summarylogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.SRCINFO12
-rw-r--r--PKGBUILD19
-rw-r--r--nettle-2.7.1-remove-ecc-testsuite.patch131
-rw-r--r--nettle-2.7.1-tmpalloc.patch590
4 files changed, 9 insertions, 743 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 23c43d3a77a9..5d11c7a19ae8 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,6 +1,8 @@
+# Generated by mksrcinfo v8
+# Sun Jan 29 11:26:57 UTC 2017
pkgbase = mingw-w64-nettle
pkgdesc = A low-level cryptographic library (mingw-w64)
- pkgver = 3.1.1
+ pkgver = 3.3
pkgrel = 1
url = http://www.lysator.liu.se/~nisse/nettle
arch = any
@@ -12,12 +14,8 @@ pkgbase = mingw-w64-nettle
options = staticlibs
options = !strip
options = !buildflags
- source = http://www.lysator.liu.se/~nisse/archive/nettle-3.1.1.tar.gz
- source = nettle-2.7.1-remove-ecc-testsuite.patch
- source = nettle-2.7.1-tmpalloc.patch
- md5sums = b40fa88dc32f37a182b6b42092ebb144
- md5sums = f3b10a962dae1dbff215adc26a522625
- md5sums = f40dd21708f3b885d948dd573012b39a
+ source = http://www.lysator.liu.se/~nisse/archive/nettle-3.3.tar.gz
+ md5sums = 10f969f78a463704ae73529978148dbe
pkgname = mingw-w64-nettle
diff --git a/PKGBUILD b/PKGBUILD
index d119c10751b8..5ecd8a387144 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,5 +1,5 @@
pkgname=mingw-w64-nettle
-pkgver=3.1.1
+pkgver=3.3
pkgrel=1
pkgdesc="A low-level cryptographic library (mingw-w64)"
arch=(any)
@@ -8,21 +8,10 @@ license=("LGPL")
makedepends=(mingw-w64-configure)
depends=(mingw-w64-crt mingw-w64-gmp mingw-w64-openssl)
options=(staticlibs !strip !buildflags)
-source=("http://www.lysator.liu.se/~nisse/archive/nettle-$pkgver.tar.gz"
- "nettle-2.7.1-remove-ecc-testsuite.patch"
- "nettle-2.7.1-tmpalloc.patch")
-md5sums=('b40fa88dc32f37a182b6b42092ebb144'
- 'f3b10a962dae1dbff215adc26a522625'
- 'f40dd21708f3b885d948dd573012b39a')
-_architectures="i686-w64-mingw32 x86_64-w64-mingw32"
+source=("http://www.lysator.liu.se/~nisse/archive/nettle-$pkgver.tar.gz")
+md5sums=('10f969f78a463704ae73529978148dbe')
-prepare() {
- cd "$srcdir/nettle-$pkgver"
- #sed 's/ecc-192.c//g' -i Makefile.in
- #sed 's/ecc-224.c//g' -i Makefile.in
- #patch -p1 -i ../nettle-2.7.1-remove-ecc-testsuite.patch
- #patch -p1 -i ../nettle-2.7.1-tmpalloc.patch
-}
+_architectures="i686-w64-mingw32 x86_64-w64-mingw32"
build() {
cd "$srcdir/nettle-$pkgver"
diff --git a/nettle-2.7.1-remove-ecc-testsuite.patch b/nettle-2.7.1-remove-ecc-testsuite.patch
deleted file mode 100644
index 306d47eae927..000000000000
--- a/nettle-2.7.1-remove-ecc-testsuite.patch
+++ /dev/null
@@ -1,131 +0,0 @@
-diff -ur nettle-2.7.1.orig/examples/ecc-benchmark.c nettle-2.7.1/examples/ecc-benchmark.c
---- nettle-2.7.1.orig/examples/ecc-benchmark.c 2013-05-28 16:21:54.000000000 +0200
-+++ nettle-2.7.1/examples/ecc-benchmark.c 2013-11-25 14:57:21.168064904 +0100
-@@ -262,8 +262,6 @@
- }
-
- const struct ecc_curve * const curves[] = {
-- &nettle_secp_192r1,
-- &nettle_secp_224r1,
- &nettle_secp_256r1,
- &nettle_secp_384r1,
- &nettle_secp_521r1,
-Only in nettle-2.7.1/examples: ecc-benchmark.c~
