From 8cc987bea13ed1ed8efc90572a711fbc84512687 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Tue, 2 Oct 2012 20:13:18 +0200 Subject: [PATCH] Use hash-pjw-bare instead of asn1_bhash(). --- lib/Makefile.am | 4 +- lib/hash.c | 234 -------------------------------------------- lib/hash.h | 24 ----- lib/minitasn1/hash.c | 235 --------------------------------------------- lib/minitasn1/int.h | 1 - lib/minitasn1/parser_aux.c | 15 +-- lib/verify-tofu.c | 1 - lib/x509/ocsp.c | 1 - lib/x509/verify-high.c | 21 ++-- lib/x509/verify-high2.c | 1 - 10 files changed, 20 insertions(+), 517 deletions(-) delete mode 100644 lib/hash.c delete mode 100644 lib/hash.h delete mode 100644 lib/minitasn1/hash.c diff --git a/lib/Makefile.am b/lib/Makefile.am index 41adaba09..3b7b7abab 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -76,7 +76,7 @@ COBJECTS = gnutls_record.c gnutls_compress.c debug.c gnutls_cipher.c \ system.c gnutls_str.c gnutls_state.c gnutls_x509.c \ gnutls_rsa_export.c gnutls_helper.c gnutls_supplemental.c \ random.c crypto-api.c gnutls_privkey.c gnutls_pcert.c \ - gnutls_pubkey.c locks.c hash.c gnutls_dtls.c system_override.c \ + gnutls_pubkey.c locks.c gnutls_dtls.c system_override.c \ crypto-backend.c verify-tofu.c pin.c if ENABLE_TROUSERS @@ -103,7 +103,7 @@ HFILES = abstract_int.h debug.h gnutls_compress.h gnutls_cipher.h \ gnutls_state.h gnutls_x509.h crypto-backend.h \ gnutls_rsa_export.h gnutls_srp.h auth/srp.h auth/srp_passwd.h \ gnutls_helper.h gnutls_supplemental.h crypto.h random.h system.h\ - locks.h gnutls_mbuffers.h hash.h gnutls_ecc.h pin.h + locks.h gnutls_mbuffers.h gnutls_ecc.h pin.h if ENABLE_PKCS11 HFILES += pkcs11_int.h diff --git a/lib/hash.c b/lib/hash.c deleted file mode 100644 index 8ba36f529..000000000 --- a/lib/hash.c +++ /dev/null @@ -1,234 +0,0 @@ -/* - * Copyright (C) 2011-2012 Free Software Foundation, Inc. - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GnuTLS. - * - * The GnuTLS is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 3 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program. If not, see - * - */ - -#include -#include -/* -------------------------------------------------------------------------------- -lookup3.c, by Bob Jenkins, May 2006, Public Domain. - -These are functions for producing 32-bit hashes for hash table lookup. -hashword(), hashlittle(), hashlittle2(), hashbig(), mix(), and final() -are externally useful functions. Routines to test the hash are included -if SELF_TEST is defined. You can use this free for any purpose. It's in -the public domain. It has no warranty. - -You probably want to use hashlittle(). hashlittle() and hashbig() -hash byte arrays. hashlittle() is faster than hashbig() on -little-endian machines. Intel and AMD are little-endian machines. -On second thought, you probably want hashlittle2(), which is identical to -hashlittle() except it returns two 32-bit hashes for the price of one. -You could implement hashbig2() if you wanted but I haven't bothered here. - -If you want to find a hash of, say, exactly 7 integers, do - a = i1; b = i2; c = i3; - mix(a,b,c); - a += i4; b += i5; c += i6; - mix(a,b,c); - a += i7; - final(a,b,c); -then use c as the hash value. If you have a variable length array of -4-byte integers to hash, use hashword(). If you have a byte array (like -a character string), use hashlittle(). If you have several byte arrays, or -a mix of things, see the comments above hashlittle(). - -Why is this so big? I read 12 bytes at a time into 3 4-byte integers, -then mix those integers. This is fast (you can do a lot more thorough -mixing with 12*3 instructions on 3 integers than you can with 3 instructions -on 1 byte), but shoehorning those bytes into integers efficiently