[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, gnutls_3_0_x, updated. gnutls_3_0_1-103-g5b310b
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, gnutls_3_0_x, updated. gnutls_3_0_1-103-g5b310b5 |
|
Date: |
Thu, 08 Sep 2011 15:57:29 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=5b310b5d0381166f99261a78a1ff2fdc2c1fb1de
The branch, gnutls_3_0_x has been updated
via 5b310b5d0381166f99261a78a1ff2fdc2c1fb1de (commit)
via 8c1f6e123b1e6aa852c2a823008e3dbf5ef0dd6b (commit)
via d0873ee0cb075836c874d44984bb80c7b0b9b602 (commit)
from ed4cfd5b34dea9525033e0f4e9b452340a6b5d01 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 5b310b5d0381166f99261a78a1ff2fdc2c1fb1de
Merge: ed4cfd5 8c1f6e1
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Sep 8 17:57:32 2011 +0200
Merge branch 'master' into gnutls_3_0_x
-----------------------------------------------------------------------
Summary of changes:
lib/accelerated/intel/Makefile.am | 2 +-
lib/accelerated/intel/aes-gcm-padlock.c | 162 ++++++++++++++++++++
lib/accelerated/intel/{padlock.c => aes-padlock.c} | 122 +++++++--------
lib/accelerated/intel/aes-padlock.h | 45 ++++++
lib/accelerated/intel/aes-x86.h | 2 +-
lib/gnutls_handshake.c | 25 +---
lib/gnutls_sig.c | 22 +--
lib/gnutls_srp.c | 5 +-
lib/gnutls_state.c | 10 +-
lib/gnutls_ui.c | 12 +-
lib/nettle/mac.c | 2 +-
11 files changed, 287 insertions(+), 122 deletions(-)
create mode 100644 lib/accelerated/intel/aes-gcm-padlock.c
rename lib/accelerated/intel/{padlock.c => aes-padlock.c} (64%)
create mode 100644 lib/accelerated/intel/aes-padlock.h
diff --git a/lib/accelerated/intel/Makefile.am
b/lib/accelerated/intel/Makefile.am
index 59ea536..a0ea333 100644
--- a/lib/accelerated/intel/Makefile.am
+++ b/lib/accelerated/intel/Makefile.am
@@ -34,7 +34,7 @@ EXTRA_DIST = aes-x86.h README license.txt
noinst_LTLIBRARIES = libintel.la
-libintel_la_SOURCES = aes-x86.c padlock.c
+libintel_la_SOURCES = aes-x86.c aes-padlock.c aes-gcm-padlock.c
if ASM_X86_64
AM_CPPFLAGS += -DASM_X86_64
diff --git a/lib/accelerated/intel/aes-gcm-padlock.c
b/lib/accelerated/intel/aes-gcm-padlock.c
new file mode 100644
index 0000000..241f563
--- /dev/null
+++ b/lib/accelerated/intel/aes-gcm-padlock.c
@@ -0,0 +1,162 @@
+/*
+ * Copyright (C) 2011 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 3 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+/*
+ * The following code is an implementation of the AES-128-CBC cipher
+ * using intel's AES instruction set. It is based on Intel reference
+ * code.
+ */
+
+#include <gnutls_errors.h>
+#include <gnutls_int.h>
+
+#ifdef HAVE_LIBNETTLE
+
+#include <gnutls/crypto.h>
+#include <gnutls_errors.h>
+#include <aes-x86.h>
+#include <x86.h>
+#include <byteswap.h>
+#include <nettle/gcm.h>
+#include <aes-padlock.h>
+
+#define GCM_BLOCK_SIZE 16
+
+/* GCM mode
+ * Actually padlock doesn't include GCM mode. We just use
+ * the ECB part of padlock and nettle for everything else.
