cmac+hash: add support for Nettle 4.0

Support for truncated digests was removed in Nettle 4.0. The digest
functions no longer accept the output length. Provide a full-length
buffer and copy the requested length of the digest, same as with the
other crypto providers.

cmac_nettle.c

@@ -30,8 +30,10 @@
 #include "sysincl.h"
 
 #include <nettle/cmac.h>
+#include <nettle/version.h>
 
 #include "cmac.h"
+#include "hash.h"
 #include "memory.h"
 
 struct CMC_Instance_Record {
@@ -86,25 +88,39 @@ CMC_CreateInstance(CMC_Algorithm algorithm, const unsigned char *key, int length
 int
 CMC_Hash(CMC_Instance inst, const void *in, int in_len, unsigned char *out, int out_len)
 {
+  unsigned char buf[MAX_HASH_LENGTH];
+
   if (in_len < 0 || out_len < 0)
     return 0;
 
   if (out_len > CMAC128_DIGEST_SIZE)
     out_len = CMAC128_DIGEST_SIZE;
 
+  assert(CMAC128_DIGEST_SIZE <= sizeof (buf));
+
   switch (inst->key_length) {
     case AES128_KEY_SIZE:
       cmac_aes128_update(&inst->context.aes128, in_len, in);
-      cmac_aes128_digest(&inst->context.aes128, out_len, out);
+      cmac_aes128_digest(&inst->context.aes128,
+#if NETTLE_VERSION_MAJOR < 4
+                         CMAC128_DIGEST_SIZE,
+#endif
+                         buf);
       break;
     case AES256_KEY_SIZE:
       cmac_aes256_update(&inst->context.aes256, in_len, in);
-      cmac_aes256_digest(&inst->context.aes256, out_len, out);
+      cmac_aes256_digest(&inst->context.aes256,
+#if NETTLE_VERSION_MAJOR < 4
+                         CMAC128_DIGEST_SIZE,
+#endif
+                         buf);
       break;
     default:
       assert(0);
   }
 
+  memcpy(out, buf, out_len);
+
   return out_len;
 }