HIPL

Merge lp:~hipl-core/hipl/ecdsa-redhat into lp:hipl

  1. ecdsa-redhat
  2. Merge into trunk
Proposed by Miika Komu
Status: Superseded
Proposed branch: lp:~hipl-core/hipl/ecdsa-redhat
Merge into: lp:hipl
Diff against target: 855 lines (+176/-48)
13 files modified
firewall/conntrack.c (+4/-0)
firewall/rule_management.c (+7/-1)
hipd/cookie.c (+2/-0)
hipd/hadb.c (+6/-0)
hipd/hidb.c (+13/-0)
lib/core/builder.c (+8/-1)
lib/core/builder.h (+8/-3)
lib/core/crypto.c (+12/-0)
lib/core/crypto.h (+12/-0)
lib/core/hostid.c (+81/-41)
lib/core/hostid.h (+8/-0)
lib/tool/pk.c (+13/-2)
test/lib/tool/pk.c (+2/-0)
To merge this branch: bzr merge lp:~hipl-core/hipl/ecdsa-redhat
Reviewer Review Type Date Requested Status
Diego Biurrun Needs Fixing
HIPL core team preliminary Pending
Review via email: mp+80750@code.launchpad.net

This proposal has been superseded by a proposal from 2011-11-03.

Description of the change

Compilation has been broken long time for Fedora and other RPM-based systems because they decided to drop elliptic curve support from OpenSSL. To put more heat on this bug #838116 and to make detailed code review easier, I decided to propose for early merging.

I would suggest to comment details here and design-level issues in the actual bug item:

https://bugs.launchpad.net/hipl/+bug/838116

To post a comment you must log in.
Revision history for this message
Diego Biurrun (diego-biurrun) wrote :
Download full text (5.9 KiB)

 review needs-fixing

On Sun, Oct 30, 2011 at 07:49:28AM +0000, Miika Komu wrote:
> Miika Komu has proposed merging lp:~hipl-core/hipl/ecdsa-redhat into lp:hipl.
>
> --- firewall/rule_management.c 2011-08-15 14:11:56 +0000
> +++ firewall/rule_management.c 2011-10-30 07:48:24 +0000
> @@ -81,8 +81,9 @@
> /* filename needs to contain one of these to be valid HI file */
> #define RSA_FILE "_rsa_"
> #define DSA_FILE "_dsa_"
> +#ifdef HAVE_EC_CRYPTO
> #define ECDSA_FILE "_ecdsa_"
> -
> +#endif /* HAVE_EC_CRYPTO */
> #define MAX_LINE_LENGTH 512

unnecessary

> @@ -444,6 +445,7 @@
> return err;
> }
>
> +#ifdef HAVE_EC_CRYPTO
> /**
> * Load an ECDSA public key from a file and convert it into a hip_host_id.
> *
> @@ -479,6 +481,8 @@
> return err;
> }
>
> +#endif /* HAVE_EC_CRYPTO */
> +
> /**
> * load a public key from a file and convert it to a hip_host_id structure
> *

Drop the empty line before the #endif, same below

> --- lib/core/builder.h 2011-08-15 14:11:56 +0000
> +++ lib/core/builder.h 2011-10-30 07:48:24 +0000
> @@ -26,18 +26,21 @@
> #ifndef HIP_LIB_CORE_BUILDER_H
> #define HIP_LIB_CORE_BUILDER_H
>
> +#include "config.h"
> +
> #include <stdint.h>
> #include <netinet/in.h>
> #include <openssl/rsa.h>
> #include <openssl/dsa.h>
> -#include <openssl/ec.h>
>
> -#include "config.h"
> #include "certtools.h"
> #include "debug.h"
> #include "icomm.h"
> #include "state.h"
>
> +#ifdef HAVE_EC_CRYPTO
> +#include <openssl/ec.h>
> +#endif /* HAVE_EC_CRYPTO */

We have system headers before local headers for a reason.

> --- lib/core/crypto.h 2011-07-18 13:10:26 +0000
> +++ lib/core/crypto.h 2011-10-30 07:48:24 +0000
> @@ -26,12 +26,16 @@
> #ifndef HIP_LIB_CORE_CRYPTO_H
> #define HIP_LIB_CORE_CRYPTO_H
>
> +#include "config.h"
> +
> #include <stdint.h>
> #include <netinet/in.h>
> #include <sys/types.h>
> #include <openssl/dsa.h>
> #include <openssl/rsa.h>
> +#ifdef HAVE_EC_CRYPTO
> #include <openssl/ec.h>
> +#endif /* HAVE_EC_CRYPTO */
> #include <openssl/dh.h>
> #include <openssl/pem.h>

.. like you did here ..

> --- lib/core/hostid.c 2011-10-25 21:14:16 +0000
> +++ lib/core/hostid.c 2011-10-30 07:48:24 +0000
> @@ -28,6 +28,8 @@
> * @brief Host identifier manipulation functions
> */
>
> +#include "config.h"
> +
> #include <errno.h>
> #include <stdint.h>
> #include <stdlib.h>
> @@ -40,7 +42,6 @@
> #include <openssl/pem.h>
> #include <openssl/rsa.h>
>
> -#include "config.h"
> #include "lib/tool/pk.h"
> #include "builder.h"
> #include "crypto.h"

unnecessary / unrelated

> @@ -689,6 +715,12 @@
> struct endpoint_hip *endpoint_ecdsa_hip = NULL;
> struct endpoint_hip *endpoint_ecdsa_pub_hip = NULL;
>
> + if (ecdsa_nid < 0) {
> + err = -1;
> + HIP_ERROR("NID for ECDSA is strange %d\n", ecdsa_nid);
> + goto out_err;
> + }

?

> @@ -1059,41 +1101,58 @@
> if (rsa_filenamebase_pub != NULL) {
> change_key_file_perms(rsa_filenamebase_pub);
> }
> - if (ecdsa_filenamebase_pub != NULL) {
> - change_key_file_perms(ecdsa_filenamebase_pub);
> - }
> - if (ecdsa_filenamebase_pub != NULL) {
> - change_key_file...

Read more...

review: Needs Fixing
lp:~hipl-core/hipl/ecdsa-redhat updated
6103. By Miika Komu

Cleaned up previous commit for ECC code

According to feedback from Diego:

* Removed unnecessary defines or reduced to minimum
* System headers before local

Also, "make checkheaders" target succeeds.