-diff -ur nettle-2.7.1.orig/examples/hogweed-benchmark.c nettle-2.7.1/examples/hogweed-benchmark.c
---- nettle-2.7.1.orig/examples/hogweed-benchmark.c 2013-05-28 16:21:54.000000000 +0200
-+++ nettle-2.7.1/examples/hogweed-benchmark.c 2013-11-25 14:57:53.728295845 +0100
-@@ -376,23 +376,6 @@
-
- switch (size)
- {
-- case 192:
-- ecc = &nettle_secp_192r1;
-- xs = "8e8e07360350fb6b7ad8370cfd32fa8c6bba785e6e200599";
-- ys = "7f82ddb58a43d59ff8dc66053002b918b99bd01bd68d6736";
-- zs = "f2e620e086d658b4b507996988480917640e4dc107808bdd";
-- ctx->digest = hash_string (&nettle_sha1, 3, "abc");
-- ctx->digest_size = 20;
-- break;
-- case 224:
-- ecc = &nettle_secp_224r1;
-- xs = "993bf363f4f2bc0f255f22563980449164e9c894d9efd088d7b77334";
-- ys = "b75fff9849997d02d135140e4d0030944589586e22df1fc4b629082a";
-- zs = "cdfd01838247f5de3cc70b688418046f10a2bfaca6de9ec836d48c27";
-- ctx->digest = hash_string (&nettle_sha224, 3, "abc");
-- ctx->digest_size = 28;
-- break;
--
- /* From RFC 4754 */
- case 256:
- ecc = &nettle_secp_256r1;
-@@ -585,13 +568,10 @@
- #if 0
- { "dsa",2048, bench_dsa_init, bench_dsa_sign, bench_dsa_verify, bench_dsa_clear },
- #endif
-- { "ecdsa", 192, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },
-- { "ecdsa", 224, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },
- { "ecdsa", 256, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },
- { "ecdsa", 384, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },
- { "ecdsa", 521, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },
- #if WITH_OPENSSL
-- { "ecdsa (openssl)", 224, bench_openssl_init, bench_openssl_sign, bench_openssl_verify, bench_openssl_clear },
- { "ecdsa (openssl)", 384, bench_openssl_init, bench_openssl_sign, bench_openssl_verify, bench_openssl_clear },
- { "ecdsa (openssl)", 521, bench_openssl_init, bench_openssl_sign, bench_openssl_verify, bench_openssl_clear },
- #endif
-Only in nettle-2.7.1/examples: hogweed-benchmark.c~
-diff -ur nettle-2.7.1.orig/testsuite/ecdsa-sign-test.c nettle-2.7.1/testsuite/ecdsa-sign-test.c
---- nettle-2.7.1.orig/testsuite/ecdsa-sign-test.c 2013-05-28 16:21:54.000000000 +0200
-+++ nettle-2.7.1/testsuite/ecdsa-sign-test.c 2013-11-25 14:54:01.104562760 +0100
-@@ -55,37 +55,6 @@
- {
- /* Test cases for the smaller groups, verified with a
- proof-of-concept implementation done for Yubico AB. */
-- test_ecdsa (&nettle_secp_192r1,
-- "DC51D3866A15BACDE33D96F992FCA99D"
-- "A7E6EF0934E70975", /* z */
--
-- "9E56F509196784D963D1C0A401510EE7"
-- "ADA3DCC5DEE04B15", /* k */
--
-- SHEX("BA7816BF8F01CFEA414140DE5DAE2223"
-- "B00361A396177A9C"), /* h */
--
-- "8c478db6a5c131540cebc739f9c0a9a8"
-- "c720c2abdd14a891", /* r */
--
-- "a91fb738f9f175d72f9c98527e881c36"
-- "8de68cb55ffe589"); /* s */
--
-- test_ecdsa (&nettle_secp_224r1,
-- "446df0a771ed58403ca9cb316e617f6b"
-- "158420465d00a69601e22858", /* z */
--
-- "4c13f1905ad7eb201178bc08e0c9267b"
-- "4751c15d5e1831ca214c33f4", /* z */
--
-- SHEX("1b28a611fe62ab3649350525d06703ba"
-- "4b979a1e543566fd5caa85c6"), /* h */
--
-- "2cc280778f3d067df6d3adbe3a6aad63"
