Niels Möller nisse@lysator.liu.se writes:
I've decided to start doing some of the cleanup changes that will break ABI and/or API (which has been stable since nettle-3.6, released 5 years ago). [...] the most disruptive one is dropping the length argument for the various _digest functions (https://git.lysator.liu.se/nettle/nettle/-/issues/5).
Changes to drop the digest size is now on branch delete-digest_func-size (https://git.lysator.liu.se/nettle/nettle/-/tree/delete-digest_func-size). Unsurprisingly breaks the gnutls build, see https://gitlab.com/gnutls/nettle/-/jobs/9379366785.
Below is a crude patch that makes GnuTLS compile successfully (but fails a few of the tests; I don't fully understand the GnuTLS abstractions, my best guess is that there are a few digest calls that really want a truncated hash).
GnuTLS (as well as other applications) that wants to work with nettle both before and after this transition can either use a configure test for affected functions that they use, or check NETTLE_VERSION_MAJOR >= 4 (defined in nettle/version.h).
For GnuTLS, I would suggest to have internal interfaces for hash functions follow Nettle and only support a fixed size, and then wrappers around nettle functions can include or omit the constant digest size argument depending on nettle version. But may need to introduce a separate abstraction for shake, which does have variable output size.
Any comments or suggestions before I merge this change?
I have made a couple of other breaking deletions: rsa-compat, dsa-compat, openpgp, the deprecated variant of the aes api, for a total of more than 2000 deleted lines. I think these are less likely to cause trouble.
Regards, /Niels
diff --git a/lib/accelerated/x86/aes-gcm-padlock.c b/lib/accelerated/x86/aes-gcm-padlock.c index 7772eb9eb..11b3d82bf 100644 --- a/lib/accelerated/x86/aes-gcm-padlock.c +++ b/lib/accelerated/x86/aes-gcm-padlock.c @@ -176,8 +176,12 @@ static int aes_gcm_auth(void *_ctx, const void *src, size_t src_size) static void aes_gcm_tag(void *_ctx, void *tag, size_t tagsize) { struct gcm_padlock_aes_ctx *ctx = _ctx; + if (tagsize != 16) { + gnutls_assert(); + return; + }
- GCM_DIGEST(&ctx->inner, padlock_aes_encrypt, tagsize, tag); + GCM_DIGEST(&ctx->inner, padlock_aes_encrypt, tag); }
#include "aes-gcm-aead.h" diff --git a/lib/accelerated/x86/aes-gcm-x86-aesni.c b/lib/accelerated/x86/aes-gcm-x86-aesni.c index d7865ff96..edeaf04cf 100644 --- a/lib/accelerated/x86/aes-gcm-x86-aesni.c +++ b/lib/accelerated/x86/aes-gcm-x86-aesni.c @@ -169,7 +169,12 @@ static void aes_gcm_tag(void *_ctx, void *tag, size_t tagsize) { struct gcm_x86_aes_ctx *ctx = _ctx;
- GCM_DIGEST(&ctx->inner, x86_aes_encrypt, tagsize, tag); + if (tagsize != 16) { + gnutls_assert(); + return; + } + + GCM_DIGEST(&ctx->inner, x86_aes_encrypt, tag); }
