diff --git a/src/post_modules/Nettle/configure.in b/src/post_modules/Nettle/configure.in
index ea7d29718491cc28158ccaf104348bdb30cf8478..45b7f367eb57cab5676f0d673a6006ba0ded2498 100644
--- a/src/post_modules/Nettle/configure.in
+++ b/src/post_modules/Nettle/configure.in
@@ -56,29 +56,37 @@ else
# NB: Some versions of RedHat have censored the weaker curves
# (secp_192r1 and secp_224r1 (cf [LysLysKOM 21863021])), and
# there are no identifying macros, so we need to probe for them.
- define(PIKE_CHECK_ECC_CURVE, [
- AC_MSG_CHECKING(if curve $1 is available)
- AC_CACHE_VAL(pike_cv_have_curve_$1, [
- AC_TRY_LINK([#include <nettle/ecc-curve.h>],
- [ struct ecc_curve *c = &$1; ],
- [ pike_cv_have_curve_$1=yes ],
- [ pike_cv_have_curve_$1=no ])
+ define(PIKE_CHECK_NETTLE_ECC_CURVE, [
+ AC_CHECK_FUNC(nettle_get_$1, [
+ AC_DEFINE(translit(HAVE_CURVE_NETTLE_$1,[a-z],[A-Z]), 1,
+ [Define if your libnettle has the nettle curve $1.])
+ ], [
+ AC_MSG_CHECKING(if legacy declaration of nettle curve $1 is available)
+
+ AC_CACHE_VAL(pike_cv_have_curve_nettle_$1, [
+ AC_TRY_LINK([#include <nettle/ecc-curve.h>],
+ [ struct ecc_curve *c = &nettle_$1; ],
+ [ pike_cv_have_curve_nettle_$1=yes ],
+ [ pike_cv_have_curve_nettle_$1=no ])
+ ])
+ AC_MSG_RESULT($pike_cv_have_curve_nettle_$1);
+ if test "x$pike_cv_have_curve_nettle_$1" = "xyes"; then
+ AC_DEFINE(translit(HAVE_CURVE_NETTLE_$1,[a-z],[A-Z]), 1,
+ [Define if your libnettle has the nettle curve $1.])
+ AC_DEFINE(translit(NEED_WRAPPER_FOR_CURVE_NETTLE_$1,[a-z],[A-Z]), 1,
+ [Define if your libnettle is missing the getter for the nettle curve $1.])
+ fi
])
- AC_MSG_RESULT($pike_cv_have_curve_$1);
- if test "x$pike_cv_have_curve_$1" = "xyes"; then
- AC_DEFINE(translit(HAVE_CURVE_$1,[a-z],[A-Z]), 1,
- [Define if your libnettle has the curve $1.])
- fi
])
AC_ARG_WITH(weak-curves, [ --with-weak-curves Include SECP192R1 and SECP224R1, frequently removed from Nettle binary dists], [weak_curves=yes], [])
if test "x$weak_curves" = "xyes" ; then
- PIKE_CHECK_ECC_CURVE(nettle_secp_192r1)
- PIKE_CHECK_ECC_CURVE(nettle_secp_224r1)
+ PIKE_CHECK_NETTLE_ECC_CURVE(secp_192r1)
+ PIKE_CHECK_NETTLE_ECC_CURVE(secp_224r1)
fi
- PIKE_CHECK_ECC_CURVE(nettle_secp_256r1)
- PIKE_CHECK_ECC_CURVE(nettle_secp_384r1)
- PIKE_CHECK_ECC_CURVE(nettle_secp_521r1)
+ PIKE_CHECK_NETTLE_ECC_CURVE(secp_256r1)
+ PIKE_CHECK_NETTLE_ECC_CURVE(secp_384r1)
+ PIKE_CHECK_NETTLE_ECC_CURVE(secp_521r1)
AC_SUBST(IDEA_OBJ)
diff --git a/src/post_modules/Nettle/hogweed.cmod b/src/post_modules/Nettle/hogweed.cmod
index 40eb88ac47364ce22ea49d7f6ff8a4ee792a876a..e9231090ebf10272968d2e689bda955bdf45c968 100644