-- "bc75f08f5c5f915411902a99", /* r */
--
-- "d0f069fd0f108eb07b7bbc54c8d6c88d"
-- "f2715c38a95c31a2b486995f"); /* s */
-
- /* From RFC 4754 */
- test_ecdsa (&nettle_secp_256r1,
-Only in nettle-2.7.1/testsuite: ecdsa-sign-test.c~
-diff -ur nettle-2.7.1.orig/testsuite/testutils.c nettle-2.7.1/testsuite/testutils.c
---- nettle-2.7.1.orig/testsuite/testutils.c 2013-05-28 16:21:54.000000000 +0200
-+++ nettle-2.7.1/testsuite/testutils.c 2013-11-25 15:01:37.623807622 +0100
-@@ -1125,8 +1125,6 @@
- }
-
- const struct ecc_curve * const ecc_curves[] = {
-- &nettle_secp_192r1,
-- &nettle_secp_224r1,
- &nettle_secp_256r1,
- &nettle_secp_384r1,
- &nettle_secp_521r1,
-@@ -1178,20 +1176,6 @@
- {
- /* For each curve, the points 2 g, 3 g and 4 g */
- static const struct ecc_ref_point ref[5][3] = {
-- { { "dafebf5828783f2ad35534631588a3f629a70fb16982a888",
-- "dd6bda0d993da0fa46b27bbc141b868f59331afa5c7e93ab" },
-- { "76e32a2557599e6edcd283201fb2b9aadfd0d359cbb263da",
-- "782c37e372ba4520aa62e0fed121d49ef3b543660cfd05fd" },
-- { "35433907297cc378b0015703374729d7a4fe46647084e4ba",
-- "a2649984f2135c301ea3acb0776cd4f125389b311db3be32" }
-- },
-- { { "706a46dc76dcb76798e60e6d89474788d16dc18032d268fd1a704fa6",
-- "1c2b76a7bc25e7702a704fa986892849fca629487acf3709d2e4e8bb" },
-- { "df1b1d66a551d0d31eff822558b9d2cc75c2180279fe0d08fd896d04",
-- "a3f7f03cadd0be444c0aa56830130ddf77d317344e1af3591981a925" },
-- { "ae99feebb5d26945b54892092a8aee02912930fa41cd114e40447301",
-- "482580a0ec5bc47e88bc8c378632cd196cb3fa058a7114eb03054c9" },
-- },
- { { "7cf27b188d034f7e8a52380304b51ac3c08969e277f21b35a60b48fc47669978",
- "7775510db8ed040293d9ac69f7430dbba7dade63ce982299e04b79d227873d1" },
- { "5ecbe4d1a6330a44c8f7ef951d4bf165e6c6b721efada985fb41661bc6e7fd6c",
-Only in nettle-2.7.1/testsuite: testutils.c~
diff --git a/nettle-2.7.1-tmpalloc.patch b/nettle-2.7.1-tmpalloc.patch
deleted file mode 100644
index 782b8c4c994b..000000000000
--- a/nettle-2.7.1-tmpalloc.patch
+++ /dev/null
@@ -1,590 +0,0 @@
-diff --git a/Makefile.in b/Makefile.in
-index 3b0e1cb..ebef2c4 100644
---- a/Makefile.in
-+++ b/Makefile.in
-@@ -176,7 +176,7 @@ DISTFILES = $(SOURCES) $(HEADERS) getopt.h .bootstrap run-tests \
- cast128_sboxes.h desinfo.h desCode.h \
- nettle-internal.h nettle-write.h prime-list.h \
- gmp-glue.h ecc-internal.h \
-- mini-gmp.h mini-gmp.c asm.m4 \
-+ mini-gmp.h mini-gmp.c asm.m4 bignum-internal.h \
- nettle.texinfo nettle.info nettle.html nettle.pdf sha-example.c
-
- # Rules building static libraries
-diff --git a/bignum-internal.h b/bignum-internal.h
-new file mode 100644
-index 0000000..26a7cdb
---- /dev/null
-+++ b/bignum-internal.h
-@@ -0,0 +1,36 @@
-+/* bignum-internal.h
-+ *
-+ */
-+
-+/* nettle, low-level cryptographics library
-+ *
-+ * Copyright (C) 2013 Red Hat
-+ *
-+ * The nettle library is free software; you can redistribute it and/or modify
-+ * it under the terms of the GNU Lesser General Public License as published by
-+ * the Free Software Foundation; either version 2.1 of the License, or (at your
-+ * option) any later version.