+ */
+
+struct gcm_padlock_aes_ctx GCM_CTX(struct padlock_ctx);
+
+static void padlock_aes_encrypt(void *_ctx,
+ unsigned length, uint8_t *dst,
+ const uint8_t *src)
+{
+ padlock_aes_ecb_encrypt(_ctx, src, length, dst, length);
+}
+
+static void padlock_aes_set_encrypt_key(struct padlock_ctx *_ctx,
+ unsigned length, const uint8_t *key)
+{
+ padlock_aes_cipher_setkey(_ctx, key, length);
+}
+
+static void
+aes_gcm_deinit (void *_ctx)
+{
+ gnutls_free (_ctx);
+}
+
+static int
+aes_gcm_cipher_init (gnutls_cipher_algorithm_t algorithm, void **_ctx, int enc)
+{
+ /* we use key size to distinguish */
+ if (algorithm != GNUTLS_CIPHER_AES_128_GCM &&
+ algorithm != GNUTLS_CIPHER_AES_256_GCM)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ *_ctx = gnutls_calloc (1, sizeof (struct gcm_padlock_aes_ctx));
+ if (*_ctx == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return 0;
+}
+
+static int
+aes_gcm_cipher_setkey (void *_ctx, const void *userkey, size_t keysize)
+{
+ struct gcm_padlock_aes_ctx *ctx = _ctx;
+ int ret;
+
+ GCM_SET_KEY(ctx, padlock_aes_set_encrypt_key, padlock_aes_encrypt, keysize,
userkey);
+
+ return 0;
+}
+
+static int
+aes_gcm_setiv (void *_ctx, const void *iv, size_t iv_size)
+{
+ struct gcm_padlock_aes_ctx *ctx = _ctx;
+
+ if (iv_size != GCM_BLOCK_SIZE - 4)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ GCM_SET_IV(ctx, iv_size, iv);
+
+ return 0;
+}
+
+static int
+aes_gcm_encrypt (void *_ctx, const void *src, size_t src_size,
+ void *dst, size_t length)
+{
+ struct gcm_padlock_aes_ctx *ctx = _ctx;
+
+ GCM_ENCRYPT(ctx, padlock_aes_encrypt, src_size, dst, src);
+
+ return 0;
+}
+
+static int
+aes_gcm_decrypt (void *_ctx, const void *src, size_t src_size,
+ void *dst, size_t dst_size)
+{
+ struct gcm_padlock_aes_ctx *ctx = _ctx;
+
+ GCM_DECRYPT(ctx, padlock_aes_encrypt, src_size, dst, src);
+ return 0;
+}
+
+static int
+aes_gcm_auth (void *_ctx, const void *src, size_t src_size)
+{
+ struct gcm_padlock_aes_ctx *ctx = _ctx;
+
+ GCM_UPDATE(ctx, src_size, src);
+
+ return 0;
+}
+
+static void
+aes_gcm_tag (void *_ctx, void *tag, size_t tagsize)
+{
+ struct gcm_padlock_aes_ctx *ctx = _ctx;
+
+ GCM_DIGEST(ctx, padlock_aes_encrypt, tagsize, tag);
+}
+
+const gnutls_crypto_cipher_st aes_gcm_padlock_struct = {
+ .init = aes_gcm_cipher_init,
+ .setkey = aes_gcm_cipher_setkey,
+ .setiv = aes_gcm_setiv,
+ .encrypt = aes_gcm_encrypt,
+ .decrypt = aes_gcm_decrypt,
+ .deinit = aes_gcm_deinit,
+ .tag = aes_gcm_tag,
+ .auth = aes_gcm_auth,
+};
+
+#endif
diff --git a/lib/accelerated/intel/padlock.c
b/lib/accelerated/intel/aes-padlock.c
similarity index 64%
rename from lib/accelerated/intel/padlock.c
rename to lib/accelerated/intel/aes-padlock.c
index 403a9d8..88bf934 100644
--- a/lib/accelerated/intel/padlock.c
+++ b/lib/accelerated/intel/aes-padlock.c
@@ -32,49 +32,9 @@
#include <aes-x86.h>
#include <x86.h>
#ifdef HAVE_LIBNETTLE
-# include <nettle/aes.h> /* for key generation in 192 and 256 bits */
+#include <nettle/aes.h> /* for key generation in 192 and 256 bits */
#endif
-
-struct padlock_cipher_data {
- unsigned char iv[16]; /* Initialization vector */
- union {
- unsigned int pad[4];
- struct {
- int rounds:4;
- int dgst:1; /* n/a in C3 */