6104. By Miika Komu

Synchronized with trunk revision 6110

Revision history for this message
Miika Komu (miika-iki) wrote :
Download full text (6.7 KiB)

> review needs-fixing
>
> On Sun, Oct 30, 2011 at 07:49:28AM +0000, Miika Komu wrote:
> > Miika Komu has proposed merging lp:~hipl-core/hipl/ecdsa-redhat into
> lp:hipl.
> >
> > --- firewall/rule_management.c 2011-08-15 14:11:56 +0000
> > +++ firewall/rule_management.c 2011-10-30 07:48:24 +0000
> > @@ -81,8 +81,9 @@
> > /* filename needs to contain one of these to be valid HI file */
> > #define RSA_FILE "_rsa_"
> > #define DSA_FILE "_dsa_"
> > +#ifdef HAVE_EC_CRYPTO
> > #define ECDSA_FILE "_ecdsa_"
> > -
> > +#endif /* HAVE_EC_CRYPTO */
> > #define MAX_LINE_LENGTH 512
>
> unnecessary

Fixed.

> > @@ -444,6 +445,7 @@
> > return err;
> > }
> >
> > +#ifdef HAVE_EC_CRYPTO
> > /**
> > * Load an ECDSA public key from a file and convert it into a hip_host_id.
> > *
> > @@ -479,6 +481,8 @@
> > return err;
> > }
> >
> > +#endif /* HAVE_EC_CRYPTO */
> > +
> > /**
> > * load a public key from a file and convert it to a hip_host_id structure
> > *
>
> Drop the empty line before the #endif, same below

Done.

> > --- lib/core/builder.h 2011-08-15 14:11:56 +0000
> > +++ lib/core/builder.h 2011-10-30 07:48:24 +0000
> > @@ -26,18 +26,21 @@
> > #ifndef HIP_LIB_CORE_BUILDER_H
> > #define HIP_LIB_CORE_BUILDER_H
> >
> > +#include "config.h"
> > +
> > #include <stdint.h>
> > #include <netinet/in.h>
> > #include <openssl/rsa.h>
> > #include <openssl/dsa.h>
> > -#include <openssl/ec.h>
> >
> > -#include "config.h"
> > #include "certtools.h"
> > #include "debug.h"
> > #include "icomm.h"
> > #include "state.h"
> >
> > +#ifdef HAVE_EC_CRYPTO
> > +#include <openssl/ec.h>
> > +#endif /* HAVE_EC_CRYPTO */
>
> We have system headers before local headers for a reason.

Fixed.

> > --- lib/core/crypto.h 2011-07-18 13:10:26 +0000
> > +++ lib/core/crypto.h 2011-10-30 07:48:24 +0000
> > @@ -26,12 +26,16 @@
> > #ifndef HIP_LIB_CORE_CRYPTO_H
> > #define HIP_LIB_CORE_CRYPTO_H
> >
> > +#include "config.h"
> > +
> > #include <stdint.h>
> > #include <netinet/in.h>
> > #include <sys/types.h>
> > #include <openssl/dsa.h>
> > #include <openssl/rsa.h>
> > +#ifdef HAVE_EC_CRYPTO
> > #include <openssl/ec.h>
> > +#endif /* HAVE_EC_CRYPTO */
> > #include <openssl/dh.h>
> > #include <openssl/pem.h>
>
> .. like you did here ..
>
> > --- lib/core/hostid.c 2011-10-25 21:14:16 +0000
> > +++ lib/core/hostid.c 2011-10-30 07:48:24 +0000
> > @@ -28,6 +28,8 @@
> > * @brief Host identifier manipulation functions
> > */
> >
> > +#include "config.h"
> > +
> > #include <errno.h>
> > #include <stdint.h>
> > #include <stdlib.h>
> > @@ -40,7 +42,6 @@
> > #include <openssl/pem.h>
> > #include <openssl/rsa.h>
> >
> > -#include "config.h"
> > #include "lib/tool/pk.h"
> > #include "builder.h"
> > #include "crypto.h"
>
> unnecessary / unrelated

Removed.

> > @@ -689,6 +715,12 @@
> > struct endpoint_hip *endpoint_ecdsa_hip = NULL;
> > struct endpoint_hip *endpoint_ecdsa_pub_hip = NULL;
> >
> > + if (ecdsa_nid < 0) {
> > + err = -1;
> > + HIP_ERROR("NID for ECDSA is strange %d\n", ecdsa_nid);
> > + goto out_err;
> > + }
>
> ?

Does not compile otherwise when ECDSA is mi...

Read more...

Revision history for this message
Diego Biurrun (diego-biurrun) wrote :

On Thu, Nov 03, 2011 at 03:00:30PM +0000, Miika Komu wrote:
> > On Sun, Oct 30, 2011 at 07:49:28AM +0000, Miika Komu wrote:
> > > Miika Komu has proposed merging lp:~hipl-core/hipl/ecdsa-redhat into
> > lp:hipl.
> > >
> > > --- test/lib/tool/pk.c 2011-07-18 13:10:10 +0000
> > > +++ test/lib/tool/pk.c 2011-10-30 07:48:24 +0000
> > > @@ -27,7 +27,9 @@
> > > #include <stdlib.h>
> > > #include <string.h>
> > > #include <stdio.h>
> > > +#ifdef HAVE_EC_CRYPTO
> > > #include <openssl/ec.h>
> > > +#endif /* HAVE_EC_CRYPTO */
> > > #include <openssl/pem.h>
> >
> > see above
>
> Did not get this.

missing config.h

Diego

Revision history for this message
Miika Komu (miika-iki) wrote :

Hi,

On 11/03/2011 05:27 PM, Diego Biurrun wrote:
> On Thu, Nov 03, 2011 at 03:00:30PM +0000, Miika Komu wrote:
>>> On Sun, Oct 30, 2011 at 07:49:28AM +0000, Miika Komu wrote:
>>>> Miika Komu has proposed merging lp:~hipl-core/hipl/ecdsa-redhat into
>>> lp:hipl.
>>>>
>>>> --- test/lib/tool/pk.c 2011-07-18 13:10:10 +0000
>>>> +++ test/lib/tool/pk.c 2011-10-30 07:48:24 +0000
>>>> @@ -27,7 +27,9 @@
>>>> #include<stdlib.h>
>>>> #include<string.h>
>>>> #include<stdio.h>
>>>> +#ifdef HAVE_EC_CRYPTO
>>>> #include<openssl/ec.h>
>>>> +#endif /* HAVE_EC_CRYPTO */
>>>> #include<openssl/pem.h>
>>>
>>> see above
>>
>> Did not get this.
>
> missing config.h

thanks for the correction, committed.

lp:~hipl-core/hipl/ecdsa-redhat updated
6105. By Miika Komu

Added a missing include

File test/lib/tool/pk.c was missing a include for "config.h". It's
needed due to the conditional compilation of elliptic curves in
OpenSSL.

