diff options
author | Simon Kelley <simon@thekelleys.org.uk> | 2014-02-19 18:14:33 +0000 |
---|---|---|
committer | Simon Kelley <simon@thekelleys.org.uk> | 2014-02-19 18:14:33 +0000 |
commit | c152dc8492773313165a807495ac99dbbe83b9fe (patch) | |
tree | 1fbe4a1e29121f69bfec7a63fc3d4a6cea76246a | |
parent | 7bcca0060f7273eb547ce19b9e11968c10c8a0e4 (diff) | |
download | dnsmasq-c152dc8492773313165a807495ac99dbbe83b9fe.tar.gz |
Omit ECC from DNSSEC if nettle library is old.
-rwxr-xr-x | debian/rules | 4 | ||||
-rw-r--r-- | src/dnssec.c | 19 |
2 files changed, 17 insertions, 6 deletions
diff --git a/debian/rules b/debian/rules index d485652..fac8e55 100755 --- a/debian/rules +++ b/debian/rules @@ -19,6 +19,10 @@ LDFLAGS = $(shell dpkg-buildflags --get LDFLAGS) DEB_COPTS = $(COPTS) +# The nettle library in Debian is too old to include +# ECC support. +DEB_COPTS += -DNO_NETTLE_ECC + TARGET = install-i18n DEB_BUILD_ARCH_OS := $(shell dpkg-architecture -qDEB_BUILD_ARCH_OS) diff --git a/src/dnssec.c b/src/dnssec.c index 13e6787..5511143 100644 --- a/src/dnssec.c +++ b/src/dnssec.c @@ -21,8 +21,10 @@ #include <nettle/rsa.h> #include <nettle/dsa.h> -#include <nettle/ecdsa.h> -#include <nettle/ecc-curve.h> +#ifndef NO_NETTLE_ECC +# include <nettle/ecdsa.h> +# include <nettle/ecc-curve.h> +#endif #include <nettle/nettle-meta.h> #include <gmp.h> @@ -210,7 +212,9 @@ static int dsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned return nettle_dsa_sha1_verify_digest(key, digest, sig_struct); } -static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len, +#ifndef NO_NETTLE_ECC +static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len, + unsigned char *sig, size_t sig_len, unsigned char *digest, size_t digest_len, int algo) { unsigned char *p; @@ -278,7 +282,8 @@ static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len return nettle_ecdsa_verify(key, digest_len, digest, sig_struct); } - +#endif + static int verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len, unsigned char *digest, size_t digest_len, int algo) { @@ -289,10 +294,12 @@ static int verify(struct blockdata *key_data, unsigned int key_len, unsigned cha case 3: case 6: return dsa_verify(key_data, key_len, sig, sig_len, digest, algo); - + +#ifndef NO_NETTLE_ECC case 13: case 14: return dnsmasq_ecdsa_verify(key_data, key_len, sig, sig_len, digest, digest_len, algo); -} +#endif + } return 0; } |