- int align:1; /* n/a in C3 */
- int ciphr:1; /* n/a in C3 */
- unsigned int keygen:1;
- int interm:1;
- unsigned int encdec:1;
- int ksize:2;
- } b;
- } cword; /* Control word */
- AES_KEY ks; /* Encryption key */
-};
-
-struct padlock_ctx {
- struct padlock_cipher_data expanded_key;
- int enc;
-};
-
-unsigned int padlock_capability();
-void padlock_key_bswap(AES_KEY * key);
-void padlock_verify_context(struct padlock_cipher_data *ctx);
-void padlock_reload_key();
-void padlock_aes_block(void *out, const void *inp,
- struct padlock_cipher_data *ctx);
-int padlock_ecb_encrypt(void *out, const void *inp,
- struct padlock_cipher_data *ctx, size_t len);
-int padlock_cbc_encrypt(void *out, const void *inp,
- struct padlock_cipher_data *ctx, size_t len);
-int padlock_ctr32_encrypt(void *out, const void *inp,
- struct padlock_cipher_data *ctx, size_t len);
-void padlock_sha1_oneshot(void *ctx, const void *inp, size_t len);
-void padlock_sha1(void *ctx, const void *inp, size_t len);
-void padlock_sha256_oneshot(void *ctx, const void *inp, size_t len);
-void padlock_sha256(void *ctx, const void *inp, size_t len);
-
+#include <aes-padlock.h>
static int
aes_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx, int enc)
@@ -91,12 +51,11 @@ aes_cipher_init(gnutls_cipher_algorithm_t algorithm, void
**_ctx, int enc)
return GNUTLS_E_MEMORY_ERROR;
}
- ((struct padlock_ctx*)(*_ctx))->enc = enc;
+ ((struct padlock_ctx *) (*_ctx))->enc = enc;
return 0;
}
-static int
-aes_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)
+int padlock_aes_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)
{
struct padlock_ctx *ctx = _ctx;
struct padlock_cipher_data *pce;
@@ -126,12 +85,12 @@ aes_cipher_setkey(void *_ctx, const void *userkey, size_t
keysize)
case 32:
pce->cword.b.ksize = 2;
pce->cword.b.rounds = 14;
-common_24_32:
+ common_24_32:
/* expand key using nettle */
if (ctx->enc)
- aes_set_encrypt_key(&nc, keysize, userkey);
+ aes_set_encrypt_key(&nc, keysize, userkey);
else
- aes_set_decrypt_key(&nc, keysize, userkey);
+ aes_set_decrypt_key(&nc, keysize, userkey);
memcpy(pce->ks.rd_key, nc.keys, sizeof(nc.keys));
pce->ks.rounds = nc.nrounds;
@@ -142,8 +101,8 @@ common_24_32:
default:
return gnutls_assert_val(GNUTLS_E_ENCRYPTION_FAILED);
}
-
- padlock_reload_key ();
+
+ padlock_reload_key();
return 0;
}
@@ -161,7 +120,7 @@ static int aes_setiv(void *_ctx, const void *iv, size_t
iv_size)
static int
padlock_aes_encrypt(void *_ctx, const void *src, size_t src_size,
- void *dst, size_t dst_size)
+ void *dst, size_t dst_size)
{
struct padlock_ctx *ctx = _ctx;
struct padlock_cipher_data *pce;
@@ -173,9 +132,23 @@ padlock_aes_encrypt(void *_ctx, const void *src, size_t
src_size,
return 0;
}
+int
+padlock_aes_ecb_encrypt(void *_ctx, const void *src, size_t src_size,
+ void *dst, size_t dst_size)
+{
+ struct padlock_ctx *ctx = _ctx;
+ struct padlock_cipher_data *pce;
+
+ pce = ALIGN16(&ctx->expanded_key);
+
+ padlock_ecb_encrypt(dst, src, pce, src_size);
+
+ return 0;
+}
+
static int
padlock_aes_decrypt(void *_ctx, const void *src, size_t src_size,
- void *dst, size_t dst_size)
+ void *dst, size_t dst_size)
{
struct padlock_ctx *ctx = _ctx;
struct padlock_cipher_data *pcd;
