diff --git a/Makefile.in b/Makefile.in
index 52ac048209938737ba66274a8aae306a4e9cf69a..d4fa628a4490534a9fe690fc52afd21689b76a49 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -226,8 +226,11 @@ DISTFILES = $(SOURCES) $(HEADERS) getopt.h getopt_int.h \
$(des_headers) descore.README desdata.stamp \
aes-internal.h camellia-internal.h serpent-internal.h \
cast128_sboxes.h desinfo.h desCode.h \
+ ripemd160-internal.h sha2-internal.h \
memxor-internal.h nettle-internal.h nettle-write.h \
- ctr-internal.h \
+ ctr-internal.h chacha-internal.h sha3-internal.h \
+ salsa20-internal.h umac-internal.h hogweed-internal.h \
+ rsa-internal.h dsa-internal.h eddsa-internal.h \
gmp-glue.h ecc-internal.h fat-setup.h \
mini-gmp.h asm.m4 \
nettle.texinfo nettle.info nettle.html nettle.pdf sha-example.c
diff --git a/arm/fat/sha1-compress-2.asm b/arm/fat/sha1-compress-2.asm
index c326befd1ed803199a8698dbaae0d3cdc26fee53..b915bb454f9d88ad8a8ce900e732fd246739a737 100644
--- a/arm/fat/sha1-compress-2.asm
+++ b/arm/fat/sha1-compress-2.asm
@@ -31,7 +31,7 @@ ifelse(<
not, see http://www.gnu.org/licenses/.
>)
-dnl PROLOGUE(_nettle_sha1_compress) picked up by configure
+dnl PROLOGUE(nettle_sha1_compress) picked up by configure
define(<fat_transform>, <$1_armv6>)
include_src(<arm/v6/sha1-compress.asm>)
diff --git a/arm/v6/sha1-compress.asm b/arm/v6/sha1-compress.asm
index 8cc22be74248b477e682f835f5f147f0304701fa..f60b4230d041116fcd12bd1ab72c556999284343 100644
--- a/arm/v6/sha1-compress.asm
+++ b/arm/v6/sha1-compress.asm
@@ -101,7 +101,7 @@ define(<ROUND3>, <
ror $2, $2, #2
add $5, $5, T0
>)
- C void _nettle_sha1_compress(uint32_t *state, const uint8_t *input)
+ C void nettle_sha1_compress(uint32_t *state, const uint8_t *input)
.text
.align 2
@@ -112,7 +112,7 @@ define(<ROUND3>, <
.LK3:
.int 0x8F1BBCDC
-PROLOGUE(_nettle_sha1_compress)
+PROLOGUE(nettle_sha1_compress)
push {r4,r5,r6,r7,r8,r10,lr}
sub sp, sp, #64
@@ -246,7 +246,7 @@ IF_BE(< rsb SHIFT, SHIFT, #32>)
add sp, sp, #64
stm STATE, {SA,SB,SC,SD,SE}
pop {r4,r5,r6,r7,r8,r10,pc}
-EPILOGUE(_nettle_sha1_compress)
+EPILOGUE(nettle_sha1_compress)
.LK4:
.int 0xCA62C1D6
diff --git a/bignum.h b/bignum.h
index 9afcd299f8ed3a5bade1385d5ac91e5ee9462c1f..cace4d4ff1ead4ed7ad3f168f9380d8bbc390e61 100644
--- a/bignum.h
+++ b/bignum.h
@@ -109,13 +109,6 @@ nettle_random_prime(mpz_t p, unsigned bits, int top_bits_set,
void *ctx, nettle_random_func *random,
void *progress_ctx, nettle_progress_func *progress);
-void
-_nettle_generate_pocklington_prime (mpz_t p, mpz_t r,
- unsigned bits, int top_bits_set,
- void *ctx, nettle_random_func *random,
- const mpz_t p0,
- const mpz_t q,
- const mpz_t p0q);
/* sexp parsing */
struct sexp_iterator;
diff --git a/chacha-core-internal.c b/chacha-core-internal.c
index 48545aeee4b8f74b1f5de29727ba6ede8b5fd7d9..af278bb07b00430064105f584bdbf4cd812fa9d7 100644
--- a/chacha-core-internal.c
+++ b/chacha-core-internal.c
@@ -47,6 +47,7 @@
#include <string.h>
#include "chacha.h"
+#include "chacha-internal.h"
#include "macros.h"
diff --git a/chacha-crypt.c b/chacha-crypt.c
index ed1bb577566545460063102cb6d9f811cf83a5b6..63d799cef23cc626455cc408fbc5673477caead5 100644
--- a/chacha-crypt.c
+++ b/chacha-crypt.c
@@ -47,6 +47,7 @@
#include <string.h>
#include "chacha.h"
+#include "chacha-internal.h"
#include "macros.h"
#include "memxor.h"
diff --git a/chacha-internal.h b/chacha-internal.h
new file mode 100644
index 0000000000000000000000000000000000000000..1bca8e7483965eece987ec5a491ff5b8602b51cf
--- /dev/null
+++ b/chacha-internal.h
@@ -0,0 +1,46 @@
+/* chacha-internal.h
+
+ The ChaCha stream cipher.
+
+ Copyright (C) 2013 Joachim Strömbergson
+ Copyright (C) 2012 Simon Josefsson
+ Copyright (C) 2014 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+*/
+
+#ifndef NETTLE_CHACHA_INTERNAL_H_INCLUDED
+#define NETTLE_CHACHA_INTERNAL_H_INCLUDED
+
+#include "nettle-types.h"
+
+#define _chacha_core _nettle_chacha_core
+
+void
+_chacha_core(uint32_t *dst, const uint32_t *src, unsigned rounds);
+
+#endif /* NETTLE_CHACHA_INTERNAL_H_INCLUDED */
diff --git a/chacha-poly1305.c b/chacha-poly1305.c
index c5109b86f951fb58aa8164a9aaa89a95eb739457..974a502290e0f80027aede2a19a12c0bd126df68 100644
--- a/chacha-poly1305.c
+++ b/chacha-poly1305.c
@@ -52,6 +52,7 @@
#include <assert.h>
#include <string.h>
+#include "chacha-internal.h"
#include "chacha-poly1305.h"
#include "macros.h"
diff --git a/chacha.h b/chacha.h
index 3f08283473976b2c7ec5033d53cc87735b5208fc..429a55b685b0cb389910a6c1b060c7753d42b52c 100644
--- a/chacha.h
+++ b/chacha.h
@@ -47,7 +47,6 @@ extern "C" {
#define chacha_set_nonce nettle_chacha_set_nonce
#define chacha_set_nonce96 nettle_chacha_set_nonce96
#define chacha_crypt nettle_chacha_crypt
-#define _chacha_core _nettle_chacha_core
/* Currently, only 256-bit keys are supported. */
#define CHACHA_KEY_SIZE 32
@@ -86,9 +85,6 @@ void
chacha_crypt(struct chacha_ctx *ctx, size_t length,
uint8_t *dst, const uint8_t *src);
-void
-_chacha_core(uint32_t *dst, const uint32_t *src, unsigned rounds);
-
#ifdef __cplusplus
}
#endif
diff --git a/dsa-gen-params.c b/dsa-gen-params.c
index 28bc11837226e869911bae75bffbc6f170e6856e..7d9300b60dc636de77d910afa5ad1b58fff3956d 100644
--- a/dsa-gen-params.c
+++ b/dsa-gen-params.c
@@ -42,6 +42,7 @@
#include "bignum.h"
#include "nettle-internal.h"
+#include "hogweed-internal.h"
/* Valid sizes, according to FIPS 186-3 are (1024, 160), (2048, 224),
diff --git a/dsa-hash.c b/dsa-hash.c
index 5fc97fc40aadc4d42f9c79d6116e0033b36d9785..1a2ff5c3dd99e3eaff5b1faafe5ab7bcec80f337 100644
--- a/dsa-hash.c
+++ b/dsa-hash.c
@@ -34,6 +34,7 @@
#endif
#include "dsa.h"
+#include "dsa-internal.h"
#include "bignum.h"
diff --git a/dsa-internal.h b/dsa-internal.h
new file mode 100644
index 0000000000000000000000000000000000000000..2cf114a81fbede7e18ab479f23a487911952bbe9
--- /dev/null
+++ b/dsa-internal.h
@@ -0,0 +1,47 @@
+/* dsa-internal.h
+
+ The DSA publickey algorithm.
