Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-20 02:38:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Support hash function from nettle (only)

Browse Source 
Unlike COPTS=-DHAVE_DNSSEC, allow usage of just sha256 function from
nettle, but keep DNSSEC disabled at build time. Skips use of internal
hash implementation without support for validation built-in.
This commit is contained in:
Petr Menšík
2020-11-25 17:18:55 +01:00
committed by Simon Kelley
parent 25e63f1e56
commit 2024f97297
6 changed files with 44 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
Makefile
View File

@@ -53,7 +53,7 @@ top?=$(CURDIR)
dbus_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DBUS $(PKG_CONFIG) --cflags dbus-1` dbus_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DBUS $(PKG_CONFIG) --cflags dbus-1`
dbus_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DBUS $(PKG_CONFIG) --libs dbus-1` dbus_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DBUS $(PKG_CONFIG) --libs dbus-1`
ubus_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_UBUS "" --copy -lubox -lubus` ubus_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_UBUS "" --copy '-lubox -lubus'`
idn_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_IDN $(PKG_CONFIG) --cflags libidn` idn_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_IDN $(PKG_CONFIG) --cflags libidn`
idn_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_IDN $(PKG_CONFIG) --libs libidn` idn_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_IDN $(PKG_CONFIG) --libs libidn`
idn2_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LIBIDN2 $(PKG_CONFIG) --cflags libidn2` idn2_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LIBIDN2 $(PKG_CONFIG) --cflags libidn2`
@@ -62,8 +62,10 @@ ct_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_CONNTRACK $(PKG_CON
ct_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_CONNTRACK $(PKG_CONFIG) --libs libnetfilter_conntrack` ct_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_CONNTRACK $(PKG_CONFIG) --libs libnetfilter_conntrack`
lua_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --cflags lua5.2` lua_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --cflags lua5.2`
lua_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --libs lua5.2` lua_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --libs lua5.2`
nettle_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --cflags nettle hogweed` nettle_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --cflags 'nettle hogweed' \
nettle_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --libs nettle hogweed` HAVE_NETTLEHASH $(PKG_CONFIG) --cflags nettle`
nettle_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --libs 'nettle hogweed' \
HAVE_NETTLEHASH $(PKG_CONFIG) --libs nettle`
gmp_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC NO_GMP --copy -lgmp` gmp_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC NO_GMP --copy -lgmp`
sunos_libs = `if uname | grep SunOS >/dev/null 2>&1; then echo -lsocket -lnsl -lposix4; fi` sunos_libs = `if uname | grep SunOS >/dev/null 2>&1; then echo -lsocket -lnsl -lposix4; fi`
version = -DVERSION='\"`$(top)/bld/get-version $(top)`\"' version = -DVERSION='\"`$(top)/bld/get-version $(top)`\"'

41
bld/pkg-wrapper
View File

@@ -1,35 +1,37 @@
#!/bin/sh #!/bin/sh
search=$1
shift
pkg=$1
shift
op=$1
shift
in=`cat` in=`cat`
if grep "^\#[[:space:]]*define[[:space:]]*$search" config.h >/dev/null 2>&1 || \ search()
echo $in | grep $search >/dev/null 2>&1; then {
grep "^\#[[:space:]]*define[[:space:]]*$1" config.h >/dev/null 2>&1 || \
echo $in | grep $1 >/dev/null 2>&1
}
while [ "$#" -gt 0 ]; do
search=$1
pkg=$2
op=$3
lib=$4
shift 4
if search "$search"; then
# Nasty, nasty, in --copy, arg 2 (if non-empty) is another config to search for, used with NO_GMP # Nasty, nasty, in --copy, arg 2 (if non-empty) is another config to search for, used with NO_GMP
if [ $op = "--copy" ]; then if [ $op = "--copy" ]; then
if [ -z "$pkg" ]; then if [ -z "$pkg" ]; then
pkg="$*" pkg="$lib"
elif grep "^\#[[:space:]]*define[[:space:]]*$pkg" config.h >/dev/null 2>&1 || \ elif search "$pkg"; then
echo $in | grep $pkg >/dev/null 2>&1; then
pkg="" pkg=""
else else
pkg="$*" pkg="$lib"
fi fi
elif grep "^\#[[:space:]]*define[[:space:]]*${search}_STATIC" config.h >/dev/null 2>&1 || \ elif search "${search}_STATIC"; then
echo $in | grep ${search}_STATIC >/dev/null 2>&1; then pkg=`$pkg --static $op $lib`
pkg=`$pkg --static $op $*`
else else
pkg=`$pkg $op $*` pkg=`$pkg $op $lib`
fi fi
if grep "^\#[[:space:]]*define[[:space:]]*${search}_STATIC" config.h >/dev/null 2>&1 || \ if search "${search}_STATIC"; then
echo $in | grep ${search}_STATIC >/dev/null 2>&1; then
if [ $op = "--libs" ] || [ $op = "--copy" ]; then if [ $op = "--libs" ] || [ $op = "--copy" ]; then
echo "-Wl,-Bstatic $pkg -Wl,-Bdynamic" echo "-Wl,-Bstatic $pkg -Wl,-Bdynamic"
else else
@@ -40,3 +42,4 @@ if grep "^\#[[:space:]]*define[[:space:]]*$search" config.h >/dev/null 2>&1 || \
fi fi
fi fi
done