@@ -192,9 +165,9 @@ static void aes_deinit(void *_ctx)
gnutls_free(_ctx);
}
-static const gnutls_crypto_cipher_st cipher_struct = {
+static const gnutls_crypto_cipher_st aes_padlock_struct = {
.init = aes_cipher_init,
- .setkey = aes_cipher_setkey,
+ .setkey = padlock_aes_cipher_setkey,
.setiv = aes_setiv,
.encrypt = padlock_aes_encrypt,
.decrypt = padlock_aes_decrypt,
@@ -232,27 +205,46 @@ void register_padlock_crypto(void)
_gnutls_debug_log("Padlock AES accelerator was detected\n");
ret =
gnutls_crypto_single_cipher_register(GNUTLS_CIPHER_AES_128_CBC,
- 80, &cipher_struct);
+ 80, &aes_padlock_struct);
if (ret < 0) {
gnutls_assert();
}
-#ifdef HAVE_LIBNETTLE
+ /* register GCM ciphers */
ret =
- gnutls_crypto_single_cipher_register(GNUTLS_CIPHER_AES_192_CBC,
- 80, &cipher_struct);
+ gnutls_crypto_single_cipher_register(GNUTLS_CIPHER_AES_128_GCM,
+ 80,
+ &aes_gcm_padlock_struct);
if (ret < 0) {
gnutls_assert();
}
- ret =
- gnutls_crypto_single_cipher_register(GNUTLS_CIPHER_AES_256_CBC,
- 80, &cipher_struct);
- if (ret < 0) {
- gnutls_assert();
- }
-#endif
+
+ if (ret >= 0)
+ _gnutls_priority_prefer_aes_gcm();
}
+#ifdef HAVE_LIBNETTLE
+ ret =
+ gnutls_crypto_single_cipher_register(GNUTLS_CIPHER_AES_192_CBC,
+ 80, &aes_padlock_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ ret =
+ gnutls_crypto_single_cipher_register(GNUTLS_CIPHER_AES_256_CBC,
+ 80, &aes_padlock_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ ret =
+ gnutls_crypto_single_cipher_register(GNUTLS_CIPHER_AES_256_GCM,
+ 80, &aes_gcm_padlock_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+#endif
return;
}
diff --git a/lib/accelerated/intel/aes-padlock.h
b/lib/accelerated/intel/aes-padlock.h
new file mode 100644
index 0000000..35e1e4a
--- /dev/null
+++ b/lib/accelerated/intel/aes-padlock.h
@@ -0,0 +1,45 @@
+#ifndef AES_PADLOCK_H
+# define AES_PADLOCK_H
+
+#include <gnutls_int.h>
+
+struct padlock_cipher_data {
+ unsigned char iv[16]; /* Initialization vector */
+ union {
+ unsigned int pad[4];
+ struct {
+ int rounds:4;
+ int dgst:1; /* n/a in C3 */
+ int align:1; /* n/a in C3 */
+ int ciphr:1; /* n/a in C3 */
+ unsigned int keygen:1;
+ int interm:1;
+ unsigned int encdec:1;
+ int ksize:2;
+ } b;
+ } cword; /* Control word */
+ AES_KEY ks; /* Encryption key */
+};
+
+struct padlock_ctx {
+ struct padlock_cipher_data expanded_key;
+ int enc;
+};
+
+extern const gnutls_crypto_cipher_st aes_gcm_padlock_struct;
+
+int padlock_aes_cipher_setkey(void *_ctx, const void *userkey, size_t keysize);
+int padlock_aes_ecb_encrypt(void *_ctx, const void *src, size_t src_size,
+ void *dst, size_t dst_size);
+
+/* asm */
+unsigned int padlock_capability();
+void padlock_reload_key();
+int padlock_ecb_encrypt(void *out, const void *inp,
+ struct padlock_cipher_data *ctx, size_t len);
+int padlock_cbc_encrypt(void *out, const void *inp,
+ struct padlock_cipher_data *ctx, size_t len);
+void padlock_sha1_oneshot(void *ctx, const void *inp, size_t len);
+void padlock_sha256_oneshot(void *ctx, const void *inp, size_t len);
+
+#endif
diff --git a/lib/accelerated/intel/aes-x86.h b/lib/accelerated/intel/aes-x86.h
index 7692ab3..7b842c4 100644
--- a/lib/accelerated/intel/aes-x86.h
+++ b/lib/accelerated/intel/aes-x86.h