is messy. -------------------------------------------------------------------------------- -*/ -#define rot(x,k) (((x)<<(k)) | ((x)>>(32-(k)))) - -/* -------------------------------------------------------------------------------- -mix -- mix 3 32-bit values reversibly. - -This is reversible, so any information in (a,b,c) before mix() is -still in (a,b,c) after mix(). - -If four pairs of (a,b,c) inputs are run through mix(), or through -mix() in reverse, there are at least 32 bits of the output that -are sometimes the same for one pair and different for another pair. -This was tested for: -* pairs that differed by one bit, by two bits, in any combination - of top bits of (a,b,c), or in any combination of bottom bits of - (a,b,c). -* "differ" is defined as +, -, ^, or ~^. For + and -, I transformed - the output delta to a Gray code (a^(a>>1)) so a string of 1's (as - is commonly produced by subtraction) look like a single 1-bit - difference. -* the base values were pseudorandom, all zero but one bit set, or - all zero plus a counter that starts at zero. - -Some k values for my "a-=c; a^=rot(c,k); c+=b;" arrangement that -satisfy this are - 4 6 8 16 19 4 - 9 15 3 18 27 15 - 14 9 3 7 17 3 -Well, "9 15 3 18 27 15" didn't quite get 32 bits diffing -for "differ" defined as + with a one-bit base and a two-bit delta. I -used http://burtleburtle.net/bob/hash/avalanche.html to choose -the operations, constants, and arrangements of the variables. - -This does not achieve avalanche. There are input bits of (a,b,c) -that fail to affect some output bits of (a,b,c), especially of a. The -most thoroughly mixed value is c, but it doesn't really even achieve -avalanche in c. - -This allows some parallelism. Read-after-writes are good at doubling -the number of bits affected, so the goal of mixing pulls in the opposite -direction as the goal of parallelism. I did what I could. Rotates -seem to cost as much as shifts on every machine I could lay my hands -on, and rotates are much kinder to the top and bottom bits, so I used -rotates. -------------------------------------------------------------------------------- -*/ -#define mix(a,b,c) \ -{ \ - a -= c; a ^= rot(c, 4); c += b; \ - b -= a; b ^= rot(a, 6); a += c; \ - c -= b; c ^= rot(b, 8); b += a; \ - a -= c; a ^= rot(c,16); c += b; \ - b -= a; b ^= rot(a,19); a += c; \ - c -= b; c ^= rot(b, 4); b += a; \ -} - -/* -------------------------------------------------------------------------------- -final -- final mixing of 3 32-bit values (a,b,c) into c - -Pairs of (a,b,c) values differing in only a few bits will usually -produce values of c that look totally different. This was tested for -* pairs that differed by one bit, by two bits, in any combination - of top bits of (a,b,c), or in any combination of bottom bits of - (a,b,c). -* "differ" is defined as +, -, ^, or ~^. For + and -, I transformed - the output delta to a Gray code (a^(a>>1)) so a string of 1's (as - is commonly produced by subtraction) look like a single 1-bit - difference. -* the base values were pseudorandom, all zero but one bit set, or - all zero plus a counter that starts at zero. - -These constants passed: - 14 11 25 16 4 14 24 - 12 14 25 16 4 14 24 -and these came close: - 4 8 15 26 3 22 24 - 10 8 15 26 3 22 24 - 11 8 15 26 3 22 24 -------------------------------------------------------------------------------- -*/ -#define final(a,b,c) \ -{ \ - c ^= b; c -= rot(b,14); \ - a ^= c; a -= rot(c,11); \ - b ^= a; b -= rot(a,25); \ - c ^= b; c -= rot(b,16); \ - a ^= c; a -= rot(c,4); \ - b ^= a; b -= rot(a,14); \ - c ^= b; c -= rot(b,24); \ -} - - -/* -------------------------------------------------------------------------------- -hashlittle() -- hash a variable-length