Omit ECC from DNSSEC if nettle library is old.

author Simon Kelley <simon@thekelleys.org.uk>

Wed, 19 Feb 2014 18:14:33 +0000 (18:14 +0000)

committer Simon Kelley <simon@thekelleys.org.uk>

Wed, 19 Feb 2014 18:14:33 +0000 (18:14 +0000)
author Simon Kelley <simon@thekelleys.org.uk>
Wed, 19 Feb 2014 18:14:33 +0000 (18:14 +0000)
committer Simon Kelley <simon@thekelleys.org.uk>
Wed, 19 Feb 2014 18:14:33 +0000 (18:14 +0000)
diff --git a/debian/rules b/debian/rules

index d485652cadc9406e5d51f887ebdbf54d44f5962f..fac8e556d698a89fb1992bd62a17b6f87f0c59a9 100755 (executable)
--- a/debian/rules
+++ b/debian/rules
@@ -19,6 +19,10 @@ LDFLAGS = $(shell dpkg-buildflags --get LDFLAGS)
  
  DEB_COPTS = $(COPTS)
  
+# The nettle library in Debian is too old to include
+# ECC support.
+DEB_COPTS += -DNO_NETTLE_ECC
+
  TARGET = install-i18n
  
  DEB_BUILD_ARCH_OS := $(shell dpkg-architecture -qDEB_BUILD_ARCH_OS)
diff --git a/src/dnssec.c b/src/dnssec.c

index 13e67872569a5143699695eebaac3be83ac6168a..5511143a173d1d65a3f8a27bee2c40ae92aa52c2 100644 (file)
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -21,8 +21,10 @@
  
  #include <nettle/rsa.h>
  #include <nettle/dsa.h>
-#include <nettle/ecdsa.h>
-#include <nettle/ecc-curve.h>
+#ifndef NO_NETTLE_ECC
+#  include <nettle/ecdsa.h>
+#  include <nettle/ecc-curve.h>
+#endif
  #include <nettle/nettle-meta.h>
  #include <gmp.h>
  
@@ -210,7 +212,9 @@ static int dsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned
    return nettle_dsa_sha1_verify_digest(key, digest, sig_struct);
  } 
   
-static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
+#ifndef NO_NETTLE_ECC
+static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len, 
+                               unsigned char *sig, size_t sig_len,
                                 unsigned char *digest, size_t digest_len, int algo)
  {
    unsigned char *p;
@@ -278,7 +282,8 @@ static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len
    
    return nettle_ecdsa_verify(key, digest_len, digest, sig_struct);
  } 
- 
+#endif 
+
  static int verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
                   unsigned char *digest, size_t digest_len, int algo)
  {
@@ -289,10 +294,12 @@ static int verify(struct blockdata *key_data, unsigned int key_len, unsigned cha
        
      case 3: case 6: 
        return dsa_verify(key_data, key_len, sig, sig_len, digest, algo);
-    
+ 
+#ifndef NO_NETTLE_ECC   
      case 13: case 14:
        return dnsmasq_ecdsa_verify(key_data, key_len, sig, sig_len, digest, digest_len, algo);
-}
+#endif
+    }
    
    return 0;
  }
author	Simon Kelley <simon@thekelleys.org.uk>
	Wed, 19 Feb 2014 18:14:33 +0000 (18:14 +0000)
committer	Simon Kelley <simon@thekelleys.org.uk>
	Wed, 19 Feb 2014 18:14:33 +0000 (18:14 +0000)
debian/rules		patch \| blob \| blame \| history
src/dnssec.c		patch \| blob \| blame \| history