+
+ Copyright (C) 2002, 2013, 2014 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+*/
+
+#ifndef NETTLE_DSA_INTERNAL_H_INCLUDED
+#define NETTLE_DSA_INTERNAL_H_INCLUDED
+
+#include "nettle-types.h"
+
+#define _dsa_hash _nettle_dsa_hash
+
+/* Internal functions. */
+void
+_dsa_hash (mpz_t h, unsigned bit_size,
+ size_t length, const uint8_t *digest);
+
+
+#endif /* NETTLE_DSA_INTERNAL_H_INCLUDED */
diff --git a/dsa-sign.c b/dsa-sign.c
index b713743e9df58b556888653e0ff6a0b2e155bd2b..2c72f84756affe94e2970f5c24c9c988a31663ad 100644
--- a/dsa-sign.c
+++ b/dsa-sign.c
@@ -39,6 +39,7 @@
#include <stdlib.h>
#include "dsa.h"
+#include "dsa-internal.h"
#include "bignum.h"
diff --git a/dsa-verify.c b/dsa-verify.c
index cc984bd31a22c6c20a395b7bcf680ce1e912b4d5..348afdc49d445034ce717ccf3babf01ffb2a91e0 100644
--- a/dsa-verify.c
+++ b/dsa-verify.c
@@ -38,6 +38,7 @@
#include <stdlib.h>
#include "dsa.h"
+#include "dsa-internal.h"
#include "bignum.h"
diff --git a/dsa.c b/dsa.c
index efafb79ebe059a4af93736f5f47f38f026549a33..db055876f79128b80fb703e5d8b946f6d863f0f5 100644
--- a/dsa.c
+++ b/dsa.c
@@ -36,6 +36,7 @@
#endif
#include "dsa.h"
+#include "dsa-internal.h"
#include "bignum.h"
diff --git a/dsa.h b/dsa.h
index 7aa982abf575984ecda062a765b2dbe352b848d1..553ef32708561ef78fc37d35e93a3f672b155821 100644
--- a/dsa.h
+++ b/dsa.h
@@ -59,7 +59,6 @@ extern "C" {
#define dsa_public_key_from_der_iterator nettle_dsa_public_key_from_der_iterator
#define dsa_openssl_private_key_from_der_iterator nettle_dsa_openssl_private_key_from_der_iterator
#define dsa_openssl_private_key_from_der nettle_openssl_provate_key_from_der
-#define _dsa_hash _nettle_dsa_hash
/* For FIPS approved parameters */
#define DSA_SHA1_MIN_P_BITS 512
@@ -204,11 +203,6 @@ dsa_openssl_private_key_from_der(struct dsa_params *params,
size_t length, const uint8_t *data);
-/* Internal functions. */
-void
-_dsa_hash (mpz_t h, unsigned bit_size,
- size_t length, const uint8_t *digest);
-
#ifdef __cplusplus
}
#endif
diff --git a/ecc-curve.h b/ecc-curve.h
index 10d491d4423fd9986cfe237730d9437f658196d5..8af75fddb37cb8b09a531dc394ba7a289802d3a2 100644
--- a/ecc-curve.h
+++ b/ecc-curve.h
@@ -41,12 +41,6 @@ extern "C" {
/* The contents of this struct is internal. */
struct ecc_curve;
-extern const struct ecc_curve _nettle_secp_192r1;
-extern const struct ecc_curve _nettle_secp_224r1;
-extern const struct ecc_curve _nettle_secp_256r1;
-extern const struct ecc_curve _nettle_secp_384r1;
-extern const struct ecc_curve _nettle_secp_521r1;
-
#ifdef __GNUC__
#define NETTLE_PURE __attribute__((pure))
#else
diff --git a/ecc-internal.h b/ecc-internal.h
index ce1e34fb2117bc861272ab5159dd101cc20d6c0f..94fc218b18092c147ea95b3b986ef1166985cf01 100644
--- a/ecc-internal.h
+++ b/ecc-internal.h
@@ -73,6 +73,12 @@
#define sec_modinv _nettle_sec_modinv
#define curve25519_eh_to_x _nettle_curve25519_eh_to_x
+extern const struct ecc_curve _nettle_secp_192r1;
+extern const struct ecc_curve _nettle_secp_224r1;
+extern const struct ecc_curve _nettle_secp_256r1;
+extern const struct ecc_curve _nettle_secp_384r1;
+extern const struct ecc_curve _nettle_secp_521r1;
+
/* Keep this structure internal for now. It's misnamed (since it's
really implementing the equivalent twisted Edwards curve, with
different coordinates). And we're not quite ready to provide
diff --git a/ed25519-sha512-pubkey.c b/ed25519-sha512-pubkey.c
index 438446e2e69fb679c6a048bbda5068e79ad1ea60..7afb1ccd9714a8fb7706118cea45ec2e51678876 100644
--- a/ed25519-sha512-pubkey.c
+++ b/ed25519-sha512-pubkey.c
@@ -34,6 +34,7 @@
#endif
#include "eddsa.h"
+#include "eddsa-internal.h"
#include "ecc-internal.h"
#include "sha2.h"
diff --git a/ed25519-sha512-sign.c b/ed25519-sha512-sign.c
index af9de2093d853cbe01bed6e51df8e7240050e4d4..84cb1698a9d09f34ad8c34fe07d12c82cc4a8f7d 100644
--- a/ed25519-sha512-sign.c
+++ b/ed25519-sha512-sign.c
@@ -34,6 +34,7 @@
#endif
#include "eddsa.h"
+#include "eddsa-internal.h"
#include "ecc-internal.h"
#include "sha2.h"
diff --git a/ed25519-sha512-verify.c b/ed25519-sha512-verify.c
index e9ba5ae4e714d4ce387397c909612e485891922a..1d6a8c2297422b0883485a84ab5e8a76c84719fa 100644
--- a/ed25519-sha512-verify.c
+++ b/ed25519-sha512-verify.c
@@ -36,6 +36,7 @@
#include <string.h>
#include "eddsa.h"
+#include "eddsa-internal.h"
#include "ecc-internal.h"
#include "sha2.h"
diff --git a/eddsa-compress.c b/eddsa-compress.c
index 40959586314783d5a6400395917e0cccc33cc14b..547ba736dc7b4cdaa8dea83b840092b6b1867a5d 100644
--- a/eddsa-compress.c
+++ b/eddsa-compress.c
@@ -34,6 +34,7 @@
#endif
#include "eddsa.h"
+#include "eddsa-internal.h"
#include "ecc-internal.h"
#include "gmp-glue.h"
diff --git a/eddsa-decompress.c b/eddsa-decompress.c
index 755501682fd2480c885bc5f24574d15e9f8f7ff6..f114b576fffe8827de8d18c25e4ca0016e0156f7 100644
--- a/eddsa-decompress.c
+++ b/eddsa-decompress.c
@@ -34,6 +34,7 @@
#endif
#include "eddsa.h"
+#include "eddsa-internal.h"
#include "ecc-internal.h"
#include "gmp-glue.h"
diff --git a/eddsa-expand.c b/eddsa-expand.c
index dc2bfaf199a031889b1fc2da54189fe5af637e48..62a6437811acee47d927875a2cfbf78d0c8cdb4a 100644
--- a/eddsa-expand.c
+++ b/eddsa-expand.c
@@ -37,6 +37,7 @@
#include <string.h>
#include "eddsa.h"
+#include "eddsa-internal.h"
#include "ecc.h"
#include "ecc-internal.h"
diff --git a/eddsa-hash.c b/eddsa-hash.c
index 4fb79f1b389e38f73f779743e4a08ea199afc2ee..46f6ca34422c82bcac60dc49c14ede51140c126a 100644
--- a/eddsa-hash.c
+++ b/eddsa-hash.c
@@ -36,6 +36,7 @@
#include <assert.h>
#include "eddsa.h"
+#include "eddsa-internal.h"
#include "ecc.h"
#include "ecc-internal.h"
diff --git a/eddsa-internal.h b/eddsa-internal.h
new file mode 100644
index 0000000000000000000000000000000000000000..abf02f484f1142fb562e233dc4b20a1dd1db8c32
--- /dev/null
+++ b/eddsa-internal.h
@@ -0,0 +1,115 @@
+/* eddsa.h
+
+ Copyright (C) 2014 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+*/
+
+#ifndef NETTLE_EDDSA_INTERNAL_H
+#define NETTLE_EDDSA_INTERNAL_H
+
+#include "nettle-types.h"
+
+#define _eddsa_compress _nettle_eddsa_compress
+#define _eddsa_compress_itch _nettle_eddsa_compress_itch
+#define _eddsa_decompress _nettle_eddsa_decompress
+#define _eddsa_decompress_itch _nettle_eddsa_decompress_itch
+#define _eddsa_hash _nettle_eddsa_hash
+#define _eddsa_expand_key _nettle_eddsa_expand_key
+#define _eddsa_sign _nettle_eddsa_sign
+#define _eddsa_sign_itch _nettle_eddsa_sign_itch
+#define _eddsa_verify _nettle_eddsa_verify
+#define _eddsa_verify_itch _nettle_eddsa_verify_itch
+#define _eddsa_public_key_itch _nettle_eddsa_public_key_itch
+#define _eddsa_public_key _nettle_eddsa_public_key
+
+/* Low-level internal functions */
+
+struct ecc_curve;
+struct ecc_modulo;
+
+mp_size_t
+_eddsa_compress_itch (const struct ecc_curve *ecc);
+void
+_eddsa_compress (const struct ecc_curve *ecc, uint8_t *r, mp_limb_t *p,
+ mp_limb_t *scratch);
+
+mp_size_t
+_eddsa_decompress_itch (const struct ecc_curve *ecc);
+int
+_eddsa_decompress (const struct ecc_curve *ecc, mp_limb_t *p,
+ const uint8_t *cp,
+ mp_limb_t *scratch);
+
+void
+_eddsa_hash (const struct ecc_modulo *m,
+ mp_limb_t *rp, const uint8_t *digest);
+
+mp_size_t
+_eddsa_sign_itch (const struct ecc_curve *ecc);
+
+void
+_eddsa_sign (const struct ecc_curve *ecc,
+ const struct nettle_hash *H,
+ const uint8_t *pub,
+ void *ctx,
+ const mp_limb_t *k2,
+ size_t length,
+ const uint8_t *msg,
+ uint8_t *signature,
+ mp_limb_t *scratch);
+
+mp_size_t
+_eddsa_verify_itch (const struct ecc_curve *ecc);
+
+int
+_eddsa_verify (const struct ecc_curve *ecc,
+ const struct nettle_hash *H,
+ const uint8_t *pub,
+ const mp_limb_t *A,
+ void *ctx,
+ size_t length,
+ const uint8_t *msg,
+ const uint8_t *signature,
+ mp_limb_t *scratch);
+
+void
+_eddsa_expand_key (const struct ecc_curve *ecc,
+ const struct nettle_hash *H,
+ void *ctx,
+ const uint8_t *key,
+ uint8_t *digest,
+ mp_limb_t *k2);
+
+mp_size_t
+_eddsa_public_key_itch (const struct ecc_curve *ecc);
+
+void
+_eddsa_public_key (const struct ecc_curve *ecc,
+ const mp_limb_t *k, uint8_t *pub, mp_limb_t *scratch);
+
+#endif /* NETTLE_EDDSA_INTERNAL_H */
diff --git a/eddsa-pubkey.c b/eddsa-pubkey.c
index d1546707eb2f1c5c47f7704e78455dfe90980fdd..c952ad17421946e282f50e4926d997ffec3a9b54 100644
--- a/eddsa-pubkey.c
+++ b/eddsa-pubkey.c
@@ -34,6 +34,7 @@
#endif
#include "eddsa.h"
+#include "eddsa-internal.h"
#include "ecc-internal.h"
diff --git a/eddsa-sign.c b/eddsa-sign.c
index c1404f67139550aebd6b518f49fe5b5f9f414f86..5832c23a8007104149cfd8bb33a5396d937960b0 100644
--- a/eddsa-sign.c
+++ b/eddsa-sign.c
