Gitiles
Code Review Sign In
gerrit.nordix.org / thekelleys / dnsmasq / 2024f9729713fd657d65e64c2e4e471baa0a3e5b^! / . / src
commit2024f9729713fd657d65e64c2e4e471baa0a3e5b[log] [tgz]
authorPetr Menšík <pemensik@redhat.com>Wed Nov 25 17:18:55 2020 +0100
committerSimon Kelley <simon@thekelleys.org.uk>Wed Dec 16 15:49:03 2020 +0000
tree82fda8489def657c0ac13da5128e66dcaaa3e5ef
parent25e63f1e56f5acdcf91893a1b92ad1e0f2f552d8 [diff]
Support hash function from nettle (only)

Unlike COPTS=-DHAVE_DNSSEC, allow usage of just sha256 function from
nettle, but keep DNSSEC disabled at build time. Skips use of internal
hash implementation without support for validation built-in.

diff --git a/src/config.h b/src/config.h
index 7187ffa..e71a117 100644
--- a/src/config.h
+++ b/src/config.h

@@ -120,6 +120,9 @@
    define this to include the facility to act as an authoritative DNS
    server for one or more zones.
 
+HAVE_NETTLEHASH
+   include just hash function from nettle, but no DNSSEC.
+
 HAVE_DNSSEC
    include DNSSEC validator.
 
@@ -187,6 +190,7 @@
 /* #define HAVE_IDN */
 /* #define HAVE_LIBIDN2 */
 /* #define HAVE_CONNTRACK */
+/* #define HAVE_NETTLEHASH */
 /* #define HAVE_DNSSEC */
 
 
@@ -420,6 +424,10 @@
 "no-"
 #endif
 "auth "
+#if !defined(HAVE_NETTLEHASH) && !defined(HAVE_DNSSEC)
+"no-"
+#endif
+"nettlehash "
 #ifndef HAVE_DNSSEC
 "no-"
 #endif

diff --git a/src/crypto.c b/src/crypto.c
index ca63111..09525d2 100644
--- a/src/crypto.c
+++ b/src/crypto.c

@@ -25,6 +25,9 @@
 #if NETTLE_VERSION_MAJOR == 3 && NETTLE_VERSION_MINOR >= 6
 #  include <nettle/gostdsa.h>
 #endif
+#endif
+
+#if defined(HAVE_DNSSEC) || defined(HAVE_NETTLEHASH)
 #include <nettle/nettle-meta.h>
 #include <nettle/bignum.h>
 
@@ -167,6 +170,10 @@
 
   return 1;
 }
+
+#endif
+
+#ifdef HAVE_DNSSEC
   
 static int dnsmasq_rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
 			      unsigned char *digest, size_t digest_len, int algo)

diff --git a/src/dnsmasq.h b/src/dnsmasq.h
index 9f74c7a..914f469 100644
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h

@@ -157,7 +157,7 @@
 #include <priv.h>
 #endif
 
-#ifdef HAVE_DNSSEC
+#if defined(HAVE_DNSSEC) || defined(HAVE_NETTLEHASH)
 #  include <nettle/nettle-meta.h>
 #endif
 

diff --git a/src/hash_questions.c b/src/hash_questions.c
index ae112ac..917c18e 100644
--- a/src/hash_questions.c
+++ b/src/hash_questions.c

@@ -28,7 +28,7 @@
 
 #include "dnsmasq.h"
 
-#ifdef HAVE_DNSSEC
+#if defined(HAVE_DNSSEC) || defined(HAVE_NETTLEHASH)
 unsigned char *hash_questions(struct dns_header *header, size_t plen, char *name)
 {
   int q;