From cdb755c5f16a6768c3e8b1f345fe15fc9244228d Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Wed, 18 Jun 2014 20:52:53 +0100
Subject: [PATCH] Fix FTBFS with Nettle-3.0.

---
 CHANGELOG    |  3 +++
 src/dnssec.c | 18 ++++++++++++------
 2 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index d42d3f5..f59e7c5 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -10,6 +10,9 @@ version 2.72
 
 	    Add DBus methods SetFilterWin2KOption and SetBogusPrivOption
 	    Thanks to the Smoothwall project for the patch.
+
+	    Fix failure to build against Nettle-3.0. Thanks to Steven 
+	    Barth for spotting this and finding the fix. 
 	    
 
 version 2.71
diff --git a/src/dnssec.c b/src/dnssec.c
index 2ffb75d..69bfc29 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -28,6 +28,12 @@
 #include <nettle/nettle-meta.h>
 #include <nettle/bignum.h>
 
+/* Nettle-3.0 moved to a new API for DSA. We use a name that's defined in the new API
+   to detect Nettle-3, and invoke the backwards compatibility mode. */
+#ifdef dsa_params_init
+#include <nettle/dsa-compat.h>
+#endif
+
 
 #define SERIAL_UNDEF  -100
 #define SERIAL_EQ        0
@@ -121,8 +127,8 @@ static int hash_init(const struct nettle_hash *hash, void **ctxp, unsigned char
   return 1;
 }
   
-static int rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
-		      unsigned char *digest, int algo)
+static int dnsmasq_rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
+			      unsigned char *digest, int algo)
 {
   unsigned char *p;
   size_t exp_len;
@@ -173,8 +179,8 @@ static int rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned
   return 0;
 }  
 
-static int dsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
-		      unsigned char *digest, int algo)
+static int dnsmasq_dsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
+			      unsigned char *digest, int algo)
 {
   unsigned char *p;
   unsigned int t;
@@ -293,10 +299,10 @@ static int verify(struct blockdata *key_data, unsigned int key_len, unsigned cha
   switch (algo)
     {
     case 1: case 5: case 7: case 8: case 10:
-      return rsa_verify(key_data, key_len, sig, sig_len, digest, algo);
+      return dnsmasq_rsa_verify(key_data, key_len, sig, sig_len, digest, algo);
       
     case 3: case 6: 
-      return dsa_verify(key_data, key_len, sig, sig_len, digest, algo);
+      return dnsmasq_dsa_verify(key_data, key_len, sig, sig_len, digest, algo);
  
 #ifndef NO_NETTLE_ECC   
     case 13: case 14:
-- 
2.39.2