nmav pushed to compat-gnutls28 (master). "updated to 3.3.15 and link against nettle3"
notifications at fedoraproject.org
notifications at fedoraproject.org
Mon May 4 09:30:58 UTC 2015
>From 843fa69d57edffb3cc44b8a0f955fa8c5fbff2ce Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav at redhat.com>
Date: Mon, 4 May 2015 11:12:22 +0200
Subject: updated to 3.3.15 and link against nettle3
diff --git a/.gitignore b/.gitignore
index 422838d..e18008f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
/gnutls-3.3.14-hobbled.tar.xz
+/gnutls-3.3.15-hobbled.tar.xz
diff --git a/compat-gnutls28.spec b/compat-gnutls28.spec
index e452777..c0c7111 100644
--- a/compat-gnutls28.spec
+++ b/compat-gnutls28.spec
@@ -1,6 +1,6 @@
Summary: Compat package with gnutls library ABI version 28
Name: compat-gnutls28
-Version: 3.3.14
+Version: 3.3.15
Release: 1%{?dist}
# The libraries are LGPLv2.1+, utilities are GPLv3+
License: LGPLv2+
@@ -26,7 +26,7 @@ Source2: hobble-gnutls
Patch1: gnutls-3.2.7-rpath.patch
Patch3: gnutls-3.1.11-nosrp.patch
Patch4: gnutls-3.3.6-default-policy.patch
-Patch5: gnutls-3.3.14-sigpipe.patch
+Patch5: gnutls-3.3.15-nettle3.patch
# Explicitly conflict with older gnutls packages that ship libraries
# with the same soname as this compat package
@@ -44,7 +44,7 @@ Compatibility package with gnutls library ABI version 28.
%patch1 -p1 -b .rpath
%patch3 -p1 -b .nosrp
%patch4 -p1 -b .default-policy
-%patch5 -p1 -b .sigpipe
+%patch5 -p1 -b .nettle3
sed 's/gnutls_srp.c//g' -i lib/Makefile.in
sed 's/gnutls_srp.lo//g' -i lib/Makefile.in
rm -f lib/minitasn1/*.c lib/minitasn1/*.h
diff --git a/gnutls-3.3.15-nettle3.patch b/gnutls-3.3.15-nettle3.patch
new file mode 100644
index 0000000..a269808
--- /dev/null
+++ b/gnutls-3.3.15-nettle3.patch
@@ -0,0 +1,1473 @@
+diff --git a/lib/accelerated/x86/aes-gcm-padlock.c b/lib/accelerated/x86/aes-gcm-padlock.c
+index 9e92292..aff3ebc 100644
+--- a/lib/accelerated/x86/aes-gcm-padlock.c
++++ b/lib/accelerated/x86/aes-gcm-padlock.c
+@@ -45,8 +45,8 @@
+ */
+ struct gcm_padlock_aes_ctx GCM_CTX(struct padlock_ctx);
+
+-static void padlock_aes_encrypt(void *_ctx,
+- unsigned length, uint8_t * dst,
++static void padlock_aes_encrypt(const void *_ctx,
++ size_t length, uint8_t * dst,
+ const uint8_t * src)
+ {
+ struct padlock_ctx *ctx = _ctx;
+@@ -58,14 +58,22 @@ static void padlock_aes_encrypt(void *_ctx,
+ padlock_ecb_encrypt(dst, src, pce, length);
+ }
+
+-static void padlock_aes_set_encrypt_key(struct padlock_ctx *_ctx,
+- unsigned length,
++static void padlock_aes128_set_encrypt_key(struct padlock_ctx *_ctx,
+ const uint8_t * key)
+ {
+ struct padlock_ctx *ctx = _ctx;
+ ctx->enc = 1;
+
+- padlock_aes_cipher_setkey(_ctx, key, length);
++ padlock_aes_cipher_setkey(_ctx, key, 16);
++}
++
++static void padlock_aes256_set_encrypt_key(struct padlock_ctx *_ctx,
++ const uint8_t * key)
++{
++ struct padlock_ctx *ctx = _ctx;
++ ctx->enc = 1;
++
++ padlock_aes_cipher_setkey(_ctx, key, 32);
+ }
+
+ static void aes_gcm_deinit(void *_ctx)
+@@ -95,12 +103,17 @@ aes_gcm_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx,
+ }
+
+ static int
+-aes_gcm_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)
++aes_gcm_cipher_setkey(void *_ctx, const void *key, size_t keysize)
+ {
+ struct gcm_padlock_aes_ctx *ctx = _ctx;
+
+- GCM_SET_KEY(ctx, padlock_aes_set_encrypt_key, padlock_aes_encrypt,
+- keysize, userkey);
++ if (keysize == 16) {
++ GCM_SET_KEY(ctx, padlock_aes128_set_encrypt_key, padlock_aes_encrypt,
++ key);
++ } else if (keysize == 32) {
++ GCM_SET_KEY(ctx, padlock_aes256_set_encrypt_key, padlock_aes_encrypt,
++ key);
++ } else abort();
+
+ return 0;
+ }
+diff --git a/lib/accelerated/x86/aes-gcm-x86-aesni.c b/lib/accelerated/x86/aes-gcm-x86-aesni.c
+index 7428940..7d64eb2 100644
+--- a/lib/accelerated/x86/aes-gcm-x86-aesni.c
++++ b/lib/accelerated/x86/aes-gcm-x86-aesni.c
+@@ -43,8 +43,8 @@
+ */
+ struct gcm_x86_aes_ctx GCM_CTX(AES_KEY);
+
+-static void x86_aes_encrypt(void *_ctx,
+- unsigned length, uint8_t * dst,
++static void x86_aes_encrypt(const void *_ctx,
++ size_t length, uint8_t * dst,
+ const uint8_t * src)
+ {
+ AES_KEY *ctx = _ctx;
+@@ -52,13 +52,20 @@ static void x86_aes_encrypt(void *_ctx,
+ aesni_ecb_encrypt(src, dst, 16, ctx, 1);
+ }
+
+-static void x86_aes_set_encrypt_key(void *_ctx,
+- unsigned length,
++static void x86_aes128_set_encrypt_key(void *_ctx,
+ const uint8_t * key)
+ {
+ AES_KEY *ctx = _ctx;
+
+- aesni_set_encrypt_key(key, length*8, ctx);
++ aesni_set_encrypt_key(key, 16*8, ctx);
++}
++
++static void x86_aes256_set_encrypt_key(void *_ctx,
++ const uint8_t * key)
++{
++ AES_KEY *ctx = _ctx;
++
++ aesni_set_encrypt_key(key, 32*8, ctx);
+ }
+
+ static int
+@@ -80,12 +87,17 @@ aes_gcm_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx,
+ }
+
+ static int
+-aes_gcm_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)
++aes_gcm_cipher_setkey(void *_ctx, const void *key, size_t length)
+ {
+ struct gcm_x86_aes_ctx *ctx = _ctx;
+
+- GCM_SET_KEY(ctx, x86_aes_set_encrypt_key, x86_aes_encrypt,
+- keysize, userkey);
++ if (length == 16) {
++ GCM_SET_KEY(ctx, x86_aes128_set_encrypt_key, x86_aes_encrypt,
++ key);
++ } else if (length == 32) {
++ GCM_SET_KEY(ctx, x86_aes256_set_encrypt_key, x86_aes_encrypt,
++ key);
++ } else abort();
+
+ return 0;
+ }
+diff --git a/lib/accelerated/x86/aes-gcm-x86-ssse3.c b/lib/accelerated/x86/aes-gcm-x86-ssse3.c
+index 026ffb2..b82c22a 100644
+--- a/lib/accelerated/x86/aes-gcm-x86-ssse3.c
++++ b/lib/accelerated/x86/aes-gcm-x86-ssse3.c
+@@ -42,8 +42,8 @@
+ */
+ struct gcm_x86_aes_ctx GCM_CTX(AES_KEY);
+
+-static void x86_aes_encrypt(void *_ctx,
+- unsigned length, uint8_t * dst,
++static void x86_aes_encrypt(const void *_ctx,
++ size_t length, uint8_t * dst,
+ const uint8_t * src)
+ {
+ AES_KEY *ctx = _ctx;
+@@ -51,13 +51,20 @@ static void x86_aes_encrypt(void *_ctx,
+ vpaes_encrypt(src, dst, ctx);
+ }
+
+-static void x86_aes_set_encrypt_key(void *_ctx,
+- unsigned length,
+- const uint8_t * key)
++static void x86_aes_128_set_encrypt_key(void *_ctx,
++ const uint8_t * key)
+ {
+ AES_KEY *ctx = _ctx;
+
+- vpaes_set_encrypt_key(key, length*8, ctx);
++ vpaes_set_encrypt_key(key, 16*8, ctx);
++}
++
++static void x86_aes_256_set_encrypt_key(void *_ctx,
++ const uint8_t * key)
++{
++ AES_KEY *ctx = _ctx;
++
++ vpaes_set_encrypt_key(key, 32*8, ctx);
+ }
+
+ static int
+@@ -79,12 +86,17 @@ aes_gcm_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx,