Revision history for this message
Diego Biurrun (diego-biurrun) wrote :

On Thu, Nov 03, 2011 at 03:00:30PM +0000, Miika Komu wrote:
> > On Sun, Oct 30, 2011 at 07:49:28AM +0000, Miika Komu wrote:
> > > Miika Komu has proposed merging lp:~hipl-core/hipl/ecdsa-redhat into lp:hipl.
> > >
> > > --- lib/core/hostid.c 2011-10-25 21:14:16 +0000
> > > +++ lib/core/hostid.c 2011-10-30 07:48:24 +0000
> > > @@ -689,6 +715,12 @@
> > > struct endpoint_hip *endpoint_ecdsa_hip = NULL;
> > > struct endpoint_hip *endpoint_ecdsa_pub_hip = NULL;
> > >
> > > + if (ecdsa_nid < 0) {
> > > + err = -1;
> > > + HIP_ERROR("NID for ECDSA is strange %d\n", ecdsa_nid);
> > > + goto out_err;
> > > + }
> >
> > ?
>
> Does not compile otherwise when ECDSA is missing (gcc complains about
> missing variable). If you insist, I'll commit this separately to trunk
> or suggest a better fix.

You mean that gcc complains about unused parameter? This is badly designed.
The function should not need one extra parameter for each crypto algorithm
that is added.

Diego

lp:~hipl-core/hipl/ecdsa-redhat updated
6106. By Miika Komu

Cleaning up the ECDSA changes

As suggested by Diego:

* Removed unrelated changes and stray empty lines
* Reverted incorrectly deleted empty lines
* Regrouped ifdeffery
* Fixed one occurrence of config.h

6107. By Miika Komu

Syncronized with trunk revision 6119

6108. By Miika Komu

Deleted some empty lines between function bodies and #endif statements

According to the new crustify policy, there is no need need to have an
empty line between the end of a function body (closing curly bracket)
and following #endif (if any present). Adjusted ECDSA-related code
according to the new policy.

