diff --git a/src/post_modules/Nettle/configure.in b/src/post_modules/Nettle/configure.in
index 3e1097e44b18d1d1a4fc6b817df3267fd89dd7a3..401bc735523a035766297fba066e911fe201eb8a 100644
--- a/src/post_modules/Nettle/configure.in
+++ b/src/post_modules/Nettle/configure.in
@@ -57,29 +57,37 @@ else
# NB: Some versions of RedHat have censored the weaker curves
# (secp_192r1 and secp_224r1 (cf [LysLysKOM 21863021])), and
# there are no identifying macros, so we need to probe for them.
- define(PIKE_CHECK_ECC_CURVE, [
- AC_MSG_CHECKING(if curve $1 is available)
- AC_CACHE_VAL(pike_cv_have_curve_$1, [
- AC_TRY_LINK([#include <nettle/ecc-curve.h>],
- [ struct ecc_curve *c = &$1; ],
- [ pike_cv_have_curve_$1=yes ],
- [ pike_cv_have_curve_$1=no ])
+ define(PIKE_CHECK_NETTLE_ECC_CURVE, [
+ AC_CHECK_FUNC(nettle_get_$1, [
+ AC_DEFINE(translit(HAVE_CURVE_NETTLE_$1,[a-z],[A-Z]), 1,
+ [Define if your libnettle has the nettle curve $1.])
+ ], [
+ AC_MSG_CHECKING(if legacy declaration of nettle curve $1 is available)
+
+ AC_CACHE_VAL(pike_cv_have_curve_nettle_$1, [
+ AC_TRY_LINK([#include <nettle/ecc-curve.h>],
+ [ struct ecc_curve *c = &nettle_$1; ],
+ [ pike_cv_have_curve_nettle_$1=yes ],
+ [ pike_cv_have_curve_nettle_$1=no ])
+ ])
+ AC_MSG_RESULT($pike_cv_have_curve_nettle_$1);
+ if test "x$pike_cv_have_curve_nettle_$1" = "xyes"; then
+ AC_DEFINE(translit(HAVE_CURVE_NETTLE_$1,[a-z],[A-Z]), 1,
+ [Define if your libnettle has the nettle curve $1.])
+ AC_DEFINE(translit(NEED_WRAPPER_FOR_CURVE_NETTLE_$1,[a-z],[A-Z]), 1,
+ [Define if your libnettle is missing the getter for the nettle curve $1.])
+ fi
])
- AC_MSG_RESULT($pike_cv_have_curve_$1);
- if test "x$pike_cv_have_curve_$1" = "xyes"; then
- AC_DEFINE(translit(HAVE_CURVE_$1,[a-z],[A-Z]), 1,
- [Define if your libnettle has the curve $1.])
- fi
])
AC_ARG_WITH(weak-curves, [ --with-weak-curves Include SECP192R1 and SECP224R1, frequently removed from Nettle binary dists ], [weak_curves=yes], [])
if test "x$weak_curves" = "xyes" ; then
- PIKE_CHECK_ECC_CURVE(nettle_secp_192r1)
- PIKE_CHECK_ECC_CURVE(nettle_secp_224r1)
+ PIKE_CHECK_NETTLE_ECC_CURVE(secp_192r1)
+ PIKE_CHECK_NETTLE_ECC_CURVE(secp_224r1)
fi
- PIKE_CHECK_ECC_CURVE(nettle_secp_256r1)
- PIKE_CHECK_ECC_CURVE(nettle_secp_384r1)
- PIKE_CHECK_ECC_CURVE(nettle_secp_521r1)
+ PIKE_CHECK_NETTLE_ECC_CURVE(secp_256r1)
+ PIKE_CHECK_NETTLE_ECC_CURVE(secp_384r1)
+ PIKE_CHECK_NETTLE_ECC_CURVE(secp_521r1)
AC_SUBST(IDEA_OBJ)
diff --git a/src/post_modules/Nettle/hogweed.cmod b/src/post_modules/Nettle/hogweed.cmod
index b4b7e183fba0c3a93d1d361f2f60f8a53fc2e7d5..63e374da2a884369699d9ec60a8c7435ce173d55 100644
--- a/src/post_modules/Nettle/hogweed.cmod
+++ b/src/post_modules/Nettle/hogweed.cmod
@@ -332,6 +332,32 @@ program_flags PROGRAM_CLEAR_STORAGE;
#include <nettle/ecdsa.h>
+#ifdef NEED_WRAPPER_FOR_CURVE_NETTLE_SECP_192R1
+static const struct ecc_curve *nettle_get_secp_192r1(void) {
+ return &nettle_secp_192r1;
+}
+#endif /* NEED_WRAPPER_FOR_CURVE_NETTLE_SECP_192R1 */
+#ifdef NEED_WRAPPER_FOR_CURVE_NETTLE_SECP_224R1
+static const struct ecc_curve *nettle_get_secp_224r1(void) {
+ return &nettle_secp_224r1;
+}
+#endif /* NEED_WRAPPER_FOR_CURVE_NETTLE_SECP_224R1 */
+#ifdef NEED_WRAPPER_FOR_CURVE_NETTLE_SECP_256R1
+static const struct ecc_curve *nettle_get_secp_256r1(void) {
+ return &nettle_secp_256r1;
+}
+#endif /* NEED_WRAPPER_FOR_CURVE_NETTLE_SECP_256R1 */
+#ifdef NEED_WRAPPER_FOR_CURVE_NETTLE_SECP_384R1
+static const struct ecc_curve *nettle_get_secp_384r1(void) {
+ return &nettle_secp_384r1;
+}
+#endif /* NEED_WRAPPER_FOR_CURVE_NETTLE_SECP_384R1 */
+#ifdef NEED_WRAPPER_FOR_CURVE_NETTLE_SECP_521R1
+static const struct ecc_curve *nettle_get_secp_521r1(void) {
+ return &nettle_secp_521r1;
+}
+#endif /* NEED_WRAPPER_FOR_CURVE_NETTLE_SECP_521R1 */
+
/*! @class ECC_Curve
*!