+ }
+
+ static int
+-aes_gcm_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)
++aes_gcm_cipher_setkey(void *_ctx, const void *key, size_t keysize)
+ {
+ struct gcm_x86_aes_ctx *ctx = _ctx;
+
+- GCM_SET_KEY(ctx, x86_aes_set_encrypt_key, x86_aes_encrypt,
+- keysize, userkey);
++ if (keysize == 16) {
++ GCM_SET_KEY(ctx, x86_aes_128_set_encrypt_key, x86_aes_encrypt,
++ key);
++ } else if (keysize == 32) {
++ GCM_SET_KEY(ctx, x86_aes_256_set_encrypt_key, x86_aes_encrypt,
++ key);
++ } else abort();
+
+ return 0;
+ }
+diff --git a/lib/accelerated/x86/aes-padlock.c b/lib/accelerated/x86/aes-padlock.c
+index 8ed10d8..3e1c4f5 100644
+--- a/lib/accelerated/x86/aes-padlock.c
++++ b/lib/accelerated/x86/aes-padlock.c
+@@ -94,7 +94,7 @@ padlock_aes_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)
+ aes_set_decrypt_key(&nc, keysize, userkey);
+
+ memcpy(pce->ks.rd_key, nc.keys, sizeof(nc.keys));
+- pce->ks.rounds = nc.nrounds;
++ pce->ks.rounds = nc.rounds;
+
+ pce->cword.b.keygen = 1;
+ break;
+diff --git a/lib/accelerated/x86/aes-padlock.h b/lib/accelerated/x86/aes-padlock.h
+index d72e702..d19ad48 100644
+--- a/lib/accelerated/x86/aes-padlock.h
++++ b/lib/accelerated/x86/aes-padlock.h
+@@ -29,6 +29,7 @@ struct padlock_ctx {
+
+ extern const gnutls_crypto_cipher_st _gnutls_aes_padlock;
+ extern const gnutls_crypto_cipher_st _gnutls_aes_gcm_padlock;
++
+ extern const gnutls_crypto_mac_st _gnutls_hmac_sha_padlock;
+ extern const gnutls_crypto_digest_st _gnutls_sha_padlock;
+
+diff --git a/lib/accelerated/x86/aes-x86.h b/lib/accelerated/x86/aes-x86.h
+index c0e56e3..4e86f93 100644
+--- a/lib/accelerated/x86/aes-x86.h
++++ b/lib/accelerated/x86/aes-x86.h
+@@ -43,9 +43,11 @@ void vpaes_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *k
+ void vpaes_decrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key);
+
+ extern const gnutls_crypto_cipher_st _gnutls_aes_gcm_pclmul;
+-extern const gnutls_crypto_cipher_st _gnutls_aes_gcm_x86_ssse3;
+ extern const gnutls_crypto_cipher_st _gnutls_aes_gcm_x86_aesni;
++extern const gnutls_crypto_cipher_st _gnutls_aes_gcm_x86_ssse3;
++
+ extern const gnutls_crypto_cipher_st _gnutls_aes_ssse3;
++
+ extern const gnutls_crypto_cipher_st _gnutls_aesni_x86;
+
+ #endif
+diff --git a/lib/accelerated/x86/sha-padlock.c b/lib/accelerated/x86/sha-padlock.c
+index 7365f6c..04b42e4 100644
+--- a/lib/accelerated/x86/sha-padlock.c
++++ b/lib/accelerated/x86/sha-padlock.c
+@@ -70,6 +70,7 @@ static void wrap_padlock_hash_deinit(void *hd)
+ gnutls_free(hd);
+ }
+
++#define MD1_INCR(c) (c->count++)
+ #define SHA1_COMPRESS(ctx, data) (padlock_sha1_blocks((void*)(ctx)->state, data, 1))
+ #define SHA256_COMPRESS(ctx, data) (padlock_sha256_blocks((void*)(ctx)->state, data, 1))
+ #define SHA512_COMPRESS(ctx, data) (padlock_sha512_blocks((void*)(ctx)->state, data, 1))
+@@ -78,14 +79,14 @@ void
+ padlock_sha1_update(struct sha1_ctx *ctx,
+ unsigned length, const uint8_t * data)
+ {
+- MD_UPDATE(ctx, length, data, SHA1_COMPRESS, MD_INCR(ctx));
++ MD_UPDATE(ctx, length, data, SHA1_COMPRESS, MD1_INCR(ctx));
+ }
+
+ void
+ padlock_sha256_update(struct sha256_ctx *ctx,
+ unsigned length, const uint8_t * data)
+ {
+- MD_UPDATE(ctx, length, data, SHA256_COMPRESS, MD_INCR(ctx));
++ MD_UPDATE(ctx, length, data, SHA256_COMPRESS, MD1_INCR(ctx));
+ }
+
+ void
+@@ -133,19 +134,17 @@ static void
+ padlock_sha1_digest(struct sha1_ctx *ctx,
+ unsigned length, uint8_t * digest)
+ {
+- uint32_t high, low;
++ uint64_t bit_count;
+
+ assert(length <= SHA1_DIGEST_SIZE);
+
+ MD_PAD(ctx, 8, SHA1_COMPRESS);
+
+ /* There are 512 = 2^9 bits in one block */
+- high = (ctx->count_high << 9) | (ctx->count_low >> 23);
+- low = (ctx->count_low << 9) | (ctx->index << 3);
++ bit_count = (ctx->count << 9) | (ctx->index << 3);
+
+ /* append the 64 bit count */
+- WRITE_UINT32(ctx->block + (SHA1_DATA_SIZE - 8), high);
+- WRITE_UINT32(ctx->block + (SHA1_DATA_SIZE - 4), low);
++ WRITE_UINT64(ctx->block + (SHA1_BLOCK_SIZE - 8), bit_count);
+ SHA1_COMPRESS(ctx, ctx->block);
+
+ _nettle_write_be32(length, digest, ctx->state);
+@@ -155,21 +154,19 @@ static void
+ padlock_sha256_digest(struct sha256_ctx *ctx,
+ unsigned length, uint8_t * digest)
+ {
+- uint32_t high, low;
++ uint64_t bit_count;
+
+ assert(length <= SHA256_DIGEST_SIZE);
+
+ MD_PAD(ctx, 8, SHA256_COMPRESS);
+
+ /* There are 512 = 2^9 bits in one block */
+- high = (ctx->count_high << 9) | (ctx->count_low >> 23);
+- low = (ctx->count_low << 9) | (ctx->index << 3);
++ bit_count = (ctx->count << 9) | (ctx->index << 3);
+
+ /* This is slightly inefficient, as the numbers are converted to
+ big-endian format, and will be converted back by the compression
+ function. It's probably not worth the effort to fix this. */
+- WRITE_UINT32(ctx->block + (SHA256_DATA_SIZE - 8), high);
+- WRITE_UINT32(ctx->block + (SHA256_DATA_SIZE - 4), low);
++ WRITE_UINT64(ctx->block + (SHA256_BLOCK_SIZE - 8), bit_count);
+ SHA256_COMPRESS(ctx, ctx->block);
+
+ _nettle_write_be32(length, digest, ctx->state);
+diff --git a/lib/accelerated/x86/sha-x86-ssse3.c b/lib/accelerated/x86/sha-x86-ssse3.c
+index e9d8eab..52c6ab0 100644
+--- a/lib/accelerated/x86/sha-x86-ssse3.c
++++ b/lib/accelerated/x86/sha-x86-ssse3.c
+@@ -113,7 +113,7 @@ void x86_sha1_update(struct sha1_ctx *ctx, size_t length,
+ sha1_block_data_order(&octx, data, t2);
+
+ for (i=0;i<t2;i++)
+- MD_INCR(ctx);
++ ctx->count++;
+ data += length;
+ }
+
+@@ -166,7 +166,7 @@ void x86_sha256_update(struct sha256_ctx *ctx, size_t length,
+ sha256_block_data_order(&octx, data, t2);
+
+ for (i=0;i<t2;i++)
+- MD_INCR(ctx);
++ ctx->count++;
+ data += length;
+ }
+
+diff --git a/lib/nettle/Makefile.am b/lib/nettle/Makefile.am
+index 50acf0a..e84ed1f 100644
+--- a/lib/nettle/Makefile.am
++++ b/lib/nettle/Makefile.am
+@@ -40,7 +40,6 @@ noinst_LTLIBRARIES = libcrypto.la
+
+ libcrypto_la_SOURCES = pk.c mpi.c mac.c cipher.c init.c egd.c egd.h \
+ gnettle.h rnd-common.h rnd-common.c \
+- int/gcm-camellia.h int/gcm-camellia.c \
+ rnd.c
+
+ if ENABLE_FIPS140
+diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c
+index f367f2f..b9185e1 100644
+--- a/lib/nettle/cipher.c
++++ b/lib/nettle/cipher.c
+@@ -35,7 +35,6 @@
+ #include <nettle/nettle-meta.h>
+ #include <nettle/cbc.h>
+ #include <nettle/gcm.h>
+-#include <gcm-camellia.h>
+ #include <fips.h>
+
+ /* Functions that refer to the nettle library.
