Commit ab49db8aa538e3d41dc36ed022c84ded4bf1fbdc - getdns

Tighten Nettle version checking, and fix build issue with Nettle >= 3.4. Nettle 3.4 introduced accessor functions for obtaining nettle_secp_256r1 and nettle_secp_384r1. Use them if present. Fixes #458 Jim Hague 4 years ago

3 changed file(s) with 18 addition(s) and 2 deletion(s). Raw diff Collapse all Expand all

-2

CMakeLists.txt less more

364	364	# handle digital signature algorithms. GnuTLS uses Nettle internally.
365	365	if (USE_GNUTLS)
366	366	find_package(GnuTLS "3.5.0" REQUIRED)
367		find_package(Nettle REQUIRED)
	367	find_package(Nettle "3.2" REQUIRED)
368	368
369	369	set(tlsdir "gnutls")
370	370	set(HAVE_NETTLE 1)
371	371
372	372	set(CMAKE_REQUIRED_INCLUDES ${NETTLE_INCLUDE_DIR})
	373	set(CMAKE_REQUIRED_LIBRARIES ${NETTLE_LIBRARIES})
373	374	check_include_file(nettle/dsa-compat.h HAVE_NETTLE_DSA_COMPAT_H)
374	375	check_include_file(nettle/eddsa.h HAVE_NETTLE_EDDSA_H)
	376
	377	# API change in Nettle 3.4.
	378	check_symbol_exists(nettle_get_secp_256r1 "nettle/ecc-curve.h" HAVE_NETTLE_GET_SECP_256R1)
	379	check_symbol_exists(nettle_get_secp_384r1 "nettle/ecc-curve.h" HAVE_NETTLE_GET_SECP_384R1)
375	380	endif()
376	381
377	382	# Sort out what signature algorithms can be used.

389	394
390	395	if (USE_ED448)
391	396	if (USE_GNUTLS)
392		message(WARNING "ED448 enabled and Nettle does not support it. Disabled.")
	397	message(WARNING "ED448 enabled and Nettle support not implemented. Disabled.")
393	398	unset(USE_ED448)
394	399	elseif (NOT HAVE_SSL_ED448)
395	400	message(WARNING "ED448 enabled and OpenSSL does not support it. Disabled.")

-0

cmake/include/cmakeconfig.h.in less more

77	77	#cmakedefine HAVE_EVP_MD_CTX_NEW 1
78	78
79	79	#cmakedefine HAVE_HMAC_CTX_NEW 1
	80
	81	#cmakedefine HAVE_NETTLE_GET_SECP_256R1 1
	82	#cmakedefine HAVE_NETTLE_GET_SECP_384R1 1
80	83
81	84	#cmakedefine HAVE_TLS_CLIENT_METHOD 1
82	85

-0

src/tls/val_secalgo.c less more

1725	1725	{
1726	1726	uint8_t digest[SHA256_DIGEST_SIZE];
1727	1727	mpz_t x, y;
	1728	#ifdef HAVE_NETTLE_GET_SECP_256R1
	1729	nettle_ecc_point_init(&pubkey, nettle_get_secp_256r1());
	1730	#else
1728	1731	nettle_ecc_point_init(&pubkey, &nettle_secp_256r1);
	1732	#endif
1729	1733	nettle_mpz_init_set_str_256_u(x, SHA256_DIGEST_SIZE, key);
1730	1734	nettle_mpz_init_set_str_256_u(y, SHA256_DIGEST_SIZE, key+SHA256_DIGEST_SIZE);
1731	1735	nettle_mpz_set_str_256_u(signature.r, SHA256_DIGEST_SIZE, sigblock);

1742	1746	{
1743	1747	uint8_t digest[SHA384_DIGEST_SIZE];
1744	1748	mpz_t x, y;
	1749	#ifdef HAVE_NETTLE_GET_SECP_384R1
	1750	nettle_ecc_point_init(&pubkey, nettle_get_secp_384r1());
	1751	#else
1745	1752	nettle_ecc_point_init(&pubkey, &nettle_secp_384r1);
	1753	#endif
1746	1754	nettle_mpz_init_set_str_256_u(x, SHA384_DIGEST_SIZE, key);
1747	1755	nettle_mpz_init_set_str_256_u(y, SHA384_DIGEST_SIZE, key+SHA384_DIGEST_SIZE);
1748	1756	nettle_mpz_set_str_256_u(signature.r, SHA384_DIGEST_SIZE, sigblock);