--- a/src/post_modules/Nettle/hogweed.cmod
+++ b/src/post_modules/Nettle/hogweed.cmod
@@ -339,6 +339,22 @@ program_flags PROGRAM_CLEAR_STORAGE;
#define SECP384R1 3
#define SECP521R1 4
+#ifdef NEED_WRAPPER_FOR_CURVE_NETTLE_SECP_192R1
+static const struct ecc_curve *nettle_get_secp_192r1(void) { return nettle_secp_192r1; }
+#endif /* NEED_WRAPPER_FOR_CURVE_NETTLE_SECP_192R1 */
+#ifdef NEED_WRAPPER_FOR_CURVE_NETTLE_SECP_224R1
+static const struct ecc_curve *nettle_get_secp_224r1(void) { return nettle_secp_224r1; }
+#endif /* NEED_WRAPPER_FOR_CURVE_NETTLE_SECP_224R1 */
+#ifdef NEED_WRAPPER_FOR_CURVE_NETTLE_SECP_256R1
+static const struct ecc_curve *nettle_get_secp_256r1(void) { return nettle_secp_256r1; }
+#endif /* NEED_WRAPPER_FOR_CURVE_NETTLE_SECP_256R1 */
+#ifdef NEED_WRAPPER_FOR_CURVE_NETTLE_SECP_384R1
+static const struct ecc_curve *nettle_get_secp_384r1(void) { return nettle_secp_384r1; }
+#endif /* NEED_WRAPPER_FOR_CURVE_NETTLE_SECP_384R1 */
+#ifdef NEED_WRAPPER_FOR_CURVE_NETTLE_SECP_521R1
+static const struct ecc_curve *nettle_get_secp_521r1(void) { return nettle_secp_521r1; }
+#endif /* NEED_WRAPPER_FOR_CURVE_NETTLE_SECP_521R1 */
+
#ifndef ecc_point_equal_p
static int ecc_point_equal_p(const struct ecc_point *a, const struct ecc_point *b)
{
@@ -396,19 +412,19 @@ PIKECLASS ECC_Curve
switch(curve) {
#ifdef HAVE_CURVE_NETTLE_SECP_192R1
- case SECP192R1: THIS->curve = &nettle_secp_192r1; break;
+ case SECP192R1: THIS->curve = nettle_get_secp_192r1(); break;
#endif /* HAVE_CURVE_NETTLE_SECP_192R1 */
#ifdef HAVE_CURVE_NETTLE_SECP_224R1
- case SECP224R1: THIS->curve = &nettle_secp_224r1; break;
+ case SECP224R1: THIS->curve = nettle_get_secp_224r1(); break;
#endif /* HAVE_CURVE_NETTLE_SECP_224R1 */
#ifdef HAVE_CURVE_NETTLE_SECP_256R1
- case SECP256R1: THIS->curve = &nettle_secp_256r1; break;
+ case SECP256R1: THIS->curve = nettle_get_secp_256r1(); break;
#endif /* HAVE_CURVE_NETTLE_SECP_256R1 */
#ifdef HAVE_CURVE_NETTLE_SECP_384R1
- case SECP384R1: THIS->curve = &nettle_secp_384r1; break;
+ case SECP384R1: THIS->curve = nettle_get_secp_384r1(); break;
#endif /* HAVE_CURVE_NETTLE_SECP_384R1 */
#ifdef HAVE_CURVE_NETTLE_SECP_521R1
- case SECP521R1: THIS->curve = &nettle_secp_521r1; break;
+ case SECP521R1: THIS->curve = nettle_get_secp_521r1(); break;
#endif /* HAVE_CURVE_NETTLE_SECP_521R1 */
default:
Pike_error("Invalid curve\n");
@@ -479,31 +495,31 @@ PIKECLASS ECC_Curve
PIKEFUN string(7bit) name()
{
#ifdef HAVE_CURVE_NETTLE_SECP_192R1
- if (THIS->curve == &nettle_secp_192r1) {
+ if (THIS->curve == nettle_get_secp_192r1()) {