key into a 32-bit value - k : the key (the unaligned variable-length array of bytes) - length : the length of the key, counting by bytes - initval : can be any 4-byte value -Returns a 32-bit value. Every bit of the key affects every bit of -the return value. Two keys differing by one or two bits will have -totally different hash values. - -The best hash table sizes are powers of 2. There is no need to do -mod a prime (mod is sooo slow!). If you need less than 32 bits, -use a bitmask. For example, if you need only 10 bits, do - h = (h & hashmask(10)); -In which case, the hash table should have hashsize(10) elements. - -If you are hashing n strings (uint8_t **)k, do it like this: - for (i=0, h=0; i 12) - { - a += k[0]; - a += ((uint32_t)k[1])<<8; - a += ((uint32_t)k[2])<<16; - a += ((uint32_t)k[3])<<24; - b += k[4]; - b += ((uint32_t)k[5])<<8; - b += ((uint32_t)k[6])<<16; - b += ((uint32_t)k[7])<<24; - c += k[8]; - c += ((uint32_t)k[9])<<8; - c += ((uint32_t)k[10])<<16; - c += ((uint32_t)k[11])<<24; - mix(a,b,c); - length -= 12; - k += 12; - } - - /*-------------------------------- last block: affect all 32 bits of (c) */ - switch(length) /* all the case statements fall through */ - { - case 12: c+=((uint32_t)k[11])<<24; - case 11: c+=((uint32_t)k[10])<<16; - case 10: c+=((uint32_t)k[9])<<8; - case 9 : c+=k[8]; - case 8 : b+=((uint32_t)k[7])<<24; - case 7 : b+=((uint32_t)k[6])<<16; - case 6 : b+=((uint32_t)k[5])<<8; - case 5 : b+=k[4]; - case 4 : a+=((uint32_t)k[3])<<24; - case 3 : a+=((uint32_t)k[2])<<16; - case 2 : a+=((uint32_t)k[1])<<8; - case 1 : a+=k[0]; - break; - case 0 : return c; - } - - final(a,b,c); - return c; -} - - - diff --git a/lib/hash.h b/lib/hash.h deleted file mode 100644 index b256474ec..000000000 --- a/lib/hash.h +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright (C) 2011-2012 Free Software Foundation, Inc. - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GnuTLS. - * - * The GnuTLS is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 3 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program. If not, see - * - */ - -uint32_t _gnutls_bhash( const void *key, size_t length, uint32_t initval); - diff --git a/lib/minitasn1/hash.c b/lib/minitasn1/hash.c deleted file mode 100644 index 50da70c51..000000000 --- a/lib/minitasn1/hash.c +++ /dev/null @@ -1,235 +0,0 @@ -/* - * Copyright (C) 2011-2012 Free Software Foundation, Inc. - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GnuTLS. - * - * The GnuTLS is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 3 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program. If not, see - * - */ - -#include - -#define INIT_VAL 0x33a1 -/* -------------------------------------------------------------------------------- -lookup3.c, by Bob Jenkins, May 2006, Public Domain. - -These are functions for producing 32-bit hashes for hash table lookup. -hashword(), hashlittle(), hashlittle2(), hashbig(), mix(), and final() -are externally useful functions. Routines to test the hash are included -if SELF_TEST is defined. You can use this free for any purpose. It's in -the public domain. It has no warranty. - -You probably want to use hashlittle(). hashlittle() and hashbig() -hash byte arrays. hashlittle() is faster than hashbig() on -little-endian machines. Intel and AMD are little-endian machines. -On second thought, you probably want hashlittle2(), which is identical to -hashlittle() except it returns two 32-bit hashes for the price of one. -You could implement hashbig2() if you wanted but I haven't bothered here. - -If you want to find a hash of, say, exactly 7 integers, do - a = i1; b = i2; c = i3; - mix(a,b,c); - a += i4; b += i5; c += i6; - mix(a,b,c); - a += i7; - final(a,b,c); -then use c