summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSimon Kelley <simon@thekelleys.org.uk>2014-02-19 18:14:33 +0000
committerSimon Kelley <simon@thekelleys.org.uk>2014-02-19 18:14:33 +0000
commitc152dc8492773313165a807495ac99dbbe83b9fe (patch)
tree1fbe4a1e29121f69bfec7a63fc3d4a6cea76246a
parent7bcca0060f7273eb547ce19b9e11968c10c8a0e4 (diff)
downloaddnsmasq-c152dc8492773313165a807495ac99dbbe83b9fe.tar.gz
Omit ECC from DNSSEC if nettle library is old.
Diffstat
-rwxr-xr-xdebian/rules4
-rw-r--r--src/dnssec.c19
2 files changed, 17 insertions, 6 deletions
diff --git a/debian/rules b/debian/rules
index d485652..fac8e55 100755
--- a/debian/rules
+++ b/debian/rules
@@ -19,6 +19,10 @@ LDFLAGS = $(shell dpkg-buildflags --get LDFLAGS)
DEB_COPTS = $(COPTS)
+# The nettle library in Debian is too old to include
+# ECC support.
+DEB_COPTS += -DNO_NETTLE_ECC
+
TARGET = install-i18n
DEB_BUILD_ARCH_OS := $(shell dpkg-architecture -qDEB_BUILD_ARCH_OS)
diff --git a/src/dnssec.c b/src/dnssec.c
index 13e6787..5511143 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -21,8 +21,10 @@
#include <nettle/rsa.h>
#include <nettle/dsa.h>
-#include <nettle/ecdsa.h>
-#include <nettle/ecc-curve.h>
+#ifndef NO_NETTLE_ECC
+# include <nettle/ecdsa.h>
+# include <nettle/ecc-curve.h>
+#endif
#include <nettle/nettle-meta.h>
#include <gmp.h>
@@ -210,7 +212,9 @@ static int dsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned
return nettle_dsa_sha1_verify_digest(key, digest, sig_struct);
}
-static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
+#ifndef NO_NETTLE_ECC
+static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len,
+ unsigned char *sig, size_t sig_len,
unsigned char *digest, size_t digest_len, int algo)
{
unsigned char *p;
@@ -278,7 +282,8 @@ static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len
return nettle_ecdsa_verify(key, digest_len, digest, sig_struct);
}
-
+#endif
+
static int verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
unsigned char *digest, size_t digest_len, int algo)
{
@@ -289,10 +294,12 @@ static int verify(struct blockdata *key_data, unsigned int key_len, unsigned cha
case 3: case 6:
return dsa_verify(key_data, key_len, sig, sig_len, digest, algo);
-
+
+#ifndef NO_NETTLE_ECC
case 13: case 14:
return dnsmasq_ecdsa_verify(key_data, key_len, sig, sig_len, digest, digest_len, algo);
-}
+#endif
+ }
return 0;
}
View Lorry Controller Status