ref_push_string(MK_STRING("SECP_192R1"));
return;
}
#endif /* HAVE_CURVE_NETTLE_SECP_192R1 */
#ifdef HAVE_CURVE_NETTLE_SECP_224R1
- if (THIS->curve == &nettle_secp_224r1) {
+ if (THIS->curve == nettle_get_secp_224r1()) {
ref_push_string(MK_STRING("SECP_224R1"));
return;
}
#endif /* HAVE_CURVE_NETTLE_SECP_224R1 */
#ifdef HAVE_CURVE_NETTLE_SECP_256R1
- if (THIS->curve == &nettle_secp_256r1) {
+ if (THIS->curve == nettle_get_secp_256r1()) {
ref_push_string(MK_STRING("SECP_256R1"));
return;
}
#endif /* HAVE_CURVE_NETTLE_SECP_256R1 */
#ifdef HAVE_CURVE_NETTLE_SECP_384R1
- if (THIS->curve == &nettle_secp_384r1) {
+ if (THIS->curve == nettle_get_secp_384r1()) {
ref_push_string(MK_STRING("SECP_384R1"));
return;
}
#endif /* HAVE_CURVE_NETTLE_SECP_384R1 */
#ifdef HAVE_CURVE_NETTLE_SECP_521R1
- if (THIS->curve == &nettle_secp_521r1) {
+ if (THIS->curve == nettle_get_secp_521r1()) {
ref_push_string(MK_STRING("SECP_521R1"));
return;
}
@@ -526,19 +542,19 @@ PIKECLASS ECC_Curve
PIKEFUN string(7bit) jose_name()
{
#ifdef HAVE_CURVE_NETTLE_SECP_256R1
- if (THIS->curve == &nettle_secp_256r1) {
+ if (THIS->curve == nettle_get_secp_256r1()) {
ref_push_string(MK_STRING("P-256"));
return;
}
#endif /* HAVE_CURVE_NETTLE_SECP_256R1 */
#ifdef HAVE_CURVE_NETTLE_SECP_384R1
- if (THIS->curve == &nettle_secp_384r1) {
+ if (THIS->curve == nettle_get_secp_384r1()) {
ref_push_string(MK_STRING("P-384"));
return;
}
#endif /* HAVE_CURVE_NETTLE_SECP_384R1 */
#ifdef HAVE_CURVE_NETTLE_SECP_521R1
- if (THIS->curve == &nettle_secp_521r1) {
+ if (THIS->curve == nettle_get_secp_521r1()) {
ref_push_string(MK_STRING("P-521"));
return;
}
@@ -558,31 +574,31 @@ PIKECLASS ECC_Curve
#else
do {
#ifdef HAVE_CURVE_NETTLE_SECP_192R1
- if (THIS->curve == &nettle_secp_192r1) {
+ if (THIS->curve == nettle_get_secp_192r1()) {
push_int(192);
break;
}
#endif /* HAVE_CURVE_NETTLE_SECP_192R1 */
#ifdef HAVE_CURVE_NETTLE_SECP_224R1
- if (THIS->curve == &nettle_secp_224r1) {
+ if (THIS->curve == nettle_get_secp_224r1()) {
push_int(224);
break;
}
#endif /* HAVE_CURVE_NETTLE_SECP_224R1 */
#ifdef HAVE_CURVE_NETTLE_SECP_256R1
- if (THIS->curve == &nettle_secp_256r1) {
+ if (THIS->curve == nettle_get_secp_256r1()) {
push_int(256);
break;
}
#endif /* HAVE_CURVE_NETTLE_SECP_256R1 */
#ifdef HAVE_CURVE_NETTLE_SECP_384R1
- if (THIS->curve == &nettle_secp_384r1) {
+ if (THIS->curve == nettle_get_secp_384r1()) {
push_int(384);
break;
}
#endif /* HAVE_CURVE_NETTLE_SECP_384R1 */
#ifdef HAVE_CURVE_NETTLE_SECP_521R1
- if (THIS->curve == &nettle_secp_521r1) {
+ if (THIS->curve == nettle_get_secp_521r1()) {
push_int(521);
break;
}