Unmerged revisions

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'firewall/conntrack.c'
2--- firewall/conntrack.c 2011-10-25 21:14:16 +0000
3+++ firewall/conntrack.c 2011-11-03 14:41:31 +0000
4@@ -695,9 +695,11 @@
5 case HIP_HI_RSA:
6 RSA_free(hip_tuple->data->src_pub_key);
7 break;
8+#ifdef HAVE_EC_CRYPTO
9 case HIP_HI_ECDSA:
10 EC_KEY_free(hip_tuple->data->src_pub_key);
11 break;
12+#endif /* HAVE_EC_CRYPTO */
13 case HIP_HI_DSA:
14 DSA_free(hip_tuple->data->src_pub_key);
15 break;
16@@ -1063,10 +1065,12 @@
17 tuple->hip_tuple->data->src_pub_key = hip_key_rr_to_rsa((const struct hip_host_id_priv *) host_id, 0);
18 tuple->hip_tuple->data->verify = hip_rsa_verify;
19 break;
20+#ifdef HAVE_EC_CRYPTO
21 case HIP_HI_ECDSA:
22 tuple->hip_tuple->data->src_pub_key = hip_key_rr_to_ecdsa((const struct hip_host_id_priv *) host_id, 0);
23 tuple->hip_tuple->data->verify = hip_ecdsa_verify;
24 break;
25+#endif /* HAVE_EC_CRYPTO */
26 case HIP_HI_DSA:
27 tuple->hip_tuple->data->src_pub_key = hip_key_rr_to_dsa((const struct hip_host_id_priv *) host_id, 0);
28 tuple->hip_tuple->data->verify = hip_dsa_verify;
29
30=== modified file 'firewall/rule_management.c'
31--- firewall/rule_management.c 2011-08-15 14:11:56 +0000
32+++ firewall/rule_management.c 2011-11-03 14:41:31 +0000
33@@ -82,7 +82,6 @@
34 #define RSA_FILE "_rsa_"
35 #define DSA_FILE "_dsa_"
36 #define ECDSA_FILE "_ecdsa_"
37-
38 #define MAX_LINE_LENGTH 512
39
40 #define HIP_FW_DEFAULT_RULE_FILE HIPL_SYSCONFDIR "/firewall_conf"
41@@ -444,6 +443,7 @@
42 return err;
43 }
44
45+#ifdef HAVE_EC_CRYPTO
46 /**
47 * Load an ECDSA public key from a file and convert it into a hip_host_id.
48 *
49@@ -479,6 +479,8 @@
50 return err;
51 }
52
53+#endif /* HAVE_EC_CRYPTO */
54+
55 /**
56 * load a public key from a file and convert it to a hip_host_id structure
57 *
58@@ -506,8 +508,10 @@
59 algo = HIP_HI_RSA;
60 } else if (strstr(token, DSA_FILE)) {
61 algo = HIP_HI_DSA;
62+#ifdef HAVE_EC_CRYPTO
63 } else if (strstr(token, ECDSA_FILE)) {
64 algo = HIP_HI_ECDSA;
65+#endif /* HAVE_EC_CRYPTO */
66 } else {
67 HIP_DEBUG("Invalid filename for HI: missing _rsa_ or _dsa_ \n");
68 return NULL;
69@@ -519,9 +523,11 @@
70 case HIP_HI_RSA:
71 HIP_IFEL(load_rsa_file(fp, hi), -1, "Failed to load RSA key\n");
72 break;
73+#ifdef HAVE_EC_CRYPTO
74 case HIP_HI_ECDSA:
75 HIP_IFEL(load_ecdsa_file(fp, hi), -1, "Failed to load ECDSA key\n")
76 break;
77+#endif /* HAVE_EC_CRYPTO */
78 case HIP_HI_DSA:
79 HIP_IFEL(load_dsa_file(fp, hi), -1, "Failed to load DSA key\n")
80 break;
81
82=== modified file 'hipd/cookie.c'
83--- hipd/cookie.c 2011-10-25 21:14:16 +0000
84+++ hipd/cookie.c 2011-11-03 14:41:31 +0000
85@@ -349,9 +349,11 @@
86 case HIP_HI_DSA:
87 signature_func = hip_dsa_sign;
88 break;
89+#ifdef HAVE_EC_CRYPTO
90 case HIP_HI_ECDSA:
91 signature_func = hip_ecdsa_sign;
92 break;
93+#endif /* HAVE_EC_CRYPTO */
94 default:
95 HIP_ERROR("Unkown algorithm");
96 return -1;
97
98=== modified file 'hipd/hadb.c'
99--- hipd/hadb.c 2011-10-25 21:44:47 +0000
100+++ hipd/hadb.c 2011-11-03 14:41:31 +0000
101@@ -818,9 +818,11 @@
102 case HIP_HI_RSA:
103 RSA_free(ha->peer_pub_key);
104 break;
105+#ifdef HAVE_EC_CRYPTO
106 case HIP_HI_ECDSA:
107 EC_KEY_free(ha->peer_pub_key);
108 break;
109+#endif /* HAVE_EC_CRYPTO */
110 case HIP_HI_DSA:
111 DSA_free(ha->peer_pub_key);
112 break;
113@@ -909,10 +911,12 @@
114 entry->verify = hip_dsa_verify;
115 entry->peer_pub_key = hip_key_rr_to_dsa((struct hip_host_id_priv *) entry->peer_pub, 0);
116 break;
117+#ifdef HAVE_EC_CRYPTO
118 case HIP_HI_ECDSA:
119 entry->verify = hip_ecdsa_verify;
120 entry->peer_pub_key = hip_key_rr_to_ecdsa((struct hip_host_id_priv *) entry->peer_pub, 0);
121 break;
122+#endif /* HAVE_EC_CRYPTO */
123 default:
124 HIP_OUT_ERR(-1, "Unkown algorithm");
125 }
126@@ -978,9 +982,11 @@
127 case HIP_HI_RSA:
128 entry->sign = hip_rsa_sign;
129 break;
130+#ifdef HAVE_EC_CRYPTO
131 case HIP_HI_ECDSA:
132 entry->sign = hip_ecdsa_sign;
133 break;
134+#endif /* HAVE_EC_CRYPTO */
135 default:
136 err = -1;
137 }
138
139=== modified file 'hipd/hidb.c'
140--- hipd/hidb.c 2011-10-25 21:14:16 +0000
141+++ hipd/hidb.c 2011-11-03 14:41:31 +0000
142@@ -63,6 +63,7 @@
143
144 static const char *lsi_addresses[] = { "1.0.0.1", "1.0.0.2", "1.0.0.3", "1.0.0.4" };
145
146+#ifdef HAVE_EC_CRYPTO
147 /**
148 * Strips the private key component from an ECDSA-based host id.
149 *
150@@ -103,6 +104,8 @@
151 return 0;
152 }
153
154+#endif /* HAVE_EC_CRYPTO */
155+
156 /**
157 * Strips a DSA public key out of a host id with private key component
158 *
159@@ -192,8 +195,10 @@
160 return get_rsa_public_key(hid, ret);
161 case HIP_HI_DSA:
162 return get_dsa_public_key(hid, ret);
163+#ifdef HAVE_EC_CRYPTO
164 case HIP_HI_ECDSA:
165 return get_ecdsa_public_key(hid, ret);
166+#endif /* HAVE_EC_CRYPTO */
167 default:
168 HIP_ERROR("Unsupported HI algorithm\n");
169 return -1;
170@@ -284,9 +289,11 @@
171 case HIP_HI_RSA:
172 RSA_free(id->private_key);
173 break;
174+#ifdef HAVE_EC_CRYPTO
175 case HIP_HI_ECDSA:
176 EC_KEY_free(id->private_key);
177 break;
178+#endif /* HAVE_EC_CRYPTO */
179 case HIP_HI_DSA:
180 DSA_free(id->private_key);
181 break;