@@ -36,6 +36,7 @@
#include <assert.h>
#include "eddsa.h"
+#include "eddsa-internal.h"
#include "ecc.h"
#include "ecc-internal.h"
diff --git a/eddsa-verify.c b/eddsa-verify.c
index 5541d9757ae35827b33ba0b781124fbcbc579c86..7718a1260463569156e2cea99b8aba5f2deee152 100644
--- a/eddsa-verify.c
+++ b/eddsa-verify.c
@@ -36,6 +36,7 @@
#include <assert.h>
#include "eddsa.h"
+#include "eddsa-internal.h"
#include "ecc.h"
#include "ecc-internal.h"
diff --git a/eddsa.h b/eddsa.h
index 49f1a025c0007f3d50ad137b5edc64cdcb4e2768..968ffffbbbb079c4dc6218bed4215f89a31c97ff 100644
--- a/eddsa.h
+++ b/eddsa.h
@@ -46,19 +46,6 @@ extern "C" {
#define ed25519_sha512_sign nettle_ed25519_sha512_sign
#define ed25519_sha512_verify nettle_ed25519_sha512_verify
-#define _eddsa_compress _nettle_eddsa_compress
-#define _eddsa_compress_itch _nettle_eddsa_compress_itch
-#define _eddsa_decompress _nettle_eddsa_decompress
-#define _eddsa_decompress_itch _nettle_eddsa_decompress_itch
-#define _eddsa_hash _nettle_eddsa_hash
-#define _eddsa_expand_key _nettle_eddsa_expand_key
-#define _eddsa_sign _nettle_eddsa_sign
-#define _eddsa_sign_itch _nettle_eddsa_sign_itch
-#define _eddsa_verify _nettle_eddsa_verify
-#define _eddsa_verify_itch _nettle_eddsa_verify_itch
-#define _eddsa_public_key_itch _nettle_eddsa_public_key_itch
-#define _eddsa_public_key _nettle_eddsa_public_key
-
#define ED25519_KEY_SIZE 32
#define ED25519_SIGNATURE_SIZE 64
@@ -76,71 +63,6 @@ ed25519_sha512_verify (const uint8_t *pub,
size_t length, const uint8_t *msg,
const uint8_t *signature);
-/* Low-level internal functions */
-
-struct ecc_curve;
-struct ecc_modulo;
-
-mp_size_t
-_eddsa_compress_itch (const struct ecc_curve *ecc);
-void
-_eddsa_compress (const struct ecc_curve *ecc, uint8_t *r, mp_limb_t *p,
- mp_limb_t *scratch);
-
-mp_size_t
-_eddsa_decompress_itch (const struct ecc_curve *ecc);
-int
-_eddsa_decompress (const struct ecc_curve *ecc, mp_limb_t *p,
- const uint8_t *cp,
- mp_limb_t *scratch);
-
-void
-_eddsa_hash (const struct ecc_modulo *m,
- mp_limb_t *rp, const uint8_t *digest);
-
-mp_size_t
-_eddsa_sign_itch (const struct ecc_curve *ecc);
-
-void
-_eddsa_sign (const struct ecc_curve *ecc,
- const struct nettle_hash *H,
- const uint8_t *pub,
- void *ctx,
- const mp_limb_t *k2,
- size_t length,
- const uint8_t *msg,
- uint8_t *signature,
- mp_limb_t *scratch);
-
-mp_size_t
-_eddsa_verify_itch (const struct ecc_curve *ecc);
-
-int
-_eddsa_verify (const struct ecc_curve *ecc,
- const struct nettle_hash *H,
- const uint8_t *pub,
- const mp_limb_t *A,
- void *ctx,
- size_t length,
- const uint8_t *msg,
- const uint8_t *signature,
- mp_limb_t *scratch);
-
-void
-_eddsa_expand_key (const struct ecc_curve *ecc,
- const struct nettle_hash *H,
- void *ctx,
- const uint8_t *key,
- uint8_t *digest,
- mp_limb_t *k2);
-
-mp_size_t
-_eddsa_public_key_itch (const struct ecc_curve *ecc);
-
-void
-_eddsa_public_key (const struct ecc_curve *ecc,
- const mp_limb_t *k, uint8_t *pub, mp_limb_t *scratch);
-
#ifdef __cplusplus
}
diff --git a/examples/nettle-benchmark.c b/examples/nettle-benchmark.c
index b6863cb5408161e4d22d8b0cba61138a1d1e2839..5a88e72dd678db5e316ef2464af2c903e79ef2c5 100644
--- a/examples/nettle-benchmark.c
+++ b/examples/nettle-benchmark.c
@@ -58,6 +58,7 @@
#include "gcm.h"
#include "memxor.h"
#include "salsa20.h"
+#include "salsa20-internal.h"
#include "serpent.h"
#include "sha1.h"
#include "sha2.h"
@@ -717,7 +718,7 @@ bench_sha1_compress(void)
uint8_t data[SHA1_BLOCK_SIZE];
double t;
- TIME_CYCLES (t, _nettle_sha1_compress(state, data));
+ TIME_CYCLES (t, nettle_sha1_compress(state, data));
printf("sha1_compress: %.2f cycles\n", t);
}
diff --git a/fat-arm.c b/fat-arm.c
index d52b1439f2d88991c26b5a4b00f76ff45a8203df..34099d8d1074e5e0c8e2a1bcfacc38175902ffe0 100644
--- a/fat-arm.c
+++ b/fat-arm.c
@@ -147,7 +147,7 @@ DECLARE_FAT_FUNC(_nettle_salsa20_core, salsa20_core_func)
DECLARE_FAT_FUNC_VAR(salsa20_core, salsa20_core_func, c)
DECLARE_FAT_FUNC_VAR(salsa20_core, salsa20_core_func, neon)
-DECLARE_FAT_FUNC(_nettle_sha1_compress, sha1_compress_func)
+DECLARE_FAT_FUNC(nettle_sha1_compress, sha1_compress_func)
DECLARE_FAT_FUNC_VAR(sha1_compress, sha1_compress_func, c)
DECLARE_FAT_FUNC_VAR(sha1_compress, sha1_compress_func, armv6)
@@ -243,7 +243,7 @@ DEFINE_FAT_FUNC(_nettle_salsa20_core, void,
(uint32_t *dst, const uint32_t *src, unsigned rounds),
(dst, src, rounds))
-DEFINE_FAT_FUNC(_nettle_sha1_compress, void,
+DEFINE_FAT_FUNC(nettle_sha1_compress, void,
(uint32_t *state, const uint8_t *input),
(state, input))
diff --git a/fat-x86_64.c b/fat-x86_64.c
index b66d086143d468de08ac9e997a93e09d49e8a278..904c0eaa85a0ac12537124c414e9e263f8e0a05a 100644
--- a/fat-x86_64.c
+++ b/fat-x86_64.c
@@ -123,7 +123,7 @@ DECLARE_FAT_FUNC(nettle_memxor, memxor_func)
DECLARE_FAT_FUNC_VAR(memxor, memxor_func, x86_64)
DECLARE_FAT_FUNC_VAR(memxor, memxor_func, sse2)
-DECLARE_FAT_FUNC(_nettle_sha1_compress, sha1_compress_func)
+DECLARE_FAT_FUNC(nettle_sha1_compress, sha1_compress_func)
DECLARE_FAT_FUNC_VAR(sha1_compress, sha1_compress_func, x86_64)
DECLARE_FAT_FUNC_VAR(sha1_compress, sha1_compress_func, sha_ni)
@@ -175,7 +175,7 @@ fat_init (void)
{
if (verbose)
fprintf (stderr, "libnettle: using sha_ni instructions.\n");
- _nettle_sha1_compress_vec = _nettle_sha1_compress_sha_ni;
+ nettle_sha1_compress_vec = _nettle_sha1_compress_sha_ni;
_nettle_sha256_compress_vec = _nettle_sha256_compress_sha_ni;
}
else
@@ -217,7 +217,7 @@ DEFINE_FAT_FUNC(nettle_memxor, void *,
(void *dst, const void *src, size_t n),
(dst, src, n))
-DEFINE_FAT_FUNC(_nettle_sha1_compress, void,
+DEFINE_FAT_FUNC(nettle_sha1_compress, void,
(uint32_t *state, const uint8_t *input),
(state, input))
diff --git a/hogweed-internal.h b/hogweed-internal.h
new file mode 100644
index 0000000000000000000000000000000000000000..03e9d7b8891f75493383c2917d98dd261cec973e
--- /dev/null
+++ b/hogweed-internal.h
@@ -0,0 +1,54 @@
+/* hogweed-internal.h
+
+ Bignum operations that are missing from gmp.
+
+ Copyright (C) 2001 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+*/
+
+#ifndef NETTLE_HOGWEED_INTERNAL_H_INCLUDED
+#define NETTLE_HOGWEED_INTERNAL_H_INCLUDED
+
+void
+_nettle_generate_pocklington_prime (mpz_t p, mpz_t r,
+ unsigned bits, int top_bits_set,
+ void *ctx, nettle_random_func *random,
+ const mpz_t p0,
+ const mpz_t q,
+ const mpz_t p0q);
+
+#define _pkcs1_signature_prefix _nettle_pkcs1_signature_prefix
+
+uint8_t *
+_pkcs1_signature_prefix(unsigned key_size,
+ uint8_t *buffer,
+ unsigned id_size,
+ const uint8_t *id,
+ unsigned digest_size);
+
+#endif /* NETTLE_HOGWEED_INTERNAL_H_INCLUDED */
diff --git a/libhogweed.map.in b/libhogweed.map.in
index eea6ed8151e57843a146cf3cfb541f540be72f97..6913f95146398dcf00832d9abaaba2309248c125 100644
--- a/libhogweed.map.in
+++ b/libhogweed.map.in
@@ -1,4 +1,4 @@
-# libhogweed.map -- libhogweed linker version script. -*- ld-script -*-
+# libhogweed.map.in -- linker version script. -*- ld-script -*-
#
# The symbol version must be updated on every hogweed
@@ -8,11 +8,20 @@
HOGWEED_@LIBHOGWEED_MAJOR@
{
global:
- nettle_*;
- _nettle_*;
@HOGWEED_EXTRA_SYMBOLS@
+ nettle_*;
local:
*;
};
+# Internal symbols which are to be used only for unit or other
+# testing. Compatibility may break across releases.
+HOGWEED_INTERNAL_@LIBHOGWEED_MAJOR@_@LIBNETTLE_MINOR@
+{
+ global:
+ _nettle_*;
+
+ local:
+ *;
+};
diff --git a/libnettle.map.in b/libnettle.map.in
index 02455bc54977d173358fa2df0e88bd925ac2c222..95557217af551a4b96c7609916aac965f9fb8491 100644
--- a/libnettle.map.in
+++ b/libnettle.map.in
@@ -1,4 +1,4 @@
-# libnettle.map -- libnettle linker version script. -*- ld-script -*-
+# libnettle.map.in -- linker version script. -*- ld-script -*-
#
# The symbol version must be updated on every nettle
@@ -9,9 +9,18 @@ NETTLE_@LIBNETTLE_MAJOR@
{
global:
nettle_*;
- _nettle_*;
local:
*;
};
+# Internal symbols which are to be used only for unit or other
+# testing. Compatibility may break across releases.
+NETTLE_INTERNAL_@LIBNETTLE_MAJOR@_@LIBNETTLE_MINOR@
+{
+ global:
+ _nettle_*;
+
+ local:
+ *;
+};
diff --git a/md5-compress.c b/md5-compress.c
index dab33e305f2c6ba9825c22f1a3845ef9134adff6..6fe3256ed51a013907cf420c57a07531b22f5e04 100644
--- a/md5-compress.c
+++ b/md5-compress.c
@@ -79,7 +79,7 @@
* (_MD5_DIGEST_LENGTH) words. */
void
-_nettle_md5_compress(uint32_t *digest, const uint8_t *input)
+nettle_md5_compress(uint32_t *digest, const uint8_t *input)
{
uint32_t data[MD5_DATA_LENGTH];
uint32_t a, b, c, d;
diff --git a/md5.c b/md5.c
