipher_hd_t handle, void *ciphertext,
void gnutls_cipher_deinit (gnutls_cipher_hd_t handle);
int gnutls_cipher_get_block_size (gnutls_cipher_algorithm_t algorithm);
-/* HMAC */
-typedef struct hash_hd_st* gnutls_hash_hd_t;
-
-/* if key is non null then HMAC instead of hash */
-int gnutls_hash_init (gnutls_hash_hd_t*, gnutls_mac_algorithm_t algorithm,
- const void *key, int keylen);
-int gnutls_hash_get_algo_len (gnutls_mac_algorithm_t algorithm);
-int gnutls_hash (gnutls_hash_hd_t handle, const void *text,
- size_t textlen);
-int gnutls_hash_fast( gnutls_mac_algorithm_t algorithm, const void* key, int keylen,
- const void* text, size_t textlen, void* digest);
-void gnutls_hash_deinit (gnutls_hash_hd_t handle, void *digest);
-void gnutls_hash_output (gnutls_hash_hd_t handle, void *digest);
-void gnutls_hash_reset (gnutls_hash_hd_t handle);
-
/* register ciphers */
#define GNUTLS_CRYPTO_API_VERSION 0x02
+#define gnutls_crypto_single_cipher_st gnutls_crypto_cipher_st
+#define gnutls_crypto_single_mac_st gnutls_crypto_mac_st
+
typedef struct
{
int (*init) (gnutls_cipher_algorithm_t, void **ctx);
@@ -75,9 +63,12 @@ typedef struct
int (*hash) (void *ctx, const void *text, size_t textsize);
int (*copy) (void **dst_ctx, void *src_ctx);
int (*output) (void *src_ctx, void *digest, size_t digestsize);
- void (*reset) (void *ctx);
void (*deinit) (void *ctx);
-} gnutls_crypto_digest_st;
+} gnutls_crypto_mac_st;
+
+/* the same... setkey should be null */
+typedef gnutls_crypto_single_mac_st gnutls_crypto_single_digest_st;
+typedef gnutls_crypto_mac_st gnutls_crypto_digest_st;
typedef enum gnutls_rnd_level
{
@@ -251,26 +242,36 @@ typedef struct gnutls_crypto_pk
# define gnutls_crypto_single_cipher_register(algo, prio, st) \
gnutls_crypto_single_cipher_register2 (algo, prio, \
GNUTLS_CRYPTO_API_VERSION, st)
-# define gnutls_crypto_single_digest_register(algo, prio, st) \
- gnutls_crypto_single_digest_register2 (algo, prio, \
+# define gnutls_crypto_single_mac_register(algo, prio, st) \
+ gnutls_crypto_single_mac_register2 (algo, prio, \
GNUTLS_CRYPTO_API_VERSION, st)
+# define gnutls_crypto_single_digest_register(algo, prio, st) \
+ gnutls_crypto_single_digest_register2(algo, prio, \
+ GNUTLS_CRYPTO_API_VERSION, st)
int gnutls_crypto_single_cipher_register2 (gnutls_cipher_algorithm_t algorithm,
int priority, int version,
- const gnutls_crypto_cipher_st *s);
-int gnutls_crypto_single_digest_register2 (gnutls_mac_algorithm_t algorithm,
+ const gnutls_crypto_single_cipher_st *s);
+int gnutls_crypto_single_mac_register2 (gnutls_mac_algorithm_t algorithm,
int priority, int version,
- const gnutls_crypto_digest_st * s);
+ const gnutls_crypto_single_mac_st * s);
+int gnutls_crypto_single_digest_register2 (gnutls_digest_algorithm_t algorithm,
+ int priority, int version,
+ const gnutls_crypto_single_digest_st *s);
# define gnutls_crypto_cipher_register(prio, st) \
gnutls_crypto_cipher_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st)
-# define gnutls_crypto_digest_register(prio, st) \
+# define gnutls_crypto_mac_register(prio, st) \
+ gnutls_crypto_mac_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st)
+# define gnutls_crypto_digest_register(prio, st) \
gnutls_crypto_digest_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st)
int gnutls_crypto_cipher_register2 (int priority, int version,
const gnutls_crypto_cipher_st * s);
+int gnutls_crypto_mac_register2 (int priority, int version,
+ const gnutls_crypto_mac_st * s);
int gnutls_crypto_digest_register2 (int priority, int version,
- const gnutls_crypto_digest_st * s);
+ const gnutls_crypto_digest_st * s);
# define gnutls_crypto_rnd_register(prio, st) \
gnutls_crypto_rnd_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st)
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 375669ecb3..6361e50a2d 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -127,34 +127,35 @@ extern "C" {
typedef enum
{
- GNUTLS_DIG_UNKNOWN = 0,
- GNUTLS_DIG_NULL = 1,
- GNUTLS_DIG_MD5,
- GNUTLS_DIG_SHA1,
- GNUTLS_DIG_RMD160,
- GNUTLS_DIG_MD2,
- GNUTLS_DIG_SHA256,
- GNUTLS_DIG_SHA384,
- GNUTLS_DIG_SHA512,
- GNUTLS_DIG_SHA224, /* unsupported in TLS */
+ GNUTLS_MAC_UNKNOWN = 0,
+ GNUTLS_MAC_NULL = 1,
+ GNUTLS_MAC_MD5,
+ GNUTLS_MAC_SHA1,
+ GNUTLS_MAC_RMD160,
+ GNUTLS_MAC_MD2,
+ GNUTLS_MAC_SHA256,
+ GNUTLS_MAC_SHA384,
+ GNUTLS_MAC_SHA512
/* If you add anything here, make sure you align with
gnutls_digest_algorithm_t, in particular SHA-224. */
- } gnutls_digest_algorithm_t;
+ } gnutls_mac_algorithm_t;
- /* These are compatibility definitions.