@@ -39,6 +39,6 @@ void aesni_ctr32_encrypt_blocks(const unsigned char *in,
const unsigned char *ivec);
-const gnutls_crypto_cipher_st aes_gcm_struct;
+extern const gnutls_crypto_cipher_st aes_gcm_struct;
#endif
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 9617ac9..5a4b462 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -250,10 +250,8 @@ _gnutls_finished (gnutls_session_t session, int type, void
*ret, int sending)
{
const int siz = TLS_MSG_LEN;
opaque concat[MAX_HASH_SIZE + 16 /*MD5 */ ];
- size_t hash_len = 20 + 16;
+ size_t hash_len;
const char *mesg;
- digest_hd_st td_md5;
- digest_hd_st td_sha;
int rc, len;
if (sending)
@@ -263,33 +261,24 @@ _gnutls_finished (gnutls_session_t session, int type,
void *ret, int sending)
if (!_gnutls_version_has_selectable_prf
(gnutls_protocol_get_version(session)))
{
- rc = _gnutls_hash_init (&td_sha, GNUTLS_DIG_SHA1);
+ rc = _gnutls_hash_fast( GNUTLS_DIG_SHA1,
session->internals.handshake_hash_buffer.data, len, &concat[16]);
if (rc < 0)
return gnutls_assert_val(rc);
- rc = _gnutls_hash_init (&td_md5, GNUTLS_DIG_MD5);
+ rc = _gnutls_hash_fast( GNUTLS_DIG_MD5,
session->internals.handshake_hash_buffer.data, len, concat);
if (rc < 0)
- {
- _gnutls_hash_deinit (&td_sha, NULL);
- return gnutls_assert_val(rc);
- }
- _gnutls_hash(&td_sha, session->internals.handshake_hash_buffer.data,
len);
- _gnutls_hash(&td_md5, session->internals.handshake_hash_buffer.data,
len);
-
- _gnutls_hash_deinit (&td_md5, concat);
- _gnutls_hash_deinit (&td_sha, &concat[16]);
+ return gnutls_assert_val(rc);
+
+ hash_len = 20 + 16;
}
else
{
int algorithm =
_gnutls_cipher_suite_get_prf(&session->security_parameters.current_cipher_suite);
- rc = _gnutls_hash_init (&td_sha, algorithm);
+ rc = _gnutls_hash_fast( algorithm,
session->internals.handshake_hash_buffer.data, len, concat);
if (rc < 0)
return gnutls_assert_val(rc);
- _gnutls_hash(&td_sha, session->internals.handshake_hash_buffer.data,
len);
-
- _gnutls_hash_deinit (&td_sha, concat);
hash_len = _gnutls_hash_get_algo_len (algorithm);
}
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index 98cfb78..c906676 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -431,14 +431,12 @@ _gnutls_handshake_verify_cert_vrfy12 (gnutls_session_t
session,
hash_algo = _gnutls_sign_get_hash_algorithm(sign_algo);
- ret = _gnutls_hash_init(&td, hash_algo);
+ ret = _gnutls_hash_fast(hash_algo,
session->internals.handshake_hash_buffer.data,
+ session->internals.handshake_hash_buffer_prev_len,
+ concat);
if (ret < 0)
return gnutls_assert_val(ret);
- _gnutls_hash(&td, session->internals.handshake_hash_buffer.data,
session->internals.handshake_hash_buffer_prev_len);
-
- _gnutls_hash_deinit (&td, concat);
-
dconcat.data = concat;
dconcat.size = _gnutls_hash_get_algo_len (hash_algo);
@@ -559,7 +557,6 @@ _gnutls_handshake_sign_cert_vrfy12 (gnutls_session_t
session,
gnutls_datum_t dconcat;
int ret;
opaque concat[MAX_SIG_SIZE];
- digest_hd_st td;
gnutls_sign_algorithm_t sign_algo;
gnutls_digest_algorithm_t hash_algo;
@@ -577,16 +574,11 @@ _gnutls_handshake_sign_cert_vrfy12 (gnutls_session_t
session,
gnutls_sign_algorithm_get_name (sign_algo),
gnutls_mac_get_name (hash_algo));
- ret = _gnutls_hash_init (&td, hash_algo);