static void aes_gcm_deinit(void *_ctx) diff --git a/lib/accelerated/x86/aes-gcm-x86-ssse3.c b/lib/accelerated/x86/aes-gcm-x86-ssse3.c index 6bad1a497..2d8352177 100644 --- a/lib/accelerated/x86/aes-gcm-x86-ssse3.c +++ b/lib/accelerated/x86/aes-gcm-x86-ssse3.c @@ -177,8 +177,11 @@ static int aes_gcm_auth(void *_ctx, const void *src, size_t src_size) static void aes_gcm_tag(void *_ctx, void *tag, size_t tagsize) { struct gcm_x86_aes_ctx *ctx = _ctx; - - GCM_DIGEST(&ctx->inner, x86_aes_encrypt, tagsize, tag); + if (tagsize != 16) { + gnutls_assert(); + return; + } + GCM_DIGEST(&ctx->inner, x86_aes_encrypt, tag); }
static void aes_gcm_deinit(void *_ctx) diff --git a/lib/accelerated/x86/hmac-padlock.c b/lib/accelerated/x86/hmac-padlock.c index 18003c160..3faebcf80 100644 --- a/lib/accelerated/x86/hmac-padlock.c +++ b/lib/accelerated/x86/hmac-padlock.c @@ -42,7 +42,7 @@ #define MAX_SHA_DIGEST_SIZE (512 / 8)
typedef void (*update_func)(void *, size_t, const uint8_t *); -typedef void (*digest_func)(void *, size_t, uint8_t *); +typedef void (*digest_func)(void *, uint8_t *); typedef void (*set_key_func)(void *, size_t, const uint8_t *);
struct padlock_hmac_ctx { @@ -74,10 +74,10 @@ static void padlock_hmac_sha1_update(struct hmac_sha1_ctx *ctx, size_t length, padlock_sha1_update(&ctx->state, length, data); }
-static void padlock_hmac_sha1_digest(struct hmac_sha1_ctx *ctx, size_t length, +static void padlock_hmac_sha1_digest(struct hmac_sha1_ctx *ctx, uint8_t *digest) { - HMAC_DIGEST(ctx, &padlock_sha1, length, digest); + HMAC_DIGEST(ctx, &padlock_sha1, digest); }
static void padlock_hmac_sha256_set_key(struct hmac_sha256_ctx *ctx, @@ -92,10 +92,9 @@ static void padlock_hmac_sha256_update(struct hmac_sha256_ctx *ctx, padlock_sha256_update(&ctx->state, length, data); }
-static void padlock_hmac_sha256_digest(struct hmac_sha256_ctx *ctx, - size_t length, uint8_t *digest) +static void padlock_hmac_sha256_digest(struct hmac_sha256_ctx *ctx, uint8_t *digest) { - HMAC_DIGEST(ctx, &padlock_sha256, length, digest); + HMAC_DIGEST(ctx, &padlock_sha256, digest); }
static void padlock_hmac_sha224_set_key(struct hmac_sha224_ctx *ctx, @@ -105,9 +104,9 @@ static void padlock_hmac_sha224_set_key(struct hmac_sha224_ctx *ctx, }
static void padlock_hmac_sha224_digest(struct hmac_sha224_ctx *ctx, - size_t length, uint8_t *digest) + uint8_t *digest) { - HMAC_DIGEST(ctx, &padlock_sha224, length, digest); + HMAC_DIGEST(ctx, &padlock_sha224, digest); }
static void padlock_hmac_sha384_set_key(struct hmac_sha384_ctx *ctx, @@ -117,9 +116,9 @@ static void padlock_hmac_sha384_set_key(struct hmac_sha384_ctx *ctx, }
static void padlock_hmac_sha384_digest(struct hmac_sha384_ctx *ctx, - size_t length, uint8_t *digest) + uint8_t *digest) { - HMAC_DIGEST(ctx, &padlock_sha384, length, digest); + HMAC_DIGEST(ctx, &padlock_sha384, digest); }
static void padlock_hmac_sha512_set_key(struct hmac_sha512_ctx *ctx, @@ -135,9 +134,9 @@ static void padlock_hmac_sha512_update(struct hmac_sha512_ctx *ctx, }
static void padlock_hmac_sha512_digest(struct hmac_sha512_ctx *ctx, - size_t length, uint8_t *digest) + uint8_t *digest) { - HMAC_DIGEST(ctx, &padlock_sha512, length, digest); + HMAC_DIGEST(ctx, &padlock_sha512, digest); }