index 142b112e1950d79f1c9b1f5dcd654ff85714b3dc..cc009b4a8dc84b4dd2a8833485d22222f7886a3d 100644
--- a/md5.c
+++ b/md5.c
@@ -61,7 +61,7 @@ md5_init(struct md5_ctx *ctx)
ctx->index = 0;
}
-#define COMPRESS(ctx, data) (_nettle_md5_compress((ctx)->state, (data)))
+#define COMPRESS(ctx, data) (nettle_md5_compress((ctx)->state, (data)))
void
md5_update(struct md5_ctx *ctx,
@@ -86,7 +86,7 @@ md5_digest(struct md5_ctx *ctx,
bit_count = (ctx->count << 9) | (ctx->index << 3);
LE_WRITE_UINT64(ctx->block + (MD5_BLOCK_SIZE - 8), bit_count);
- _nettle_md5_compress(ctx->state, ctx->block);
+ nettle_md5_compress(ctx->state, ctx->block);
_nettle_write_le32(length, digest, ctx->state);
md5_init(ctx);
diff --git a/md5.h b/md5.h
index 040cf9dea9112489c420c51a6ada8f435d7d2aba..6feb39cc380bbd7ab82d52ef7304864ddf53f96f 100644
--- a/md5.h
+++ b/md5.h
@@ -77,7 +77,9 @@ md5_digest(struct md5_ctx *ctx,
/* Internal compression function. STATE points to 4 uint32_t words,
and DATA points to 64 bytes of input data, possibly unaligned. */
void
-_nettle_md5_compress(uint32_t *state, const uint8_t *data);
+nettle_md5_compress(uint32_t *state, const uint8_t *data);
+
+#define _nettle_md5_compress nettle_md5_compress
#ifdef __cplusplus
}
diff --git a/nettle-internal.h b/nettle-internal.h
index dbd989b720396cdec701c13372273d5f4984d905..dc379f1f53ae090c490593d85f506d0619898dc5 100644
--- a/nettle-internal.h
+++ b/nettle-internal.h
@@ -115,4 +115,6 @@ extern const struct nettle_aead nettle_openssl_arcfour128;
extern const struct nettle_hash nettle_openssl_md5;
extern const struct nettle_hash nettle_openssl_sha1;
+extern const struct nettle_hash * const _nettle_hashes[];
+
#endif /* NETTLE_INTERNAL_H_INCLUDED */
diff --git a/nettle-lookup-hash.c b/nettle-lookup-hash.c
index f508783a40ed23e8db87537cfb1afc243883bef8..555091ea8e854315d61b5690821ca16cf29fd4de 100644
--- a/nettle-lookup-hash.c
+++ b/nettle-lookup-hash.c
@@ -37,6 +37,7 @@
#include <string.h>
#include "nettle-meta.h"
+#include "nettle-internal.h"
const struct nettle_hash *
nettle_lookup_hash (const char *name)
diff --git a/nettle-meta.h b/nettle-meta.h
index 3c13e9b295ed966253fdf7b75dcf6ad749230178..8fe1cf84651b91afdbb2d2d409f7f294cc5f8da1 100644
--- a/nettle-meta.h
+++ b/nettle-meta.h
@@ -61,8 +61,6 @@ struct nettle_cipher
};
/* null-terminated list of ciphers implemented by this version of nettle */
-extern const struct nettle_cipher * const _nettle_ciphers[];
-
const struct nettle_cipher * const *
#ifdef __GNUC__
__attribute__((pure))
@@ -123,8 +121,6 @@ struct nettle_hash
}
/* null-terminated list of digests implemented by this version of nettle */
-extern const struct nettle_hash * const _nettle_hashes[];
-
const struct nettle_hash * const *
#ifdef __GNUC__
__attribute__((pure))
@@ -176,8 +172,6 @@ struct nettle_aead
/* null-terminated list of aead constructions implemented by this
version of nettle */
-extern const struct nettle_aead * const _nettle_aeads[];
-
const struct nettle_aead * const *
#ifdef __GNUC__
__attribute__((pure))
@@ -244,8 +238,6 @@ struct nettle_armor
}
/* null-terminated list of armor schemes implemented by this version of nettle */
-extern const struct nettle_armor * const _nettle_armors[];
-
const struct nettle_armor * const *
#ifdef __GNUC__
__attribute__((pure))
diff --git a/pkcs1-rsa-digest.c b/pkcs1-rsa-digest.c
index 79555a898efbaa512c61670ee9be6227c95d94c5..60d205555d20f74ea3a736dd93b35f0b94ba3e7b 100644
--- a/pkcs1-rsa-digest.c
+++ b/pkcs1-rsa-digest.c
@@ -34,10 +34,10 @@
#endif
#include "pkcs1.h"
-
#include "bignum.h"
#include "gmp-glue.h"
#include "nettle-internal.h"
+#include "hogweed-internal.h"
int
pkcs1_rsa_digest_encode(mpz_t m, size_t key_size,
diff --git a/pkcs1-rsa-md5.c b/pkcs1-rsa-md5.c
index aaf3b4bdc903f1b7a78251f3eb80a7b329ac5041..4b44155d5b35401356f8b0823c51400b9c5bd6d4 100644
--- a/pkcs1-rsa-md5.c
+++ b/pkcs1-rsa-md5.c
@@ -43,6 +43,7 @@
#include "bignum.h"
#include "pkcs1.h"
+#include "hogweed-internal.h"
#include "gmp-glue.h"
diff --git a/pkcs1-rsa-sha1.c b/pkcs1-rsa-sha1.c
index f2467d8abd26136d7f3cbfdef98c364b953bea3d..b9ac83aaf0f1e02935867b8ae3d2913003d828cb 100644
--- a/pkcs1-rsa-sha1.c
+++ b/pkcs1-rsa-sha1.c
@@ -43,6 +43,7 @@
#include "bignum.h"
#include "pkcs1.h"
+#include "hogweed-internal.h"
#include "gmp-glue.h"
diff --git a/pkcs1-rsa-sha256.c b/pkcs1-rsa-sha256.c
index a93211cdecbbf47b1ddab0c91ef1c57526d2ce69..3c524318d8318cc86b38334d58dbc48b4af837c8 100644
--- a/pkcs1-rsa-sha256.c
+++ b/pkcs1-rsa-sha256.c
@@ -43,6 +43,7 @@
#include "bignum.h"
#include "pkcs1.h"
+#include "hogweed-internal.h"
#include "gmp-glue.h"
diff --git a/pkcs1-rsa-sha512.c b/pkcs1-rsa-sha512.c
index a798f5ac339fb802877ffc9853f9c619c12d7534..b9e788f3c71be82d2d4661d0b9d7291dc020f80b 100644
--- a/pkcs1-rsa-sha512.c
+++ b/pkcs1-rsa-sha512.c
@@ -43,6 +43,7 @@
#include "bignum.h"
#include "pkcs1.h"
+#include "hogweed-internal.h"
#include "gmp-glue.h"
diff --git a/pkcs1.c b/pkcs1.c
index c2ff68999c1d7ef937f183105dc387690156f745..15d54e1fcb49b74c7abf288b0449980a7b4f9906 100644
--- a/pkcs1.c
+++ b/pkcs1.c
@@ -39,6 +39,7 @@
#include <string.h>
#include "pkcs1.h"
+#include "hogweed-internal.h"
/* Formats the PKCS#1 padding, of the form
*
diff --git a/pkcs1.h b/pkcs1.h
index 70aa21f17ce66bf147b1a0a8b26ce77fae5d25f3..06ad5f9141d994f6d74ffe57e457a010a0b36833 100644
--- a/pkcs1.h
+++ b/pkcs1.h
@@ -42,7 +42,6 @@ extern "C" {
#endif
/* Name mangling */
-#define _pkcs1_signature_prefix _nettle_pkcs1_signature_prefix
#define pkcs1_rsa_digest_encode nettle_pkcs1_rsa_digest_encode
#define pkcs1_rsa_md5_encode nettle_pkcs1_rsa_md5_encode
#define pkcs1_rsa_md5_encode_digest nettle_pkcs1_rsa_md5_encode_digest
@@ -60,13 +59,6 @@ struct sha1_ctx;
struct sha256_ctx;
struct sha512_ctx;
-uint8_t *
-_pkcs1_signature_prefix(unsigned key_size,
- uint8_t *buffer,
- unsigned id_size,
- const uint8_t *id,
- unsigned digest_size);
-
int
pkcs1_encrypt (size_t key_size,
/* For padding */
diff --git a/ripemd160-internal.h b/ripemd160-internal.h
new file mode 100644
index 0000000000000000000000000000000000000000..e44e2fbe42cc08ad9502e25534ddf96c9e798472
--- /dev/null
+++ b/ripemd160-internal.h
@@ -0,0 +1,43 @@
+/* ripemd160-internal.h
+
+ RIPEMD-160 hash function.
+
+ Copyright (C) 2011 Andres Mejia
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+*/
+
+#ifndef NETTLE_RIPEMD160_INTERNAL_H_INCLUDED
+#define NETTLE_RIPEMD160_INTERNAL_H_INCLUDED
+
+
+/* Internal compression function. STATE points to 5 uint32_t words,
+ and DATA points to 64 bytes of input data, possibly unaligned. */
+void
+_nettle_ripemd160_compress(uint32_t *state, const uint8_t *data);
+
+#endif /* NETTLE_RIPEMD160_INTERNAL_H_INCLUDED */
diff --git a/ripemd160.c b/ripemd160.c
index c5743d6ab0623b8ea0955952073c88b97153c510..56ffee33cd6d3032d40efbbcf4dfd4188894b2a8 100644
--- a/ripemd160.c
+++ b/ripemd160.c
@@ -40,6 +40,7 @@
#include <assert.h>
#include "ripemd160.h"
+#include "ripemd160-internal.h"
#include "macros.h"
#include "nettle-write.h"
diff --git a/ripemd160.h b/ripemd160.h
index 80d1d8a759005878d958eb08bd907f4a3c0cd4a9..4fee0c605ba57f444cddfbe59dda24683d341e93 100644
--- a/ripemd160.h
+++ b/ripemd160.h
@@ -76,11 +76,6 @@ ripemd160_digest(struct ripemd160_ctx *ctx,
size_t length,
uint8_t *digest);
-/* Internal compression function. STATE points to 5 uint32_t words,
- and DATA points to 64 bytes of input data, possibly unaligned. */
-void
-_nettle_ripemd160_compress(uint32_t *state, const uint8_t *data);
-
#ifdef __cplusplus
}
#endif
diff --git a/rsa-blind.c b/rsa-blind.c
index 16b03d77a757a3af98956fee8f397276a6833a47..0deb94434d0bf7a6202de0856eb282ae1bda80f7 100644
--- a/rsa-blind.c
+++ b/rsa-blind.c
@@ -36,6 +36,7 @@
#endif
#include "rsa.h"
+#include "rsa-internal.h"
#include "bignum.h"
diff --git a/rsa-decrypt-tr.c b/rsa-decrypt-tr.c
index e4fbc5fef3a5eeb522618a0b367f7d04a2fcf6e6..e800b71ef2c41f219e8e3771adddd2b6652a4d77 100644
--- a/rsa-decrypt-tr.c
+++ b/rsa-decrypt-tr.c
@@ -37,6 +37,7 @@
#endif
#include "rsa.h"
+#include "rsa-internal.h"
#include "bignum.h"
#include "pkcs1.h"
diff --git a/rsa-encrypt.c b/rsa-encrypt.c
index b2761ba23e1917e2113a939f915049b50e419157..b9903279ec0ac2ac8d9c4ffb988db044e50058a3 100644
--- a/rsa-encrypt.c
+++ b/rsa-encrypt.c
@@ -36,6 +36,7 @@
#endif
#include "rsa.h"
+#include "rsa-internal.h"
#include "pkcs1.h"
diff --git a/rsa-internal.h b/rsa-internal.h
new file mode 100644
index 0000000000000000000000000000000000000000..1f98f95fd7e1ab34e85ac6fafb15205e47d401ff
--- /dev/null
+++ b/rsa-internal.h
@@ -0,0 +1,68 @@
+/* rsa-internal.h
+
+ The RSA publickey algorithm.