182@@ -510,9 +517,11 @@
183 case HIP_HI_RSA:
184 id_entry->private_key = hip_key_rr_to_rsa(host_id, 1);
185 break;
186+#ifdef HAVE_EC_CRYPTO
187 case HIP_HI_ECDSA:
188 id_entry->private_key = hip_key_rr_to_ecdsa(host_id, 1);
189 break;
190+#endif /* HAVE_EC_CRYPTO */
191 case HIP_HI_DSA:
192 id_entry->private_key = hip_key_rr_to_dsa(host_id, 1);
193 break;
194@@ -530,9 +539,11 @@
195 case HIP_HI_DSA:
196 signature_func = hip_dsa_sign;
197 break;
198+#ifdef HAVE_EC_CRYPTO
199 case HIP_HI_ECDSA:
200 signature_func = hip_ecdsa_sign;
201 break;
202+#endif /* HAVE_EC_CRYPTO */
203 default:
204 HIP_ERROR("Unsupported algorithms\n");
205 err = -1;
206@@ -558,9 +569,11 @@
207 case HIP_HI_RSA:
208 RSA_free(id_entry->private_key);
209 break;
210+#ifdef HAVE_EC_CRYPTO
211 case HIP_HI_ECDSA:
212 EC_KEY_free(id_entry->private_key);
213 break;
214+#endif /* HAVE_EC_CRYPTO */
215 case HIP_HI_DSA:
216 DSA_free(id_entry->private_key);
217 break;
218
219=== modified file 'lib/core/builder.c'
220--- lib/core/builder.c 2011-11-03 09:21:12 +0000
221+++ lib/core/builder.c 2011-11-03 14:41:31 +0000
222@@ -3460,6 +3460,7 @@
223 return hip_build_param(msg, &name_info);
224 }
225
226+#ifdef HAVE_EC_CRYPTO
227 /**
228 * Convert an EC structure from OpenSSL into an endpoint_hip structure
229 * used internally by the implementation.
230@@ -3505,6 +3506,8 @@
231 return err;
232 }
233
234+#endif /* HAVE_EC_CRYPTO */
235+
236 /**
237 * Convert a DSA structure from OpenSSL into an endpoint_hip structure
238 * used internally by the implementation.
239@@ -3606,7 +3609,9 @@
240 struct hip_host_id *host_id_pub = NULL;
241 const RSA *const rsa_key = any_key;
242 const DSA *const dsa_key = any_key;
243- const EC_KEY *const ecdsa_key = any_key;
244+#ifdef HAVE_EC_CRYPTO
245+ const EC_KEY *const ecdsa_key = any_key;
246+#endif /* HAVE_EC_CRYPTO */
247
248 HIP_IFEL(gethostname(hostname, sizeof(hostname)), -1,
249 "gethostname failed\n");
250@@ -3616,10 +3621,12 @@
251 HIP_IFEL((key_rr_len = dsa_to_dns_key_rr(dsa_key, &key_rr)) <= 0, -1,
252 "key_rr_len\n");
253 break;
254+#ifdef HAVE_EC_CRYPTO
255 case HIP_HI_ECDSA:
256 HIP_IFEL(((key_rr_len = ecdsa_to_key_rr(ecdsa_key, &key_rr)) <= 0), -1,
257 "key_rr_len\n");
258 break;
259+#endif /* HAVE_EC_CRYPTO */
260 case HIP_HI_RSA:
261 HIP_IFEL((key_rr_len = rsa_to_dns_key_rr(rsa_key, &key_rr)) <= 0, -1,
262 "key_rr_len\n");
263
264=== modified file 'lib/core/builder.h'
265--- lib/core/builder.h 2011-08-15 14:11:56 +0000
266+++ lib/core/builder.h 2011-11-03 14:41:31 +0000
267@@ -26,19 +26,22 @@
268 #ifndef HIP_LIB_CORE_BUILDER_H
269 #define HIP_LIB_CORE_BUILDER_H
270
271+#include "config.h"
272+
273 #include <stdint.h>
274 #include <netinet/in.h>
275 #include <openssl/rsa.h>
276 #include <openssl/dsa.h>
277+#ifdef HAVE_EC_CRYPTO
278 #include <openssl/ec.h>
279-
280-#include "config.h"
281+#endif /* HAVE_EC_CRYPTO */
282+
283+
284 #include "certtools.h"
285 #include "debug.h"
286 #include "icomm.h"
287 #include "state.h"
288
289-
290 /* Removed in 2.6.11 - why ? */
291 extern struct hip_cert_spki_info hip_cert_spki_info;
292
293@@ -219,10 +222,12 @@
294 struct endpoint_hip **endpoint,
295 se_hip_flags endpoint_flags,
296 const char *const hostname);
297+#ifdef HAVE_EC_CRYPTO
298 int ecdsa_to_hip_endpoint(const EC_KEY *const ecdsa,
299 struct endpoint_hip **const endpoint,
300 const se_hip_flags endpoint_flags,
301 const char *const hostname);
302+#endif /* HAVE_EC_CRYPTO */
303 int hip_any_key_to_hit(const void *const any_key,
304 hip_hit_t *const hit,
305 const int is_public,
306
307=== modified file 'lib/core/crypto.c'
308--- lib/core/crypto.c 2011-09-21 14:22:17 +0000
309+++ lib/core/crypto.c 2011-11-03 14:41:31 +0000
310@@ -459,6 +459,7 @@
311 return err;
312 }
313
314+#ifdef HAVE_EC_CRYPTO
315 /**
316 * Sign using ECDSA
317 *
318@@ -495,6 +496,8 @@
319 return err;
320 }
321
322+#endif /* HAVE_EC_CRYPTO */
323+
324 /**
325 * Sign using DSA
326 *
327@@ -536,6 +539,7 @@
328 return err;
329 }
330
331+#ifdef HAVE_EC_CRYPTO
332 /**
333 * Verify an ECDSA signature
334 *
335@@ -571,6 +575,8 @@
336 return err;
337 }
338
339+#endif /* HAVE_EC_CRYPTO */
340+
341 /**
342 * Verify a DSA signature
343 *
344@@ -780,6 +786,7 @@
345 return NULL;
346 }
347
348+#ifdef HAVE_EC_CRYPTO
349 /**
350 * Generate ECDSA parameters and a new key pair.
351 *
352@@ -819,6 +826,8 @@
353 return err;
354 }
355
356+#endif /* HAVE_EC_CRYPTO */
357+
358 /**
359 * Save host DSA keys to disk.
360 * @param filenamebase the filename base where DSA key should be saved
361@@ -1015,6 +1024,7 @@
362 return err;
363 }
364
365+#ifdef HAVE_EC_CRYPTO
366 /**
367 * Save the host's ECDSA keys to disk.
368 *
369@@ -1170,6 +1180,8 @@
370 return 0;
371 }
372
373+#endif /* HAVE_EC_CRYPTO */
374+
375 /**
376 * Load host DSA private keys from disk.
377 * @param filename the file name base of the host DSA key
378
379=== modified file 'lib/core/crypto.h'
380--- lib/core/crypto.h 2011-10-30 11:54:44 +0000
381+++ lib/core/crypto.h 2011-11-03 14:41:31 +0000
382@@ -26,12 +26,16 @@
383 #ifndef HIP_LIB_CORE_CRYPTO_H
384 #define HIP_LIB_CORE_CRYPTO_H
385
386+#include "config.h"
387+
388 #include <stdint.h>
389 #include <netinet/in.h>
390 #include <sys/types.h>