static int _hmac_ctx_init(gnutls_mac_algorithm_t algo, @@ -257,7 +256,7 @@ static int wrap_padlock_hmac_output(void *src_ctx, void *digest, return GNUTLS_E_SHORT_MEMORY_BUFFER; }
- ctx->digest(ctx->ctx_ptr, digestsize, digest); + ctx->digest(ctx->ctx_ptr, digest);
return 0; } diff --git a/lib/accelerated/x86/hmac-x86-ssse3.c b/lib/accelerated/x86/hmac-x86-ssse3.c index 178837d58..ef9558517 100644 --- a/lib/accelerated/x86/hmac-x86-ssse3.c +++ b/lib/accelerated/x86/hmac-x86-ssse3.c @@ -37,7 +37,7 @@ #ifdef HAVE_LIBNETTLE
typedef void (*update_func)(void *, size_t, const uint8_t *); -typedef void (*digest_func)(void *, size_t, uint8_t *); +typedef void (*digest_func)(void *, uint8_t *); typedef void (*set_key_func)(void *, size_t, const uint8_t *);
struct x86_hmac_ctx { @@ -69,10 +69,10 @@ static void x86_hmac_sha1_update(struct hmac_sha1_ctx *ctx, size_t length, x86_sha1_update(&ctx->state, length, data); }
-static void x86_hmac_sha1_digest(struct hmac_sha1_ctx *ctx, size_t length, +static void x86_hmac_sha1_digest(struct hmac_sha1_ctx *ctx, uint8_t *digest) { - HMAC_DIGEST(ctx, &x86_sha1, length, digest); + HMAC_DIGEST(ctx, &x86_sha1, digest); }
static void x86_hmac_sha256_set_key(struct hmac_sha256_ctx *ctx, @@ -87,10 +87,10 @@ static void x86_hmac_sha256_update(struct hmac_sha256_ctx *ctx, size_t length, x86_sha256_update(&ctx->state, length, data); }
-static void x86_hmac_sha256_digest(struct hmac_sha256_ctx *ctx, size_t length, +static void x86_hmac_sha256_digest(struct hmac_sha256_ctx *ctx, uint8_t *digest) { - HMAC_DIGEST(ctx, &x86_sha256, length, digest); + HMAC_DIGEST(ctx, &x86_sha256, digest); }
static void x86_hmac_sha224_set_key(struct hmac_sha224_ctx *ctx, @@ -99,10 +99,10 @@ static void x86_hmac_sha224_set_key(struct hmac_sha224_ctx *ctx, HMAC_SET_KEY(ctx, &x86_sha224, key_length, key); }
-static void x86_hmac_sha224_digest(struct hmac_sha224_ctx *ctx, size_t length, +static void x86_hmac_sha224_digest(struct hmac_sha224_ctx *ctx, uint8_t *digest) { - HMAC_DIGEST(ctx, &x86_sha224, length, digest); + HMAC_DIGEST(ctx, &x86_sha224, digest); }
static void x86_hmac_sha384_set_key(struct hmac_sha384_ctx *ctx, @@ -111,10 +111,10 @@ static void x86_hmac_sha384_set_key(struct hmac_sha384_ctx *ctx, HMAC_SET_KEY(ctx, &x86_sha384, key_length, key); }
-static void x86_hmac_sha384_digest(struct hmac_sha384_ctx *ctx, size_t length, +static void x86_hmac_sha384_digest(struct hmac_sha384_ctx *ctx, uint8_t *digest) { - HMAC_DIGEST(ctx, &x86_sha384, length, digest); + HMAC_DIGEST(ctx, &x86_sha384, digest); }
static void x86_hmac_sha512_set_key(struct hmac_sha512_ctx *ctx, @@ -129,10 +129,10 @@ static void x86_hmac_sha512_update(struct hmac_sha512_ctx *ctx, size_t length, x86_sha512_update(&ctx->state, length, data); }
-static void x86_hmac_sha512_digest(struct hmac_sha512_ctx *ctx, size_t length, +static void x86_hmac_sha512_digest(struct hmac_sha512_ctx *ctx, uint8_t *digest) { - HMAC_DIGEST(ctx, &x86_sha512, length, digest); + HMAC_DIGEST(ctx, &x86_sha512, digest); }