+@@ -43,21 +42,21 @@
+
+ #define MAX_BLOCK_SIZE 32
+
+-typedef void (*encrypt_func) (void *, nettle_crypt_func, unsigned,
+- uint8_t *, unsigned, uint8_t *,
++typedef void (*encrypt_func) (void *, nettle_cipher_func*, size_t,
++ uint8_t *, size_t, uint8_t *,
+ const uint8_t *);
+-typedef void (*decrypt_func) (void *, nettle_crypt_func, unsigned,
+- uint8_t *, unsigned, uint8_t *,
++typedef void (*decrypt_func) (void *, nettle_cipher_func*, size_t,
++ uint8_t *, size_t, uint8_t *,
+ const uint8_t *);
+-typedef void (*auth_func) (void *, unsigned, const uint8_t *);
++typedef void (*auth_func) (void *, size_t, const uint8_t *);
+
+-typedef void (*tag_func) (void *, unsigned, uint8_t *);
++typedef void (*tag_func) (void *, size_t, uint8_t *);
+
+ typedef void (*setkey_func) (void *, unsigned, const uint8_t *);
+
+ static void
+-stream_encrypt(void *ctx, nettle_crypt_func func, unsigned block_size,
+- uint8_t * iv, unsigned length, uint8_t * dst,
++stream_encrypt(void *ctx, nettle_cipher_func func, size_t block_size,
++ uint8_t * iv, size_t length, uint8_t * dst,
+ const uint8_t * src)
+ {
+ func(ctx, length, dst, src);
+@@ -66,21 +65,24 @@ stream_encrypt(void *ctx, nettle_crypt_func func, unsigned block_size,
+ struct nettle_cipher_ctx {
+ union {
+ struct aes_ctx aes;
+- struct camellia_ctx camellia;
++ struct camellia128_ctx camellia128;
++ struct camellia192_ctx camellia192;
++ struct camellia256_ctx camellia256;
+ struct arcfour_ctx arcfour;
+ struct arctwo_ctx arctwo;
+ struct des3_ctx des3;
+ struct des_ctx des;
+ struct gcm_aes_ctx aes_gcm;
+- struct _gcm_camellia_ctx camellia_gcm;
++ struct gcm_camellia128_ctx camellia128_gcm;
++ struct gcm_camellia256_ctx camellia256_gcm;
+ struct salsa20_ctx salsa20;
+ } ctx;
+ void *ctx_ptr;
+ uint8_t iv[MAX_BLOCK_SIZE];
+ gnutls_cipher_algorithm_t algo;
+ size_t block_size;
+- nettle_crypt_func *i_encrypt;
+- nettle_crypt_func *i_decrypt;
++ nettle_cipher_func *i_encrypt;
++ nettle_cipher_func *i_decrypt;
+ encrypt_func encrypt;
+ decrypt_func decrypt;
+ auth_func auth;
+@@ -88,36 +90,52 @@ struct nettle_cipher_ctx {
+ int enc;
+ };
+
+-static void _aes_gcm_encrypt(void *_ctx, nettle_crypt_func f,
+- unsigned block_size, uint8_t * iv,
+- unsigned length, uint8_t * dst,
++static void _aes_gcm_encrypt(void *_ctx, nettle_cipher_func * f,
++ size_t block_size, uint8_t * iv,
++ size_t length, uint8_t * dst,
+ const uint8_t * src)
+ {
+ gcm_aes_encrypt(_ctx, length, dst, src);
+ }
+
+-static void _aes_gcm_decrypt(void *_ctx, nettle_crypt_func f,
+- unsigned block_size, uint8_t * iv,
+- unsigned length, uint8_t * dst,
++static void _aes_gcm_decrypt(void *_ctx, nettle_cipher_func * f,
++ size_t block_size, uint8_t * iv,
++ size_t length, uint8_t * dst,
+ const uint8_t * src)
+ {
+ gcm_aes_decrypt(_ctx, length, dst, src);
+ }
+
+-static void _camellia_gcm_encrypt(void *_ctx, nettle_crypt_func f,
+- unsigned block_size, uint8_t * iv,
+- unsigned length, uint8_t * dst,
++static void _camellia128_gcm_encrypt(void *_ctx, nettle_cipher_func * f,
++ size_t block_size, uint8_t * iv,
++ size_t length, uint8_t * dst,
+ const uint8_t * src)
+ {
+- _gcm_camellia_encrypt(_ctx, length, dst, src);
++ gcm_camellia128_encrypt(_ctx, length, dst, src);
+ }
+
+-static void _camellia_gcm_decrypt(void *_ctx, nettle_crypt_func f,
+- unsigned block_size, uint8_t * iv,
+- unsigned length, uint8_t * dst,
++static void _camellia256_gcm_encrypt(void *_ctx, nettle_cipher_func * f,
++ size_t block_size, uint8_t * iv,
++ size_t length, uint8_t * dst,
+ const uint8_t * src)
+ {
+- _gcm_camellia_decrypt(_ctx, length, dst, src);
++ gcm_camellia256_encrypt(_ctx, length, dst, src);
++}
++
++static void _camellia128_gcm_decrypt(void *_ctx, nettle_cipher_func * f,
++ size_t block_size, uint8_t * iv,
++ size_t length, uint8_t * dst,
++ const uint8_t * src)
++{
++ gcm_camellia128_decrypt(_ctx, length, dst, src);
++}
++
++static void _camellia256_gcm_decrypt(void *_ctx, nettle_cipher_func * f,
++ size_t block_size, uint8_t * iv,
++ size_t length, uint8_t * dst,
++ const uint8_t * src)
++{
++ gcm_camellia256_decrypt(_ctx, length, dst, src);
+ }
+
+ static int wrap_nettle_cipher_exists(gnutls_cipher_algorithm_t algo)
+@@ -170,7 +188,7 @@ wrap_nettle_cipher_init(gnutls_cipher_algorithm_t algo, void **_ctx,
+ case GNUTLS_CIPHER_AES_256_GCM:
+ ctx->encrypt = _aes_gcm_encrypt;
+ ctx->decrypt = _aes_gcm_decrypt;
+- ctx->i_encrypt = (nettle_crypt_func *) aes_encrypt;
++ ctx->i_encrypt = (nettle_cipher_func *) aes_encrypt;
+ ctx->auth = (auth_func) gcm_aes_update;
+ ctx->tag = (tag_func) gcm_aes_digest;
+ ctx->ctx_ptr = &ctx->ctx.aes_gcm;
+@@ -179,55 +197,86 @@ wrap_nettle_cipher_init(gnutls_cipher_algorithm_t algo, void **_ctx,
+ case GNUTLS_CIPHER_AES_128_CBC:
+ case GNUTLS_CIPHER_AES_192_CBC:
+ case GNUTLS_CIPHER_AES_256_CBC:
+- ctx->encrypt = cbc_encrypt;
+- ctx->decrypt = cbc_decrypt;
+- ctx->i_encrypt = (nettle_crypt_func *) aes_encrypt;
+- ctx->i_decrypt = (nettle_crypt_func *) aes_decrypt;
++ ctx->encrypt = (encrypt_func) cbc_encrypt;
++ ctx->decrypt = (decrypt_func) cbc_decrypt;
++ ctx->i_encrypt = (nettle_cipher_func *) aes_encrypt;
++ ctx->i_decrypt = (nettle_cipher_func *) aes_decrypt;
+ ctx->ctx_ptr = &ctx->ctx.aes;
+ ctx->block_size = AES_BLOCK_SIZE;
+ break;
+ case GNUTLS_CIPHER_3DES_CBC:
+- ctx->encrypt = cbc_encrypt;
+- ctx->decrypt = cbc_decrypt;
+- ctx->i_encrypt = (nettle_crypt_func *) des3_encrypt;
+- ctx->i_decrypt = (nettle_crypt_func *) des3_decrypt;
++ ctx->encrypt = (encrypt_func) cbc_encrypt;
++ ctx->decrypt = (decrypt_func) cbc_decrypt;
++ ctx->i_encrypt = (nettle_cipher_func *) des3_encrypt;
++ ctx->i_decrypt = (nettle_cipher_func *) des3_decrypt;
+ ctx->ctx_ptr = &ctx->ctx.des3;
+ ctx->block_size = DES3_BLOCK_SIZE;
+ break;
+ case GNUTLS_CIPHER_CAMELLIA_128_GCM:
++ if (_gnutls_fips_mode_enabled() != 0)
++ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
++
++ ctx->encrypt = _camellia128_gcm_encrypt;
++ ctx->decrypt = _camellia128_gcm_decrypt;