+
+ Copyright (C) 2001, 2002 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+*/
+
+#ifndef NETTLE_RSA_INTERNAL_H_INCLUDED
+#define NETTLE_RSA_INTERNAL_H_INCLUDED
+
+#include "nettle-types.h"
+
+#define _rsa_verify _nettle_rsa_verify
+#define _rsa_verify_recover _nettle_rsa_verify_recover
+#define _rsa_check_size _nettle_rsa_check_size
+#define _rsa_blind _nettle_rsa_blind
+#define _rsa_unblind _nettle_rsa_unblind
+
+/* Internal functions. */
+int
+_rsa_verify(const struct rsa_public_key *key,
+ const mpz_t m,
+ const mpz_t s);
+
+int
+_rsa_verify_recover(const struct rsa_public_key *key,
+ mpz_t m,
+ const mpz_t s);
+
+size_t
+_rsa_check_size(mpz_t n);
+
+/* _rsa_blind and _rsa_unblind are deprecated, unused in the library,
+ and will likely be removed with the next ABI break. */
+void
+_rsa_blind (const struct rsa_public_key *pub,
+ void *random_ctx, nettle_random_func *random,
+ mpz_t c, mpz_t ri);
+void
+_rsa_unblind (const struct rsa_public_key *pub, mpz_t c, const mpz_t ri);
+
+#endif /* NETTLE_RSA_INTERNAL_H_INCLUDED */
diff --git a/rsa-keygen.c b/rsa-keygen.c
index a9ce8ee1fb29729386f0ff4d8c8d5d45e39e9429..bf04cb827ec5ca37730088e55d415448f6b9a76d 100644
--- a/rsa-keygen.c
+++ b/rsa-keygen.c
@@ -39,6 +39,7 @@
#include <stdlib.h>
#include "rsa.h"
+#include "rsa-internal.h"
#include "bignum.h"
#ifndef DEBUG
diff --git a/rsa-md5-sign-tr.c b/rsa-md5-sign-tr.c
index 318d5390ff5e87a517920b60b9431f6ee981a646..4c362ec5a374f616b9bc9eeb3f46f76ede4f3700 100644
--- a/rsa-md5-sign-tr.c
+++ b/rsa-md5-sign-tr.c
@@ -38,6 +38,7 @@
#include <assert.h>
#include "rsa.h"
+#include "rsa-internal.h"
#include "bignum.h"
#include "pkcs1.h"
diff --git a/rsa-md5-sign.c b/rsa-md5-sign.c
index d39fd08bcad086c3931eb67c7583865aaeb32341..84f1cc007cc3a33b874260fe4c0dfe8795c22c18 100644
--- a/rsa-md5-sign.c
+++ b/rsa-md5-sign.c
@@ -38,6 +38,7 @@
#include <assert.h>
#include "rsa.h"
+#include "rsa-internal.h"
#include "bignum.h"
#include "pkcs1.h"
diff --git a/rsa-md5-verify.c b/rsa-md5-verify.c
index b3205b6293ace237d72f5f7c224832de57d3cd89..2211f2e486b9b3c5b6c958dab4d82eb8f4c4c75a 100644
--- a/rsa-md5-verify.c
+++ b/rsa-md5-verify.c
@@ -38,6 +38,7 @@
#include <assert.h>
#include "rsa.h"
+#include "rsa-internal.h"
#include "bignum.h"
#include "pkcs1.h"
diff --git a/rsa-pkcs1-sign-tr.c b/rsa-pkcs1-sign-tr.c
index 00094b566d8efc0fb3b358902b38c31970a49e6e..5ac14ff98a7f79b9ddd494cd39119675c72213a3 100644
--- a/rsa-pkcs1-sign-tr.c
+++ b/rsa-pkcs1-sign-tr.c
@@ -35,6 +35,7 @@
# include "config.h"
#endif
#include "rsa.h"
+#include "rsa-internal.h"
#include "pkcs1.h"
diff --git a/rsa-pkcs1-sign.c b/rsa-pkcs1-sign.c
index 27a8b24bddf84c6597e1940ae9a95902b1478c76..a1a6b2e8fac038cc1e4d7220dac49e276719cdd6 100644
--- a/rsa-pkcs1-sign.c
+++ b/rsa-pkcs1-sign.c
@@ -36,6 +36,7 @@
#endif
#include "rsa.h"
+#include "rsa-internal.h"
#include "pkcs1.h"
diff --git a/rsa-pkcs1-verify.c b/rsa-pkcs1-verify.c
index 12c412463c430bb5c16963d76b22e0cc06df052e..def1c02cfbf9ac8ceb6f86ec495f5f05710c5af4 100644
--- a/rsa-pkcs1-verify.c
+++ b/rsa-pkcs1-verify.c
@@ -36,6 +36,7 @@
#endif
#include "rsa.h"
+#include "rsa-internal.h"
#include "pkcs1.h"
diff --git a/rsa-pss-sha256-sign-tr.c b/rsa-pss-sha256-sign-tr.c
index b17e40ededa9a5c4e1c8c8a2ad931b499ed56688..a0880098564018623cbc216a17e1ed35c65240eb 100644
--- a/rsa-pss-sha256-sign-tr.c
+++ b/rsa-pss-sha256-sign-tr.c
@@ -36,6 +36,7 @@
#endif
#include "rsa.h"
+#include "rsa-internal.h"
#include "bignum.h"
#include "pss.h"
diff --git a/rsa-pss-sha256-verify.c b/rsa-pss-sha256-verify.c
index 81bc4e68a986472b51b1b4b2f4d864b9338f53ec..496f1bd34c0d96e5dcdf944a20e36dd4de59aeaa 100644
--- a/rsa-pss-sha256-verify.c
+++ b/rsa-pss-sha256-verify.c
@@ -36,6 +36,7 @@
#endif
#include "rsa.h"
+#include "rsa-internal.h"
#include "bignum.h"
#include "pss.h"
diff --git a/rsa-pss-sha512-sign-tr.c b/rsa-pss-sha512-sign-tr.c
index 59536d6dac1f2b976df69a13674528c5634a46ff..fb840b0fab9e1fc57ee8ddf2cc0387b12df87a3e 100644
--- a/rsa-pss-sha512-sign-tr.c
+++ b/rsa-pss-sha512-sign-tr.c
@@ -36,6 +36,7 @@
#endif
#include "rsa.h"
+#include "rsa-internal.h"
#include "bignum.h"
#include "pss.h"
diff --git a/rsa-pss-sha512-verify.c b/rsa-pss-sha512-verify.c
index 34f8e81d1cc555be45ce9fb6e884fa6c24603ae6..a74120ae4cf165022384f9faaa7212221bd701ef 100644
--- a/rsa-pss-sha512-verify.c
+++ b/rsa-pss-sha512-verify.c
@@ -36,6 +36,7 @@
#endif
#include "rsa.h"
+#include "rsa-internal.h"
#include "bignum.h"
#include "pss.h"
diff --git a/rsa-sha1-sign-tr.c b/rsa-sha1-sign-tr.c
index 707acdeca657102fea5fda3734ba4693f0d6c0f4..6305611eb0306d64350b6e2cfb9359f933892904 100644
--- a/rsa-sha1-sign-tr.c
+++ b/rsa-sha1-sign-tr.c
@@ -38,6 +38,7 @@
#include <assert.h>
#include "rsa.h"
+#include "rsa-internal.h"
#include "bignum.h"
#include "pkcs1.h"
diff --git a/rsa-sha1-sign.c b/rsa-sha1-sign.c
index 69d6efc3e18db3af79f6a73af78c750fc7983079..4eb9963c3711c5b6436e4f8dcf7fee13b10ea3a1 100644
--- a/rsa-sha1-sign.c
+++ b/rsa-sha1-sign.c
@@ -38,6 +38,7 @@
#include <assert.h>
#include "rsa.h"
+#include "rsa-internal.h"
#include "bignum.h"
#include "pkcs1.h"
diff --git a/rsa-sha1-verify.c b/rsa-sha1-verify.c
index a7ae5a906ff5822eb04ea6efb74a1499af540a95..b2fbd8ca6204973f3c80286922dac72e3f8da4fb 100644
--- a/rsa-sha1-verify.c
+++ b/rsa-sha1-verify.c
@@ -38,6 +38,7 @@
#include <assert.h>
#include "rsa.h"
+#include "rsa-internal.h"
#include "bignum.h"
#include "pkcs1.h"
diff --git a/rsa-sha256-sign-tr.c b/rsa-sha256-sign-tr.c
index 4179af8f5838c669b011eb142efa01803d6eb8e7..0b1c3df7df5bec8189f4a2f83291c6307af520a2 100644
--- a/rsa-sha256-sign-tr.c
+++ b/rsa-sha256-sign-tr.c
@@ -38,6 +38,7 @@
#include <assert.h>
#include "rsa.h"
+#include "rsa-internal.h"
#include "bignum.h"
#include "pkcs1.h"
diff --git a/rsa-sha256-sign.c b/rsa-sha256-sign.c
index b4fe40bf36587c47019cac0858d0f2b21313033d..7491c62614419fe3c1d40a6a7d5984aa20d6d81a 100644
--- a/rsa-sha256-sign.c
+++ b/rsa-sha256-sign.c
@@ -38,6 +38,7 @@
#include <assert.h>
#include "rsa.h"
+#include "rsa-internal.h"
#include "bignum.h"
#include "pkcs1.h"
diff --git a/rsa-sha256-verify.c b/rsa-sha256-verify.c
index a7b079203682de2603ce0640fabfe9b1ab6084fb..f8b24dcb4b4db1fd9f331bfed7a3187fd8083bf9 100644
--- a/rsa-sha256-verify.c
+++ b/rsa-sha256-verify.c
@@ -38,6 +38,7 @@
#include <assert.h>
#include "rsa.h"
+#include "rsa-internal.h"
#include "bignum.h"
#include "pkcs1.h"
diff --git a/rsa-sha512-sign-tr.c b/rsa-sha512-sign-tr.c
index 158b80f2ad1f7fce54f582968d3fd64e05d51f30..e19ff7aeef5d77567f3d8a8cb00959d83d8f839f 100644
--- a/rsa-sha512-sign-tr.c
+++ b/rsa-sha512-sign-tr.c
@@ -38,6 +38,7 @@
#include <assert.h>
#include "rsa.h"
+#include "rsa-internal.h"
#include "bignum.h"
#include "pkcs1.h"
diff --git a/rsa-sha512-sign.c b/rsa-sha512-sign.c
index bfdddb7baed68e452a93026396e47aee35c70cf8..a96ed61d62746c92e9c4693d592befc29c903fa4 100644
--- a/rsa-sha512-sign.c
+++ b/rsa-sha512-sign.c
@@ -38,6 +38,7 @@
#include <assert.h>
#include "rsa.h"
+#include "rsa-internal.h"
#include "bignum.h"
#include "pkcs1.h"
diff --git a/rsa-sha512-verify.c b/rsa-sha512-verify.c
index aa3e1204e4d24a542d6db132d5bd333706fb67b6..03dfded5050a5eef7719543769e70d797f75426c 100644
--- a/rsa-sha512-verify.c
+++ b/rsa-sha512-verify.c
@@ -38,6 +38,7 @@
#include <assert.h>
#include "rsa.h"
+#include "rsa-internal.h"
#include "bignum.h"
#include "pkcs1.h"
diff --git a/rsa-sign-tr.c b/rsa-sign-tr.c
index 8542cae23d94d4d53da4ddf0d0239ad1d0ac5287..257a02b4e7f6be06f4dbddc86f75c82725e25249 100644
--- a/rsa-sign-tr.c
+++ b/rsa-sign-tr.c
@@ -37,6 +37,7 @@
#endif
#include "rsa.h"
+#include "rsa-internal.h"
/* Blinds m, by computing c = m r^e (mod n), for a random r. Also
returns the inverse (ri), for use by rsa_unblind. */
diff --git a/rsa-sign.c b/rsa-sign.c
index 48323527dfadad4848170456050c841d8f2f139a..a5b6cfab121e912e5711eda77d86337c2c0d6951 100644
--- a/rsa-sign.c
+++ b/rsa-sign.c
@@ -36,6 +36,7 @@
#endif
#include "rsa.h"
+#include "rsa-internal.h"
#include "bignum.h"
diff --git a/rsa-verify.c b/rsa-verify.c
index 43a55d213d35b80d9ab55ac227dc726ccd89eb38..b090946a64cb630596a194e6c766decee02b5ae0 100644
--- a/rsa-verify.c
+++ b/rsa-verify.c
@@ -36,6 +36,7 @@
#endif
#include "rsa.h"
+#include "rsa-internal.h"
#include "bignum.h"
diff --git a/rsa.c b/rsa.c
index f5941409c2c153594342f68f7f4389ef301024a1..65f00f648bc37a799de10dcb8e40065f9f6dd525 100644
--- a/rsa.c
+++ b/rsa.c
@@ -36,6 +36,7 @@
#endif
#include "rsa.h"
+#include "rsa-internal.h"
#include "bignum.h"
diff --git a/rsa.h b/rsa.h
index 2143fcd2ad6c04486bf978195e2fea7458583fd1..7d66d004b8661eb21dab54dfeeeb04c2051bea0f 100644
--- a/rsa.h
+++ b/rsa.h
@@ -98,11 +98,6 @@ extern "C" {
#define rsa_private_key_from_der_iterator nettle_rsa_private_key_from_der_iterator
#define rsa_keypair_from_der nettle_rsa_keypair_from_der
#define rsa_keypair_to_openpgp nettle_rsa_keypair_to_openpgp
-#define _rsa_verify _nettle_rsa_verify
-#define _rsa_verify_recover _nettle_rsa_verify_recover
-#define _rsa_check_size _nettle_rsa_check_size
-#define _rsa_blind _nettle_rsa_blind
-#define _rsa_unblind _nettle_rsa_unblind
/* This limit is somewhat arbitrary. Technically, the smallest modulo
which makes sense at all is 15 = 3*5, phi(15) = 8, size 4 bits. But
@@ -524,28 +519,6 @@ rsa_keypair_to_openpgp(struct nettle_buffer *buffer,
/* A single user id. NUL-terminated utf8. */
const char *userid);
-/* Internal functions. */
-int
-_rsa_verify(const struct rsa_public_key *key,
- const mpz_t m,
- const mpz_t s);
-
-int
-_rsa_verify_recover(const struct rsa_public_key *key,
- mpz_t m,
- const mpz_t s);
-
-size_t
-_rsa_check_size(mpz_t n);
-
-/* _rsa_blind and _rsa_unblind are deprecated, unused in the library,
- and will likely be removed with the next ABI break. */
-void
-_rsa_blind (const struct rsa_public_key *pub,
- void *random_ctx, nettle_random_func *random,
- mpz_t c, mpz_t ri);
-void
-_rsa_unblind (const struct rsa_public_key *pub, mpz_t c, const mpz_t ri);
#ifdef __cplusplus
}
diff --git a/salsa20-core-internal.c b/salsa20-core-internal.c
index c26057d56b6309a4ee8f23c95e1047bddbfd546a..f9d3daf2301dc71722c321066a7963a3c011c4ff 100644
--- a/salsa20-core-internal.c
+++ b/salsa20-core-internal.c
@@ -45,6 +45,7 @@
#include <string.h>
#include "salsa20.h"
+#include "salsa20-internal.h"
#include "macros.h"
diff --git a/salsa20-crypt.c b/salsa20-crypt.c
index eef5c75c6144f6aaafa89284f84a7a3b59b24a69..770b3b4c529383cbf4ea2e51c057cc0022b5c3b6 100644
--- a/salsa20-crypt.c
+++ b/salsa20-crypt.c
@@ -44,6 +44,7 @@
#include <string.h>
#include "salsa20.h"
+#include "salsa20-internal.h"
#include "macros.h"
#include "memxor.h"
diff --git a/salsa20-internal.h b/salsa20-internal.h
new file mode 100644
index 0000000000000000000000000000000000000000..e056b8d3b9a18f216bd7911aad273dacfc1c24ef
--- /dev/null
+++ b/salsa20-internal.h
@@ -0,0 +1,45 @@
+/* salsa20-internal.h
+
+ The Salsa20 stream cipher.