-+ *
-+ * The nettle library is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
-+ * License for more details.
-+ *
-+ * You should have received a copy of the GNU Lesser General Public License
-+ * along with the nettle library; see the file COPYING.LIB. If not, write to
-+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
-+ * MA 02111-1301, USA.
-+ */
-+
-+#ifndef BIGNUM_INTERNAL_H
-+# define BIGNUM_INTERNAL_H
-+
-+#include "gmp-glue.h"
-+
-+#define TMP_GMP_DECL(name, type) type *name; \
-+ unsigned tmp_##name##_size
-+#define TMP_GMP_ALLOC(name, size) \
-+ (name = gmp_alloc(&tmp_##name##_size, sizeof (*name) * (size)))
-+#define TMP_GMP_FREE(name) (gmp_free(name, tmp_##name##_size))
-+
-+#endif
-diff --git a/bignum-next-prime.c b/bignum-next-prime.c
-index 58a4df8..bc89399 100644
---- a/bignum-next-prime.c
-+++ b/bignum-next-prime.c
-@@ -31,6 +31,7 @@
- #include <stdlib.h>
-
- #include "bignum.h"
-+#include "bignum-internal.h"
-
- #include "nettle-internal.h"
-
-@@ -77,9 +78,8 @@ nettle_next_prime(mpz_t p, mpz_t n, unsigned count, unsigned prime_limit,
- void *progress_ctx, nettle_progress_func *progress)
- {
- mpz_t tmp;
-- TMP_DECL(moduli, unsigned, NUMBER_OF_PRIMES);
--
- unsigned difference;
-+ TMP_GMP_DECL(moduli, unsigned);
-
- if (prime_limit > NUMBER_OF_PRIMES)
- prime_limit = NUMBER_OF_PRIMES;
-@@ -112,7 +112,8 @@ nettle_next_prime(mpz_t p, mpz_t n, unsigned count, unsigned prime_limit,
- between the 5760 odd numbers in this interval that have no factor
- in common with 15015.