static int _hmac_ctx_init(gnutls_mac_algorithm_t algo, struct x86_hmac_ctx *ctx) @@ -249,7 +249,7 @@ static int wrap_x86_hmac_output(void *src_ctx, void *digest, size_t digestsize) return GNUTLS_E_SHORT_MEMORY_BUFFER; }
- ctx->digest(ctx->ctx_ptr, digestsize, digest); + ctx->digest(ctx->ctx_ptr, digest);
return 0; } @@ -276,7 +276,7 @@ static int wrap_x86_hmac_fast(gnutls_mac_algorithm_t algo, const void *nonce,
ctx.setkey(&ctx, key_size, key); ctx.update(&ctx, text_size, text); - ctx.digest(&ctx, ctx.length, digest); + ctx.digest(&ctx, digest);
zeroize_temp_key(&ctx, sizeof(ctx));
diff --git a/lib/accelerated/x86/sha-padlock.c b/lib/accelerated/x86/sha-padlock.c index 84c2a68a6..433f77ce5 100644 --- a/lib/accelerated/x86/sha-padlock.c +++ b/lib/accelerated/x86/sha-padlock.c @@ -35,7 +35,7 @@ #ifdef HAVE_LIBNETTLE
typedef void (*update_func)(void *, size_t, const uint8_t *); -typedef void (*digest_func)(void *, size_t, uint8_t *); +typedef void (*digest_func)(void *, uint8_t *); typedef void (*set_key_func)(void *, size_t, const uint8_t *); typedef void (*init_func)(void *);
@@ -129,13 +129,10 @@ static void _nettle_write_be32(unsigned length, uint8_t *dst, uint32_t *src) } }
-static void padlock_sha1_digest(struct sha1_ctx *ctx, size_t length, - uint8_t *digest) +static void padlock_sha1_digest(struct sha1_ctx *ctx, uint8_t *digest) { uint64_t bit_count;
- assert(length <= SHA1_DIGEST_SIZE); - MD_PAD(ctx, 8, SHA1_COMPRESS);
/* There are 512 = 2^9 bits in one block */ @@ -145,16 +142,13 @@ static void padlock_sha1_digest(struct sha1_ctx *ctx, size_t length, WRITE_UINT64(ctx->block + (SHA1_BLOCK_SIZE - 8), bit_count); SHA1_COMPRESS(ctx, ctx->block);
- _nettle_write_be32(length, digest, ctx->state); + _nettle_write_be32(SHA1_DIGEST_SIZE, digest, ctx->state); }
-static void padlock_sha256_digest(struct sha256_ctx *ctx, size_t length, - uint8_t *digest) +static void padlock_sha256_digest(struct sha256_ctx *ctx, uint8_t *digest) { uint64_t bit_count;
- assert(length <= SHA256_DIGEST_SIZE); - MD_PAD(ctx, 8, SHA256_COMPRESS);
/* There are 512 = 2^9 bits in one block */ @@ -166,19 +160,14 @@ static void padlock_sha256_digest(struct sha256_ctx *ctx, size_t length, WRITE_UINT64(ctx->block + (SHA256_BLOCK_SIZE - 8), bit_count); SHA256_COMPRESS(ctx, ctx->block);
- _nettle_write_be32(length, digest, ctx->state); + _nettle_write_be32(SHA256_DIGEST_SIZE, digest, ctx->state); }
-static void padlock_sha512_digest(struct sha512_ctx *ctx, size_t length, - uint8_t *digest) +static void padlock_sha512_digest(struct sha512_ctx *ctx, uint8_t *digest) { uint64_t high, low;
unsigned i; - unsigned words; - unsigned leftover; - - assert(length <= SHA512_DIGEST_SIZE);
MD_PAD(ctx, 16, SHA512_COMPRESS);
@@ -193,21 +182,8 @@ static void padlock_sha512_digest(struct sha512_ctx *ctx, size_t length, WRITE_UINT64(ctx->block + (SHA512_DATA_SIZE - 8), low); SHA512_COMPRESS(ctx, ctx->block);