391 #include <openssl/dsa.h>
392 #include <openssl/rsa.h>
393+#ifdef HAVE_EC_CRYPTO
394 #include <openssl/ec.h>
395+#endif /* HAVE_EC_CRYPTO */
396 #include <openssl/dh.h>
397 #include <openssl/pem.h>
398
399@@ -92,25 +96,33 @@
400 uint16_t hip_get_dh_size(uint8_t hip_dh_group_type);
401 DSA *create_dsa_key(const int bits);
402 RSA *create_rsa_key(const int bits);
403+#ifdef HAVE_EC_CRYPTO
404 EC_KEY *create_ecdsa_key(const int nid);
405+#endif /* HAVE_EC_CRYPTO */
406 int save_dsa_private_key(const char *const filenamebase, DSA *const dsa);
407 int save_rsa_private_key(const char *const filenamebase, RSA *const rsa);
408+#ifdef HAVE_EC_CRYPTO
409 int save_ecdsa_private_key(const char *const filenamebase, EC_KEY *const ecdsa);
410+#endif /* HAVE_EC_CRYPTO */
411 int load_dsa_private_key(const char *const filenamebase, DSA **const dsa);
412 int load_rsa_private_key(const char *const filename, RSA **const rsa);
413+#ifdef HAVE_EC_CRYPTO
414 int load_ecdsa_private_key(const char *const filename, EC_KEY **const ec);
415+#endif /* HAVE_EC_CRYPTO */
416 int impl_dsa_sign(const unsigned char *const digest,
417 DSA *const dsa,
418 unsigned char *const signature);
419 int impl_dsa_verify(const unsigned char *const digest,
420 DSA *const dsa,
421 const unsigned char *const signature);
422+#ifdef HAVE_EC_CRYPTO
423 int impl_ecdsa_sign(const unsigned char *const digest,
424 EC_KEY *const ecdsa,
425 unsigned char *const signature);
426 int impl_ecdsa_verify(const unsigned char *const digest,
427 EC_KEY *const ecdsa,
428 const unsigned char *const signature);
429+#endif /* HAVE_EC_CRYPTO */
430 int hip_write_hmac(int type, const void *key, void *in, int in_len, void *out);
431 int hip_crypto_encrypted(void *data, const void *iv, int enc_alg, int enc_len,
432 uint8_t *enc_key, int direction);
433
434=== modified file 'lib/core/hostid.c'
435--- lib/core/hostid.c 2011-10-25 21:14:16 +0000
436+++ lib/core/hostid.c 2011-11-03 14:41:31 +0000
437@@ -40,7 +40,6 @@
438 #include <openssl/pem.h>
439 #include <openssl/rsa.h>
440
441-#include "config.h"
442 #include "lib/tool/pk.h"
443 #include "builder.h"
444 #include "crypto.h"
445@@ -250,6 +249,7 @@
446 return err;
447 }
448
449+#ifdef HAVE_EC_CRYPTO
450 /**
451 * Convert ECDSA-based private host id to a HIT.
452 *
453@@ -291,6 +291,8 @@
454 return 0;
455 }
456
457+#endif /* HAVE_EC_CRYPTO */
458+
459 /**
460 * Convert RSA, DSA, or ECDSA-based private host id to a HIT
461 *
462@@ -310,13 +312,16 @@
463 return private_dsa_host_id_to_hit(host_id, hit, hit_type);
464 case HIP_HI_RSA:
465 return private_rsa_host_id_to_hit(host_id, hit, hit_type);
466+#ifdef HAVE_EC_CRYPTO
467 case HIP_HI_ECDSA:
468 return private_ecdsa_host_id_to_hit(host_id, hit, hit_type);
469+#endif /* HAVE_EC_CRYPTO */
470 default:
471 return -ENOSYS;
472 }
473 }
474
475+#ifdef HAVE_EC_CRYPTO
476 /*
477 * Translate the openssl specific curve id into the coressponding HIP id.
478 *
479@@ -423,6 +428,8 @@
480 return 0;
481 }
482
483+#endif /* HAVE_EC_CRYPTO */
484+
485 /**
486 * dig out RSA key length from an host id
487 *
488@@ -553,6 +560,7 @@
489 return dsa;
490 }
491
492+#ifdef HAVE_EC_CRYPTO
493 /**
494 * convert a ECDSA-based host id into an OpenSSL structure
495 *
496@@ -632,6 +640,8 @@
497 return ret;
498 }
499
500+#endif /* HAVE_EC_CRYPTO */
501+
502 /**
503 * (Re)create new host identities or load existing ones, and append the
504 * private identities into a message. This functionality is used by hipd
505@@ -664,30 +674,44 @@
506 const int dsa_key_bits,
507 const int ecdsa_nid)
508 {
509- int err = 0, dsa_key_rr_len = 0, rsa_key_rr_len = 0, ecdsa_key_rr_len = 0;
510- int dsa_pub_key_rr_len = 0, rsa_pub_key_rr_len = 0, ecdsa_pub_key_rr_len = 0;
511+ int err = 0, dsa_key_rr_len = 0, rsa_key_rr_len = 0;
512+ int dsa_pub_key_rr_len = 0, rsa_pub_key_rr_len = 0;
513 hip_hdr numeric_action = 0;
514 char hostname[HIP_HOST_ID_HOSTNAME_LEN_MAX];
515- const char *rsa_filenamebase = DEFAULT_HOST_RSA_KEY_FILE_BASE DEFAULT_ANON_HI_FILE_NAME_SUFFIX;
516- const char *dsa_filenamebase = DEFAULT_HOST_DSA_KEY_FILE_BASE DEFAULT_ANON_HI_FILE_NAME_SUFFIX;
517- const char *ecdsa_filenamebase = DEFAULT_HOST_ECDSA_KEY_FILE_BASE DEFAULT_ANON_HI_FILE_NAME_SUFFIX;
518- const char *rsa_filenamebase_pub = DEFAULT_HOST_RSA_KEY_FILE_BASE DEFAULT_PUB_HI_FILE_NAME_SUFFIX;
519- const char *dsa_filenamebase_pub = DEFAULT_HOST_DSA_KEY_FILE_BASE DEFAULT_PUB_HI_FILE_NAME_SUFFIX;
520- const char *ecdsa_filenamebase_pub = DEFAULT_HOST_ECDSA_KEY_FILE_BASE DEFAULT_PUB_HI_FILE_NAME_SUFFIX;
521- unsigned char *dsa_key_rr = NULL, *rsa_key_rr = NULL, *ecdsa_key_rr = NULL;
522- unsigned char *dsa_pub_key_rr = NULL, *rsa_pub_key_rr = NULL, *ecdsa_pub_key_rr = NULL;
523- DSA *dsa_key = NULL, *dsa_pub_key = NULL;
524- RSA *rsa_key = NULL, *rsa_pub_key = NULL;
525- EC_KEY *ecdsa_key = NULL, *ecdsa_pub_key = NULL;
526- struct hip_host_id_local rsa_lhi, dsa_lhi, ecdsa_lhi, rsa_pub_lhi, dsa_pub_lhi, ecdsa_pub_lhi;
527- struct hip_host_id *dsa_host_id = NULL, *rsa_host_id = NULL, *ecdsa_host_id = NULL;
528- struct hip_host_id *dsa_pub_host_id = NULL, *rsa_pub_host_id = NULL, *ecdsa_pub_host_id = NULL;