8
src/config.h
View File

@@ -120,6 +120,9 @@ HAVE_AUTH
define this to include the facility to act as an authoritative DNS define this to include the facility to act as an authoritative DNS
server for one or more zones. server for one or more zones.
HAVE_NETTLEHASH
include just hash function from nettle, but no DNSSEC.
HAVE_DNSSEC HAVE_DNSSEC
include DNSSEC validator. include DNSSEC validator.
@@ -187,6 +190,7 @@ RESOLVFILE
/* #define HAVE_IDN */ /* #define HAVE_IDN */
/* #define HAVE_LIBIDN2 */ /* #define HAVE_LIBIDN2 */
/* #define HAVE_CONNTRACK */ /* #define HAVE_CONNTRACK */
/* #define HAVE_NETTLEHASH */
/* #define HAVE_DNSSEC */ /* #define HAVE_DNSSEC */
@@ -420,6 +424,10 @@ static char *compile_opts =
"no-" "no-"
#endif #endif
"auth " "auth "
#if !defined(HAVE_NETTLEHASH) && !defined(HAVE_DNSSEC)
"no-"
#endif
"nettlehash "
#ifndef HAVE_DNSSEC #ifndef HAVE_DNSSEC
"no-" "no-"
#endif #endif

7
src/crypto.c
View File

@@ -25,6 +25,9 @@
#if NETTLE_VERSION_MAJOR == 3 && NETTLE_VERSION_MINOR >= 6 #if NETTLE_VERSION_MAJOR == 3 && NETTLE_VERSION_MINOR >= 6
# include <nettle/gostdsa.h> # include <nettle/gostdsa.h>
#endif #endif
#endif
#if defined(HAVE_DNSSEC) || defined(HAVE_NETTLEHASH)
#include <nettle/nettle-meta.h> #include <nettle/nettle-meta.h>
#include <nettle/bignum.h> #include <nettle/bignum.h>
@@ -168,6 +171,10 @@ int hash_init(const struct nettle_hash *hash, void **ctxp, unsigned char **diges
return 1; return 1;
} }
#endif
#ifdef HAVE_DNSSEC
static int dnsmasq_rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len, static int dnsmasq_rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
unsigned char *digest, size_t digest_len, int algo) unsigned char *digest, size_t digest_len, int algo)
{ {

2
src/dnsmasq.h
View File

@@ -157,7 +157,7 @@ extern int capget(cap_user_header_t header, cap_user_data_t data);
#include <priv.h> #include <priv.h>
#endif #endif
#ifdef HAVE_DNSSEC #if defined(HAVE_DNSSEC) || defined(HAVE_NETTLEHASH)
# include <nettle/nettle-meta.h> # include <nettle/nettle-meta.h>
#endif #endif

2
src/hash_questions.c
View File

@@ -28,7 +28,7 @@
#include "dnsmasq.h" #include "dnsmasq.h"
#ifdef HAVE_DNSSEC #if defined(HAVE_DNSSEC) || defined(HAVE_NETTLEHASH)
unsigned char *hash_questions(struct dns_header *header, size_t plen, char *name) unsigned char *hash_questions(struct dns_header *header, size_t plen, char *name)
{ {
int q; int q;