++ ctx->i_encrypt = (nettle_cipher_func *) camellia128_crypt;
++ ctx->auth = (auth_func) gcm_camellia128_update;
++ ctx->tag = (tag_func) gcm_camellia128_digest;
++ ctx->ctx_ptr = &ctx->ctx.camellia128_gcm;
++ ctx->block_size = CAMELLIA_BLOCK_SIZE;
++ break;
+ case GNUTLS_CIPHER_CAMELLIA_256_GCM:
+ if (_gnutls_fips_mode_enabled() != 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+- ctx->encrypt = _camellia_gcm_encrypt;
+- ctx->decrypt = _camellia_gcm_decrypt;
+- ctx->i_encrypt = (nettle_crypt_func *) camellia_crypt;
+- ctx->auth = (auth_func) _gcm_camellia_update;
+- ctx->tag = (tag_func) _gcm_camellia_digest;
+- ctx->ctx_ptr = &ctx->ctx.camellia_gcm;
++ ctx->encrypt = _camellia256_gcm_encrypt;
++ ctx->decrypt = _camellia256_gcm_decrypt;
++ ctx->i_encrypt = (nettle_cipher_func *) camellia256_crypt;
++ ctx->auth = (auth_func) gcm_camellia256_update;
++ ctx->tag = (tag_func) gcm_camellia256_digest;
++ ctx->ctx_ptr = &ctx->ctx.camellia256_gcm;
+ ctx->block_size = CAMELLIA_BLOCK_SIZE;
+ break;
+ case GNUTLS_CIPHER_CAMELLIA_128_CBC:
++ if (_gnutls_fips_mode_enabled() != 0)
++ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
++
++ ctx->encrypt = (encrypt_func) cbc_encrypt;
++ ctx->decrypt = (decrypt_func) cbc_decrypt;
++ ctx->i_encrypt = (nettle_cipher_func *) camellia128_crypt;
++ ctx->i_decrypt = (nettle_cipher_func *) camellia128_crypt;
++ ctx->ctx_ptr = &ctx->ctx.camellia128;
++ ctx->block_size = CAMELLIA_BLOCK_SIZE;
++ break;
+ case GNUTLS_CIPHER_CAMELLIA_192_CBC:
++ if (_gnutls_fips_mode_enabled() != 0)
++ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
++
++ ctx->encrypt = (encrypt_func) cbc_encrypt;
++ ctx->decrypt = (decrypt_func) cbc_decrypt;
++ ctx->i_encrypt = (nettle_cipher_func *) camellia192_crypt;
++ ctx->i_decrypt = (nettle_cipher_func *) camellia192_crypt;
++ ctx->ctx_ptr = &ctx->ctx.camellia192;
++ ctx->block_size = CAMELLIA_BLOCK_SIZE;
++ break;
+ case GNUTLS_CIPHER_CAMELLIA_256_CBC:
+ if (_gnutls_fips_mode_enabled() != 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+- ctx->encrypt = cbc_encrypt;
+- ctx->decrypt = cbc_decrypt;
+- ctx->i_encrypt = (nettle_crypt_func *) camellia_crypt;
+- ctx->i_decrypt = (nettle_crypt_func *) camellia_crypt;
+- ctx->ctx_ptr = &ctx->ctx.camellia;
++ ctx->encrypt = (encrypt_func) cbc_encrypt;
++ ctx->decrypt = (decrypt_func) cbc_decrypt;
++ ctx->i_encrypt = (nettle_cipher_func *) camellia256_crypt;
++ ctx->i_decrypt = (nettle_cipher_func *) camellia256_crypt;
++ ctx->ctx_ptr = &ctx->ctx.camellia256;
+ ctx->block_size = CAMELLIA_BLOCK_SIZE;
+ break;
+ case GNUTLS_CIPHER_DES_CBC:
+ if (_gnutls_fips_mode_enabled() != 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+- ctx->encrypt = cbc_encrypt;
+- ctx->decrypt = cbc_decrypt;
+- ctx->i_encrypt = (nettle_crypt_func *) des_encrypt;
+- ctx->i_decrypt = (nettle_crypt_func *) des_decrypt;
++ ctx->encrypt = (encrypt_func) cbc_encrypt;
++ ctx->decrypt = (decrypt_func) cbc_decrypt;
++ ctx->i_encrypt = (nettle_cipher_func *) des_encrypt;
++ ctx->i_decrypt = (nettle_cipher_func *) des_decrypt;
+ ctx->ctx_ptr = &ctx->ctx.des;
+ ctx->block_size = DES_BLOCK_SIZE;
+ break;
+@@ -238,8 +287,8 @@ wrap_nettle_cipher_init(gnutls_cipher_algorithm_t algo, void **_ctx,
+
+ ctx->encrypt = stream_encrypt;
+ ctx->decrypt = stream_encrypt;
+- ctx->i_encrypt = (nettle_crypt_func *) arcfour_crypt;
+- ctx->i_decrypt = (nettle_crypt_func *) arcfour_crypt;
++ ctx->i_encrypt = (nettle_cipher_func *) arcfour_crypt;
++ ctx->i_decrypt = (nettle_cipher_func *) arcfour_crypt;
+ ctx->ctx_ptr = &ctx->ctx.arcfour;
+ ctx->block_size = 1;
+ break;
+@@ -249,8 +298,8 @@ wrap_nettle_cipher_init(gnutls_cipher_algorithm_t algo, void **_ctx,
+
+ ctx->encrypt = stream_encrypt;
+ ctx->decrypt = stream_encrypt;
+- ctx->i_encrypt = (nettle_crypt_func *) salsa20_crypt;
+- ctx->i_decrypt = (nettle_crypt_func *) salsa20_crypt;
++ ctx->i_encrypt = (nettle_cipher_func *) salsa20_crypt;
++ ctx->i_decrypt = (nettle_cipher_func *) salsa20_crypt;
+ ctx->ctx_ptr = &ctx->ctx.salsa20;
+ ctx->block_size = 1;
+ break;
+@@ -260,8 +309,8 @@ wrap_nettle_cipher_init(gnutls_cipher_algorithm_t algo, void **_ctx,
+
+ ctx->encrypt = stream_encrypt;
+ ctx->decrypt = stream_encrypt;
+- ctx->i_encrypt = (nettle_crypt_func *) salsa20r12_crypt;
+- ctx->i_decrypt = (nettle_crypt_func *) salsa20r12_crypt;
++ ctx->i_encrypt = (nettle_cipher_func *) salsa20r12_crypt;
++ ctx->i_decrypt = (nettle_cipher_func *) salsa20r12_crypt;
+ ctx->ctx_ptr = &ctx->ctx.salsa20;
+ ctx->block_size = 1;
+ break;
+@@ -269,10 +318,10 @@ wrap_nettle_cipher_init(gnutls_cipher_algorithm_t algo, void **_ctx,
+ if (_gnutls_fips_mode_enabled() != 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+- ctx->encrypt = cbc_encrypt;
+- ctx->decrypt = cbc_decrypt;
+- ctx->i_encrypt = (nettle_crypt_func *) arctwo_encrypt;
+- ctx->i_decrypt = (nettle_crypt_func *) arctwo_decrypt;
++ ctx->encrypt = (encrypt_func) cbc_encrypt;
++ ctx->decrypt = (decrypt_func) cbc_decrypt;
++ ctx->i_encrypt = (nettle_cipher_func *) arctwo_encrypt;
++ ctx->i_decrypt = (nettle_cipher_func *) arctwo_decrypt;
+ ctx->ctx_ptr = &ctx->ctx.arctwo;
+ ctx->block_size = ARCTWO_BLOCK_SIZE;
+ break;
+@@ -307,13 +356,27 @@ wrap_nettle_cipher_setkey(void *_ctx, const void *key, size_t keysize)
+ aes_set_decrypt_key(ctx->ctx_ptr, keysize, key);
+ break;
+ case GNUTLS_CIPHER_CAMELLIA_128_CBC:
++ if (ctx->enc)
++ camellia128_set_encrypt_key(ctx->ctx_ptr,
++ key);
++ else
++ camellia128_set_decrypt_key(ctx->ctx_ptr,
++ key);
++ break;
+ case GNUTLS_CIPHER_CAMELLIA_192_CBC:
++ if (ctx->enc)
++ camellia192_set_encrypt_key(ctx->ctx_ptr,
++ key);
++ else
++ camellia192_set_decrypt_key(ctx->ctx_ptr,
++ key);
++ break;
+ case GNUTLS_CIPHER_CAMELLIA_256_CBC:
+ if (ctx->enc)
+- camellia_set_encrypt_key(ctx->ctx_ptr, keysize,
++ camellia256_set_encrypt_key(ctx->ctx_ptr,
+ key);
+ else
+- camellia_set_decrypt_key(ctx->ctx_ptr, keysize,
++ camellia256_set_decrypt_key(ctx->ctx_ptr,
+ key);
+ break;
