summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--configure.ac2
-rw-r--r--lib/nettle/pk.c10
-rw-r--r--tests/Makefile.am2
-rw-r--r--tests/cipher-alignment.c (renamed from tests/mini-alignment.c)28
4 files changed, 16 insertions, 26 deletions
diff --git a/configure.ac b/configure.ac
index 71e655771d..72eee10d58 100644
--- a/configure.ac
+++ b/configure.ac
@@ -562,7 +562,7 @@ AC_ARG_ENABLE(non-suiteb-curves,
if test "$enable_non_suiteb" = "yes";then
dnl nettle_secp_192r1 is not really a function
- AC_CHECK_LIB(hogweed, nettle_secp_192r1, enable_non_suiteb=yes, enable_non_suiteb=no, [$HOGWEED_LIBS $NETTLE_LIBS])
+ AC_CHECK_LIB(hogweed, nettle_get_secp_192r1, enable_non_suiteb=yes, enable_non_suiteb=no, [$HOGWEED_LIBS $NETTLE_LIBS])
if test "$enable_non_suiteb" = "yes";then
AC_DEFINE([ENABLE_NON_SUITEB_CURVES], 1, [Enable all curves])
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index b2d27cf74a..b65b1b2465 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -1327,16 +1327,6 @@ _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo,
return ret;
}
-#if !defined(NETTLE_VERSION_MAJOR) || (NETTLE_VERSION_MAJOR < 3 || (NETTLE_VERSION_MAJOR == 3 && NETTLE_VERSION_MINOR < 4))
-# ifdef ENABLE_NON_SUITEB_CURVES
-# define nettle_get_secp_192r1() &nettle_secp_192r1
-# define nettle_get_secp_224r1() &nettle_secp_224r1
-# endif
-# define nettle_get_secp_256r1() &nettle_secp_256r1
-# define nettle_get_secp_384r1() &nettle_secp_384r1
-# define nettle_get_secp_521r1() &nettle_secp_521r1
-#endif
-
static inline const struct ecc_curve *get_supported_nist_curve(int curve)
{
switch (curve) {
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 075c2728f3..f08f76d0dd 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -174,7 +174,7 @@ ctests += mini-record-2 simple gnutls_hmac_fast set_pkcs12_cred cert certuniquei
tls13-cert-key-exchange x509-cert-callback-ocsp gnutls_ocsp_resp_list_import2 \
server-sign-md5-rep privkey-keygen mini-tls-nonblock no-signal pkcs7-gen dtls-etm \
x509sign-verify-rsa x509sign-verify-ecdsa x509sign-verify-gost \
- mini-alignment oids atfork prf psk-file priority-init2 post-client-hello-change-prio \
+ cipher-alignment oids atfork prf psk-file priority-init2 post-client-hello-change-prio \
status-request status-request-ok rfc7633-missing sign-verify-ext \
fallback-scsv pkcs8-key-decode urls dtls-rehandshake-cert rfc7633-ok \
key-usage-rsa key-usage-ecdhe-rsa mini-session-verify-function auto-verify \
diff --git a/tests/mini-alignment.c b/tests/cipher-alignment.c
index 96f3d5b93a..0537c58186 100644
--- a/tests/mini-alignment.c
+++ b/tests/cipher-alignment.c
@@ -60,7 +60,7 @@ int main(int argc, char **argv)
#include "ex-session-info.c"
#include "ex-x509-info.c"
-pid_t child;
+static pid_t child;
static void tls_log_func(int level, const char *str)
{
@@ -68,10 +68,6 @@ static void tls_log_func(int level, const char *str)
str);
}
-/* A very basic TLS client, with anonymous authentication.
- */
-
-
#define MAX_BUF 1024
#define MSG "Hello TLS"
@@ -125,18 +121,17 @@ static unsigned char key_pem[] =
const gnutls_datum_t key = { key_pem, sizeof(key_pem) };
struct myaes_ctx {
- struct aes_ctx aes;
+ struct aes128_ctx aes;
unsigned char iv[16];
int enc;
};
+static unsigned aes_init = 0;
+
static int
myaes_init(gnutls_cipher_algorithm_t algorithm, void **_ctx, int enc)
{
- /* we use key size to distinguish */
- if (algorithm != GNUTLS_CIPHER_AES_128_CBC
- && algorithm != GNUTLS_CIPHER_AES_192_CBC
- && algorithm != GNUTLS_CIPHER_AES_256_CBC)
+ if (algorithm != GNUTLS_CIPHER_AES_128_CBC)
return GNUTLS_E_INVALID_REQUEST;
*_ctx = calloc(1, sizeof(struct myaes_ctx));
@@ -145,6 +140,7 @@ myaes_init(gnutls_cipher_algorithm_t algorithm, void **_ctx, int enc)
}
((struct myaes_ctx *) (*_ctx))->enc = enc;
+ aes_init = 1;
return 0;
}
@@ -154,10 +150,12 @@ myaes_setkey(void *_ctx, const void *userkey, size_t keysize)
{
struct myaes_ctx *ctx = _ctx;
+ assert(keysize == 16);
+
if (ctx->enc)
- aes_set_encrypt_key(&ctx->aes, keysize, userkey);
+ aes128_set_encrypt_key(&ctx->aes, userkey);
else
- aes_set_decrypt_key(&ctx->aes, keysize, userkey);
+ aes128_set_decrypt_key(&ctx->aes, userkey);
return 0;
}
@@ -186,7 +184,7 @@ myaes_encrypt(void *_ctx, const void *src, size_t src_size,
fail("encrypt: dest is not 16-byte aligned: %lu\n", ((unsigned long)dst)%16);
}
- cbc_encrypt(&ctx->aes, (nettle_cipher_func*)aes_encrypt, 16, ctx->iv, src_size, dst, src);
+ cbc_encrypt(&ctx->aes, (nettle_cipher_func*)aes128_encrypt, 16, ctx->iv, src_size, dst, src);
return 0;
}
@@ -206,7 +204,7 @@ myaes_decrypt(void *_ctx, const void *src, size_t src_size,
}
#endif
- cbc_decrypt(&ctx->aes, (nettle_cipher_func*)aes_decrypt, 16, ctx->iv, src_size, dst, src);
+ cbc_decrypt(&ctx->aes, (nettle_cipher_func*)aes128_decrypt, 16, ctx->iv, src_size, dst, src);
return 0;
}
@@ -516,6 +514,8 @@ void doit(void)
start("NORMAL:-CIPHER-ALL:+AES-128-CBC:-VERS-ALL:+VERS-TLS1.1");
start("NORMAL:-CIPHER-ALL:+AES-128-CBC:-VERS-ALL:+VERS-TLS1.2");
+ assert(aes_init != 0);
+
gnutls_global_deinit();
}