1 From 2024f9729713fd657d65e64c2e4e471baa0a3e5b Mon Sep 17 00:00:00 2001
2 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
3 Date: Wed, 25 Nov 2020 17:18:55 +0100
4 Subject: Support hash function from nettle (only)
6 Unlike COPTS=-DHAVE_DNSSEC, allow usage of just sha256 function from
7 nettle, but keep DNSSEC disabled at build time. Skips use of internal
8 hash implementation without support for validation built-in.
11 bld/pkg-wrapper | 41 ++++++++++++++++++++++-------------------
12 src/config.h | 8 ++++++++
13 src/crypto.c | 7 +++++++
15 src/hash_questions.c | 2 +-
16 6 files changed, 44 insertions(+), 24 deletions(-)
20 @@ -53,7 +53,7 @@ top?=$(CURDIR)
22 dbus_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DBUS $(PKG_CONFIG) --cflags dbus-1`
23 dbus_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DBUS $(PKG_CONFIG) --libs dbus-1`
24 -ubus_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_UBUS "" --copy -lubox -lubus`
25 +ubus_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_UBUS "" --copy '-lubox -lubus'`
26 idn_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_IDN $(PKG_CONFIG) --cflags libidn`
27 idn_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_IDN $(PKG_CONFIG) --libs libidn`
28 idn2_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LIBIDN2 $(PKG_CONFIG) --cflags libidn2`
29 @@ -62,8 +62,10 @@ ct_cflags = `echo $(COPTS) | $(top)/
30 ct_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_CONNTRACK $(PKG_CONFIG) --libs libnetfilter_conntrack`
31 lua_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --cflags lua5.2`
32 lua_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --libs lua5.2`
33 -nettle_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --cflags nettle hogweed`
34 -nettle_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --libs nettle hogweed`
35 +nettle_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --cflags 'nettle hogweed' \
36 + HAVE_NETTLEHASH $(PKG_CONFIG) --cflags nettle`
37 +nettle_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --libs 'nettle hogweed' \
38 + HAVE_NETTLEHASH $(PKG_CONFIG) --libs nettle`
39 gmp_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC NO_GMP --copy -lgmp`
40 sunos_libs = `if uname | grep SunOS >/dev/null 2>&1; then echo -lsocket -lnsl -lposix4; fi`
41 version = -DVERSION='\"`$(top)/bld/get-version $(top)`\"'
56 -if grep "^\#[[:space:]]*define[[:space:]]*$search" config.h >/dev/null 2>&1 || \
57 - echo $in | grep $search >/dev/null 2>&1; then
60 + grep "^\#[[:space:]]*define[[:space:]]*$1" config.h >/dev/null 2>&1 || \
61 + echo $in | grep $1 >/dev/null 2>&1
64 +while [ "$#" -gt 0 ]; do
70 +if search "$search"; then
72 # Nasty, nasty, in --copy, arg 2 (if non-empty) is another config to search for, used with NO_GMP
73 if [ $op = "--copy" ]; then
74 if [ -z "$pkg" ]; then
76 - elif grep "^\#[[:space:]]*define[[:space:]]*$pkg" config.h >/dev/null 2>&1 || \
77 - echo $in | grep $pkg >/dev/null 2>&1; then
79 + elif search "$pkg"; then
85 - elif grep "^\#[[:space:]]*define[[:space:]]*${search}_STATIC" config.h >/dev/null 2>&1 || \
86 - echo $in | grep ${search}_STATIC >/dev/null 2>&1; then
87 - pkg=`$pkg --static $op $*`
88 + elif search "${search}_STATIC"; then
89 + pkg=`$pkg --static $op $lib`
95 - if grep "^\#[[:space:]]*define[[:space:]]*${search}_STATIC" config.h >/dev/null 2>&1 || \
96 - echo $in | grep ${search}_STATIC >/dev/null 2>&1; then
97 + if search "${search}_STATIC"; then
98 if [ $op = "--libs" ] || [ $op = "--copy" ]; then
99 echo "-Wl,-Bstatic $pkg -Wl,-Bdynamic"
101 @@ -40,3 +42,4 @@ if grep "^\#[[:space:]]*define[[:space:]
108 @@ -117,6 +117,9 @@ HAVE_AUTH
109 define this to include the facility to act as an authoritative DNS
110 server for one or more zones.
113 + include just hash function from nettle, but no DNSSEC.
116 include DNSSEC validator.
118 @@ -184,6 +187,7 @@ RESOLVFILE
119 /* #define HAVE_IDN */
120 /* #define HAVE_LIBIDN2 */
121 /* #define HAVE_CONNTRACK */
122 +/* #define HAVE_NETTLEHASH */
123 /* #define HAVE_DNSSEC */
126 @@ -408,6 +412,10 @@ static char *compile_opts =
130 +#if !defined(HAVE_NETTLEHASH) && !defined(HAVE_DNSSEC)
140 #include <nettle/ecdsa.h>
141 #include <nettle/ecc-curve.h>
142 #include <nettle/eddsa.h>
145 +#if defined(HAVE_DNSSEC) || defined(HAVE_NETTLEHASH)
146 #include <nettle/nettle-meta.h>
147 #include <nettle/bignum.h>
149 @@ -165,6 +168,10 @@ int hash_init(const struct nettle_hash *
158 static int dnsmasq_rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
159 unsigned char *digest, size_t digest_len, int algo)
162 @@ -150,7 +150,7 @@ extern int capget(cap_user_header_t head
167 +#if defined(HAVE_DNSSEC) || defined(HAVE_NETTLEHASH)
168 # include <nettle/nettle-meta.h>
171 --- a/src/hash_questions.c
172 +++ b/src/hash_questions.c
178 +#if defined(HAVE_DNSSEC) || defined(HAVE_NETTLEHASH)
179 unsigned char *hash_questions(struct dns_header *header, size_t plen, char *name)