+ case GNUTLS_CIPHER_3DES_CBC:
+@@ -331,12 +394,16 @@ wrap_nettle_cipher_setkey(void *_ctx, const void *key, size_t keysize)
+
+ break;
+ case GNUTLS_CIPHER_CAMELLIA_128_GCM:
++ if (_gnutls_fips_mode_enabled() != 0)
++ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
++
++ gcm_camellia128_set_key(&ctx->ctx.camellia128_gcm, key);
++ break;
+ case GNUTLS_CIPHER_CAMELLIA_256_GCM:
+ if (_gnutls_fips_mode_enabled() != 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+- _gcm_camellia_set_key(&ctx->ctx.camellia_gcm, keysize,
+- key);
++ gcm_camellia256_set_key(&ctx->ctx.camellia256_gcm, key);
+ break;
+ case GNUTLS_CIPHER_DES_CBC:
+ if (_gnutls_fips_mode_enabled() != 0)
+@@ -397,8 +464,11 @@ wrap_nettle_cipher_setiv(void *_ctx, const void *iv, size_t ivsize)
+ ivsize, iv);
+ break;
+ case GNUTLS_CIPHER_CAMELLIA_128_GCM:
++ gcm_camellia128_set_iv(&ctx->ctx.camellia128_gcm,
++ ivsize, iv);
++ break;
+ case GNUTLS_CIPHER_CAMELLIA_256_GCM:
+- _gcm_camellia_set_iv(&ctx->ctx.camellia_gcm,
++ gcm_camellia256_set_iv(&ctx->ctx.camellia256_gcm,
+ ivsize, iv);
+ break;
+ case GNUTLS_CIPHER_SALSA20_256:
+diff --git a/lib/nettle/int/dsa-fips.h b/lib/nettle/int/dsa-fips.h
+index 82d545e..e1edfb5 100644
+--- a/lib/nettle/int/dsa-fips.h
++++ b/lib/nettle/int/dsa-fips.h
+@@ -54,7 +54,7 @@ st_provable_prime (mpz_t p,
+ void *progress_ctx, nettle_progress_func * progress);
+
+ int
+-dsa_generate_dss_pqg(struct dsa_public_key *pub,
++dsa_generate_dss_pqg(struct dsa_params *params,
+ struct dss_params_validation_seeds* cert,
+ unsigned index,
+ void *random_ctx, nettle_random_func *random,
+@@ -62,22 +62,23 @@ dsa_generate_dss_pqg(struct dsa_public_key *pub,
+ unsigned p_bits /* = L */, unsigned q_bits /* = N */);
+
+ int
+-dsa_generate_dss_keypair(struct dsa_public_key *pub,
+- struct dsa_private_key *key,
++dsa_generate_dss_keypair(struct dsa_params *params,
++ mpz_t y,
++ mpz_t x,
+ void *random_ctx, nettle_random_func *random,
+ void *progress_ctx, nettle_progress_func *progress);
+
+ int
+-dsa_validate_dss_pqg(struct dsa_public_key *pub,
++dsa_validate_dss_pqg(struct dsa_params *pub,
+ struct dss_params_validation_seeds* cert,
+ unsigned index);
+
+ int
+-_dsa_validate_dss_pq(struct dsa_public_key *pub,
++_dsa_validate_dss_pq(struct dsa_params *pub,
+ struct dss_params_validation_seeds* cert);
+
+ int
+-_dsa_validate_dss_g(struct dsa_public_key *pub,
++_dsa_validate_dss_g(struct dsa_params *pub,
+ unsigned domain_seed_size, const uint8_t *domain_seed, unsigned index);
+
+ unsigned _dsa_check_qp_sizes(unsigned q_bits, unsigned p_bits, unsigned generate);
+@@ -85,21 +86,22 @@ unsigned _dsa_check_qp_sizes(unsigned q_bits, unsigned p_bits, unsigned generate
+ /* The following low-level functions can be used for DH key exchange as well
+ */
+ int
+-_dsa_generate_dss_pq(struct dsa_public_key *pub,
++_dsa_generate_dss_pq(struct dsa_params *pub,
+ struct dss_params_validation_seeds* cert,
+ unsigned seed_length, void* seed,
+ void *progress_ctx, nettle_progress_func *progress,
+ unsigned p_bits, unsigned q_bits);
+
+ int
+-_dsa_generate_dss_g(struct dsa_public_key *pub,
++_dsa_generate_dss_g(struct dsa_params *pub,
+ unsigned domain_seed_size, const uint8_t* domain_seed,
+ void *progress_ctx, nettle_progress_func * progress,
+ unsigned index);
+
+ void
+-_dsa_generate_dss_xy(struct dsa_public_key *pub,
+- struct dsa_private_key *key,
++_dsa_generate_dss_xy(struct dsa_params *pub,
++ mpz_t y,
++ mpz_t x,
+ void *random_ctx, nettle_random_func *random);
+
+ #define DIGEST_SIZE SHA384_DIGEST_SIZE
+diff --git a/lib/nettle/int/dsa-keygen-fips186.c b/lib/nettle/int/dsa-keygen-fips186.c
+index 1ac9441..efe81ed 100644
+--- a/lib/nettle/int/dsa-keygen-fips186.c
++++ b/lib/nettle/int/dsa-keygen-fips186.c
+@@ -65,7 +65,7 @@ unsigned _dsa_check_qp_sizes(unsigned q_bits, unsigned p_bits, unsigned generate
+ * The hash function used is SHA384.
+ */
+ int
+-_dsa_generate_dss_pq(struct dsa_public_key *pub,
++_dsa_generate_dss_pq(struct dsa_params *params,
+ struct dss_params_validation_seeds *cert,
+ unsigned seed_length, void *seed,
+ void *progress_ctx, nettle_progress_func * progress,
+@@ -106,7 +106,7 @@ _dsa_generate_dss_pq(struct dsa_public_key *pub,
+ cert->qseed_length = sizeof(cert->qseed);
+ cert->pseed_length = sizeof(cert->pseed);
+
+- ret = st_provable_prime(pub->q,
++ ret = st_provable_prime(params->q,
+ &cert->qseed_length, cert->qseed,
+ &cert->qgen_counter,
+ q_bits,
+@@ -162,24 +162,24 @@ _dsa_generate_dss_pq(struct dsa_public_key *pub,
+
+ /* t = u[x/2c0] */
+ mpz_mul_2exp(dp0, p0, 1); /* dp0 = 2*p0 */
+- mpz_mul(dp0, dp0, pub->q); /* dp0 = 2*p0*q */
++ mpz_mul(dp0, dp0, params->q); /* dp0 = 2*p0*q */
+
+ mpz_cdiv_q(t, tmp, dp0);
+
+ retry:
+ /* c = 2p0*q*t + 1 */
+- mpz_mul(pub->p, dp0, t);
+- mpz_add_ui(pub->p, pub->p, 1);
++ mpz_mul(params->p, dp0, t);
++ mpz_add_ui(params->p, params->p, 1);
+
+- if (mpz_sizeinbase(pub->p, 2) > p_bits) {
++ if (mpz_sizeinbase(params->p, 2) > p_bits) {
+ /* t = 2^(bits-1)/2qp0 */
+ mpz_set_ui(tmp, 1);
+ mpz_mul_2exp(tmp, tmp, p_bits - 1);
+ mpz_cdiv_q(t, tmp, dp0);
+
+ /* p = t* 2tq p0 + 1 */
+- mpz_mul(pub->p, dp0, t);
+- mpz_add_ui(pub->p, pub->p, 1);
++ mpz_mul(params->p, dp0, t);
++ mpz_add_ui(params->p, params->p, 1);
+ }
+
+ cert->pgen_counter++;
+@@ -204,20 +204,20 @@ _dsa_generate_dss_pq(struct dsa_public_key *pub,
+ nettle_mpz_get_str_256(cert->pseed_length, cert->pseed, s);
+
+ /* a = 2 + (a mod (p-3)) */
+- mpz_sub_ui(tmp, pub->p, 3); /* c is too large to worry about negatives */
++ mpz_sub_ui(tmp, params->p, 3); /* c is too large to worry about negatives */
+ mpz_mod(r, r, tmp);
+ mpz_add_ui(r, r, 2);
+
+ /* z = a^(2tq) mod p */
+ mpz_mul_2exp(tmp, t, 1); /* tmp = 2t */
+- mpz_mul(tmp, tmp, pub->q); /* tmp = 2tq */
+- mpz_powm(z, r, tmp, pub->p);
++ mpz_mul(tmp, tmp, params->q); /* tmp = 2tq */
++ mpz_powm(z, r, tmp, params->p);
+
+ mpz_sub_ui(tmp, z, 1);
+
+- mpz_gcd(tmp, tmp, pub->p);
++ mpz_gcd(tmp, tmp, params->p);
+ if (mpz_cmp_ui(tmp, 1) == 0) {
