Support hash function from nettle (only)

Unlike COPTS=-DHAVE_DNSSEC, allow usage of just sha256 function from nettle, but keep DNSSEC disabled at build time. Skips use of internal hash implementation without support for validation built-in.
2025-12-20 02:38:32 +00:00 · 2020-11-25 17:18:55 +01:00
parent 25e63f1e56
commit 2024f97297
6 changed files with 44 additions and 24 deletions
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -25,6 +25,9 @@
 #if NETTLE_VERSION_MAJOR == 3 && NETTLE_VERSION_MINOR >= 6
 #  include <nettle/gostdsa.h>
 #endif
+#endif
+
+#if defined(HAVE_DNSSEC) || defined(HAVE_NETTLEHASH)
 #include <nettle/nettle-meta.h>
 #include <nettle/bignum.h>

@@ -167,6 +170,10 @@ int hash_init(const struct nettle_hash *hash, void **ctxp, unsigned char **diges

  return 1;
 }
+
+#endif
+
+#ifdef HAVE_DNSSEC
  
 static int dnsmasq_rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
 			      unsigned char *digest, size_t digest_len, int algo)