*! Elliptic Curve Definition
@@ -366,27 +392,27 @@ PIKECLASS ECC_Curve
{
case 192:
#ifdef HAVE_CURVE_NETTLE_SECP_192R1
- THIS->curve = &nettle_secp_192r1;
+ THIS->curve = nettle_get_secp_192r1();
break;
#endif /* HAVE_CURVE_NETTLE_SECP_192R1 */
#ifdef HAVE_CURVE_NETTLE_SECP_224R1
case 224:
- THIS->curve = &nettle_secp_224r1;
+ THIS->curve = nettle_get_secp_224r1();
break;
#endif /* HAVE_CURVE_NETTLE_SECP_224R1 */
#ifdef HAVE_CURVE_NETTLE_SECP_256R1
case 256:
- THIS->curve = &nettle_secp_256r1;
+ THIS->curve = nettle_get_secp_256r1();
break;
#endif /* HAVE_CURVE_NETTLE_SECP_256R1 */
#ifdef HAVE_CURVE_NETTLE_SECP_384R1
case 384:
- THIS->curve = &nettle_secp_384r1;
+ THIS->curve = nettle_get_secp_384r1;
break;
#endif /* HAVE_CURVE_NETTLE_SECP_384R1 */
#ifdef HAVE_CURVE_NETTLE_SECP_521R1
case 521:
- THIS->curve = &nettle_secp_521r1;
+ THIS->curve = nettle_get_secp_521r1();
break;
#endif /* HAVE_CURVE_NETTLE_SECP_521R1 */
default:
@@ -408,31 +434,31 @@ PIKECLASS ECC_Curve
PIKEFUN string(7bit) name()
{
#ifdef HAVE_CURVE_NETTLE_SECP_192R1
- if (THIS->curve == &nettle_secp_192r1) {
+ if (THIS->curve == nettle_get_secp_192r1()) {
ref_push_string(MK_STRING("SECP_192R1"));
return;
}
#endif /* HAVE_CURVE_NETTLE_SECP_192R1 */
#ifdef HAVE_CURVE_NETTLE_SECP_224R1
- if (THIS->curve == &nettle_secp_224r1) {
+ if (THIS->curve == nettle_get_secp_224r1()) {
ref_push_string(MK_STRING("SECP_224R1"));
return;
}
#endif /* HAVE_CURVE_NETTLE_SECP_224R1 */
#ifdef HAVE_CURVE_NETTLE_SECP_256R1
- if (THIS->curve == &nettle_secp_256r1) {
+ if (THIS->curve == nettle_get_secp_256r1()) {
ref_push_string(MK_STRING("SECP_256R1"));
return;
}
#endif /* HAVE_CURVE_NETTLE_SECP_256R1 */
#ifdef HAVE_CURVE_NETTLE_SECP_384R1
- if (THIS->curve == &nettle_secp_384r1) {
+ if (THIS->curve == nettle_get_secp_384r1()) {
ref_push_string(MK_STRING("SECP_384R1"));
return;
}
#endif /* HAVE_CURVE_NETTLE_SECP_384R1 */
#ifdef HAVE_CURVE_NETTLE_SECP_521R1
- if (THIS->curve == &nettle_secp_521r1) {
+ if (THIS->curve == nettle_get_secp_521r1()) {
ref_push_string(MK_STRING("SECP_521R1"));
return;
}