+- mpz_powm(tmp, z, p0, pub->p);
++ mpz_powm(tmp, z, p0, params->p);
+ if (mpz_cmp_ui(tmp, 1) == 0) {
+ goto success;
+ }
+@@ -255,7 +255,7 @@ _dsa_generate_dss_pq(struct dsa_public_key *pub,
+ }
+
+ int
+-_dsa_generate_dss_g(struct dsa_public_key *pub,
++_dsa_generate_dss_g(struct dsa_params *params,
+ unsigned domain_seed_size, const uint8_t* domain_seed,
+ void *progress_ctx, nettle_progress_func * progress,
+ unsigned index)
+@@ -288,8 +288,8 @@ _dsa_generate_dss_g(struct dsa_public_key *pub,
+ *(dseed + pos) = (uint8_t) index;
+ pos += 1;
+
+- mpz_sub_ui(e, pub->p, 1);
+- mpz_fdiv_q(e, e, pub->q);
++ mpz_sub_ui(e, params->p, 1);
++ mpz_fdiv_q(e, e, params->q);
+
+ for (count = 1; count < 65535; count++) {
+ *(dseed + pos) = (count >> 8) & 0xff;
+@@ -299,9 +299,9 @@ _dsa_generate_dss_g(struct dsa_public_key *pub,
+
+ nettle_mpz_set_str_256_u(w, DIGEST_SIZE, digest);
+
+- mpz_powm(pub->g, w, e, pub->p);
++ mpz_powm(params->g, w, e, params->p);
+
+- if (mpz_cmp_ui(pub->g, 2) >= 0) {
++ if (mpz_cmp_ui(params->g, 2) >= 0) {
+ /* found */
+ goto success;
+ }
+@@ -332,19 +332,19 @@ _dsa_generate_dss_g(struct dsa_public_key *pub,
+ /* Generates the public and private DSA (or DH) keys
+ */
+ void
+-_dsa_generate_dss_xy(struct dsa_public_key *pub,
+- struct dsa_private_key *key,
++_dsa_generate_dss_xy(struct dsa_params *params,
++ mpz_t y, mpz_t x,
+ void *random_ctx, nettle_random_func * random)
+ {
+ mpz_t r;
+
+ mpz_init(r);
+- mpz_set(r, pub->q);
++ mpz_set(r, params->q);
+ mpz_sub_ui(r, r, 2);
+- nettle_mpz_random(key->x, random_ctx, random, r);
+- mpz_add_ui(key->x, key->x, 1);
++ nettle_mpz_random(x, random_ctx, random, r);
++ mpz_add_ui(x, x, 1);
+
+- mpz_powm(pub->y, pub->g, key->x, pub->p);
++ mpz_powm(y, params->g, x, params->p);
+
+ mpz_clear(r);
+ }
+@@ -364,7 +364,7 @@ _dsa_generate_dss_xy(struct dsa_public_key *pub,
+ *
+ */
+ int
+-dsa_generate_dss_pqg(struct dsa_public_key *pub,
++dsa_generate_dss_pqg(struct dsa_params *params,
+ struct dss_params_validation_seeds *cert,
+ unsigned index,
+ void *random_ctx, nettle_random_func * random,
+@@ -386,7 +386,7 @@ dsa_generate_dss_pqg(struct dsa_public_key *pub,
+
+ random(random_ctx, cert->seed_length, cert->seed);
+
+- ret = _dsa_generate_dss_pq(pub, cert, cert->seed_length, cert->seed,
++ ret = _dsa_generate_dss_pq(params, cert, cert->seed_length, cert->seed,
+ progress_ctx, progress, p_bits, q_bits);
+ if (ret == 0)
+ return 0;
+@@ -395,7 +395,7 @@ dsa_generate_dss_pqg(struct dsa_public_key *pub,
+ memcpy(domain_seed, cert->seed, cert->seed_length);
+ memcpy(&domain_seed[cert->seed_length], cert->pseed, cert->pseed_length);
+ memcpy(&domain_seed[cert->seed_length+cert->pseed_length], cert->qseed, cert->qseed_length);
+- ret = _dsa_generate_dss_g(pub, domain_seed_size, domain_seed,
++ ret = _dsa_generate_dss_g(params, domain_seed_size, domain_seed,
+ progress_ctx, progress, index);
+ if (ret == 0)
+ return 0;
+@@ -405,12 +405,13 @@ dsa_generate_dss_pqg(struct dsa_public_key *pub,
+ }
+
+ int
+-dsa_generate_dss_keypair(struct dsa_public_key *pub,
+- struct dsa_private_key *key,
++dsa_generate_dss_keypair(struct dsa_params *params,
++ mpz_t y,
++ mpz_t x,
+ void *random_ctx, nettle_random_func * random,
+ void *progress_ctx, nettle_progress_func * progress)
+ {
+- _dsa_generate_dss_xy(pub, key, random_ctx, random);
++ _dsa_generate_dss_xy(params, y, x, random_ctx, random);
+
+ if (progress)
+ progress(progress_ctx, '\n');
+diff --git a/lib/nettle/int/dsa-validate.c b/lib/nettle/int/dsa-validate.c
+index daa39da..b86ef3d 100644
+--- a/lib/nettle/int/dsa-validate.c
++++ b/lib/nettle/int/dsa-validate.c
+@@ -48,7 +48,7 @@
+ *
+ */
+ int
+-dsa_validate_dss_pqg(struct dsa_public_key *pub,
++dsa_validate_dss_pqg(struct dsa_params *pub,
+ struct dss_params_validation_seeds *cert, unsigned index)
+ {
+ int ret;
+@@ -72,12 +72,12 @@ dsa_validate_dss_pqg(struct dsa_public_key *pub,
+ }
+
+ int
+-_dsa_validate_dss_g(struct dsa_public_key *pub,
++_dsa_validate_dss_g(struct dsa_params *pub,
+ unsigned domain_seed_size, const uint8_t *domain_seed, unsigned index)
+ {
+ int ret;
+ unsigned p_bits, q_bits;
+- struct dsa_public_key pub2;
++ struct dsa_params pub2;
+ mpz_t r;
+
+ p_bits = mpz_sizeinbase(pub->p, 2);
+@@ -89,7 +89,7 @@ _dsa_validate_dss_g(struct dsa_public_key *pub,
+ }
+
+ mpz_init(r);
+- dsa_public_key_init(&pub2);
++ dsa_params_init(&pub2);
+
+ mpz_set(pub2.p, pub->p);
+ mpz_set(pub2.q, pub->q);
+@@ -132,19 +132,19 @@ _dsa_validate_dss_g(struct dsa_public_key *pub,
+ ret = 0;
+
+ finish:
+- dsa_public_key_clear(&pub2);
++ dsa_params_clear(&pub2);
+ mpz_clear(r);
+
+ return ret;
+ }
+
+ int
+-_dsa_validate_dss_pq(struct dsa_public_key *pub,
++_dsa_validate_dss_pq(struct dsa_params *pub,
+ struct dss_params_validation_seeds *cert)
+ {
+ int ret;
+ unsigned p_bits, q_bits;
+- struct dsa_public_key pub2;
++ struct dsa_params pub2;
+ struct dss_params_validation_seeds cert2;
+ mpz_t r, s;
+
+@@ -158,7 +158,7 @@ _dsa_validate_dss_pq(struct dsa_public_key *pub,
+
+ mpz_init(r);
+ mpz_init(s);
+- dsa_public_key_init(&pub2);
++ dsa_params_init(&pub2);
+
+ nettle_mpz_set_str_256_u(s, cert->seed_length, cert->seed);
+
+@@ -235,7 +235,7 @@ _dsa_validate_dss_pq(struct dsa_public_key *pub,
+ ret = 0;
+
+ finish:
+- dsa_public_key_clear(&pub2);
++ dsa_params_clear(&pub2);
+ mpz_clear(r);
+ mpz_clear(s);
+
+diff --git a/lib/nettle/int/gcm-camellia.c b/lib/nettle/int/gcm-camellia.c
+deleted file mode 100644
+index cebb476..0000000
+--- a/lib/nettle/int/gcm-camellia.c
++++ /dev/null
+@@ -1,78 +0,0 @@
+-/*
+- * Copyright (C) 2013 Nikos Mavrogiannopoulos
+- *
+- * Author: Nikos Mavrogiannopoulos
+- *
+- * This file is part of GNUTLS.
+- *
+- * The GNUTLS library is free software; you can redistribute it and/or
+- * modify it under the terms of the GNU Lesser General Public License
+- * as published by the Free Software Foundation; either version 2.1 of
+- * the License, or (at your option) any later version.