- words = length / 8; - leftover = length % 8; - - for (i = 0; i < words; i++, digest += 8) + for (i = 0; i < 8; i++, digest += 8) WRITE_UINT64(digest, ctx->state[i]); - - if (leftover) { - /* Truncate to the right size */ - uint64_t word = ctx->state[i] >> (8 * (8 - leftover)); - - do { - digest[--leftover] = word & 0xff; - word >>= 8; - } while (leftover); - } }
static int _ctx_init(gnutls_digest_algorithm_t algo, @@ -309,10 +285,10 @@ static int wrap_padlock_hash_output(void *src_ctx, void *digest, struct padlock_hash_ctx *ctx; ctx = src_ctx;
- if (digestsize < ctx->length) + if (digestsize != ctx->length) return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
- ctx->digest(ctx->ctx_ptr, digestsize, digest); + ctx->digest(ctx->ctx_ptr, digest);
ctx->init(ctx->ctx_ptr);
diff --git a/lib/accelerated/x86/sha-x86-ssse3.c b/lib/accelerated/x86/sha-x86-ssse3.c index 2c93bc944..9867ba080 100644 --- a/lib/accelerated/x86/sha-x86-ssse3.c +++ b/lib/accelerated/x86/sha-x86-ssse3.c @@ -36,7 +36,7 @@ void sha256_block_data_order(void *c, const void *p, size_t len); void sha512_block_data_order(void *c, const void *p, size_t len);
typedef void (*update_func)(void *, size_t, const uint8_t *); -typedef void (*digest_func)(void *, size_t, uint8_t *); +typedef void (*digest_func)(void *, uint8_t *); typedef void (*set_key_func)(void *, size_t, const uint8_t *); typedef void (*init_func)(void *);
@@ -325,7 +325,7 @@ static int wrap_x86_hash_output(void *src_ctx, void *digest, size_t digestsize) if (digestsize < ctx->length) return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
- ctx->digest(ctx->ctx_ptr, digestsize, digest); + ctx->digest(ctx->ctx_ptr, digest);
return 0; } @@ -341,7 +341,7 @@ static int wrap_x86_hash_fast(gnutls_digest_algorithm_t algo, const void *text, return gnutls_assert_val(ret);
ctx.update(&ctx, text_size, text); - ctx.digest(&ctx, ctx.length, digest); + ctx.digest(&ctx, digest);
return 0; } diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c index f5db2e504..a472cf09a 100644 --- a/lib/nettle/cipher.c +++ b/lib/nettle/cipher.c @@ -1425,8 +1425,8 @@ static int wrap_nettle_cipher_aead_encrypt(void *_ctx, const void *nonce, ctx->cipher->auth(ctx->ctx_ptr, auth_size, auth);
ctx->cipher->encrypt(ctx, plain_size, encr, plain); - - ctx->cipher->tag(ctx->ctx_ptr, tag_size, + /* FIXME: Check tag_size is as expected. */ + ctx->cipher->tag(ctx->ctx_ptr, ((uint8_t *)encr) + plain_size); } else { /* CCM-style cipher */ @@ -1506,7 +1506,8 @@ static int wrap_nettle_cipher_aead_decrypt(void *_ctx, const void *nonce,
ctx->cipher->decrypt(ctx, encr_size, plain, encr);
- ctx->cipher->tag(ctx->ctx_ptr, tag_size, tag); + /* FIXME: Check tag_size is as expected. */ + ctx->cipher->tag(ctx->ctx_ptr, tag);
if (gnutls_memcmp(((uint8_t *)encr) + encr_size, tag, tag_size) != 0) @@ -1574,8 +1575,8 @@ static int wrap_nettle_cipher_auth(void *_ctx, const void *plain, static void wrap_nettle_cipher_tag(void *_ctx, void *tag, size_t tag_size) { struct nettle_cipher_ctx *ctx = _ctx; - - ctx->cipher->tag(ctx->ctx_ptr, tag_size, tag); + /* FIXME: Check tag_size is as expected. */ + ctx->cipher->tag(ctx->ctx_ptr, tag); }