- */
-- TMP_ALLOC(moduli, prime_limit);
-+ TMP_GMP_ALLOC(moduli, prime_limit);
-+
- {
- unsigned i;
- for (i = 0; i < prime_limit; i++)
-@@ -159,4 +160,5 @@ nettle_next_prime(mpz_t p, mpz_t n, unsigned count, unsigned prime_limit,
- #endif
- }
- mpz_clear(tmp);
-+ TMP_GMP_FREE(moduli);
- }
-diff --git a/bignum-random.c b/bignum-random.c
-index f305f04..07ae1ba 100644
---- a/bignum-random.c
-+++ b/bignum-random.c
-@@ -30,6 +30,7 @@
- #include <stdlib.h>
-
- #include "bignum.h"
-+#include "bignum-internal.h"
- #include "nettle-internal.h"
-
- void
-@@ -38,15 +39,17 @@ nettle_mpz_random_size(mpz_t x,
- unsigned bits)
- {
- unsigned length = (bits + 7) / 8;
-- TMP_DECL(data, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
-- TMP_ALLOC(data, length);
-+ TMP_GMP_DECL(data, uint8_t);
-
-- random(ctx, length, data);
-+ TMP_GMP_ALLOC(data, length);
-
-+ random(ctx, length, data);
- nettle_mpz_set_str_256_u(x, length, data);
-
- if (bits % 8)
- mpz_fdiv_r_2exp(x, x, bits);
-+
-+ TMP_GMP_FREE(data);
- }
-
- /* Returns a random number x, 0 <= x < n */
-diff --git a/gmp-glue.c b/gmp-glue.c
-index a2633a5..991e793 100644
---- a/gmp-glue.c
-+++ b/gmp-glue.c
-@@ -239,3 +239,24 @@ gmp_free_limbs (mp_limb_t *p, mp_size_t n)
-
- free_func (p, (size_t) n * sizeof(mp_limb_t));
- }
-+
-+void* gmp_alloc(unsigned* out_n, size_t n)
-+{
-+ void *(*alloc_func)(size_t);
-+ assert (n > 0);
-+
-+ mp_get_memory_functions(&alloc_func, NULL, NULL);
-+
-+ *out_n = n;
-+ return alloc_func (n);
-+}
-+
-+void gmp_free(void* p, size_t n)
-+{
-+ void (*free_func)(void *, size_t);
-+ assert (n > 0);
-+ assert (p != 0);
-+ mp_get_memory_functions (NULL, NULL, &free_func);
-+
-+ free_func (p, (size_t) n);
-+}
-diff --git a/gmp-glue.h b/gmp-glue.h
-index 269667f..ff936a1 100644
---- a/gmp-glue.h
-+++ b/gmp-glue.h
-@@ -65,6 +65,8 @@
- #define mpn_set_base256 _nettle_mpn_set_base256
- #define gmp_alloc_limbs _nettle_gmp_alloc_limbs
- #define gmp_free_limbs _nettle_gmp_free_limbs
-+#define gmp_free _nettle_gmp_free
-+#define gmp_alloc _nettle_gmp_alloc
-
- /* Use only in-place operations, so we can fall back to addmul_1/submul_1 */
- #ifdef mpn_cnd_add_n
-@@ -155,5 +157,7 @@ gmp_alloc_limbs (mp_size_t n);
- void
- gmp_free_limbs (mp_limb_t *p, mp_size_t n);
-
-+void* gmp_alloc(unsigned* out_n, size_t n);
-+void gmp_free(void* p, size_t n);
-
- #endif /* NETTLE_GMP_GLUE_H_INCLUDED */
-diff --git a/pkcs1-decrypt.c b/pkcs1-decrypt.c
-index 754fd51..89b4dcf 100644
---- a/pkcs1-decrypt.c
-+++ b/pkcs1-decrypt.c
-@@ -31,6 +31,7 @@
- #include "pkcs1.h"
-
- #include "bignum.h"
-+#include "bignum-internal.h"
- #include "nettle-internal.h"
-
- int
-@@ -38,35 +39,50 @@ pkcs1_decrypt (unsigned key_size,
- const mpz_t m,
- unsigned *length, uint8_t *message)
- {
-- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
-+ TMP_GMP_DECL(em, uint8_t);
- uint8_t *terminator;
-- unsigned padding;