+
+ Copyright (C) 2012 Simon Josefsson
+ Copyright (C) 2001 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+*/
+
+#ifndef NETTLE_SALSA20_INTERNAL_H_INCLUDED
+#define NETTLE_SALSA20_INTERNAL_H_INCLUDED
+
+#include "nettle-types.h"
+
+#define _salsa20_core _nettle_salsa20_core
+
+void
+_salsa20_core(uint32_t *dst, const uint32_t *src, unsigned rounds);
+
+#endif /* NETTLE_SALSA20_INTERNAL_H_INCLUDED */
diff --git a/salsa20.h b/salsa20.h
index 430198845c804b7883aad844ee78d2f5e95b0dc9..9f731f26ed29a3faa5b9c8ae12dbc1f121be5515 100644
--- a/salsa20.h
+++ b/salsa20.h
@@ -47,7 +47,6 @@ extern "C" {
#define salsa20_256_set_key nettle_salsa20_256_set_key
#define salsa20_set_nonce nettle_salsa20_set_nonce
#define salsa20_crypt nettle_salsa20_crypt
-#define _salsa20_core _nettle_salsa20_core
#define salsa20r12_crypt nettle_salsa20r12_crypt
@@ -104,9 +103,6 @@ salsa20r12_crypt(struct salsa20_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src);
-void
-_salsa20_core(uint32_t *dst, const uint32_t *src, unsigned rounds);
-
#ifdef __cplusplus
}
#endif
diff --git a/salsa20r12-crypt.c b/salsa20r12-crypt.c
index a71c4cc38b342e75983a65678227c7602c9548cf..20aecfc0480199dbda5e8dcd872c8353bfc03e47 100644
--- a/salsa20r12-crypt.c
+++ b/salsa20r12-crypt.c
@@ -44,6 +44,7 @@
#include <string.h>
#include "salsa20.h"
+#include "salsa20-internal.h"
#include "macros.h"
#include "memxor.h"
diff --git a/sha1-compress.c b/sha1-compress.c
index 377b9c1e5fc9506489865cc74e605deebd47bd81..5fb9181bae41cccf72243bf5af1cf980d6b33642 100644
--- a/sha1-compress.c
+++ b/sha1-compress.c
@@ -142,7 +142,7 @@ _nettle_sha1_compress_c(uint32_t *state, const uint8_t *input);
sections, e.g. based on the four subrounds. */
void
-_nettle_sha1_compress(uint32_t *state, const uint8_t *input)
+nettle_sha1_compress(uint32_t *state, const uint8_t *input)
{
uint32_t data[SHA1_DATA_LENGTH];
uint32_t A, B, C, D, E; /* Local vars */
diff --git a/sha1.c b/sha1.c
index a585727ef6b1a1524e352620dad943e550751d6d..af73096c90166322b50d6787a4c8dc9fde7417f0 100644
--- a/sha1.c
+++ b/sha1.c
@@ -68,7 +68,7 @@ sha1_init(struct sha1_ctx *ctx)
ctx->index = 0;
}
-#define COMPRESS(ctx, data) (_nettle_sha1_compress((ctx)->state, data))
+#define COMPRESS(ctx, data) (nettle_sha1_compress((ctx)->state, data))
void
sha1_update(struct sha1_ctx *ctx,
@@ -93,7 +93,7 @@ sha1_digest(struct sha1_ctx *ctx,
/* append the 64 bit count */
WRITE_UINT64(ctx->block + (SHA1_BLOCK_SIZE - 8), bit_count);
- _nettle_sha1_compress(ctx->state, ctx->block);
+ nettle_sha1_compress(ctx->state, ctx->block);
_nettle_write_be32(length, digest, ctx->state);
sha1_init(ctx);
diff --git a/sha1.h b/sha1.h
index 7500d0c25bead51e8370339cded7f656a7d26fbe..e84807d231d2c7683d663a5a0426a139102d6a29 100644
--- a/sha1.h
+++ b/sha1.h
@@ -79,7 +79,9 @@ sha1_digest(struct sha1_ctx *ctx,
/* Internal compression function. STATE points to 5 uint32_t words,
and DATA points to 64 bytes of input data, possibly unaligned. */
void
-_nettle_sha1_compress(uint32_t *state, const uint8_t *data);
+nettle_sha1_compress(uint32_t *state, const uint8_t *data);
+
+#define _nettle_sha1_compress nettle_sha1_compress
#ifdef __cplusplus
}
diff --git a/sha2-internal.h b/sha2-internal.h
new file mode 100644
index 0000000000000000000000000000000000000000..40f25a5f86adfb31898cf1e9450d757353a24dba
--- /dev/null
+++ b/sha2-internal.h
@@ -0,0 +1,52 @@
+/* sha2-internal.h
+
+ The sha2 family of hash functions.
+
+ Copyright (C) 2001, 2012 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+*/
+
+#ifndef NETTLE_SHA2_INTERNAL_H_INCLUDED
+#define NETTLE_SHA2_INTERNAL_H_INCLUDED
+
+#include "nettle-types.h"
+
+/* Internal compression function. STATE points to 8 uint32_t words,
+ DATA points to 64 bytes of input data, possibly unaligned, and K
+ points to the table of constants. */
+void
+_nettle_sha256_compress(uint32_t *state, const uint8_t *data, const uint32_t *k);
+
+/* Internal compression function. STATE points to 8 uint64_t words,
+ DATA points to 128 bytes of input data, possibly unaligned, and K
+ points to the table of constants. */
+void
+_nettle_sha512_compress(uint64_t *state, const uint8_t *data, const uint64_t *k);
+
+
+#endif /* NETTLE_SHA2_INTERNAL_H_INCLUDED */
diff --git a/sha2.h b/sha2.h
index 6537c0eceb64d18ad3ce8db685be1cc8e9940838..7e02f1865d73d55e7809194b74beed8f25a71144 100644
--- a/sha2.h
+++ b/sha2.h
@@ -91,12 +91,6 @@ sha256_digest(struct sha256_ctx *ctx,
size_t length,
uint8_t *digest);
-/* Internal compression function. STATE points to 8 uint32_t words,
- DATA points to 64 bytes of input data, possibly unaligned, and K
- points to the table of constants. */
-void
-_nettle_sha256_compress(uint32_t *state, const uint8_t *data, const uint32_t *k);
-
/* SHA224, a truncated SHA256 with different initial state. */
@@ -144,12 +138,6 @@ sha512_digest(struct sha512_ctx *ctx,
size_t length,
uint8_t *digest);
-/* Internal compression function. STATE points to 8 uint64_t words,
- DATA points to 128 bytes of input data, possibly unaligned, and K
- points to the table of constants. */
-void
-_nettle_sha512_compress(uint64_t *state, const uint8_t *data, const uint64_t *k);
-
/* SHA384, a truncated SHA512 with different initial state. */
diff --git a/sha256-compress.c b/sha256-compress.c
index 156c8cf9832965b5cb6014fbaf99773f5b5c73cb..cf17e3e1400c3510f3abc73a74de0fda6d9c51c6 100644
--- a/sha256-compress.c
+++ b/sha256-compress.c
@@ -53,6 +53,7 @@
#include <string.h>
#include "sha2.h"
+#include "sha2-internal.h"
#include "macros.h"
diff --git a/sha256.c b/sha256.c
index c632b7f4f41a53f509ac68a3826b3d8d23e28e70..253c13191356e33987c7006466cb523f1ad10f0f 100644
--- a/sha256.c
+++ b/sha256.c
@@ -43,6 +43,7 @@
#include <string.h>
#include "sha2.h"
+#include "sha2-internal.h"
#include "macros.h"
#include "nettle-write.h"
diff --git a/sha3-224-meta.c b/sha3-224-meta.c
index f0021b4fbb38f17213bbf71b728626e84b267507..bf39bc3b128168116a6909b56a1a1239084af22d 100644
--- a/sha3-224-meta.c
+++ b/sha3-224-meta.c
@@ -36,6 +36,7 @@
#include "nettle-meta.h"
#include "sha3.h"
+#include "sha3-internal.h"
const struct nettle_hash nettle_sha3_224
= _NETTLE_HASH(sha3_224, SHA3_224);
diff --git a/sha3-224.c b/sha3-224.c
index 83fce158e7c5b72596f5371764d68b073a78dd8e..853c9503b0c12f2c758515a9d0df57c02aa2cc00 100644
--- a/sha3-224.c
+++ b/sha3-224.c
@@ -39,6 +39,7 @@
#include <string.h>
#include "sha3.h"
+#include "sha3-internal.h"
#include "nettle-write.h"
diff --git a/sha3-256-meta.c b/sha3-256-meta.c
index d56ee898d521c7bf1fa870384a734d80b7994bc2..649d74228d4d231dc14b131dc132497b58acc4ff 100644
--- a/sha3-256-meta.c
+++ b/sha3-256-meta.c
@@ -36,6 +36,7 @@
#include "nettle-meta.h"
#include "sha3.h"
+#include "sha3-internal.h"
const struct nettle_hash nettle_sha3_256
= _NETTLE_HASH(sha3_256, SHA3_256);
diff --git a/sha3-256.c b/sha3-256.c
index ca9b02095c6b6a5fd4db590530f606c13581b758..cf3e7b020f42e026566c60ba2f2a5233bf5050d9 100644
--- a/sha3-256.c
+++ b/sha3-256.c
@@ -39,6 +39,7 @@
#include <string.h>
#include "sha3.h"
+#include "sha3-internal.h"
#include "nettle-write.h"
diff --git a/sha3-384-meta.c b/sha3-384-meta.c
index 3d38526cae58a52ec148a6fb37c345eb07fe1b9b..38373394043ea027fcd12ee3d637f414401949ac 100644
--- a/sha3-384-meta.c
+++ b/sha3-384-meta.c
@@ -36,6 +36,7 @@
#include "nettle-meta.h"
#include "sha3.h"
+#include "sha3-internal.h"
const struct nettle_hash nettle_sha3_384
= _NETTLE_HASH(sha3_384, SHA3_384);
diff --git a/sha3-384.c b/sha3-384.c
index 148ba1d3e805bf7b5c3e030903462e8a58104636..c0dec5171c3833d2408e6c24ba6f7870f6cd4c2e 100644
--- a/sha3-384.c
+++ b/sha3-384.c
@@ -39,6 +39,7 @@
#include <string.h>
#include "sha3.h"
+#include "sha3-internal.h"
#include "nettle-write.h"
diff --git a/sha3-512-meta.c b/sha3-512-meta.c
index e000128f23dc3ca2cbe938d18b62315601694291..aff96373d0df5bd7f886f22578237afc6ef67af0 100644
--- a/sha3-512-meta.c
+++ b/sha3-512-meta.c
@@ -36,6 +36,7 @@
#include "nettle-meta.h"
#include "sha3.h"
+#include "sha3-internal.h"
const struct nettle_hash nettle_sha3_512
= _NETTLE_HASH(sha3_512, SHA3_512);
diff --git a/sha3-512.c b/sha3-512.c
index 145662b0d7e68672af3c0d34490061885995e69f..b477ec1b4cff09feabef3232f7f05d07e5dedbaf 100644
--- a/sha3-512.c
+++ b/sha3-512.c
@@ -39,6 +39,7 @@
#include <string.h>
#include "sha3.h"
+#include "sha3-internal.h"
#include "nettle-write.h"
diff --git a/sha3-internal.h b/sha3-internal.h
new file mode 100644
index 0000000000000000000000000000000000000000..172a9273c2226759d754146bd03a7855dd00050f
--- /dev/null
+++ b/sha3-internal.h
@@ -0,0 +1,52 @@
+/* sha3-internal.h
+
+ The sha3 hash function (aka Keccak).