static void wrap_nettle_cipher_close(void *_ctx) diff --git a/lib/nettle/gost/cmac-kuznyechik.c b/lib/nettle/gost/cmac-kuznyechik.c index 964141103..68c4c358f 100644 --- a/lib/nettle/gost/cmac-kuznyechik.c +++ b/lib/nettle/gost/cmac-kuznyechik.c @@ -44,9 +44,9 @@ void cmac_kuznyechik_update(struct cmac_kuznyechik_ctx *ctx, size_t length, CMAC128_UPDATE(ctx, kuznyechik_encrypt, length, data); }
-void cmac_kuznyechik_digest(struct cmac_kuznyechik_ctx *ctx, size_t length, +void cmac_kuznyechik_digest(struct cmac_kuznyechik_ctx *ctx, uint8_t *digest) { - CMAC128_DIGEST(ctx, kuznyechik_encrypt, length, digest); + CMAC128_DIGEST(ctx, kuznyechik_encrypt, digest); } #endif diff --git a/lib/nettle/gost/cmac-magma.c b/lib/nettle/gost/cmac-magma.c index b8e6d58d1..6202760e8 100644 --- a/lib/nettle/gost/cmac-magma.c +++ b/lib/nettle/gost/cmac-magma.c @@ -44,9 +44,9 @@ void cmac_magma_update(struct cmac_magma_ctx *ctx, size_t length, CMAC64_UPDATE(ctx, magma_encrypt, length, data); }
-void cmac_magma_digest(struct cmac_magma_ctx *ctx, size_t length, +void cmac_magma_digest(struct cmac_magma_ctx *ctx, uint8_t *digest) { - CMAC64_DIGEST(ctx, magma_encrypt, length, digest); + CMAC64_DIGEST(ctx, magma_encrypt, digest); } #endif diff --git a/lib/nettle/gost/cmac.h b/lib/nettle/gost/cmac.h index 5894cfddb..6982b11d2 100644 --- a/lib/nettle/gost/cmac.h +++ b/lib/nettle/gost/cmac.h @@ -58,7 +58,7 @@ void cmac_magma_set_key(struct cmac_magma_ctx *ctx, const uint8_t *key); void cmac_magma_update(struct cmac_magma_ctx *ctx, size_t length, const uint8_t *data);
-void cmac_magma_digest(struct cmac_magma_ctx *ctx, size_t length, +void cmac_magma_digest(struct cmac_magma_ctx *ctx, uint8_t *digest);
#ifdef __cplusplus @@ -83,7 +83,7 @@ void cmac_kuznyechik_set_key(struct cmac_kuznyechik_ctx *ctx, void cmac_kuznyechik_update(struct cmac_kuznyechik_ctx *ctx, size_t length, const uint8_t *data);
-void cmac_kuznyechik_digest(struct cmac_kuznyechik_ctx *ctx, size_t length, +void cmac_kuznyechik_digest(struct cmac_kuznyechik_ctx *ctx, uint8_t *digest);
#ifdef __cplusplus diff --git a/lib/nettle/gost/gost-wrap.c b/lib/nettle/gost/gost-wrap.c index 3670678c8..0005a0801 100644 --- a/lib/nettle/gost/gost-wrap.c +++ b/lib/nettle/gost/gost-wrap.c @@ -92,7 +92,7 @@ void gost28147_key_wrap_cryptopro(const struct gost28147_param *param, gost28147_imit_set_param(&ictx, param); gost28147_imit_set_nonce(&ictx, ukm); gost28147_imit_update(&ictx, GOST28147_KEY_SIZE, cek); - gost28147_imit_digest(&ictx, GOST28147_IMIT_DIGEST_SIZE, imit); + gost28147_imit_digest(&ictx, imit); }
int gost28147_key_unwrap_cryptopro(const struct gost28147_param *param, @@ -116,7 +116,7 @@ int gost28147_key_unwrap_cryptopro(const struct gost28147_param *param, gost28147_imit_set_param(&ictx, param); gost28147_imit_set_nonce(&ictx, ukm); gost28147_imit_update(&ictx, GOST28147_KEY_SIZE, cek); - gost28147_imit_digest(&ictx, GOST28147_IMIT_DIGEST_SIZE, mac); + gost28147_imit_digest(&ictx, mac);