+ ret = _gnutls_hash_fast (hash_algo,
session->internals.handshake_hash_buffer.data,
+ session->internals.handshake_hash_buffer.length,
+ concat);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- _gnutls_hash(&td, session->internals.handshake_hash_buffer.data,
session->internals.handshake_hash_buffer.length);
-
- _gnutls_hash_deinit (&td, concat);
+ return gnutls_assert_val(ret);
dconcat.data = concat;
dconcat.size = _gnutls_hash_get_algo_len (hash_algo);
diff --git a/lib/gnutls_srp.c b/lib/gnutls_srp.c
index 6df501a..4509834 100644
--- a/lib/gnutls_srp.c
+++ b/lib/gnutls_srp.c
@@ -172,7 +172,6 @@ _gnutls_calc_srp_u (bigint_t A, bigint_t B, bigint_t n)
size_t b_size, a_size;
opaque *holder, hd[MAX_HASH_SIZE];
size_t holder_size, hash_size, n_size;
- digest_hd_st td;
int ret;
bigint_t res;
@@ -197,15 +196,13 @@ _gnutls_calc_srp_u (bigint_t A, bigint_t B, bigint_t n)
_gnutls_mpi_print (A, &holder[n_size - a_size], &a_size);
_gnutls_mpi_print (B, &holder[n_size + n_size - b_size], &b_size);
- ret = _gnutls_hash_init (&td, GNUTLS_MAC_SHA1);
+ ret = _gnutls_hash_fast (GNUTLS_MAC_SHA1, holder, holder_size, hd);
if (ret < 0)
{
gnutls_free (holder);
gnutls_assert ();
return NULL;
}
- _gnutls_hash (&td, holder, holder_size);
- _gnutls_hash_deinit (&td, hd);
/* convert the bytes of hd to integer
*/
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index e1b3ac5..5fb782a 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -794,15 +794,9 @@ _gnutls_cal_PRF_A (gnutls_mac_algorithm_t algorithm,
digest_hd_st td1;
int ret;
- ret = _gnutls_hmac_init (&td1, algorithm, secret, secret_size);
+ ret = _gnutls_hmac_fast (algorithm, secret, secret_size, seed, seed_size,
result);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- _gnutls_hmac (&td1, seed, seed_size);
- _gnutls_hmac_deinit (&td1, result);
+ return gnutls_assert_val(ret);
return 0;
}
diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c
index 6aed575..e05dd4d 100644
--- a/lib/gnutls_ui.c
+++ b/lib/gnutls_ui.c
@@ -557,6 +557,7 @@ gnutls_fingerprint (gnutls_digest_algorithm_t algo,
size_t * result_size)
{
digest_hd_st td;
+ int ret;
int hash_len = _gnutls_hash_get_algo_len (HASH2MAC (algo));
if (hash_len < 0 || (unsigned) hash_len > *result_size || result == NULL)
@@ -568,16 +569,9 @@ gnutls_fingerprint (gnutls_digest_algorithm_t algo,
if (result)
{
- int ret = _gnutls_hash_init (&td, HASH2MAC (algo));
+ ret = _gnutls_hash_fast( algo, data->data, data->size, result);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- _gnutls_hash (&td, data->data, data->size);
-
- _gnutls_hash_deinit (&td, result);
+ return gnutls_assert_val(ret);
}
return 0;
diff --git a/lib/nettle/mac.c b/lib/nettle/mac.c
index 479b693..3be974a 100644
--- a/lib/nettle/mac.c
+++ b/lib/nettle/mac.c
@@ -74,7 +74,7 @@ struct nettle_hmac_ctx
digest_func digest;
set_key_func setkey;
-/* FIXME: Nettle doesn't have a reset function for
+/* Note: Nettle doesn't have a reset function for
* hmac so we need to manually reset a context, by
* calling set_key(). For that reason we need to
* store the hmac key here.
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, gnutls_3_0_x, updated. gnutls_3_0_1-103-g5b310b5,
Nikos Mavrogiannopoulos <=