+
+ Copyright (C) 2012 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+*/
+
+#ifndef NETTLE_SHA3_INTERNAL_H_INCLUDED
+#define NETTLE_SHA3_INTERNAL_H_INCLUDED
+
+#include "nettle-types.h"
+
+#define _sha3_update _nettle_sha3_update
+#define _sha3_pad _nettle_sha3_pad
+
+unsigned
+_sha3_update (struct sha3_state *state,
+ unsigned block_size, uint8_t *block,
+ unsigned pos,
+ size_t length, const uint8_t *data);
+void
+_sha3_pad (struct sha3_state *state,
+ unsigned block_size, uint8_t *block, unsigned pos);
+
+
+#endif
diff --git a/sha3-permute.c b/sha3-permute.c
index 14fb0d4c1ef69eb838277fd79e68a4fad36f43c1..b1b8a56d60613828416f678194f7889d63658d76 100644
--- a/sha3-permute.c
+++ b/sha3-permute.c
@@ -36,6 +36,7 @@
#endif
#include "sha3.h"
+#include "sha3-internal.h"
#include "macros.h"
diff --git a/sha3.c b/sha3.c
index 24581db20438fd56388bdfb5bb2fd494b4ea5668..4a083be2fcd19c594ff322190bee6b85daee3820 100644
--- a/sha3.c
+++ b/sha3.c
@@ -39,6 +39,7 @@
#include <string.h>
#include "sha3.h"
+#include "sha3-internal.h"
#include "macros.h"
#include "memxor.h"
diff --git a/sha3.h b/sha3.h
index 0c655376492fc1fa1130833028316f034ae4fcde..ad9b71c895f0e26689f6be618be0966d4ff3e171 100644
--- a/sha3.h
+++ b/sha3.h
@@ -42,8 +42,6 @@ extern "C" {
/* Name mangling */
#define sha3_permute nettle_sha3_permute
-#define _sha3_update _nettle_sha3_update
-#define _sha3_pad _nettle_sha3_pad
#define sha3_224_init nettle_sha3_224_init
#define sha3_224_update nettle_sha3_224_update
#define sha3_224_digest nettle_sha3_224_digest
@@ -75,15 +73,6 @@ struct sha3_state
void
sha3_permute (struct sha3_state *state);
-unsigned
-_sha3_update (struct sha3_state *state,
- unsigned block_size, uint8_t *block,
- unsigned pos,
- size_t length, const uint8_t *data);
-void
-_sha3_pad (struct sha3_state *state,
- unsigned block_size, uint8_t *block, unsigned pos);
-
/* The "capacity" is set to 2*(digest size), 512 bits or 64 octets.
The "rate" is the width - capacity, or width - 2 * (digest
size). */
diff --git a/sha512.c b/sha512.c
index 249c4f057a9b7231713d6efe759df0af0ea71729..6936cb50114281507091e193cbcab2262df2e502 100644
--- a/sha512.c
+++ b/sha512.c
@@ -44,6 +44,7 @@
#include <string.h>
#include "sha2.h"
+#include "sha2-internal.h"
#include "macros.h"
diff --git a/testsuite/chacha-test.c b/testsuite/chacha-test.c
index 9edb9410ee514bf17035ea7c3756a73d02749395..d6489e9cde79355c6e153772a467aaef721a436b 100644
--- a/testsuite/chacha-test.c
+++ b/testsuite/chacha-test.c
@@ -35,6 +35,7 @@
#include "testutils.h"
#include "chacha.h"
+#include "chacha-internal.h"
static void
test_chacha(const struct tstring *key, const struct tstring *nonce,
diff --git a/testsuite/eddsa-compress-test.c b/testsuite/eddsa-compress-test.c
index 9ceb6fe98cf762fff1bd0e792d1d4f5cbf06034c..f95da870967efa6dd5ee9fec9efa27df5f03adbe 100644
--- a/testsuite/eddsa-compress-test.c
+++ b/testsuite/eddsa-compress-test.c
@@ -32,6 +32,7 @@
#include "testutils.h"
#include "eddsa.h"
+#include "eddsa-internal.h"
#define COUNT 1000
diff --git a/testsuite/eddsa-sign-test.c b/testsuite/eddsa-sign-test.c
index c496e6eb3030424e56f42567e2d0b4bccda0c679..c1da82282a7b73778c50be4edb8c7071bba43404 100644
--- a/testsuite/eddsa-sign-test.c
+++ b/testsuite/eddsa-sign-test.c
@@ -32,6 +32,7 @@
#include "testutils.h"
#include "eddsa.h"
+#include "eddsa-internal.h"
static void
test_eddsa_sign (const struct ecc_curve *ecc,
diff --git a/testsuite/eddsa-verify-test.c b/testsuite/eddsa-verify-test.c
index dd6712abe57256fdf03ccd2fc33275476e842d21..770080591b1318ea69fea08f37c289059650aa0c 100644
--- a/testsuite/eddsa-verify-test.c
+++ b/testsuite/eddsa-verify-test.c
@@ -32,6 +32,7 @@
#include "testutils.h"
#include "eddsa.h"
+#include "eddsa-internal.h"
static void
test_eddsa (const struct ecc_curve *ecc,
diff --git a/testsuite/pkcs1-test.c b/testsuite/pkcs1-test.c
index 891ed3d5d7a7503eed2386b2159b0508a461a172..7aedc388a7d18818d0ed17806a65d70ea512d75f 100644
--- a/testsuite/pkcs1-test.c
+++ b/testsuite/pkcs1-test.c
@@ -1,6 +1,7 @@
#include "testutils.h"
#include "pkcs1.h"
+#include "hogweed-internal.h"
void
test_main(void)
diff --git a/testsuite/sha3-permute-test.c b/testsuite/sha3-permute-test.c
index 81892a37b8369ba239854f9daf775b1df9c90a89..1e4e9deaefa1d6bf00b4c80a91fafec5e458946b 100644
--- a/testsuite/sha3-permute-test.c
+++ b/testsuite/sha3-permute-test.c
@@ -1,6 +1,7 @@
#include "testutils.h"
#include "sha3.h"
+#include "sha3-internal.h"
static void
display (const struct sha3_state *state)
diff --git a/umac-internal.h b/umac-internal.h
new file mode 100644
index 0000000000000000000000000000000000000000..1d2cc0916c6594638524ea2953a98fa02dcd794e
--- /dev/null
+++ b/umac-internal.h
@@ -0,0 +1,95 @@
+/* umac-internal.h
+
+ UMAC message authentication code (RFC-4418).
+
+ Copyright (C) 2013 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+*/
+
+#ifndef NETTLE_UMAC_INTERNAL_H_INCLUDED
+#define NETTLE_UMAC_INTERNAL_H_INCLUDED
+
+#include "nettle-types.h"
+
+#define _umac_set_key _nettle_umac_set_key
+#define _umac_nh _nettle_umac_nh
+#define _umac_nh_n _nettle_umac_nh_n
+#define _umac_poly64 _nettle_umac_poly64
+#define _umac_poly128 _nettle_umac_poly128
+#define _umac_l2_init _nettle_umac_l2_init
+#define _umac_l2 _nettle_umac_l2
+#define _umac_l2_final _nettle_umac_l2_final
+#define _umac_l3_init _nettle_umac_l3_init
+#define _umac_l3 _nettle_umac_l3
+
+void
+_umac_set_key (uint32_t *l1_key, uint32_t *l2_key,
+ uint64_t *l3_key1, uint32_t *l3_key2,
+ struct aes128_ctx *pad, const uint8_t *key, unsigned n);
+
+uint64_t
+_umac_nh (const uint32_t *key, unsigned length, const uint8_t *msg);
+
+/* Equivalent to
+
+ for (i = 0; i < n; i++)
+ out[i] = _umac_nh (key + 4*i, length, msg);
+
+ but processing input only once.