return memeql_sec(mac, imit, GOST28147_IMIT_DIGEST_SIZE); } diff --git a/lib/nettle/gost/gost28147.c b/lib/nettle/gost/gost28147.c index bb5ee0740..389cd893b 100644 --- a/lib/nettle/gost/gost28147.c +++ b/lib/nettle/gost/gost28147.c @@ -8631,10 +8631,9 @@ void gost28147_imit_update(struct gost28147_imit_ctx *ctx, size_t length, MD_UPDATE(ctx, length, data, gost28147_imit_compress, ctx->count++); }
-void gost28147_imit_digest(struct gost28147_imit_ctx *ctx, size_t length, +void gost28147_imit_digest(struct gost28147_imit_ctx *ctx, uint8_t *digest) { - assert(length <= GOST28147_IMIT_DIGEST_SIZE); const uint8_t zero[GOST28147_IMIT_BLOCK_SIZE] = { 0 };
if (ctx->index) { @@ -8647,7 +8646,7 @@ void gost28147_imit_digest(struct gost28147_imit_ctx *ctx, size_t length, gost28147_imit_update(ctx, GOST28147_IMIT_BLOCK_SIZE, zero); }
- _nettle_write_le32(length, digest, ctx->state); + _nettle_write_le32(GOST28147_IMIT_DIGEST_SIZE, digest, ctx->state); _gost28147_imit_reinit(ctx); } #endif diff --git a/lib/nettle/gost/gost28147.h b/lib/nettle/gost/gost28147.h index 5b5a7dcbe..feba9cd3b 100644 --- a/lib/nettle/gost/gost28147.h +++ b/lib/nettle/gost/gost28147.h @@ -174,7 +174,7 @@ void gost28147_imit_set_param(struct gost28147_imit_ctx *ctx, void gost28147_imit_update(struct gost28147_imit_ctx *ctx, size_t length, const uint8_t *data);
-void gost28147_imit_digest(struct gost28147_imit_ctx *ctx, size_t length, +void gost28147_imit_digest(struct gost28147_imit_ctx *ctx, uint8_t *digest);
#ifdef __cplusplus diff --git a/lib/nettle/int/dsa-fips.h b/lib/nettle/int/dsa-fips.h index 5c1c90e3b..1de1199c1 100644 --- a/lib/nettle/int/dsa-fips.h +++ b/lib/nettle/int/dsa-fips.h @@ -100,7 +100,7 @@ inline static void hash(uint8_t digest[DIGEST_SIZE], unsigned length,
sha384_init(&ctx); sha384_update(&ctx, length, data); - sha384_digest(&ctx, DIGEST_SIZE, digest); + sha384_digest(&ctx, digest);
return; } diff --git a/lib/nettle/int/tls1-prf.c b/lib/nettle/int/tls1-prf.c index 46520b06a..1366403f9 100644 --- a/lib/nettle/int/tls1-prf.c +++ b/lib/nettle/int/tls1-prf.c @@ -63,7 +63,7 @@ static void P_hash(void *mac_ctx, nettle_hash_update_func *update, } else { update(mac_ctx, digest_size, Atmp); } - digest(mac_ctx, digest_size, Atmp); /* store A(i) */ + digest(mac_ctx, Atmp); /* store A(i) */
update(mac_ctx, digest_size, Atmp); /* hash A(i) */ update(mac_ctx, label_size, @@ -73,7 +73,7 @@ static void P_hash(void *mac_ctx, nettle_hash_update_func *update, if (left < (ssize_t)digest_size) digest_size = left;
- digest(mac_ctx, digest_size, dst); + digest(mac_ctx, dst);
left -= digest_size; dst += digest_size; diff --git a/lib/nettle/mac.c b/lib/nettle/mac.c index 899dc0e6e..e7e58a7c4 100644 --- a/lib/nettle/mac.c +++ b/lib/nettle/mac.c @@ -49,7 +49,7 @@ #include <nettle/gcm.h>
typedef void (*update_func)(void *, size_t, const uint8_t *); -typedef void (*digest_func)(void *, size_t, uint8_t *); +typedef void (*digest_func)(void *, uint8_t *); typedef void (*set_key_func)(void *, size_t, const uint8_t *); typedef void (*set_nonce_func)(void *, size_t, const uint8_t *); typedef void (*init_func)(void *); @@ -278,13 +278,12 @@ static void _wrap_gmac_update(void *_ctx, size_t length, const uint8_t *data) ctx->pos = length; }
