[gnutls-devel] --disable-ecdhe does not take out all ecdh
Ann Lai
ann.lai at oracle.com
Sat May 30 04:00:24 CEST 2015
Hi,
It looks like with this flag --disable-ecdhe on in configure, there are
still ecdh code in /./lib/nettle/pk.c. The code failed to compiled when
this flag is enabled.
I made a fix by adding ifdef around the ecdhe parts in file pk.c below:
--- ORIGINAL/./lib/nettle/pk.c 2015-05-21 16:21:09.544206257 -0700
+++ gnutls-3.4.1/./lib/nettle/pk.c 2015-05-21 16:42:37.914953878 -0700
@@ -45,13 +45,17 @@
#include <nettle/rsa.h>
#include <gnutls/crypto.h>
#include <nettle/bignum.h>
+#if defined(ENABLE_ECDHE)
#include <nettle/ecc.h>
#include <nettle/ecdsa.h>
#include <nettle/ecc-curve.h>
+#endif
#include <gnettle.h>
#include <fips.h>
+#if defined(ENABLE_ECDHE)
static inline const struct ecc_curve *get_supported_curve(int curve);
+#endif
static void rnd_func(void *_ctx, size_t length, uint8_t * data)
{
@@ -64,6 +68,7 @@
}
}
+#if defined(ENABLE_ECDHE)
static void
ecc_scalar_zclear (struct ecc_scalar *s)
{
@@ -77,6 +82,7 @@
zeroize_key(p->p, ecc_size_a(p->ecc)*sizeof(mp_limb_t));
ecc_point_clear(p);
}
+#endif
static void
_dsa_params_get(const gnutls_pk_params_st * pk_params,
@@ -113,6 +119,7 @@
pub->size = nettle_mpz_sizeinbase_256_u(pub->n);
}
+#if defined(ENABLE_ECDHE)
static int
_ecc_params_to_privkey(const gnutls_pk_params_st * pk_params,
struct ecc_scalar *priv,
@@ -161,6 +168,7 @@
return;
}
+#endif
#define MAX_DH_BITS DEFAULT_MAX_VERIFY_BITS
/* This is used when we have no idea on the structure
@@ -245,6 +253,7 @@
break;
}
+#if defined(ENABLE_ECDHE)
case GNUTLS_PK_EC:
{
struct ecc_scalar ecc_priv;
@@ -290,6 +299,7 @@
goto cleanup;
break;
}
+#endif
default:
gnutls_assert();
ret = GNUTLS_E_INTERNAL_ERROR;
@@ -447,6 +457,7 @@
const mac_entry_st *me;
switch (algo) {
+#if defined(ENABLE_ECDHE)
case GNUTLS_PK_EC: /* we do ECDSA */
{
struct ecc_scalar priv;
@@ -495,6 +506,7 @@
}
break;
}
+#endif
case GNUTLS_PK_DSA:
{
struct dsa_params pub;
@@ -601,6 +613,7 @@
bigint_t tmp[2] = { NULL, NULL };
switch (algo) {
+#if defined(ENABLE_ECDHE)
case GNUTLS_PK_EC: /* ECDSA */
{
struct ecc_point pub;
@@ -647,6 +660,7 @@
ecc_point_clear(&pub);
break;
}
+#endif
case GNUTLS_PK_DSA:
{
struct dsa_params pub;
@@ -726,6 +740,7 @@
return ret;
}
+#if defined(ENABLE_ECDHE)
static inline const struct ecc_curve *get_supported_curve(int curve)
{
switch (curve) {
@@ -750,6 +765,7 @@
{
return ((get_supported_curve(curve)!=NULL)?1:0);
}
+#endif
/* Generates algorithm's parameters. That is:
* For DSA: p, q, and g are generated.
@@ -854,9 +870,11 @@
break;
}
case GNUTLS_PK_RSA:
+#if defined(ENABLE_ECDHE)
case GNUTLS_PK_EC:
ret = 0;
break;
+#endif
default:
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
@@ -884,6 +902,7 @@
const gnutls_datum_t *priv_key, const
gnutls_datum_t *pu
b_key,
const gnutls_datum_t *peer_key,
gnutls_datum_t *Z);
+#if defined(ENABLE_ECDHE)
int _gnutls_ecdh_compute_key(gnutls_ecc_curve_t curve,
const gnutls_datum_t *x, const
gnutls_datum_t *y,
const gnutls_datum_t *k,
@@ -893,6 +912,7 @@
int _gnutls_ecdh_generate_key(gnutls_ecc_curve_t curve,
gnutls_datum_t *x, gnutls_datum_t *y,
gnutls_datum_t *k);
+#endif
int _gnutls_dh_generate_key(gnutls_dh_params_t dh_params,
@@ -988,6 +1008,7 @@
return ret;
}
+#if defined(ENABLE_ECDHE)
int _gnutls_ecdh_generate_key(gnutls_ecc_curve_t curve,
gnutls_datum_t *x, gnutls_datum_t *y,
gnutls_datum_t *k)
@@ -1116,6 +1137,7 @@
gnutls_pk_params_clear(&priv);
return ret;
}
+#endif /*ENABLE_ECDHE*/
#endif
@@ -1308,6 +1330,7 @@
break;
}
+#if defined(ENABLE_ECDHE)
case GNUTLS_PK_EC:
{
struct ecc_scalar key;
@@ -1350,6 +1373,7 @@
break;
}
+#endif
default:
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
@@ -1494,6 +1518,7 @@
}
break;
+#if defined(ENABLE_ECDHE)
case GNUTLS_PK_EC:
{
struct ecc_point r, pub;
@@ -1567,6 +1592,7 @@
mpz_clear(y2);
}
break;
+#endif
default:
ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
}
@@ -1584,6 +1610,7 @@
case GNUTLS_PK_RSA:
case GNUTLS_PK_DSA:
return 0;
+#if defined(ENABLE_ECDHE)
case GNUTLS_PK_EC:
{
/* just verify that x and y lie on the curve */
@@ -1624,6 +1651,7 @@
ecc_point_clear(&pub);
}
break;
+#endif
default:
ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
}
@@ -1725,5 +1753,7 @@
.generate_keys = wrap_nettle_pk_generate_keys,
.pk_fixup_private_params = wrap_nettle_pk_fixup,
.derive = _wrap_nettle_pk_derive,
+#if defined(ENABLE_ECDHE)
.curve_exists = _wrap_nettle_pk_curve_exists,
+#endif
};
Thanks,
Ann
More information about the Gnutls-devel
mailing list