+*/
+void
+_umac_nh_n (uint64_t *out, unsigned n, const uint32_t *key,
+ unsigned length, const uint8_t *msg);
+
+/* Returns y*k + m (mod p), including "marker" processing. Return
+ value is *not* in canonical representation, and must be normalized
+ before the output is used. */
+uint64_t
+_umac_poly64 (uint32_t kh, uint32_t kl, uint64_t y, uint64_t m);
+
+void
+_umac_poly128 (const uint32_t *k, uint64_t *y, uint64_t mh, uint64_t ml);
+
+void
+_umac_l2_init (unsigned size, uint32_t *k);
+
+void
+_umac_l2(const uint32_t *key, uint64_t *state, unsigned n,
+ uint64_t count, const uint64_t *m);
+
+void
+_umac_l2_final(const uint32_t *key, uint64_t *state, unsigned n,
+ uint64_t count);
+
+void
+_umac_l3_init (unsigned size, uint64_t *k);
+
+uint32_t
+_umac_l3 (const uint64_t *key, const uint64_t *m);
+
+#endif /* NETTLE_UMAC_INTERNAL_H_INCLUDED */
diff --git a/umac-l2.c b/umac-l2.c
index cd20baca3715934f8711372a46c121ee66d13c38..97d6e2cb2756a5da538f8be872bd4f02cf8d6fd2 100644
--- a/umac-l2.c
+++ b/umac-l2.c
@@ -37,6 +37,7 @@
#include <string.h>
#include "umac.h"
+#include "umac-internal.h"
#include "macros.h"
diff --git a/umac-l3.c b/umac-l3.c
index f7b4c2be72caf7f0509dab91221a6a748db57427..6812ddfb2bdbc5496039cbfabd4c94d78ad03781 100644
--- a/umac-l3.c
+++ b/umac-l3.c
@@ -34,6 +34,7 @@
#endif
#include "umac.h"
+#include "umac-internal.h"
#include "macros.h"
diff --git a/umac-nh-n.c b/umac-nh-n.c
index e92337169759fba8d936c4aa32fd813db9e735fb..7c3998971dcb90c2f4c8d110a9f49bbace064975 100644
--- a/umac-nh-n.c
+++ b/umac-nh-n.c
@@ -37,6 +37,7 @@
#include <string.h>
#include "umac.h"
+#include "umac-internal.h"
#include "macros.h"
/* For fat builds */
diff --git a/umac-nh.c b/umac-nh.c
index ab1b392ae997e7a39ad004b360e7615c8ae521f2..9afbe804f3876f739b81511ff60073758a67dea6 100644
--- a/umac-nh.c
+++ b/umac-nh.c
@@ -36,6 +36,7 @@
#include <assert.h>
#include "umac.h"
+#include "umac-internal.h"
#include "macros.h"
/* For fat builds */
diff --git a/umac-poly128.c b/umac-poly128.c
index 890e94a8adee28eda1ff111fb8e31d2b6c42dab8..1049b9095fc5cff21c626362851083f10fdf8350 100644
--- a/umac-poly128.c
+++ b/umac-poly128.c
@@ -36,6 +36,7 @@
#include <assert.h>
#include "umac.h"
+#include "umac-internal.h"
#define HI(x) (x >> 32)
#define LO(x) (x & 0xffffffffUL)
diff --git a/umac-poly64.c b/umac-poly64.c
index d3dafdf3d489fdb549d73144d8ae7022c3677fc6..11137cb5b476cab3625c9e9427304738afc37b5d 100644
--- a/umac-poly64.c
+++ b/umac-poly64.c
@@ -36,6 +36,7 @@
#include <assert.h>
#include "umac.h"
+#include "umac-internal.h"
static uint64_t
poly64_mul (uint32_t kh, uint32_t kl, uint64_t y)
diff --git a/umac-set-key.c b/umac-set-key.c
index 13a9589c8924def59fce479e0a653eceb90f1f5a..24aa390b379e6e8b6b1c4fccbc9d88938bebf91b 100644
--- a/umac-set-key.c
+++ b/umac-set-key.c
@@ -36,6 +36,7 @@
#include <string.h>
#include "umac.h"
+#include "umac-internal.h"
#include "macros.h"
diff --git a/umac.h b/umac.h
index f4d3c7ad1363df08d1cce10a43ec2e7e5afeddc6..0db87221d0171c4bbfd638a1c99b1aea3cf2fa8c 100644
--- a/umac.h
+++ b/umac.h
@@ -55,16 +55,6 @@ extern "C" {
#define umac64_digest nettle_umac64_digest
#define umac96_digest nettle_umac96_digest
#define umac128_digest nettle_umac128_digest
-#define _umac_set_key _nettle_umac_set_key
-#define _umac_nh _nettle_umac_nh
-#define _umac_nh_n _nettle_umac_nh_n
-#define _umac_poly64 _nettle_umac_poly64
-#define _umac_poly128 _nettle_umac_poly128
-#define _umac_l2_init _nettle_umac_l2_init
-#define _umac_l2 _nettle_umac_l2
-#define _umac_l2_final _nettle_umac_l2_final
-#define _umac_l3_init _nettle_umac_l3_init
-#define _umac_l3 _nettle_umac_l3
#include "nettle-types.h"
#include "aes.h"
@@ -201,51 +191,6 @@ umac128_digest (struct umac128_ctx *ctx,
#define UMAC_P128_HI (~(uint64_t) 0)
#define UMAC_P128_LO (-(uint64_t) UMAC_P128_OFFSET)
-void
-_umac_set_key (uint32_t *l1_key, uint32_t *l2_key,
- uint64_t *l3_key1, uint32_t *l3_key2,
- struct aes128_ctx *pad, const uint8_t *key, unsigned n);
-
-uint64_t
-_umac_nh (const uint32_t *key, unsigned length, const uint8_t *msg);
-
-/* Equivalent to
-
- for (i = 0; i < n; i++)
- out[i] = _umac_nh (key + 4*i, length, msg);
-
- but processing input only once.
-*/
-void
-_umac_nh_n (uint64_t *out, unsigned n, const uint32_t *key,
- unsigned length, const uint8_t *msg);
-
-/* Returns y*k + m (mod p), including "marker" processing. Return
- value is *not* in canonical representation, and must be normalized
- before the output is used. */
-uint64_t
-_umac_poly64 (uint32_t kh, uint32_t kl, uint64_t y, uint64_t m);
-
-void
-_umac_poly128 (const uint32_t *k, uint64_t *y, uint64_t mh, uint64_t ml);
-
-void
-_umac_l2_init (unsigned size, uint32_t *k);
-
-void
-_umac_l2(const uint32_t *key, uint64_t *state, unsigned n,
- uint64_t count, const uint64_t *m);
-
-void
-_umac_l2_final(const uint32_t *key, uint64_t *state, unsigned n,
- uint64_t count);
-
-void
-_umac_l3_init (unsigned size, uint64_t *k);
-
-uint32_t
-_umac_l3 (const uint64_t *key, const uint64_t *m);
-
#ifdef __cplusplus
}
#endif
diff --git a/umac128.c b/umac128.c
index d0c607e87399eb8b45e16ebc6e32fc55c1b03c0a..527e91ce3ee8703d232518006216b116a04b34a8 100644
--- a/umac128.c
+++ b/umac128.c
@@ -37,6 +37,7 @@
#include <string.h>
#include "umac.h"
+#include "umac-internal.h"
#include "macros.h"
diff --git a/umac32.c b/umac32.c
index 32f34c39503b958eafb7f6afd171779fc70c7a0f..cf9487c0599483c3700503d3ca217c17048970a2 100644
--- a/umac32.c
+++ b/umac32.c
@@ -37,6 +37,7 @@
#include <string.h>
#include "umac.h"
+#include "umac-internal.h"
#include "macros.h"
diff --git a/umac64.c b/umac64.c
index a1122cb19439f48a0599d07b82898eed81f28178..a53b950ddc1d054040a073357d409e71eb500c93 100644
--- a/umac64.c
+++ b/umac64.c
@@ -37,6 +37,7 @@
#include <string.h>
#include "umac.h"
+#include "umac-internal.h"
#include "macros.h"
diff --git a/umac96.c b/umac96.c
index 8d72f1bf8ccb3f800d801c6bca7032366cd4420d..1f5585391887c5d781ec49f42d4bc98abd91832c 100644
--- a/umac96.c
+++ b/umac96.c
@@ -37,6 +37,7 @@
#include <string.h>
#include "umac.h"
+#include "umac-internal.h"
#include "macros.h"
diff --git a/x86/md5-compress.asm b/x86/md5-compress.asm
index 988141199652df7bcd1d40acc7c9493e164c7307..c849c0824e4d02e27a9c55091f00a9575c072a72 100644
--- a/x86/md5-compress.asm
+++ b/x86/md5-compress.asm
@@ -78,11 +78,11 @@ define(<ROUND>,<
.file "md5-compress.asm"
- C _nettle_md5_compress(uint32_t *state, uint8_t *data)
+ C nettle_md5_compress(uint32_t *state, uint8_t *data)
.text
ALIGN(16)
-PROLOGUE(_nettle_md5_compress)
+PROLOGUE(nettle_md5_compress)
C save all registers that need to be saved
C 24(%esp) input
@@ -184,4 +184,4 @@ PROLOGUE(_nettle_md5_compress)
popl %ebp
popl %ebx
ret
-EPILOGUE(_nettle_md5_compress)
+EPILOGUE(nettle_md5_compress)
diff --git a/x86/sha1-compress.asm b/x86/sha1-compress.asm
index d829de82a66be2ec741e95ca045ab10a3509a2a1..03bdcdc9e867bec6b4eff2596116eac3969a5229 100644
--- a/x86/sha1-compress.asm
+++ b/x86/sha1-compress.asm
@@ -155,11 +155,11 @@ define(<ROUND_F3>, <
.file "sha1-compress.asm"
- C _nettle_sha1_compress(uint32_t *state, uint8_t *data)
+ C nettle_sha1_compress(uint32_t *state, uint8_t *data)
.text
-PROLOGUE(_nettle_sha1_compress)
+PROLOGUE(nettle_sha1_compress)
C save all registers that need to be saved
C 88(%esp) data
C 84(%esp) state
@@ -1540,7 +1540,7 @@ C ROUND_F2(SB, SC, SD, SE, SA, 79, K4VALUE)
popl %ebp
popl %ebx
ret
-EPILOGUE(_nettle_sha1_compress)
+EPILOGUE(nettle_sha1_compress)
C TODO:
diff --git a/x86_64/md5-compress.asm b/x86_64/md5-compress.asm
index 49cc338512024956a5dc3aa2ebdd9494387b622d..182b8f185822920905cbe935add178422d315300 100644
--- a/x86_64/md5-compress.asm
+++ b/x86_64/md5-compress.asm
@@ -79,10 +79,10 @@ define(<ROUND>,<
.file "md5-compress.asm"
- C _nettle_md5_compress(uint32_t *state, uint8_t *input)
+ C nettle_md5_compress(uint32_t *state, uint8_t *input)
.text
ALIGN(16)
-PROLOGUE(_nettle_md5_compress)
+PROLOGUE(nettle_md5_compress)
W64_ENTRY(2,0)
C save all registers that need to be saved
push %rbp
@@ -173,4 +173,4 @@ PROLOGUE(_nettle_md5_compress)
W64_EXIT(2,0)
ret
-EPILOGUE(_nettle_md5_compress)
+EPILOGUE(nettle_md5_compress)
diff --git a/x86_64/sha1-compress.asm b/x86_64/sha1-compress.asm
index e48a13c3f01c838a44febe50270e480e244637e0..dd48de0ee5fe0b87266ab16a63972bebc89ce558 100644
--- a/x86_64/sha1-compress.asm
+++ b/x86_64/sha1-compress.asm
@@ -171,11 +171,11 @@ define(<ROUND_F3>, <
.file "sha1-compress.asm"
- C _nettle_sha1_compress(uint32_t *state, uint8_t *input)
+ C nettle_sha1_compress(uint32_t *state, uint8_t *input)
.text
ALIGN(16)
-PROLOGUE(_nettle_sha1_compress)
+PROLOGUE(nettle_sha1_compress)
C save all registers that need to be saved
W64_ENTRY(2, 0)
@@ -304,4 +304,4 @@ PROLOGUE(_nettle_sha1_compress)
add $64, %rsp
W64_EXIT(2, 0)
ret
-EPILOGUE(_nettle_sha1_compress)
+EPILOGUE(nettle_sha1_compress)
diff --git a/x86_64/sha_ni/sha1-compress.asm b/x86_64/sha_ni/sha1-compress.asm
index f0097eef06f8415240e6a0710326abc8be9c4a74..ab848fddc228d8ab7cd6ab8fe734abc3288a65d0 100644
--- a/x86_64/sha_ni/sha1-compress.asm
+++ b/x86_64/sha_ni/sha1-compress.asm
@@ -59,13 +59,13 @@ define(<QROUND>, <
.file "sha1-compress.asm"
- C _nettle_sha1_compress(uint32_t *state, uint8_t *input)
+ C nettle_sha1_compress(uint32_t *state, uint8_t *input)
.text
ALIGN(16)
.Lswap_mask:
.byte 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
-PROLOGUE(_nettle_sha1_compress)
+PROLOGUE(nettle_sha1_compress)
C save all registers that need to be saved
W64_ENTRY(2, 10)
movups (STATE), ABCD
@@ -145,4 +145,4 @@ PROLOGUE(_nettle_sha1_compress)
W64_EXIT(2, 10)
ret
-EPILOGUE(_nettle_sha1_compress)
+EPILOGUE(nettle_sha1_compress)