-- unsigned message_length;
--
-- TMP_ALLOC(em, key_size);
-+ size_t padding;
-+ size_t message_length;
-+ int ret;
-+
-+ TMP_GMP_ALLOC(em, key_size);
- nettle_mpz_get_str_256(key_size, em, m);
--
-+
- /* Check format */
- if (em[0] || em[1] != 2)
-- return 0;
--
-+ {
-+ ret = 0;
-+ goto cleanup;
-+ }
-+
- terminator = memchr(em + 2, 0, key_size - 2);
--
-+
- if (!terminator)
-- return 0;
-+ {
-+ ret = 0;
-+ goto cleanup;
-+ }
-
- padding = terminator - (em + 2);
- if (padding < 8)
-- return 0;
--
-+ {
-+ ret = 0;
-+ goto cleanup;
-+ }
-+
- message_length = key_size - 3 - padding;
--
-+
- if (*length < message_length)
-- return 0;
-+ {
-+ ret = 0;
-+ goto cleanup;
-+ }
-
- memcpy(message, terminator + 1, message_length);
- *length = message_length;
--
-- return 1;
-+
-+ ret = 1;
-+cleanup:
-+ TMP_GMP_FREE(em);
-+ return ret;
- }
--
-diff --git a/pkcs1-encrypt.c b/pkcs1-encrypt.c
-index cde19bc..5246455 100644
---- a/pkcs1-encrypt.c
-+++ b/pkcs1-encrypt.c
-@@ -34,6 +34,7 @@
- #include "pkcs1.h"
-
- #include "bignum.h"
-+#include "bignum-internal.h"
- #include "nettle-internal.h"
-
- int
-@@ -43,7 +44,7 @@ pkcs1_encrypt (unsigned key_size,
- unsigned length, const uint8_t *message,
- mpz_t m)
- {
-- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
-+ TMP_GMP_DECL(em, uint8_t);
- unsigned padding;
- unsigned i;
-
-@@ -63,7 +64,7 @@ pkcs1_encrypt (unsigned key_size,
- padding = key_size - length - 3;
- assert(padding >= 8);
-
-- TMP_ALLOC(em, key_size - 1);
-+ TMP_GMP_ALLOC(em, key_size - 1);
- em[0] = 2;
-
- random(random_ctx, padding, em + 1);
-@@ -77,5 +78,7 @@ pkcs1_encrypt (unsigned key_size,
- memcpy(em + padding + 2, message, length);
-
- nettle_mpz_set_str_256_u(m, key_size - 1, em);
-+
-+ TMP_GMP_FREE(em);
- return 1;
- }
-diff --git a/pkcs1-rsa-digest.c b/pkcs1-rsa-digest.c
-index e4a6c52..3379b8f 100644
---- a/pkcs1-rsa-digest.c
-+++ b/pkcs1-rsa-digest.c
-@@ -29,21 +29,27 @@
- #include "pkcs1.h"
-
- #include "bignum.h"
-+#include "bignum-internal.h"
- #include "nettle-internal.h"
-
- int
- pkcs1_rsa_digest_encode(mpz_t m, unsigned key_size,
- unsigned di_length, const uint8_t *digest_info)
- {
-- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
-- TMP_ALLOC(em, key_size);
-+ TMP_GMP_DECL(em, uint8_t);
-+
-+ TMP_GMP_ALLOC(em, key_size);
-
- if (_pkcs1_signature_prefix(key_size, em,
- di_length, digest_info, 0))
- {
- nettle_mpz_set_str_256_u(m, key_size, em);
-+ TMP_GMP_FREE(em);
- return 1;
- }
- else
-- return 0;
-+ {
-+ TMP_GMP_FREE(em);
-+ return 0;
-+ }
- }
-diff --git a/pkcs1-rsa-md5.c b/pkcs1-rsa-md5.c
-index 00514fc..e5edaf3 100644
---- a/pkcs1-rsa-md5.c
-+++ b/pkcs1-rsa-md5.c
-@@ -34,6 +34,7 @@
- #include "rsa.h"
-
- #include "bignum.h"
-+#include "bignum-internal.h"
- #include "pkcs1.h"
-
- #include "nettle-internal.h"
-@@ -65,8 +66,9 @@ int
- pkcs1_rsa_md5_encode(mpz_t m, unsigned key_size, struct md5_ctx *hash)