+- *
+- * This library is distributed in the hope that it will be useful, but
+- * WITHOUT ANY WARRANTY; without even the implied warranty of
+- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+- * Lesser General Public License for more details.
+- *
+- * You should have received a copy of the GNU Lesser General Public License
+- * along with this program. If not, see <http://www.gnu.org/licenses/>
+- *
+- */
+-
+-/* gcm_camellia.c
+- *
+- * Galois counter mode using Camellia as the underlying cipher.
+- */
+-
+-#if HAVE_CONFIG_H
+-#include "config.h"
+-#endif
+-
+-#include <nettle/gcm.h>
+-#include <nettle/camellia.h>
+-#include <gcm-camellia.h>
+-
+-void
+-_gcm_camellia_set_key(struct _gcm_camellia_ctx *ctx, unsigned length,
+- const uint8_t * key)
+-{
+- GCM_SET_KEY(ctx, camellia_set_encrypt_key, camellia_crypt, length,
+- key);
+-}
+-
+-void
+-_gcm_camellia_set_iv(struct _gcm_camellia_ctx *ctx,
+- unsigned length, const uint8_t * iv)
+-{
+- GCM_SET_IV(ctx, length, iv);
+-}
+-
+-void
+-_gcm_camellia_update(struct _gcm_camellia_ctx *ctx, unsigned length,
+- const uint8_t * data)
+-{
+- GCM_UPDATE(ctx, length, data);
+-}
+-
+-void
+-_gcm_camellia_encrypt(struct _gcm_camellia_ctx *ctx,
+- unsigned length, uint8_t * dst, const uint8_t * src)
+-{
+- GCM_ENCRYPT(ctx, camellia_crypt, length, dst, src);
+-}
+-
+-void
+-_gcm_camellia_decrypt(struct _gcm_camellia_ctx *ctx,
+- unsigned length, uint8_t * dst, const uint8_t * src)
+-{
+- GCM_DECRYPT(ctx, camellia_crypt, length, dst, src);
+-}
+-
+-void
+-_gcm_camellia_digest(struct _gcm_camellia_ctx *ctx,
+- unsigned length, uint8_t * digest)
+-{
+- GCM_DIGEST(ctx, camellia_crypt, length, digest);
+-
+-}
+diff --git a/lib/nettle/int/gcm-camellia.h b/lib/nettle/int/gcm-camellia.h
+deleted file mode 100644
+index 0baabb1..0000000
+--- a/lib/nettle/int/gcm-camellia.h
++++ /dev/null
+@@ -1,38 +0,0 @@
+-/*
+- * Copyright (C) 2013 Nikos Mavrogiannopoulos
+- *
+- * Author: Nikos Mavrogiannopoulos
+- *
+- * This file is part of GNUTLS.
+- *
+- * The GNUTLS library is free software; you can redistribute it and/or
+- * modify it under the terms of the GNU Lesser General Public License
+- * as published by the Free Software Foundation; either version 2.1 of
+- * the License, or (at your option) any later version.
+- *
+- * This library is distributed in the hope that it will be useful, but
+- * WITHOUT ANY WARRANTY; without even the implied warranty of
+- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+- * Lesser General Public License for more details.
+- *
+- * You should have received a copy of the GNU Lesser General Public License
+- * along with this program. If not, see <http://www.gnu.org/licenses/>
+- *
+- */
+-
+-#include <nettle/camellia.h>
+-
+-struct _gcm_camellia_ctx GCM_CTX(struct camellia_ctx);
+-
+-void _gcm_camellia_set_key(struct _gcm_camellia_ctx *ctx, unsigned length,
+- const uint8_t * key);
+-void _gcm_camellia_set_iv(struct _gcm_camellia_ctx *ctx, unsigned length,
+- const uint8_t * iv);
+-void _gcm_camellia_update(struct _gcm_camellia_ctx *ctx, unsigned length,
+- const uint8_t * data);
+-void _gcm_camellia_encrypt(struct _gcm_camellia_ctx *ctx, unsigned length,
+- uint8_t * dst, const uint8_t * src);
+-void _gcm_camellia_decrypt(struct _gcm_camellia_ctx *ctx, unsigned length,
+- uint8_t * dst, const uint8_t * src);
+-void _gcm_camellia_digest(struct _gcm_camellia_ctx *ctx, unsigned length,
+- uint8_t * digest);
+diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
+index 66815f0..11f2c8d 100644
+--- a/lib/nettle/pk.c
++++ b/lib/nettle/pk.c
+@@ -53,7 +53,7 @@
+
+ static inline const struct ecc_curve *get_supported_curve(int curve);
+
+-static void rnd_func(void *_ctx, unsigned length, uint8_t * data)
++static void rnd_func(void *_ctx, size_t length, uint8_t * data)
+ {
+ if (_gnutls_rnd(GNUTLS_RND_RANDOM, data, length) < 0) {
+ #ifdef ENABLE_FIPS140
+@@ -78,26 +78,15 @@ ecc_point_zclear (struct ecc_point *p)
+ ecc_point_clear(p);
+ }
+
+-
+ static void
+-_dsa_params_to_pubkey(const gnutls_pk_params_st * pk_params,
+- struct dsa_public_key *pub)
++_dsa_params_get(const gnutls_pk_params_st * pk_params,
++ struct dsa_params *pub)
+ {
+ memcpy(pub->p, pk_params->params[DSA_P], SIZEOF_MPZT);
+
+ if (pk_params->params[DSA_Q])
+ memcpy(&pub->q, pk_params->params[DSA_Q], sizeof(mpz_t));
+ memcpy(pub->g, pk_params->params[DSA_G], SIZEOF_MPZT);
+-
+- if (pk_params->params[DSA_Y] != NULL)
+- memcpy(pub->y, pk_params->params[DSA_Y], SIZEOF_MPZT);
+-}
+-
+-static void
+-_dsa_params_to_privkey(const gnutls_pk_params_st * pk_params,
+- struct dsa_private_key *pub)
+-{
+- memcpy(pub->x, pk_params->params[4], SIZEOF_MPZT);
+ }
+
+ static void
+@@ -384,7 +373,7 @@ _wrap_nettle_pk_decrypt(gnutls_pk_algorithm_t algo,
+ {
+ struct rsa_private_key priv;
+ struct rsa_public_key pub;
+- unsigned length;
++ size_t length;
+ bigint_t c;
+
+ _rsa_params_to_privkey(pk_params, &priv);
+@@ -508,14 +497,15 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
+ }
+ case GNUTLS_PK_DSA:
+ {
+- struct dsa_public_key pub;
+- struct dsa_private_key priv;
++ struct dsa_params pub;
++ bigint_t priv;
+ struct dsa_signature sig;
+
+ memset(&priv, 0, sizeof(priv));
+ memset(&pub, 0, sizeof(pub));
+- _dsa_params_to_pubkey(pk_params, &pub);
+- _dsa_params_to_privkey(pk_params, &priv);
++ _dsa_params_get(pk_params, &pub);
++
++ priv = pk_params->params[DSA_X];
+
+ dsa_signature_init(&sig);
+
+@@ -531,8 +521,8 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
+ }
+
+ ret =
+- _dsa_sign(&pub, &priv, NULL, rnd_func,
+- hash_len, vdata->data, &sig);
++ dsa_sign(&pub, TOMPZ(priv), NULL, rnd_func,
++ hash_len, vdata->data, &sig);
+ if (ret == 0) {
+ gnutls_assert();
+ ret = GNUTLS_E_PK_SIGN_FAILED;
+@@ -659,8 +649,9 @@ _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo,
+ }
+ case GNUTLS_PK_DSA:
+ {
+- struct dsa_public_key pub;
++ struct dsa_params pub;
+ struct dsa_signature sig;
++ bigint_t y;
+
+ ret =
+ _gnutls_decode_ber_rs(signature, &tmp[0],
+@@ -670,7 +661,9 @@ _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo,
+ goto cleanup;
+ }
+ memset(&pub, 0, sizeof(pub));
+- _dsa_params_to_pubkey(pk_params, &pub);
++ _dsa_params_get(pk_params, &pub);
++ y = pk_params->params[DSA_Y];
++
+ memcpy(sig.r, tmp[0], SIZEOF_MPZT);
+ memcpy(sig.s, tmp[1], SIZEOF_MPZT);
+
+@@ -680,7 +673,7 @@ _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo,
+ hash_len = vdata->size;
+
+ ret =
+- _dsa_verify(&pub, hash_len, vdata->data, &sig);
++ dsa_verify(&pub, TOMPZ(y), hash_len, vdata->data, &sig);
+ if (ret == 0) {
+ gnutls_assert();
+ ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