529+ const char *rsa_filenamebase = DEFAULT_HOST_RSA_KEY_FILE_BASE DEFAULT_ANON_HI_FILE_NAME_SUFFIX;
530+ const char *dsa_filenamebase = DEFAULT_HOST_DSA_KEY_FILE_BASE DEFAULT_ANON_HI_FILE_NAME_SUFFIX;
531+ const char *rsa_filenamebase_pub = DEFAULT_HOST_RSA_KEY_FILE_BASE DEFAULT_PUB_HI_FILE_NAME_SUFFIX;
532+ const char *dsa_filenamebase_pub = DEFAULT_HOST_DSA_KEY_FILE_BASE DEFAULT_PUB_HI_FILE_NAME_SUFFIX;
533+ unsigned char *dsa_key_rr = NULL, *rsa_key_rr = NULL;
534+ unsigned char *dsa_pub_key_rr = NULL, *rsa_pub_key_rr = NULL;
535+ DSA *dsa_key = NULL, *dsa_pub_key = NULL;
536+ RSA *rsa_key = NULL, *rsa_pub_key = NULL;
537+ struct hip_host_id_local rsa_lhi, dsa_lhi, rsa_pub_lhi, dsa_pub_lhi;
538+ struct hip_host_id *dsa_host_id = NULL, *rsa_host_id = NULL;
539+ struct hip_host_id *dsa_pub_host_id = NULL, *rsa_pub_host_id = NULL;
540 struct endpoint_hip *endpoint_dsa_hip = NULL;
541 struct endpoint_hip *endpoint_dsa_pub_hip = NULL;
542 struct endpoint_hip *endpoint_rsa_hip = NULL;
543 struct endpoint_hip *endpoint_rsa_pub_hip = NULL;
544 struct endpoint_hip *endpoint_ecdsa_hip = NULL;
545 struct endpoint_hip *endpoint_ecdsa_pub_hip = NULL;
546+#ifdef HAVE_EC_CRYPTO
547+ int ecdsa_key_rr_len = 0, ecdsa_pub_key_rr_len = 0;
548+ const char *ecdsa_filenamebase = DEFAULT_HOST_ECDSA_KEY_FILE_BASE DEFAULT_ANON_HI_FILE_NAME_SUFFIX;
549+ const char *ecdsa_filenamebase_pub = DEFAULT_HOST_ECDSA_KEY_FILE_BASE DEFAULT_PUB_HI_FILE_NAME_SUFFIX;
550+ unsigned char *ecdsa_key_rr = NULL;
551+ unsigned char *ecdsa_pub_key_rr = NULL;
552+ EC_KEY *ecdsa_key = NULL, *ecdsa_pub_key = NULL;
553+ struct hip_host_id_local ecdsa_lhi, ecdsa_pub_lhi;
554+ struct hip_host_id *ecdsa_host_id = NULL;
555+ struct hip_host_id *ecdsa_pub_host_id = NULL;
556+#endif /* HAVE_EC_CRYPTO */
557+
558+ if (ecdsa_nid < 0) {
559+ err = -1;
560+ HIP_ERROR("NID for ECDSA is strange %d\n", ecdsa_nid);
561+ goto out_err;
562+ }
563
564 if (action == ACTION_ADD) {
565 numeric_action = HIP_MSG_ADD_LOCAL_HI;
566@@ -726,6 +750,7 @@
567 HIP_ERROR("Saving of DSA key failed.\n");
568 goto out_err;
569 }
570+#ifdef HAVE_EC_CRYPTO
571 } else if (!strcmp(hi_fmt, "ecdsa")) {
572 ecdsa_key = create_ecdsa_key(ecdsa_nid);
573 HIP_IFEL(!ecdsa_key, -EINVAL,
574@@ -734,6 +759,7 @@
575 HIP_ERROR("Saving of ECDSA key failed.\n");
576 goto out_err;
577 }
578+#endif /* HAVE_EC_CRYPTO */
579 } else { /*RSA*/
580 rsa_key = create_rsa_key(rsa_key_bits);
581 HIP_IFEL(!rsa_key, -EINVAL,
582@@ -764,6 +790,7 @@
583 HIP_IFEL(!rsa_pub_key, -EINVAL,
584 "Creation of public RSA key failed.\n");
585
586+#ifdef HAVE_EC_CRYPTO
587 ecdsa_key = create_ecdsa_key(ecdsa_nid);
588 HIP_IFEL(!ecdsa_key, -EINVAL,
589 "Creation of ECDSA key failed.\n");
590@@ -772,6 +799,17 @@
591 HIP_IFEL(!ecdsa_pub_key, -EINVAL,
592 "Creation of public ECDSA key failed.\n");
593
594+ if ((err = save_ecdsa_private_key(ecdsa_filenamebase, ecdsa_key))) {
595+ HIP_ERROR("Saving of ECDSA key failed.\n");
596+ goto out_err;
597+ }
598+
599+ if ((err = save_ecdsa_private_key(ecdsa_filenamebase_pub, ecdsa_pub_key))) {
600+ HIP_ERROR("Saving of public ECDSA key failed.\n");
601+ goto out_err;
602+ }
603+#endif /* HAVE_EC_CRYPTO */
604+
605 if ((err = save_dsa_private_key(dsa_filenamebase, dsa_key))) {
606 HIP_ERROR("Saving of DSA key failed.\n");
607 goto out_err;
608@@ -792,16 +830,6 @@
609 goto out_err;
610 }
611
612- if ((err = save_ecdsa_private_key(ecdsa_filenamebase, ecdsa_key))) {
613- HIP_ERROR("Saving of ECDSA key failed.\n");
614- goto out_err;
615- }
616-
617- if ((err = save_ecdsa_private_key(ecdsa_filenamebase_pub, ecdsa_pub_key))) {
618- HIP_ERROR("Saving of public ECDSA key failed.\n");
619- goto out_err;
620- }
621-
622 break;
623
624 case ACTION_ADD:
625@@ -823,6 +851,7 @@
626 HIP_ERROR("Building of host id failed\n");
627 goto out_err;
628 }
629+#ifdef HAVE_EC_CRYPTO
630 } else if (!strcmp(hi_fmt, "ecdsa")) {
631 if ((err = load_ecdsa_private_key(ecdsa_filenamebase, &ecdsa_key))) {
632 HIP_ERROR("Loading of the ECDSA key failed\n");
633@@ -839,6 +868,7 @@
634 HIP_ERROR("Building of host id failed\n");
635 goto out_err;
636 }
637+#endif /* HAVE_EC_CRYPTO */
638 } else { /*RSA*/
639 if ((err = load_rsa_private_key(hi_file, &rsa_key))) {
640 HIP_ERROR("Failed to load RSA key from file %s\n", hi_file);
641@@ -910,6 +940,7 @@
642 goto out_err;
643 }
644 }
645+#ifdef HAVE_EC_CRYPTO
646 } else if (!strcmp(hi_fmt, "ecdsa")) {
647 if (anon) {
648 if ((err = load_ecdsa_private_key(ecdsa_filenamebase, &ecdsa_key))) {
649@@ -958,6 +989,7 @@
650 goto out_err;
651 }
652 }
653+#endif /* HAVE_EC_CRYPTO */
654 } else if (anon) { /* rsa anon */
655 if ((err = load_rsa_private_key(rsa_filenamebase, &rsa_key))) {
656 HIP_ERROR("Loading of the RSA key failed\n");
657@@ -1059,41 +1091,47 @@
658 if (rsa_filenamebase_pub != NULL) {
659 change_key_file_perms(rsa_filenamebase_pub);
660 }
661- if (ecdsa_filenamebase_pub != NULL) {
662- change_key_file_perms(ecdsa_filenamebase_pub);
663- }
664- if (ecdsa_filenamebase_pub != NULL) {
665- change_key_file_perms(ecdsa_filenamebase_pub);
666- }
667
668 free(dsa_host_id);
669 free(dsa_pub_host_id);
670- free(ecdsa_host_id);
671- free(ecdsa_pub_host_id);
672 free(rsa_host_id);