- {
- uint8_t *p;
-- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
-- TMP_ALLOC(em, key_size);
-+ TMP_GMP_DECL(em, uint8_t);
-+
-+ TMP_GMP_ALLOC(em, key_size);
-
- p = _pkcs1_signature_prefix(key_size, em,
- sizeof(md5_prefix),
-@@ -76,18 +78,23 @@ pkcs1_rsa_md5_encode(mpz_t m, unsigned key_size, struct md5_ctx *hash)
- {
- md5_digest(hash, MD5_DIGEST_SIZE, p);
- nettle_mpz_set_str_256_u(m, key_size, em);
-+ TMP_GMP_FREE(em);
- return 1;
- }
- else
-- return 0;
-+ {
-+ TMP_GMP_FREE(em);
-+ return 0;
-+ }
- }
-
- int
- pkcs1_rsa_md5_encode_digest(mpz_t m, unsigned key_size, const uint8_t *digest)
- {
- uint8_t *p;
-- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
-- TMP_ALLOC(em, key_size);
-+ TMP_GMP_DECL(em, uint8_t);
-+
-+ TMP_GMP_ALLOC(em, key_size);
-
- p = _pkcs1_signature_prefix(key_size, em,
- sizeof(md5_prefix),
-@@ -97,8 +104,12 @@ pkcs1_rsa_md5_encode_digest(mpz_t m, unsigned key_size, const uint8_t *digest)
- {
- memcpy(p, digest, MD5_DIGEST_SIZE);
- nettle_mpz_set_str_256_u(m, key_size, em);
-+ TMP_GMP_FREE(em);
- return 1;
- }
- else
-- return 0;
-+ {
-+ TMP_GMP_FREE(em);
-+ return 0;
-+ }
- }
-diff --git a/pkcs1-rsa-sha1.c b/pkcs1-rsa-sha1.c
-index 2951618..2a68121 100644
---- a/pkcs1-rsa-sha1.c
-+++ b/pkcs1-rsa-sha1.c
-@@ -34,6 +34,7 @@
- #include "rsa.h"
-
- #include "bignum.h"
-+#include "bignum-internal.h"
- #include "pkcs1.h"
-
- #include "nettle-internal.h"
-@@ -65,8 +66,9 @@ int
- pkcs1_rsa_sha1_encode(mpz_t m, unsigned key_size, struct sha1_ctx *hash)
- {
- uint8_t *p;
-- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
-- TMP_ALLOC(em, key_size);
-+ TMP_GMP_DECL(em, uint8_t);
-+
-+ TMP_GMP_ALLOC(em, key_size);
-
- p = _pkcs1_signature_prefix(key_size, em,
- sizeof(sha1_prefix),
-@@ -76,18 +78,23 @@ pkcs1_rsa_sha1_encode(mpz_t m, unsigned key_size, struct sha1_ctx *hash)
- {
- sha1_digest(hash, SHA1_DIGEST_SIZE, p);
- nettle_mpz_set_str_256_u(m, key_size, em);
-+ TMP_GMP_FREE(em);
- return 1;
- }
- else
-- return 0;
-+ {
-+ TMP_GMP_FREE(em);
-+ return 0;
-+ }
- }
-
- int
- pkcs1_rsa_sha1_encode_digest(mpz_t m, unsigned key_size, const uint8_t *digest)
- {
- uint8_t *p;
-- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
-- TMP_ALLOC(em, key_size);
-+ TMP_GMP_DECL(em, uint8_t);
-+
-+ TMP_GMP_ALLOC(em, key_size);
-
- p = _pkcs1_signature_prefix(key_size, em,
- sizeof(sha1_prefix),
-@@ -97,8 +104,12 @@ pkcs1_rsa_sha1_encode_digest(mpz_t m, unsigned key_size, const uint8_t *digest)
- {
- memcpy(p, digest, SHA1_DIGEST_SIZE);
- nettle_mpz_set_str_256_u(m, key_size, em);
-+ TMP_GMP_FREE(em);
- return 1;
- }
- else
-- return 0;
-+ {
-+ TMP_GMP_FREE(em);
-+ return 0;
-+ }
- }
-diff --git a/pkcs1-rsa-sha256.c b/pkcs1-rsa-sha256.c
-index cb07375..3aaabe1 100644
---- a/pkcs1-rsa-sha256.c
-+++ b/pkcs1-rsa-sha256.c
-@@ -34,6 +34,7 @@
- #include "rsa.h"
-
- #include "bignum.h"