+@@ -777,15 +770,13 @@ wrap_nettle_pk_generate_params(gnutls_pk_algorithm_t algo,
+ case GNUTLS_PK_DSA:
+ case GNUTLS_PK_DH:
+ {
+- struct dsa_public_key pub;
+- struct dsa_private_key priv;
++ struct dsa_params pub;
+ #ifdef ENABLE_FIPS140
+ struct dss_params_validation_seeds cert;
+ unsigned index;
+ #endif
+
+- dsa_public_key_init(&pub);
+- dsa_private_key_init(&priv);
++ dsa_params_init(&pub);
+
+ if (GNUTLS_BITS_HAVE_SUBGROUP(level)) {
+ q_bits = GNUTLS_BITS_TO_SUBGROUP(level);
+@@ -826,19 +817,11 @@ wrap_nettle_pk_generate_params(gnutls_pk_algorithm_t algo,
+ } else
+ #endif
+ {
+- /* unfortunately nettle only accepts 160 or 256
+- * q_bits size. The check below makes sure we handle
+- * cases in between by rounding up, but fail when
+- * larger numbers are requested. */
+ if (q_bits < 160)
+ q_bits = 160;
+- else if (q_bits > 160 && q_bits <= 256)
+- q_bits = 256;
+- ret =
+- dsa_generate_keypair(&pub, &priv,
+- NULL, rnd_func,
+- NULL, NULL,
+- level, q_bits);
++
++ ret = dsa_generate_params(&pub, NULL, rnd_func,
++ NULL, NULL, level, q_bits);
+ if (ret != 1) {
+ gnutls_assert();
+ ret = GNUTLS_E_PK_GENERATION_ERROR;
+@@ -863,8 +846,7 @@ wrap_nettle_pk_generate_params(gnutls_pk_algorithm_t algo,
+ ret = 0;
+
+ dsa_fail:
+- dsa_private_key_clear(&priv);
+- dsa_public_key_clear(&pub);
++ dsa_params_clear(&pub);
+
+ if (ret < 0)
+ goto fail;
+@@ -1152,19 +1134,19 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo,
+ case GNUTLS_PK_DSA:
+ #ifdef ENABLE_FIPS140
+ if (_gnutls_fips_mode_enabled() != 0) {
+- struct dsa_public_key pub;
+- struct dsa_private_key priv;
++ struct dsa_params pub;
++ mpz_t x, y;
+
+ if (params->params[DSA_Q] == NULL)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+- _dsa_params_to_pubkey(params, &pub);
++ _dsa_params_get(params, &pub);
+
+- dsa_private_key_init(&priv);
+- mpz_init(pub.y);
++ mpz_init(x);
++ mpz_init(y);
+
+ ret =
+- dsa_generate_dss_keypair(&pub, &priv,
++ dsa_generate_dss_keypair(&pub, y, x,
+ NULL, rnd_func,
+ NULL, NULL);
+ if (ret != 1) {
+@@ -1179,13 +1161,13 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo,
+ goto dsa_fail;
+ }
+
+- mpz_set(TOMPZ(params->params[DSA_Y]), pub.y);
+- mpz_set(TOMPZ(params->params[DSA_X]), priv.x);
++ mpz_set(TOMPZ(params->params[DSA_Y]), y);
++ mpz_set(TOMPZ(params->params[DSA_X]), x);
+ params->params_nr += 2;
+
+ dsa_fail:
+- dsa_private_key_clear(&priv);
+- mpz_clear(pub.y);
++ mpz_clear(x);
++ mpz_clear(y);
+
+ if (ret < 0)
+ goto fail;
+@@ -1195,7 +1177,7 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo,
+ #endif
+ case GNUTLS_PK_DH:
+ {
+- struct dsa_public_key pub;
++ struct dsa_params pub;
+ mpz_t r;
+ mpz_t x, y;
+ int max_tries;
+@@ -1204,7 +1186,7 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo,
+ if (algo != params->algo)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+- _dsa_params_to_pubkey(params, &pub);
++ _dsa_params_get(params, &pub);
+
+ if (params->params[DSA_Q] != NULL)
+ have_q = 1;
+diff --git a/m4/hooks.m4 b/m4/hooks.m4
+index be6dc82..4aa05aa 100644
+--- a/m4/hooks.m4
++++ b/m4/hooks.m4
+@@ -61,13 +61,13 @@ AC_DEFUN([LIBGNUTLS_HOOKS],
+ DLL_VERSION=`expr ${LT_CURRENT} - ${LT_AGE}`
+ AC_SUBST(DLL_VERSION)
+
+- PKG_CHECK_MODULES(NETTLE, [nettle >= 2.7 nettle < 3.0], [cryptolib="nettle"], [
++ PKG_CHECK_MODULES(NETTLE, [nettle >= 3.0], [cryptolib="nettle"], [
+ AC_MSG_ERROR([[
+ ***
+- *** Libnettle 2.7.1 was not found. Note that this version of gnutls doesn't support nettle 3.0.
++ *** Libnettle 3.0 was not found.
+ ]])
+ ])
+- PKG_CHECK_MODULES(HOGWEED, [hogweed >= 2.7], [], [
++ PKG_CHECK_MODULES(HOGWEED, [hogweed >= 3.0], [], [
+ AC_MSG_ERROR([[
+ ***
+ *** Libhogweed (nettle's companion library) was not found. Note that you must compile nettle with gmp support.
+diff --git a/tests/dsa/testdsa b/tests/dsa/testdsa
+index 4da172f..e49d134 100755
+--- a/tests/dsa/testdsa
++++ b/tests/dsa/testdsa
+@@ -100,16 +100,16 @@ wait
+
+ # DSA 2048 + TLS 1.0
+
+-echo "Checking DSA-2048 with TLS 1.0"
++#echo "Checking DSA-2048 with TLS 1.0"
+
+-launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile $srcdir/cert.dsa.2048.pem --x509keyfile $srcdir/dsa.2048.pem >/dev/null 2>&1 & PID=$!
+-wait_server $PID
++#launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile $srcdir/cert.dsa.2048.pem --x509keyfile $srcdir/dsa.2048.pem >/dev/null 2>&1 & PID=$!
++#wait_server $PID
+
+-$CLI $DEBUG -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null 2>&1 && \
+- fail $PID "Succeeded connection to a server with DSA 2048 key and TLS 1.0. Should have failed!"
++#$CLI $DEBUG -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null 2>&1 && \
++# fail $PID "Succeeded connection to a server with DSA 2048 key and TLS 1.0. Should have failed!"
+
+-kill $PID
+-wait
++#kill $PID
++#wait
+
+ # DSA 2048 + TLS 1.2
+
+@@ -126,16 +126,16 @@ wait
+
+ # DSA 3072 + TLS 1.0
+
+-echo "Checking DSA-3072 with TLS 1.0"
+-
+-launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile $srcdir/cert.dsa.3072.pem --x509keyfile $srcdir/dsa.3072.pem >/dev/null 2>&1 & PID=$!
+-wait_server $PID
+-
+-$CLI $DEBUG -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null 2>&1 && \
+- fail $PID "Succeeded connection to a server with DSA 3072 key and TLS 1.0. Should have failed!"
++#echo "Checking DSA-3072 with TLS 1.0"
+
+-kill $PID
+-wait
++#launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile $srcdir/cert.dsa.3072.pem --x509keyfile $srcdir/dsa.3072.pem >/dev/null 2>&1 & PID=$!
++#wait_server $PID
++#
++#$CLI $DEBUG -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null 2>&1 && \
++# fail $PID "Succeeded connection to a server with DSA 3072 key and TLS 1.0. Should have failed!"
++#
++#kill $PID
++#wait
+
+ # DSA 3072 + TLS 1.2
+
+diff --git a/tests/slow/Makefile.am b/tests/slow/Makefile.am
+index 1b82e17..d370bbc 100644
+--- a/tests/slow/Makefile.am
++++ b/tests/slow/Makefile.am
+@@ -30,7 +30,7 @@ endif
+
+ AM_LDFLAGS = -no-install
+ LDADD = ../libutils.la \
+- $(top_builddir)/lib/libgnutls.la $(LTLIBGCRYPT) $(LIBSOCKET)
++ $(top_builddir)/lib/libgnutls.la $(LIBSOCKET)
+
+ if !ENABLE_SELF_CHECKS
+ cipher_test_CPPFLAGS = $(AM_CPPFLAGS) -I$(top_builddir)/lib/ -I$(top_builddir)/gl/
diff --git a/sources b/sources
index f7bfc51..1da8bcb 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-f5a7efed423f07e1336161f492edf478 gnutls-3.3.14-hobbled.tar.xz
+77cd6817f2051d457aab6679340e02dd gnutls-3.3.15-hobbled.tar.xz
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/compat-gnutls28.git/commit/?h=master&id=843fa69d57edffb3cc44b8a0f955fa8c5fbff2ce
More information about the scm-commits
mailing list