673 free(rsa_pub_host_id);
674 DSA_free(dsa_key);
675- EC_KEY_free(ecdsa_key);
676 RSA_free(rsa_key);
677 DSA_free(dsa_pub_key);
678- EC_KEY_free(ecdsa_pub_key);
679 RSA_free(rsa_pub_key);
680 free(dsa_key_rr);
681- free(ecdsa_key_rr);
682 free(rsa_key_rr);
683 free(dsa_pub_key_rr);
684- free(ecdsa_pub_key_rr);
685 free(rsa_pub_key_rr);
686 free(endpoint_dsa_hip);
687- free(endpoint_ecdsa_hip);
688 free(endpoint_rsa_hip);
689 free(endpoint_dsa_pub_hip);
690+ free(endpoint_rsa_pub_hip);
691+
692+#ifdef HAVE_EC_CRYPTO
693+ /* We make exeception to the common memory deallocation policy (LIFO)
694+ * here to group of all ECDSA deallocations between a single ifdef */
695+ if (ecdsa_filenamebase_pub != NULL) {
696+ change_key_file_perms(ecdsa_filenamebase_pub);
697+ }
698+ if (ecdsa_filenamebase_pub != NULL) {
699+ change_key_file_perms(ecdsa_filenamebase_pub);
700+ }
701+ free(ecdsa_host_id);
702+ free(ecdsa_pub_host_id);
703+ EC_KEY_free(ecdsa_key);
704+ EC_KEY_free(ecdsa_pub_key);
705+ free(ecdsa_key_rr);
706+ free(ecdsa_pub_key_rr);
707+ free(endpoint_ecdsa_hip);
708 free(endpoint_ecdsa_pub_hip);
709- free(endpoint_rsa_pub_hip);
710+#endif /* HAVE_EC_CRYPTO */
711
712 return err;
713 }
714
715+#ifdef HAVE_EC_CRYPTO
716 /**
717 * Serialize an ECDSA public key.
718 *
719@@ -1167,6 +1205,8 @@
720 return err;
721 }
722
723+#endif /* HAVE_EC_CRYPTO */
724+
725 /**
726 * create DNS KEY RR record from host DSA key
727 * @param dsa the DSA structure from where the KEY RR record is to be created
728
729=== modified file 'lib/core/hostid.h'
730--- lib/core/hostid.h 2011-07-18 13:10:26 +0000
731+++ lib/core/hostid.h 2011-11-03 14:41:31 +0000
732@@ -26,10 +26,14 @@
733 #ifndef HIP_LIB_CORE_HOSTID_H
734 #define HIP_LIB_CORE_HOSTID_H
735
736+#include "config.h"
737+
738 #include <netinet/in.h>
739 #include <openssl/dsa.h>
740 #include <openssl/rsa.h>
741+#ifdef HAVE_EC_CRYPTO
742 #include <openssl/ec.h>
743+#endif /* HAVE_EC_CRYPTO */
744
745 #include "protodefs.h"
746 #include "state.h"
747@@ -62,11 +66,15 @@
748 struct hip_ecdsa_keylen *const ret);
749 RSA *hip_key_rr_to_rsa(const struct hip_host_id_priv *const host_id, const int is_priv);
750 DSA *hip_key_rr_to_dsa(const struct hip_host_id_priv *const host_id, const int is_priv);
751+#ifdef HAVE_EC_CRYPTO
752 EC_KEY *hip_key_rr_to_ecdsa(const struct hip_host_id_priv *const host_id, const int is_priv);
753+#endif /* HAVE_EC_CRYPTO */
754
755 int dsa_to_dns_key_rr(const DSA *const dsa, unsigned char **const buf);
756 int rsa_to_dns_key_rr(const RSA *const rsa, unsigned char **const rsa_key_rr);
757+#ifdef HAVE_EC_CRYPTO
758 int ecdsa_to_key_rr(const EC_KEY *const ecdsa, unsigned char **const ec_key_rr);
759+#endif /* HAVE_EC_CRYPTO */
760
761 int hip_serialize_host_id_action(struct hip_common *msg,
762 const int action,
763
764=== modified file 'lib/tool/pk.c'
765--- lib/tool/pk.c 2011-08-15 14:11:56 +0000
766+++ lib/tool/pk.c 2011-11-03 14:41:31 +0000
767@@ -8,6 +8,8 @@
768 * @brief HIPL wrappers for OpenSSL public key operations.
769 */
770
771+#include "config.h"
772+
773 #include <errno.h>
774 #include <stdint.h>
775 #include <stdlib.h>
776@@ -15,9 +17,11 @@
777 #include <netinet/in.h>
778 #include <openssl/bn.h>
779 #include <openssl/dsa.h>
780-#include <openssl/ecdsa.h>
781 #include <openssl/objects.h>
782 #include <openssl/rsa.h>
783+#ifdef HAVE_EC_CRYPTO
784+#include <openssl/ecdsa.h>
785+#endif /* HAVE_EC_CRYPTO */
786
787 #include "lib/core/builder.h"
788 #include "lib/core/crypto.h"
789@@ -26,7 +30,6 @@
790 #include "lib/core/performance.h"
791 #include "lib/core/prefix.h"
792 #include "lib/core/protodefs.h"
793-#include "config.h"
794 #include "pk.h"
795
796 /**
797@@ -75,6 +78,7 @@
798 return err;
799 }
800
801+#ifdef HAVE_EC_CRYPTO
802 /**
803 * Sign a HIP control message with a private ECDSA key.
804 *
805@@ -129,6 +133,8 @@
806 return 0;
807 }
808
809+#endif /* HAVE_EC_CRYPTO */
810+
811 /**
812 * sign a HIP control message with a private DSA key
813 *
814@@ -225,8 +231,10 @@
815 /* RSA_verify returns 0 on failure */
816 err = !RSA_verify(NID_sha1, sha1_digest, SHA_DIGEST_LENGTH,
817 sig->signature, RSA_size(peer_pub), peer_pub);
818+#ifdef HAVE_EC_CRYPTO
819 } else if (type == HIP_HI_ECDSA) {
820 err = impl_ecdsa_verify(sha1_digest, peer_pub, sig->signature);
821+#endif /* HAVE_EC_CRYPTO */
822 } else {
823 err = impl_dsa_verify(sha1_digest, peer_pub, sig->signature);
824 }
825@@ -259,6 +267,7 @@
826 return err;
827 }
828
829+#ifdef HAVE_EC_CRYPTO
830 /**
831 * Verify the ECDSA signature from a message.
832 *
833@@ -272,6 +281,8 @@
834 return verify(peer_pub, msg, HIP_HI_ECDSA);
835 }
836
837+#endif /* HAVE_EC_CRYPTO */
838+
839 /**
840 * RSA signature verification function
841 *
842
843=== modified file 'test/lib/tool/pk.c'
844--- test/lib/tool/pk.c 2011-07-18 13:10:10 +0000
845+++ test/lib/tool/pk.c 2011-11-03 14:41:31 +0000
846@@ -27,7 +27,9 @@
847 #include <stdlib.h>
848 #include <string.h>
849 #include <stdio.h>
850+#ifdef HAVE_EC_CRYPTO
851 #include <openssl/ec.h>
852+#endif /* HAVE_EC_CRYPTO */
853 #include <openssl/pem.h>
854
855 #include "lib/core/debug.h"

Subscribers

People subscribed via source and target branches

to all changes: