Tighten Nettle version checking, and fix build issue with Nettle >= 3.4.
Nettle 3.4 introduced accessor functions for obtaining nettle_secp_256r1 and nettle_secp_384r1. Use them if present.
Fixes #458
Jim Hague
4 years ago
364 | 364 |
# handle digital signature algorithms. GnuTLS uses Nettle internally.
|
365 | 365 |
if (USE_GNUTLS)
|
366 | 366 |
find_package(GnuTLS "3.5.0" REQUIRED)
|
367 | |
find_package(Nettle REQUIRED)
|
|
367 |
find_package(Nettle "3.2" REQUIRED)
|
368 | 368 |
|
369 | 369 |
set(tlsdir "gnutls")
|
370 | 370 |
set(HAVE_NETTLE 1)
|
371 | 371 |
|
372 | 372 |
set(CMAKE_REQUIRED_INCLUDES ${NETTLE_INCLUDE_DIR})
|
|
373 |
set(CMAKE_REQUIRED_LIBRARIES ${NETTLE_LIBRARIES})
|
373 | 374 |
check_include_file(nettle/dsa-compat.h HAVE_NETTLE_DSA_COMPAT_H)
|
374 | 375 |
check_include_file(nettle/eddsa.h HAVE_NETTLE_EDDSA_H)
|
|
376 |
|
|
377 |
# API change in Nettle 3.4.
|
|
378 |
check_symbol_exists(nettle_get_secp_256r1 "nettle/ecc-curve.h" HAVE_NETTLE_GET_SECP_256R1)
|
|
379 |
check_symbol_exists(nettle_get_secp_384r1 "nettle/ecc-curve.h" HAVE_NETTLE_GET_SECP_384R1)
|
375 | 380 |
endif()
|
376 | 381 |
|
377 | 382 |
# Sort out what signature algorithms can be used.
|
|
389 | 394 |
|
390 | 395 |
if (USE_ED448)
|
391 | 396 |
if (USE_GNUTLS)
|
392 | |
message(WARNING "ED448 enabled and Nettle does not support it. Disabled.")
|
|
397 |
message(WARNING "ED448 enabled and Nettle support not implemented. Disabled.")
|
393 | 398 |
unset(USE_ED448)
|
394 | 399 |
elseif (NOT HAVE_SSL_ED448)
|
395 | 400 |
message(WARNING "ED448 enabled and OpenSSL does not support it. Disabled.")
|
77 | 77 |
#cmakedefine HAVE_EVP_MD_CTX_NEW 1
|
78 | 78 |
|
79 | 79 |
#cmakedefine HAVE_HMAC_CTX_NEW 1
|
|
80 |
|
|
81 |
#cmakedefine HAVE_NETTLE_GET_SECP_256R1 1
|
|
82 |
#cmakedefine HAVE_NETTLE_GET_SECP_384R1 1
|
80 | 83 |
|
81 | 84 |
#cmakedefine HAVE_TLS_CLIENT_METHOD 1
|
82 | 85 |
|
1725 | 1725 |
{
|
1726 | 1726 |
uint8_t digest[SHA256_DIGEST_SIZE];
|
1727 | 1727 |
mpz_t x, y;
|
|
1728 |
#ifdef HAVE_NETTLE_GET_SECP_256R1
|
|
1729 |
nettle_ecc_point_init(&pubkey, nettle_get_secp_256r1());
|
|
1730 |
#else
|
1728 | 1731 |
nettle_ecc_point_init(&pubkey, &nettle_secp_256r1);
|
|
1732 |
#endif
|
1729 | 1733 |
nettle_mpz_init_set_str_256_u(x, SHA256_DIGEST_SIZE, key);
|
1730 | 1734 |
nettle_mpz_init_set_str_256_u(y, SHA256_DIGEST_SIZE, key+SHA256_DIGEST_SIZE);
|
1731 | 1735 |
nettle_mpz_set_str_256_u(signature.r, SHA256_DIGEST_SIZE, sigblock);
|
|
1742 | 1746 |
{
|
1743 | 1747 |
uint8_t digest[SHA384_DIGEST_SIZE];
|
1744 | 1748 |
mpz_t x, y;
|
|
1749 |
#ifdef HAVE_NETTLE_GET_SECP_384R1
|
|
1750 |
nettle_ecc_point_init(&pubkey, nettle_get_secp_384r1());
|
|
1751 |
#else
|
1745 | 1752 |
nettle_ecc_point_init(&pubkey, &nettle_secp_384r1);
|
|
1753 |
#endif
|
1746 | 1754 |
nettle_mpz_init_set_str_256_u(x, SHA384_DIGEST_SIZE, key);
|
1747 | 1755 |
nettle_mpz_init_set_str_256_u(y, SHA384_DIGEST_SIZE, key+SHA384_DIGEST_SIZE);
|
1748 | 1756 |
nettle_mpz_set_str_256_u(signature.r, SHA384_DIGEST_SIZE, sigblock);
|