as the hash value. If you have a variable length array of -4-byte integers to hash, use hashword(). If you have a byte array (like -a character string), use hashlittle(). If you have several byte arrays, or -a mix of things, see the comments above hashlittle(). - -Why is this so big? I read 12 bytes at a time into 3 4-byte integers, -then mix those integers. This is fast (you can do a lot more thorough -mixing with 12*3 instructions on 3 integers than you can with 3 instructions -on 1 byte), but shoehorning those bytes into integers efficiently is messy. -------------------------------------------------------------------------------- -*/ -#define rot(x,k) (((x)<<(k)) | ((x)>>(32-(k)))) - -/* -------------------------------------------------------------------------------- -mix -- mix 3 32-bit values reversibly. - -This is reversible, so any information in (a,b,c) before mix() is -still in (a,b,c) after mix(). - -If four pairs of (a,b,c) inputs are run through mix(), or through -mix() in reverse, there are at least 32 bits of the output that -are sometimes the same for one pair and different for another pair. -This was tested for: -* pairs that differed by one bit, by two bits, in any combination - of top bits of (a,b,c), or in any combination of bottom bits of - (a,b,c). -* "differ" is defined as +, -, ^, or ~^. For + and -, I transformed - the output delta to a Gray code (a^(a>>1)) so a string of 1's (as - is commonly produced by subtraction) look like a single 1-bit - difference. -* the base values were pseudorandom, all zero but one bit set, or - all zero plus a counter that starts at zero. - -Some k values for my "a-=c; a^=rot(c,k); c+=b;" arrangement that -satisfy this are - 4 6 8 16 19 4 - 9 15 3 18 27 15 - 14 9 3 7 17 3 -Well, "9 15 3 18 27 15" didn't quite get 32 bits diffing -for "differ" defined as + with a one-bit base and a two-bit delta. I -used http://burtleburtle.net/bob/hash/avalanche.html to choose -the operations, constants, and arrangements of the variables. - -This does not achieve avalanche. There are input bits of (a,b,c) -that fail to affect some output bits of (a,b,c), especially of a. The -most thoroughly mixed value is c, but it doesn't really even achieve -avalanche in c. - -This allows some parallelism. Read-after-writes are good at doubling -the number of bits affected, so the goal of mixing pulls in the opposite -direction as the goal of parallelism. I did what I could. Rotates -seem to cost as much as shifts on every machine I could lay my hands -on, and rotates are much kinder to the top and bottom bits, so I used -rotates. -------------------------------------------------------------------------------- -*/ -#define mix(a,b,c) \ -{ \ - a -= c; a ^= rot(c, 4); c += b; \ - b -= a; b ^= rot(a, 6); a += c; \ - c -= b; c ^= rot(b, 8); b += a; \ - a -= c; a ^= rot(c,16); c += b; \ - b -= a; b ^= rot(a,19); a += c; \ - c -= b; c ^= rot(b, 4); b += a; \ -} - -/* -------------------------------------------------------------------------------- -final -- final mixing of 3 32-bit values (a,b,c) into c - -Pairs of (a,b,c) values differing in only a few bits will usually -produce values of c that look totally different. This was tested for -* pairs that differed by one bit, by two bits, in any combination - of top bits of (a,b,c), or in any combination of bottom bits of - (a,b,c). -* "differ" is defined as +, -, ^, or ~^. For + and -, I transformed - the output delta to a Gray code (a^(a>>1)) so a string of 1's (as - is commonly produced by subtraction) look like a single 1-bit - difference. -* the base values were pseudorandom, all zero but one bit set, or - all zero plus a counter that starts at zero. - -These constants passed: - 14 11 25 16 4 14 24 - 12 14 25 16 4 14 24 -and these came close: - 4 8 15 26 3 22 24 - 10 8 15 26 3 22 24 - 11 8 15 26 3 22 24 -------------------------------------------------------------------------------- -*/ -#define final(a,b,c) \ -{ \ - c ^= b; c -= rot(b,14); \ - a ^= c; a -= rot(c,11); \ - b ^= a; b -= rot(a,25); \ - c ^= b; c -= rot(b,16); \ - a ^= c; a -= rot(c,4); \ - b ^= a; b -= rot(a,14); \ - c ^= b; c -= rot(b,24); \ -} - - -/* -------------------------------------------------------------------------------- -hashlittle() -- hash a variable-length key into a 32-bit value - k : the key (the unaligned variable-length array of bytes) - length : the length of the key, counting by bytes - initval : can be any 4-byte value -Returns a 32-bit value. Every bit of the key affects every bit of -the return value. Two keys differing by one or two bits will have -totally different hash values. - -The best hash table sizes are powers of 2. There is no need to do -mod a prime (mod is sooo slow!). If you need less than 32 bits, -use a bitmask. For example, if you need only 10 bits, do - h = (h & hashmask(10)); -In which case, the hash table should have hashsize(10) elements. - -If you are hashing n strings (uint8_t **)k, do it like this: - for (i=0, h=0; i 12) - { - a += k[0]; - a += ((uint32_t)k[1])<<8; - a += ((uint32_t)k[2])<<16; - a += ((uint32_t)k[3])<<24; - b += k[4]; - b += ((uint32_t)k[5])<<8; - b += ((uint32_t)k[6])<<16; - b += ((uint32_t)k[7])<<24; - c += k[8]; - c += ((uint32_t)k[9])<<8; - c += ((uint32_t)k[10])<<16; - c += ((uint32_t)k[11])<<24; - mix(a,b,c); - length -= 12; - k += 12; - } - - /*-------------------------------- last block: affect all 32 bits of (c) */ - switch(length) /* all the case statements fall through */ - { - case 12: c+=((uint32_t)k[11])<<24; - case 11: c+=((uint32_t)k[10])<<16; - case 10: c+=((uint32_t)k[9])<<8; - case 9 : c+=k[8]; - case 8 : b+=((uint32_t)k[7])<<24; - case 7 : b+=((uint32_t)k[6])<<16; - case 6 : b+=((uint32_t)k[5])<<8; - case 5 : b+=k[4]; - case 4 : a+=((uint32_t)k[3])<<24; - case 3 : a+=((uint32_t)k[2])<<16; - case 2 : a+=((uint32_t)k[1])<<8; - case 1 : a+=k[0]; - break; - case 0 : return c; - } - - final(a,b,c); - return c; -} - - - diff --git a/lib/minitasn1/int.h b/lib/minitasn1/int.h index 9e6bc89c7..ccc473739 100644 --- a/lib/minitasn1/int.h +++ b/lib/minitasn1/int.h @@ -64,7 +64,6 @@ struct node_asn_struct #define _asn1_strcmp(a,b) strcmp((const char *)a, (const char *)b) #define _asn1_strcpy(a,b) strcpy((char *)a, (const char *)b) #define _asn1_strcat(a,b) strcat((char *)a, (const char *)b) -uint32_t _asn1_bhash( const void *key, size_t length); #define MAX_LOG_SIZE 1024 /* maximum number of characters of a log message */ diff --git a/lib/minitasn1/parser_aux.c b/lib/minitasn1/parser_aux.c index ff701bc32..e35bfa423 100644 --- a/lib/minitasn1/parser_aux.c +++ b/lib/minitasn1/parser_aux.c @@ -20,6 +20,7 @@ */ #include +#include #include "parser_aux.h" #include "gstr.h" #include "structure.h" @@ -118,12 +119,12 @@ asn1_find_node (ASN1_TYPE pointer, const char *name) n_start = n_end; n_start++; - nhash = _asn1_bhash(n, nsize); + nhash = hash_pjw_bare(n, nsize); } else { nsize = _asn1_str_cpy (n, sizeof (n), n_start); - nhash = _asn1_bhash(n, nsize); + nhash = hash_pjw_bare(n, nsize); n_start = NULL; } @@ -156,12 +157,12 @@ asn1_find_node (ASN1_TYPE pointer, const char *name) n_start = n_end; n_start++; - nhash = _asn1_bhash(n, nsize); + nhash = hash_pjw_bare(n, nsize); } else { nsize = _asn1_str_cpy (n, sizeof (n), n_start); - nhash = _asn1_bhash(n, nsize); + nhash = hash_pjw_bare(n, nsize); n_start = NULL; } @@ -365,12 +366,12 @@ unsigned int nsize; if (name == NULL) { node->name[0] = 0; - node->name_hash = _asn1_bhash(node->name, 