+ /* The enumerations here should have the same value with
+ gnutls_mac_algorithm_t.
*/
-#define gnutls_mac_algorithm_t gnutls_digest_algorithm_t
-
-#define GNUTLS_MAC_UNKNOWN GNUTLS_DIG_UNKNOWN
-#define GNUTLS_MAC_NULL GNUTLS_DIG_NULL
-#define GNUTLS_MAC_MD5 GNUTLS_DIG_MD5
-#define GNUTLS_MAC_SHA1 GNUTLS_DIG_SHA1
-#define GNUTLS_MAC_RMD160 GNUTLS_DIG_RMD160
-#define GNUTLS_MAC_MD2 GNUTLS_DIG_MD2
-#define GNUTLS_MAC_SHA256 GNUTLS_DIG_SHA256
-#define GNUTLS_MAC_SHA384 GNUTLS_DIG_SHA384
-#define GNUTLS_MAC_SHA512 GNUTLS_DIG_SHA512
-#define GNUTLS_MAC_SHA224 GNUTLS_DIG_SHA224
+ typedef enum
+ {
+ GNUTLS_DIG_UNKNOWN = GNUTLS_MAC_UNKNOWN,
+ GNUTLS_DIG_NULL = GNUTLS_MAC_NULL,
+ GNUTLS_DIG_MD5 = GNUTLS_MAC_MD5,
+ GNUTLS_DIG_SHA1 = GNUTLS_MAC_SHA1,
+ GNUTLS_DIG_RMD160 = GNUTLS_MAC_RMD160,
+ GNUTLS_DIG_MD2 = GNUTLS_MAC_MD2,
+ GNUTLS_DIG_SHA256 = GNUTLS_MAC_SHA256,
+ GNUTLS_DIG_SHA384 = GNUTLS_MAC_SHA384,
+ GNUTLS_DIG_SHA512 = GNUTLS_MAC_SHA512,
+ GNUTLS_DIG_SHA224
+ } gnutls_digest_algorithm_t;
/* exported for other gnutls headers. This is the maximum number of
* algorithms (ciphers, kx or macs).
@@ -936,7 +937,7 @@ extern "C" {
/* fingerprint
* Actually this function returns the hash of the given data.
*/
- int gnutls_fingerprint (gnutls_mac_algorithm_t algo,
+ int gnutls_fingerprint (gnutls_digest_algorithm_t algo,
const gnutls_datum_t * data, void *result,
size_t * result_size);
diff --git a/lib/mac-libgcrypt.c b/lib/mac-libgcrypt.c
index acb9deba1d..e51ea70869 100644
--- a/lib/mac-libgcrypt.c
+++ b/lib/mac-libgcrypt.c
@@ -31,7 +31,7 @@
#include <gcrypt.h>
static int
-wrap_gcry_mac_init (gnutls_digest_algorithm_t algo, void **ctx)
+wrap_gcry_mac_init (gnutls_mac_algorithm_t algo, void **ctx)
{
int err;
unsigned int flags = GCRY_MD_FLAG_HMAC;
@@ -97,6 +97,50 @@ wrap_gcry_md_close (void *hd)
}
static int
+wrap_gcry_hash_init (gnutls_mac_algorithm_t algo, void **ctx)
+{
+ int err;
+ unsigned int flags = 0;
+
+ switch (algo)
+ {
+ case GNUTLS_DIG_MD5:
+ err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_MD5, flags);
+ break;
+ case GNUTLS_DIG_SHA1:
+ err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_SHA1, flags);
+ break;
+ case GNUTLS_DIG_RMD160:
+ err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_RMD160, flags);
+ break;
+ case GNUTLS_DIG_MD2:
+ err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_MD2, flags);
+ break;
+ case GNUTLS_DIG_SHA256:
+ err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_SHA256, flags);
+ break;
+ case GNUTLS_DIG_SHA224:
+ err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_SHA224, flags);
+ break;
+ case GNUTLS_DIG_SHA384:
+ err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_SHA384, flags);
+ break;
+ case GNUTLS_DIG_SHA512:
+ err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_SHA512, flags);
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (err == 0)
+ return 0;
+
+ gnutls_assert ();
+ return GNUTLS_E_ENCRYPTION_FAILED;
+}
+
+static int
wrap_gcry_mac_output (void *src_ctx, void *digest, size_t digestsize)
{
opaque *_digest = gcry_md_read (src_ctx, 0);
@@ -117,7 +161,7 @@ wrap_gcry_mac_output (void *src_ctx, void *digest, size_t digestsize)
int crypto_mac_prio = INT_MAX;
-gnutls_crypto_digest_st _gnutls_mac_ops = {
+gnutls_crypto_mac_st _gnutls_mac_ops = {
.init = wrap_gcry_mac_init,