-+#include "bignum-internal.h"
- #include "pkcs1.h"
-
- #include "nettle-internal.h"
-@@ -63,8 +64,9 @@ int
- pkcs1_rsa_sha256_encode(mpz_t m, unsigned key_size, struct sha256_ctx *hash)
- {
- uint8_t *p;
-- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
-- TMP_ALLOC(em, key_size);
-+ TMP_GMP_DECL(em, uint8_t);
-+
-+ TMP_GMP_ALLOC(em, key_size);
-
- p = _pkcs1_signature_prefix(key_size, em,
- sizeof(sha256_prefix),
-@@ -74,18 +76,23 @@ pkcs1_rsa_sha256_encode(mpz_t m, unsigned key_size, struct sha256_ctx *hash)
- {
- sha256_digest(hash, SHA256_DIGEST_SIZE, p);
- nettle_mpz_set_str_256_u(m, key_size, em);
-+ TMP_GMP_FREE(em);
- return 1;
- }
- else
-- return 0;
-+ {
-+ TMP_GMP_FREE(em);
-+ return 0;
-+ }
- }
-
- int
- pkcs1_rsa_sha256_encode_digest(mpz_t m, unsigned key_size, const uint8_t *digest)
- {
- uint8_t *p;
-- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
-- TMP_ALLOC(em, key_size);
-+ TMP_GMP_DECL(em, uint8_t);
-+
-+ TMP_GMP_ALLOC(em, key_size);
-
- p = _pkcs1_signature_prefix(key_size, em,
- sizeof(sha256_prefix),
-@@ -95,8 +102,12 @@ pkcs1_rsa_sha256_encode_digest(mpz_t m, unsigned key_size, const uint8_t *digest
- {
- memcpy(p, digest, SHA256_DIGEST_SIZE);
- nettle_mpz_set_str_256_u(m, key_size, em);
-+ TMP_GMP_FREE(em);
- return 1;
- }
- else
-- return 0;
-+ {
-+ TMP_GMP_FREE(em);
-+ return 0;
-+ }
- }
-diff --git a/pkcs1-rsa-sha512.c b/pkcs1-rsa-sha512.c
-index 3afd790..bd3d277 100644
---- a/pkcs1-rsa-sha512.c
-+++ b/pkcs1-rsa-sha512.c
-@@ -34,6 +34,7 @@
- #include "rsa.h"
-
- #include "bignum.h"
-+#include "bignum-internal.h"
- #include "pkcs1.h"
-
- #include "nettle-internal.h"
-@@ -63,8 +64,9 @@ int
- pkcs1_rsa_sha512_encode(mpz_t m, unsigned key_size, struct sha512_ctx *hash)
- {
- uint8_t *p;
-- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
-- TMP_ALLOC(em, key_size);
-+ TMP_GMP_DECL(em, uint8_t);
-+
-+ TMP_GMP_ALLOC(em, key_size);
-
- p = _pkcs1_signature_prefix(key_size, em,
- sizeof(sha512_prefix),
-@@ -74,18 +76,23 @@ pkcs1_rsa_sha512_encode(mpz_t m, unsigned key_size, struct sha512_ctx *hash)
- {
- sha512_digest(hash, SHA512_DIGEST_SIZE, p);
- nettle_mpz_set_str_256_u(m, key_size, em);
-+ TMP_GMP_FREE(em);
- return 1;
- }
- else
-- return 0;
-+ {
-+ TMP_GMP_FREE(em);
-+ return 0;
-+ }
- }
-
- int
- pkcs1_rsa_sha512_encode_digest(mpz_t m, unsigned key_size, const uint8_t *digest)
- {
- uint8_t *p;
-- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
-- TMP_ALLOC(em, key_size);
-+ TMP_GMP_DECL(em, uint8_t);
-+
-+ TMP_GMP_ALLOC(em, key_size);
-
- p = _pkcs1_signature_prefix(key_size, em,
- sizeof(sha512_prefix),
-@@ -95,8 +102,12 @@ pkcs1_rsa_sha512_encode_digest(mpz_t m, unsigned key_size, const uint8_t *digest
- {
- memcpy(p, digest, SHA512_DIGEST_SIZE);
- nettle_mpz_set_str_256_u(m, key_size, em);
-+ TMP_GMP_FREE(em);
- return 1;
- }
- else
-- return 0;
-+ {
-+ TMP_GMP_FREE(em);
-+ return 0;
-+ }
- }