0); + node->name_hash = hash_pjw_bare(node->name, 0); return node; } nsize = _asn1_str_cpy (node->name, sizeof (node->name), name); - node->name_hash = _asn1_bhash(node->name, nsize); + node->name_hash = hash_pjw_bare(node->name, nsize); return node; } @@ -394,7 +395,7 @@ unsigned int nsize; if (src == NULL) { dst->name[0] = 0; - dst->name_hash = _asn1_bhash(dst->name, 0); + dst->name_hash = hash_pjw_bare(dst->name, 0); return dst; } diff --git a/lib/verify-tofu.c b/lib/verify-tofu.c index 5b2ce1720..d97d43d7e 100644 --- a/lib/verify-tofu.c +++ b/lib/verify-tofu.c @@ -28,7 +28,6 @@ #include #include #include -#include #include "x509_int.h" #include #include diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c index 5b2d3d68a..67892e8f4 100644 --- a/lib/x509/ocsp.c +++ b/lib/x509/ocsp.c @@ -28,7 +28,6 @@ #include #include #include "common.h" -#include "hash.h" #include "verify-high.h" #include diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c index 369e79e71..5dafd6308 100644 --- a/lib/x509/verify-high.c +++ b/lib/x509/verify-high.c @@ -28,7 +28,7 @@ #include #include #include -#include +#include #include "x509_int.h" #include #include "verify-high.h" @@ -57,7 +57,6 @@ struct gnutls_x509_trust_list_st { struct node_st *node; }; -#define INIT_HASH 0x33a1 #define DEFAULT_SIZE 503 /** @@ -171,7 +170,7 @@ gnutls_x509_trust_list_add_cas(gnutls_x509_trust_list_t list, return i; } - hash = _gnutls_bhash(dn.data, dn.size, INIT_HASH); + hash = hash_pjw_bare(dn.data, dn.size); hash %= list->size; _gnutls_free_datum(&dn); @@ -237,7 +236,7 @@ gnutls_x509_trust_list_add_named_crt(gnutls_x509_trust_list_t list, return ret; } - hash = _gnutls_bhash(dn.data, dn.size, INIT_HASH); + hash = hash_pjw_bare(dn.data, dn.size); hash %= list->size; _gnutls_free_datum(&dn); @@ -305,7 +304,7 @@ gnutls_x509_trust_list_add_crls(gnutls_x509_trust_list_t list, return i; } - hash = _gnutls_bhash(dn.data, dn.size, INIT_HASH); + hash = hash_pjw_bare(dn.data, dn.size); hash %= list->size; _gnutls_free_datum(&dn); @@ -384,7 +383,7 @@ static int shorten_clist(gnutls_x509_trust_list_t list, return ret; } - hash = _gnutls_bhash(dn.data, dn.size, INIT_HASH); + hash = hash_pjw_bare(dn.data, dn.size); hash %= list->size; _gnutls_free_datum(&dn); @@ -499,7 +498,7 @@ int gnutls_x509_trust_list_get_issuer(gnutls_x509_trust_list_t list, return ret; } - hash = _gnutls_bhash(dn.data, dn.size, INIT_HASH); + hash = hash_pjw_bare(dn.data, dn.size); hash %= list->size; _gnutls_free_datum(&dn); @@ -568,7 +567,7 @@ gnutls_x509_trust_list_verify_crt(gnutls_x509_trust_list_t list, return ret; } - hash = _gnutls_bhash(dn.data, dn.size, INIT_HASH); + hash = hash_pjw_bare(dn.data, dn.size); hash %= list->size; _gnutls_free_datum(&dn); @@ -602,7 +601,7 @@ gnutls_x509_trust_list_verify_crt(gnutls_x509_trust_list_t list, return ret; } - hash = _gnutls_bhash(dn.data, dn.size, INIT_HASH); + hash = hash_pjw_bare(dn.data, dn.size); hash %= list->size; _gnutls_free_datum(&dn); @@ -660,7 +659,7 @@ gnutls_x509_trust_list_verify_named_crt(gnutls_x509_trust_list_t list, return ret; } - hash = _gnutls_bhash(dn.data, dn.size, INIT_HASH); + hash = hash_pjw_bare(dn.data, dn.size); hash %= list->size; _gnutls_free_datum(&dn); @@ -714,7 +713,7 @@ _gnutls_trustlist_inlist (gnutls_x509_trust_list_t list, return ret; } - hash = _gnutls_bhash(dn.data, dn.size, INIT_HASH); + hash = hash_pjw_bare(dn.data, dn.size); hash %= list->size; _gnutls_free_datum (&dn); diff --git a/lib/x509/verify-high2.c b/lib/x509/verify-high2.c index b0d547124..02ab47873 100644 --- a/lib/x509/verify-high2.c +++ b/lib/x509/verify-high2.c @@ -28,7 +28,6 @@ #include #include #include -#include #include "x509_int.h" #include #include "verify-high.h" -- 2.11.4.GIT