Branch: Tag:

2016-09-23

2016-09-23 16:10:05 by Henrik Grubbström (Grubba) <grubba@grubba.org>

Nettle: Probe for the SECP curves.

Some versions of RedHat have censored the weaker curves
(secp_192r1 abd secp_224r1), so we need to survive this.

Thanks to Martin Bähr <mbaehr+pike@realss.com> for the report.

Fixes [LysLysKOM 21863021].

383:    }       switch(curve) { + #ifdef HAVE_CURVE_NETTLE_SECP_192R1    case SECP192R1: THIS->curve = &nettle_secp_192r1; break; -  + #endif /* HAVE_CURVE_NETTLE_SECP_192R1 */ + #ifdef HAVE_CURVE_NETTLE_SECP_224R1    case SECP224R1: THIS->curve = &nettle_secp_224r1; break; -  + #endif /* HAVE_CURVE_NETTLE_SECP_224R1 */ + #ifdef HAVE_CURVE_NETTLE_SECP_256R1    case SECP256R1: THIS->curve = &nettle_secp_256r1; break; -  + #endif /* HAVE_CURVE_NETTLE_SECP_256R1 */ + #ifdef HAVE_CURVE_NETTLE_SECP_384R1    case SECP384R1: THIS->curve = &nettle_secp_384r1; break; -  + #endif /* HAVE_CURVE_NETTLE_SECP_384R1 */ + #ifdef HAVE_CURVE_NETTLE_SECP_521R1    case SECP521R1: THIS->curve = &nettle_secp_521r1; break; -  + #endif /* HAVE_CURVE_NETTLE_SECP_521R1 */    default:    Pike_error("Invalid curve\n");    break;
1124:    INIT;      #ifdef HAVE_NETTLE_ECDSA_H + #ifdef HAVE_CURVE_NETTLE_SECP_192R1    ADD_INT_CONSTANT("SECP192R1", SECP192R1, 0); -  + #endif /* HAVE_CURVE_NETTLE_SECP_192R1 */ + #ifdef HAVE_CURVE_NETTLE_SECP_224R1    ADD_INT_CONSTANT("SECP224R1", SECP224R1, 0); -  + #endif /* HAVE_CURVE_NETTLE_SECP_224R1 */ + #ifdef HAVE_CURVE_NETTLE_SECP_256R1    ADD_INT_CONSTANT("SECP256R1", SECP256R1, 0); -  + #endif /* HAVE_CURVE_NETTLE_SECP_256R1 */ + #ifdef HAVE_CURVE_NETTLE_SECP_384R1    ADD_INT_CONSTANT("SECP384R1", SECP384R1, 0); -  + #endif /* HAVE_CURVE_NETTLE_SECP_384R1 */ + #ifdef HAVE_CURVE_NETTLE_SECP_521R1    ADD_INT_CONSTANT("SECP521R1", SECP521R1, 0); -  + #endif /* HAVE_CURVE_NETTLE_SECP_521R1 */   #endif /* HAVE_NETTLE_ECDSA_H */   }