-static void _wrap_gmac_digest(void *_ctx, size_t length, uint8_t *digest) +static void _wrap_gmac_digest(void *_ctx, uint8_t *digest) { struct gmac_ctx *ctx = _ctx; - if (ctx->pos) gcm_update(&ctx->ctx, &ctx->key, ctx->pos, ctx->buffer); - gcm_digest(&ctx->ctx, &ctx->key, &ctx->cipher, ctx->encrypt, length, + gcm_digest(&ctx->ctx, &ctx->key, &ctx->cipher, ctx->encrypt, digest); ctx->pos = 0; } @@ -468,7 +467,7 @@ static int wrap_nettle_mac_fast(gnutls_mac_algorithm_t algo, const void *nonce, ctx.set_nonce(&ctx, nonce_size, nonce); } ctx.update(&ctx, text_size, text); - ctx.digest(&ctx, ctx.length, digest); + ctx.digest(&ctx, digest);
zeroize_temp_key(&ctx, sizeof(ctx));
@@ -589,7 +588,7 @@ static int wrap_nettle_mac_output(void *src_ctx, void *digest, return GNUTLS_E_SHORT_MEMORY_BUFFER; }
- ctx->digest(ctx->ctx_ptr, digestsize, digest); + ctx->digest(ctx->ctx_ptr, digest);
return 0; } @@ -665,16 +664,13 @@ static void _md5_sha1_update(void *_ctx, size_t len, const uint8_t *data) sha1_update(&ctx->sha1, len, data); }
-static void _md5_sha1_digest(void *_ctx, size_t len, uint8_t *digest) +static void _md5_sha1_digest(void *_ctx, uint8_t *digest) { struct md5_sha1_ctx *ctx = _ctx;
- md5_digest(&ctx->md5, len <= MD5_DIGEST_SIZE ? len : MD5_DIGEST_SIZE, - digest); + md5_digest(&ctx->md5, digest);
- if (len > MD5_DIGEST_SIZE) - sha1_digest(&ctx->sha1, len - MD5_DIGEST_SIZE, - digest + MD5_DIGEST_SIZE); + sha1_digest(&ctx->sha1, digest + MD5_DIGEST_SIZE); }
static void _md5_sha1_init(void *_ctx) @@ -771,6 +767,7 @@ static int _ctx_init(gnutls_digest_algorithm_t algo, ctx->ctx_ptr = &ctx->ctx.sha3_512; ctx->length = SHA3_512_DIGEST_SIZE; break; +#if 0 case GNUTLS_DIG_SHAKE_128: ctx->init = (init_func)sha3_128_init; ctx->update = (update_func)sha3_128_update; @@ -787,6 +784,7 @@ static int _ctx_init(gnutls_digest_algorithm_t algo, ctx->ctx_ptr = &ctx->ctx.sha3_256; ctx->length = 0; /* unused */ break; +#endif #endif case GNUTLS_DIG_MD2: ctx->init = (init_func)md2_init; @@ -848,7 +846,7 @@ static int wrap_nettle_hash_fast(gnutls_digest_algorithm_t algo, if (text_size > 0) { ctx.update(&ctx, text_size, text); } - ctx.digest(&ctx, ctx.length, digest); + ctx.digest(&ctx, digest); zeroize_temp_key(&ctx, sizeof(ctx));
return 0; @@ -910,7 +908,7 @@ static int wrap_nettle_hash_output(void *src_ctx, void *digest, return GNUTLS_E_SHORT_MEMORY_BUFFER; }
- ctx->digest(ctx->ctx_ptr, digestsize, digest); + ctx->digest(ctx->ctx_ptr, digest);
return 0; } @@ -929,7 +927,7 @@ static int wrap_nettle_hkdf_extract(gnutls_mac_algorithm_t mac, const void *key, return gnutls_assert_val(ret);
ctx.set_key(&ctx, saltsize, salt); - hkdf_extract(&ctx.ctx, ctx.update, ctx.digest, ctx.length, keysize, key, + hkdf_extract(&ctx.ctx, ctx.update, ctx.digest, keysize, key, output);
zeroize_temp_key(&ctx, sizeof(ctx));