Fix conditional compile on EC, RSA features. #23
Commits on Dec 14, 2022
-
WIP: Fix conditional compile on EC, RSA features.
Eliptic curve features (GNUTLS_PK_EC) were introduced in GNUTLS at 3.5.0 (d417c2e) The function gnutls_pubkey_export_rsa_raw2 was introduced in GNUTLS at 3.6.0 (02b1713) Previously, the jwk function used the GNUTLS_VERSION_NUMBER define to conditionally compile related features, but it got the versions wrong. Eg, it coded that gnutls_pubkey_export_rsa_raw2 was available in 3.4+, and that GNUTLS_PK_EC was not available until 3.6 Using version numbers to infer whether a feature is available is error- prone, not only because it's easy to mix up the numbers, but also becuse in various distributions, distro maintainers are free to package their software with any version they like, and sometimes they backport individual bug fixes or features. In general, it is a best practice to identify the presence/absence of features in dependencies, because the version number offers no guarantees. This commit replaces ifdefs like "#if GNUTLS_VERSION_NUMBER >= 0x030600" with: - #ifdef GNUTLS_PK_EC - #ifdef GNUTLS_SIGN_CB_FLAG_RSA_DIGESTINFO The GNUTLS_PK_EC macro was introduced in commit d417c2e (at the same time as the related elliptic curve implementation), so using it is correct. The GNUTLS_SIGN_CB_FLAG_RSA_DIGESTINFO macro, on the other hand, was introduced a few commits after the function gnutls_pubkey_export_rsa_raw2 was added at commit 02b1713. Commit 02b1713 does not introduce any new pre-processor define which can be used as a conditional variable. However, The RSA_DIGESTINFO is someone related to the the gnutls_pubkey_export_rsa_raw2() function, and it was introduced before version 3.6.0. Although the macro does not identify the feature exactly, it is close enough, Practically, the rhonabwy fails to compile on Ubuntu 16.04 where GNUTLS 3.4.10 is the latest available, due to missing gnutls_pubkey_export_rsa_raw2 (which was assumed to exist per version numbers). This commit fixes detection of elliptic curve encryption and RSA export support. WIP: I'm not convinced that the RSA exporting feature was not available until gnutls 3.6. and I plan to do some more work to fully understand what versions provide what capabilities. In my application, I'm limited to using gnutls 3.3.29 (CentOS7), which is some motivation to understand what JWE features are truly available with this lib.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.