.setkey = wrap_gcry_md_setkey,
.hash = wrap_gcry_md_write,
@@ -126,3 +170,12 @@ gnutls_crypto_digest_st _gnutls_mac_ops = {
.deinit = wrap_gcry_md_close,
};
+int crypto_digest_prio = INT_MAX;
+
+gnutls_crypto_digest_st _gnutls_digest_ops = {
+ .init = wrap_gcry_hash_init,
+ .hash = wrap_gcry_md_write,
+ .copy = wrap_gcry_md_copy,
+ .output = wrap_gcry_mac_output,
+ .deinit = wrap_gcry_md_close,
+};
diff --git a/lib/opencdk/dummy.c b/lib/opencdk/dummy.c
index 6ee043a159..0ede7ed41d 100644
--- a/lib/opencdk/dummy.c
+++ b/lib/opencdk/dummy.c
@@ -9,7 +9,7 @@
cdk_error_t
_cdk_proc_packets (cdk_ctx_t hd, cdk_stream_t inp, cdk_stream_t data,
const char *output, cdk_stream_t outstream,
- hash_hd_st * md)
+ digest_hd_st * md)
{
return 0;
}
diff --git a/lib/opencdk/filters.h b/lib/opencdk/filters.h
index d11008517c..d5a63afd4d 100644
--- a/lib/opencdk/filters.h
+++ b/lib/opencdk/filters.h
@@ -32,7 +32,7 @@ enum {
typedef struct {
cipher_hd_st hd;
- hash_hd_st mdc;
+ digest_hd_st mdc;
int mdc_method;
u32 datalen;
struct {
@@ -45,7 +45,7 @@ typedef struct {
typedef struct {
int digest_algo;
- hash_hd_st md;
+ digest_hd_st md;
int md_initialized;
} md_filter_t;
@@ -61,7 +61,7 @@ typedef struct {
cdk_lit_format_t mode;
char *orig_filename; /* This original name of the input file. */
char *filename;
- hash_hd_st md;
+ digest_hd_st md;
int md_initialized;
struct {
size_t on;
diff --git a/lib/opencdk/hash.c b/lib/opencdk/hash.c
index 320744f145..21e0d4f859 100644
--- a/lib/opencdk/hash.c
+++ b/lib/opencdk/hash.c
@@ -49,7 +49,7 @@ hash_encode (void *data, FILE * in, FILE * out)
if (!mfx->md_initialized)
{
- err = _gnutls_hash_init (&mfx->md, mfx->digest_algo, NULL, 0);
+ err = _gnutls_hash_init (&mfx->md, mfx->digest_algo);
if (err < 0)
{
gnutls_assert ();
diff --git a/lib/opencdk/kbnode.c b/lib/opencdk/kbnode.c
index f3e8c9a49f..cd8e939b48 100644
--- a/lib/opencdk/kbnode.c
+++ b/lib/opencdk/kbnode.c
@@ -578,7 +578,7 @@ cdk_kbnode_write_to_mem (cdk_kbnode_t node, byte * buf, size_t * r_nbytes)
* is extracted from it.
**/
cdk_error_t
-cdk_kbnode_hash (cdk_kbnode_t node, hash_hd_st * md, int is_v4,
+cdk_kbnode_hash (cdk_kbnode_t node, digest_hd_st * md, int is_v4,
cdk_packet_type_t pkttype, int flags)
{
cdk_packet_t pkt;
diff --git a/lib/opencdk/main.h b/lib/opencdk/main.h
index ca3c609e23..613bc940f3 100644
--- a/lib/opencdk/main.h
+++ b/lib/opencdk/main.h
@@ -108,7 +108,7 @@ FILE *_cdk_tmpfile (void);
cdk_error_t _cdk_proc_packets (cdk_ctx_t hd, cdk_stream_t inp,
cdk_stream_t data,
const char *output, cdk_stream_t outstream,
- hash_hd_st*md);
+ digest_hd_st*md);
cdk_error_t _cdk_pkt_write2 (cdk_stream_t out, int pkttype, void *pktctx);
/*-- pubkey.c --*/
@@ -125,10 +125,10 @@ void _cdk_pkt_detach_free (cdk_packet_t pkt, int *r_pkttype, void **ctx);
/*-- sig-check.c --*/
cdk_error_t _cdk_sig_check (cdk_pkt_pubkey_t pk, cdk_pkt_signature_t sig,
- hash_hd_st*digest, int * r_expired);
-cdk_error_t _cdk_hash_sig_data (cdk_pkt_signature_t sig, hash_hd_st*hd);
-cdk_error_t _cdk_hash_userid (cdk_pkt_userid_t uid, int sig_version, hash_hd_st*md);
-cdk_error_t _cdk_hash_pubkey (cdk_pkt_pubkey_t pk, hash_hd_st *md,
+ digest_hd_st*digest, int * r_expired);
+cdk_error_t _cdk_hash_sig_data (cdk_pkt_signature_t sig, digest_hd_st*hd);
+cdk_error_t _cdk_hash_userid (cdk_pkt_userid_t uid, int sig_version, digest_hd_st*md);
+cdk_error_t _cdk_hash_pubkey (cdk_pkt_pubkey_t pk, digest_hd_st *md,
int use_fpr);
cdk_error_t _cdk_pk_check_sig (cdk_keydb_hd_t hd,
cdk_kbnode_t knode,
@@ -159,7 +159,7 @@ int _cdk_sig_hash_for (cdk_pkt_pubkey_t pk);
void _cdk_trim_string (char * s, int canon);
cdk_error_t _cdk_sig_create (cdk_pkt_pubkey_t pk, cdk_pkt_signature_t sig);
cdk_error_t _cdk_sig_complete (cdk_pkt_signature_t sig, cdk_pkt_seckey_t sk,
- hash_hd_st *hd);
+ digest_hd_st *hd);
/*-- stream.c --*/
void _cdk_stream_set_compress_algo (cdk_stream_t s, int algo);
diff --git a/lib/opencdk/opencdk.h b/lib/opencdk/opencdk.h
index da0f0aa2af..0ba17af47a 100644
--- a/lib/opencdk/opencdk.h
+++ b/lib/opencdk/opencdk.h
@@ -960,7 +960,7 @@ cdk_kbnode_t cdk_kbnode_find_prev (cdk_kbnode_t root, cdk_kbnode_t node,
cdk_packet_type_t pkttype);
cdk_kbnode_t cdk_kbnode_find_next (cdk_kbnode_t node,
cdk_packet_type_t pkttype);
-cdk_error_t cdk_kbnode_hash (cdk_kbnode_t node, hash_hd_st * md, int is_v4,
+cdk_error_t cdk_kbnode_hash (cdk_kbnode_t node, digest_hd_st * md, int is_v4,
cdk_packet_type_t pkttype, int flags);
/* Check each signature in the key node and return a summary of the
@@ -989,7 +989,7 @@ cdk_error_t cdk_sklist_build (cdk_keylist_t * ret_skl,
int unlock, unsigned int use);
void cdk_sklist_release (cdk_keylist_t skl);
cdk_error_t cdk_sklist_write (cdk_keylist_t skl, cdk_stream_t outp,
- hash_hd_st * mdctx, int sigclass, int sigver);
+ digest_hd_st * mdctx, int sigclass, int sigver);
cdk_error_t cdk_sklist_write_onepass (cdk_keylist_t skl, cdk_stream_t outp,
int sigclass, int mdalgo);
diff --git a/lib/opencdk/pubkey.c b/lib/opencdk/pubkey.c
index c37391f2db..0ee122bd30 100644
--- a/lib/opencdk/pubkey.c
+++ b/lib/opencdk/pubkey.c
@@ -421,7 +421,7 @@ _cdk_sk_get_csum (cdk_pkt_seckey_t sk)
cdk_error_t
cdk_pk_get_fingerprint (cdk_pubkey_t pk, byte * fpr)
{
- hash_hd_st hd;
+ digest_hd_st hd;
int md_algo;
int dlen = 0;
int err;
@@ -434,7 +434,7 @@ cdk_pk_get_fingerprint (cdk_pubkey_t pk, byte * fpr)
else
md_algo = GNUTLS_DIG_SHA1;
dlen = _gnutls_hash_get_algo_len (md_algo);
- err = _gnutls_hash_init (&hd, md_algo, NULL, 0);
+ err = _gnutls_hash_init (&hd, md_algo);
if (err < 0)
return map_gnutls_error (err);
_cdk_hash_pubkey (pk, &hd, 1);
diff --git a/lib/opencdk/sig-check.c b/lib/opencdk/sig-check.c
index c1899471c4..5dc9da6fd1 100644
--- a/lib/opencdk/sig-check.c
+++ b/lib/opencdk/sig-check.c
@@ -36,7 +36,7 @@
/* Hash all multi precision integers of the key PK with the given
message digest context MD. */
static int
-hash_mpibuf (cdk_pubkey_t pk, hash_hd_st * md, int usefpr)
+hash_mpibuf (cdk_pubkey_t pk, digest_hd_st * md, int usefpr)
{
byte buf[MAX_MPI_BYTES]; /* FIXME: do not use hardcoded length. */
size_t nbytes;
@@ -66,7 +66,7 @@ hash_mpibuf (cdk_pubkey_t pk, hash_hd_st * md, int usefpr)
MD. The @usefpr param is only valid for version 3 keys because of
the different way to calculate the fingerprint. */
cdk_error_t
-_cdk_hash_pubkey (cdk_pubkey_t pk, hash_hd_st * md, int usefpr)
+_cdk_hash_pubkey (cdk_pubkey_t pk, digest_hd_st * md, int usefpr)
{
byte buf[12];
size_t i, n, npkey;
@@ -113,7 +113,7 @@ _cdk_hash_pubkey (cdk_pubkey_t pk, hash_hd_st * md, int usefpr)
/* Hash the user ID @uid with the given message digest @md.
Use openpgp mode if @is_v4 is 1. */
cdk_error_t
-_cdk_hash_userid (cdk_pkt_userid_t uid, int is_v4, hash_hd_st * md)
+_cdk_hash_userid (cdk_pkt_userid_t uid, int is_v4, digest_hd_st * md)
{
const byte *data;
byte buf[5];
@@ -144,7 +144,7 @@ _cdk_hash_userid (cdk_pkt_userid_t uid, int is_v4, hash_hd_st * md)
/* Hash all parts of the signature which are needed to derive
the correct message digest to verify the sig. */
cdk_error_t
-_cdk_hash_sig_data (cdk_pkt_signature_t sig, hash_hd_st * md)
+_cdk_hash_sig_data (cdk_pkt_signature_t sig, digest_hd_st * md)
{
byte buf[4];
byte tmp;
@@ -227,7 +227,7 @@ cache_sig_result (cdk_pkt_signature_t sig, int res)
Use the digest handle @digest. */
cdk_error_t
_cdk_sig_check (cdk_pubkey_t pk, cdk_pkt_signature_t sig,
- hash_hd_st * digest, int *r_expired)
+ digest_hd_st * digest, int *r_expired)
{
cdk_error_t rc;
byte md[MAX_DIGEST_LEN];
@@ -272,7 +272,7 @@ _cdk_pk_check_sig (cdk_keydb_hd_t keydb,
cdk_kbnode_t knode, cdk_kbnode_t snode, int *is_selfsig,
char **ret_uid)
{
- hash_hd_st md;
+ digest_hd_st md;
int err;
cdk_pubkey_t pk;
cdk_pkt_signature_t sig;
@@ -297,7 +297,7 @@ _cdk_pk_check_sig (cdk_keydb_hd_t keydb,
pk = knode->pkt->pkt.public_key;
sig = snode->pkt->pkt.signature;
- err = _gnutls_hash_init (&md, sig->digest_algo, NULL, 0);
+ err = _gnutls_hash_init (&md, sig->digest_algo);
if (err < 0)
{
gnutls_assert ();
diff --git a/lib/opencdk/verify.c b/lib/opencdk/verify.c
index b2d046e555..1b17940787 100644
--- a/lib/opencdk/verify.c
+++ b/lib/opencdk/verify.c
@@ -170,7 +170,7 @@ static cdk_error_t
file_verify_clearsign (cdk_ctx_t hd, const char *file, const char *output)
{
cdk_stream_t inp = NULL, out = NULL, tmp = NULL;
- hash_hd_st md;
+ digest_hd_st md;
char buf[512], chk[512];
const char *s;
int i, is_signed = 0, nbytes;
@@ -241,7 +241,7 @@ file_verify_clearsign (cdk_ctx_t hd, const char *file, const char *output)
if (!digest_algo)
digest_algo = GNUTLS_DIG_MD5;
- err = _gnutls_hash_init (&md, digest_algo, NULL, 0);
+ err = _gnutls_hash_init (&md, digest_algo);
if (err < 0)
{
rc = map_gnutls_error (err);
diff --git a/lib/x509/crq.c b/lib/x509/crq.c
index a069be4ed0..0702a2c186 100644
--- a/lib/x509/crq.c
+++ b/lib/x509/crq.c
@@ -2293,7 +2293,7 @@ rsadsa_crq_get_key_id (gnutls_x509_crq_t crq, int pk,
int params_size = MAX_PUBLIC_PARAMS_SIZE;
int i, result = 0;
gnutls_datum_t der = { NULL, 0 };
- hash_hd_st hd;
+ digest_hd_st hd;
result = _gnutls_x509_crq_get_mpis (crq, params, &params_size);
if (result < 0)
@@ -2323,7 +2323,7 @@ rsadsa_crq_get_key_id (gnutls_x509_crq_t crq, int pk,
else
return GNUTLS_E_INTERNAL_ERROR;
- result = _gnutls_hash_init (&hd, GNUTLS_MAC_SHA1, NULL, 0);
+ result = _gnutls_hash_init (&hd, GNUTLS_MAC_SHA1);
if (result < 0)
{
gnutls_assert ();
diff --git a/lib/x509/pbkdf2-sha1.c b/lib/x509/pbkdf2-sha1.c
index f45f4d5604..f63a23fdc5 100644
--- a/lib/x509/pbkdf2-sha1.c
+++ b/lib/x509/pbkdf2-sha1.c
@@ -172,10 +172,10 @@ _gnutls_pbkdf2_sha1 (const char *P, size_t Plen,
tmp[Slen + 3] = (i & 0x000000ff) >> 0;
rc =
- _gnutls_hash_fast (GNUTLS_MAC_SHA1, P, Plen, tmp, tmplen, U);
+ _gnutls_hmac_fast (GNUTLS_MAC_SHA1, P, Plen, tmp, tmplen, U);
}
else
- rc = _gnutls_hash_fast (GNUTLS_MAC_SHA1, P, Plen, U, hLen, U);
+ rc = _gnutls_hmac_fast (GNUTLS_MAC_SHA1, P, Plen, U, hLen, U);
if (rc < 0)
{
diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c
index 6e04795cee..18d455d34f 100644
--- a/lib/x509/pkcs12.c
+++ b/lib/x509/pkcs12.c
@@ -871,7 +871,7 @@ gnutls_pkcs12_generate_mac (gnutls_pkcs12_t pkcs12, const char *pass)
opaque salt[8], key[20];
int result;
const int iter = 1;
- hash_hd_st td1;
+ digest_hd_st td1;
gnutls_datum_t tmp = { NULL, 0 };
opaque sha_mac[20];
@@ -937,17 +937,17 @@ gnutls_pkcs12_generate_mac (gnutls_pkcs12_t pkcs12, const char *pass)
/* MAC the data
*/
- result = _gnutls_hash_init (&td1, GNUTLS_MAC_SHA1, key, sizeof (key));
+ result = _gnutls_hmac_init (&td1, GNUTLS_MAC_SHA1, key, sizeof (key));
if (result < 0)
{
gnutls_assert ();
goto cleanup;
}
- _gnutls_hash (&td1, tmp.data, tmp.size);
+ _gnutls_hmac (&td1, tmp.data, tmp.size);
_gnutls_free_datum (&tmp);
- _gnutls_hash_deinit (&td1, sha_mac);
+ _gnutls_hmac_deinit (&td1, sha_mac);
result =
@@ -1005,7 +1005,7 @@ gnutls_pkcs12_verify_mac (gnutls_pkcs12_t pkcs12, const char *pass)
int result;
unsigned int iter;
int len;
- hash_hd_st td1;
+ digest_hd_st td1;
gnutls_datum_t tmp = { NULL, 0 }, salt =
{
NULL, 0};
@@ -1063,17 +1063,17 @@ gnutls_pkcs12_verify_mac (gnutls_pkcs12_t pkcs12, const char *pass)
/* MAC the data
*/
- result = _gnutls_hash_init (&td1, GNUTLS_MAC_SHA1, key, sizeof (key));
+ result = _gnutls_hmac_init (&td1, GNUTLS_MAC_SHA1, key, sizeof (key));
if (result < 0)
{
gnutls_assert ();
goto cleanup;
}
- _gnutls_hash (&td1, tmp.data, tmp.size);
+ _gnutls_hmac (&td1, tmp.data, tmp.size);
_gnutls_free_datum (&tmp);
- _gnutls_hash_deinit (&td1, sha_mac);
+ _gnutls_hmac_deinit (&td1, sha_mac);
len = sizeof (sha_mac_orig);
result =
diff --git a/lib/x509/pkcs12_encr.c b/lib/x509/pkcs12_encr.c
index e1ab6bbdd8..5569eba217 100644
--- a/lib/x509/pkcs12_encr.c
+++ b/lib/x509/pkcs12_encr.c
@@ -60,7 +60,7 @@ _gnutls_pkcs12_string_to_key (unsigned int id, const opaque * salt,
{
int rc;
unsigned int i, j;
- hash_hd_st md;
+ digest_hd_st md;
bigint_t num_b1 = NULL, num_ij = NULL;
bigint_t mpi512 = NULL;
unsigned int pwlen;
@@ -121,7 +121,7 @@ _gnutls_pkcs12_string_to_key (unsigned int id, const opaque * salt,
for (;;)
{
- rc = _gnutls_hash_init (&md, GNUTLS_MAC_SHA1, NULL, 0);
+ rc = _gnutls_hash_init (&md, GNUTLS_MAC_SHA1);
if (rc < 0)
{
gnutls_assert ();
@@ -136,7 +136,7 @@ _gnutls_pkcs12_string_to_key (unsigned int id, const opaque * salt,
_gnutls_hash_deinit (&md, hash);
for (i = 1; i < iter; i++)
{
- rc = _gnutls_hash_init (&md, GNUTLS_MAC_SHA1, NULL, 0);
+ rc = _gnutls_hash_init (&md, GNUTLS_MAC_SHA1);
if (rc < 0)
{
gnutls_assert ();
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index c713e77b0e..517e287934 100644
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -1402,7 +1402,7 @@ gnutls_x509_privkey_get_key_id (gnutls_x509_privkey_t key,
size_t * output_data_size)
{
int result;
- hash_hd_st hd;
+ digest_hd_st hd;
gnutls_datum_t der = { NULL, 0 };
if (key == NULL || key->crippled)
@@ -1442,7 +1442,7 @@ gnutls_x509_privkey_get_key_id (gnutls_x509_privkey_t key,
else
return GNUTLS_E_INTERNAL_ERROR;
- result = _gnutls_hash_init (&hd, GNUTLS_MAC_SHA1, NULL, 0);
+ result = _gnutls_hash_init (&hd, GNUTLS_MAC_SHA1);
if (result < 0)
{
gnutls_assert ();
diff --git a/lib/x509/sign.c b/lib/x509/sign.c
index 1b83dde556..53e223c47e 100644
--- a/lib/x509/sign.c
+++ b/lib/x509/sign.c
@@ -52,7 +52,7 @@ encode_ber_digest_info (gnutls_digest_algorithm_t hash,
int result;
const char *algo;
- algo = _gnutls_x509_mac_to_oid ((gnutls_digest_algorithm_t) hash);
+ algo = _gnutls_x509_mac_to_oid ((gnutls_mac_algorithm_t) hash);
if (algo == NULL)
{
gnutls_assert ();
@@ -133,10 +133,10 @@ pkcs1_rsa_sign (gnutls_digest_algorithm_t hash, const gnutls_datum_t * text,
{
int ret;
opaque _digest[MAX_HASH_SIZE];
- hash_hd_st hd;
+ digest_hd_st hd;
gnutls_datum_t digest, info;
- ret = _gnutls_hash_init (&hd, HASH2MAC (hash), NULL, 0);
+ ret = _gnutls_hash_init (&hd, HASH2MAC (hash));
if (ret < 0)
{
gnutls_assert ();
@@ -177,10 +177,10 @@ dsa_sign (const gnutls_datum_t * text,
{
int ret;
opaque _digest[MAX_HASH_SIZE];
- hash_hd_st hd;
+ digest_hd_st hd;
gnutls_datum_t digest;
- ret = _gnutls_hash_init (&hd, GNUTLS_MAC_SHA1, NULL, 0);
+ ret = _gnutls_hash_init (&hd, GNUTLS_MAC_SHA1);
if (ret < 0)
{
gnutls_assert ();
diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index 4b78480a71..2f8bc5c100 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -553,7 +553,7 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list,
*/
static int
decode_ber_digest_info (const gnutls_datum_t * info,
- gnutls_digest_algorithm_t * hash,
+ gnutls_mac_algorithm_t * hash,
opaque * digest, int *digest_size)
{
ASN1_TYPE dinfo = ASN1_TYPE_EMPTY;
@@ -635,11 +635,11 @@ _pkcs1_rsa_verify_sig (const gnutls_datum_t * text,
const gnutls_datum_t * signature, bigint_t * params,
int params_len)
{
- gnutls_digest_algorithm_t hash = GNUTLS_MAC_UNKNOWN;
+ gnutls_mac_algorithm_t hash = GNUTLS_MAC_UNKNOWN;
int ret;
opaque digest[MAX_HASH_SIZE], md[MAX_HASH_SIZE], *cmp;
int digest_size;
- hash_hd_st hd;
+ digest_hd_st hd;
gnutls_datum_t decrypted;
ret =
@@ -682,7 +682,7 @@ _pkcs1_rsa_verify_sig (const gnutls_datum_t * text,
return GNUTLS_E_INVALID_REQUEST;
}
- ret = _gnutls_hash_init (&hd, hash, NULL, 0);
+ ret = _gnutls_hash_init (&hd, hash);
if (ret < 0)
{
gnutls_assert ();
@@ -715,7 +715,7 @@ dsa_verify_sig (const gnutls_datum_t * text,
int ret;
opaque _digest[MAX_HASH_SIZE];
gnutls_datum_t digest;
- hash_hd_st hd;
+ digest_hd_st hd;
if (hash && hash->data && hash->size == 20)
{
@@ -723,7 +723,7 @@ dsa_verify_sig (const gnutls_datum_t * text,
}
else
{
- ret = _gnutls_hash_init (&hd, GNUTLS_MAC_SHA1, NULL, 0);
+ ret = _gnutls_hash_init (&hd, GNUTLS_MAC_SHA1);
if (ret < 0)
{
gnutls_assert ();
@@ -785,7 +785,7 @@ verify_sig (const gnutls_datum_t * tbs,
}
int
-_gnutls_x509_verify_algorithm (gnutls_digest_algorithm_t * hash,
+_gnutls_x509_verify_algorithm (gnutls_mac_algorithm_t * hash,
const gnutls_datum_t * signature,
const gnutls_x509_crt_t issuer)
{
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index 172a64b078..dfd578752f 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -2213,7 +2213,7 @@ rsadsa_get_key_id (gnutls_x509_crt_t crt, int pk,
int params_size = MAX_PUBLIC_PARAMS_SIZE;
int i, result = 0;
gnutls_datum_t der = { NULL, 0 };
- hash_hd_st hd;
+ digest_hd_st hd;
result = _gnutls_x509_crt_get_mpis (crt, params, &params_size);
if (result < 0)
@@ -2243,7 +2243,7 @@ rsadsa_get_key_id (gnutls_x509_crt_t crt, int pk,
else
return GNUTLS_E_INTERNAL_ERROR;
- result = _gnutls_hash_init (&hd, GNUTLS_MAC_SHA1, NULL, 0);
+ result = _gnutls_hash_init (&hd, GNUTLS_MAC_SHA1);
if (result < 0)
{
gnutls_assert ();
@@ -2496,7 +2496,7 @@ gnutls_x509_crt_get_verify_algorithm (gnutls_x509_crt_t crt,
return GNUTLS_E_INVALID_REQUEST;
}
- return _gnutls_x509_verify_algorithm ((gnutls_digest_algorithm_t *) hash,
+ return _gnutls_x509_verify_algorithm ((gnutls_mac_algorithm_t *) hash,
signature, crt);
}
diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h
index f3b30169be..c749123a07 100644
--- a/lib/x509/x509_int.h
+++ b/lib/x509/x509_int.h
@@ -184,7 +184,7 @@ int _gnutls_parse_general_name (ASN1_TYPE src, const char *src_name,
/* verify.c */
int gnutls_x509_crt_is_issuer (gnutls_x509_crt_t cert,
gnutls_x509_crt_t issuer);
-int _gnutls_x509_verify_algorithm(gnutls_digest_algorithm_t *hash,
+int _gnutls_x509_verify_algorithm(gnutls_mac_algorithm_t *hash,
const gnutls_datum_t * signature,
const gnutls_x509_crt_t crt);
int _gnutls_x509_verify_signature (const gnutls_datum_t * tbs,
diff --git a/libextra/fipsmd5.c b/libextra/fipsmd5.c
index a0853ba7e7..43939c82b1 100644
--- a/libextra/fipsmd5.c
+++ b/libextra/fipsmd5.c
@@ -27,6 +27,48 @@
#include <md5.h>
#include <hmac.h>
+static int
+md5init (void **ctx)
+{
+ *ctx = gnutls_malloc (sizeof (struct md5_ctx));
+ if (!*ctx)
+ return GNUTLS_E_MEMORY_ERROR;
+ md5_init_ctx (*ctx);
+ return 0;
+}
+
+static int
+md5hash (void *ctx, const void *text, size_t textsize)
+{
+ md5_process_bytes (text, textsize, ctx);
+ return 0;
+}
+
+static int
+md5copy (void **dst_ctx, void *src_ctx)
+{
+ *dst_ctx = gnutls_malloc (sizeof (struct md5_ctx));
+ if (!*dst_ctx)
+ return GNUTLS_E_MEMORY_ERROR;
+ memcpy (*dst_ctx, src_ctx, sizeof (struct md5_ctx));
+ return 0;
+}
+
+static int
+md5output (void *src_ctx, void *digest, size_t digestsize)
+{
+ char out[MD5_DIGEST_SIZE];
+ md5_finish_ctx (src_ctx, out);
+ memcpy (digest, out, digestsize);
+ return 0;
+}
+
+static void
+md5deinit (void *ctx)
+{
+ gnutls_free (ctx);
+}
+
struct hmacctx
{
char *data;
@@ -36,7 +78,7 @@ struct hmacctx
};
static int
-hmacmd5init (gnutls_digest_algorithm_t ign, void **ctx)
+hmacmd5init (void **ctx)
{
struct hmacctx *p;
@@ -96,7 +138,7 @@ hmacmd5copy (void **dst_ctx, void *src_ctx)
struct hmacctx *p = src_ctx;
struct hmacctx *q;
- q = gnutls_calloc (1, sizeof (struct hmacctx));
+ q = gnutls_malloc (sizeof (struct hmacctx));
if (!q)
return -1;
@@ -109,18 +151,15 @@ hmacmd5copy (void **dst_ctx, void *src_ctx)
memcpy (q->data, p->data, p->datasize);
q->datasize = p->datasize;
- if (p->key)
+ q->key = gnutls_malloc (p->keysize);
+ if (!q->key)
{
- q->key = gnutls_malloc (p->keysize);
- if (!q->key)
- {
- gnutls_free (q);
- gnutls_free (q->data);
- return -1;
- }
- memcpy (q->key, p->key, p->keysize);
- q->keysize = p->keysize;
+ gnutls_free (q);
+ gnutls_free (q->data);
+ return -1;
}
+ memcpy (q->key, p->key, p->keysize);
+ q->keysize = p->keysize;
*dst_ctx = q;
@@ -156,7 +195,16 @@ hmacmd5deinit (void *ctx)
gnutls_free (p);
}
-static gnutls_crypto_digest_st mac = {
+static gnutls_crypto_single_digest_st dig = {
+ md5init,
+ NULL,
+ md5hash,
+ md5copy,
+ md5output,
+ md5deinit
+};
+
+static gnutls_crypto_single_mac_st mac = {
hmacmd5init,
hmacmd5setkey,
hmacmd5hash,
@@ -182,7 +230,11 @@ gnutls_register_md5_handler (void)
{
int ret;
- ret = gnutls_crypto_single_digest_register (GNUTLS_DIG_MD5, INT_MAX, &mac);
+ ret = gnutls_crypto_single_digest_register (GNUTLS_DIG_MD5, INT_MAX, &dig);
+ if (ret)
+ return ret;
+
+ ret = gnutls_crypto_single_mac_register (GNUTLS_MAC_MD5, INT_MAX, &mac);
if (ret)
return ret;
diff --git a/libextra/gnutls_openssl.c b/libextra/gnutls_openssl.c
index 56aa0dbee7..fee62f6b49 100644
--- a/libextra/gnutls_openssl.c
+++ b/libextra/gnutls_openssl.c
@@ -1009,10 +1009,10 @@ RAND_egd_bytes (const char *path, int bytes)
void
MD5_Init (MD5_CTX * ctx)
{
- ctx->handle = gnutls_malloc (sizeof (hash_hd_st));
+ ctx->handle = gnutls_malloc (sizeof (digest_hd_st));
if (!ctx->handle)
abort ();
- _gnutls_hash_init (ctx->handle, GNUTLS_DIG_MD5, NULL, 0);
+ _gnutls_hash_init (ctx->handle, GNUTLS_DIG_MD5);
}
void
@@ -1034,7 +1034,7 @@ MD5 (const unsigned char *buf, unsigned long len, unsigned char *md)
if (!md)
return NULL;
- _gnutls_hash_fast (GNUTLS_DIG_MD5, buf, len, NULL, 0, md);
+ _gnutls_hash_fast (GNUTLS_DIG_MD5, buf, len, md);
return md;
}
@@ -1042,10 +1042,10 @@ MD5 (const unsigned char *buf, unsigned long len, unsigned char *md)
void
RIPEMD160_Init (RIPEMD160_CTX * ctx)
{
- ctx->handle = gnutls_malloc (sizeof (hash_hd_st));
+ ctx->handle = gnutls_malloc (sizeof (digest_hd_st));
if (!ctx->handle)
abort ();
- _gnutls_hash_init (ctx->handle, GNUTLS_DIG_RMD160, NULL, 0);
+ _gnutls_hash_init (ctx->handle, GNUTLS_DIG_RMD160);
}
void
@@ -1067,7 +1067,7 @@ RIPEMD160 (const unsigned char *buf, unsigned long len, unsigned char *md)
if (!md)
return NULL;
- _gnutls_hash_fast (GNUTLS_DIG_RMD160, buf, len, NULL, 0, md);
+ _gnutls_hash_fast (GNUTLS_DIG_RMD160, buf, len, md);
return md;
}