Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 10:18:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Tidy crypto.c of old library compat. Now need libnettle 3.

Browse Source
This commit is contained in:
Simon Kelley
2018-03-17 18:39:23 +00:00
parent 8b96552f0d
commit 94b6878821
3 changed files with 22 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG
View File

@@ -60,6 +60,9 @@ version 2.79
internal-20.thekelleys.org.uk being 192.168.0.70 internal-20.thekelleys.org.uk being 192.168.0.70
Thanks to Andy Hawkins for the suggestion. Thanks to Andy Hawkins for the suggestion.
Tidy up Crypto code, removing workarounds for ancient
versions of libnettle. We now require libnettle 3.
version 2.78 version 2.78
Fix logic of appending ".<layer>" to PXE basename. Thanks to Chris Fix logic of appending ".<layer>" to PXE basename. Thanks to Chris

3
src/config.h
View File

@@ -137,9 +137,6 @@ NO_INOTIFY
otherwise be enabled automatically (HAVE_IPV6, >2Gb file sizes) or otherwise be enabled automatically (HAVE_IPV6, >2Gb file sizes) or
which are enabled by default in the distributed source tree. Building dnsmasq which are enabled by default in the distributed source tree. Building dnsmasq
with something like "make COPTS=-DNO_SCRIPT" will do the trick. with something like "make COPTS=-DNO_SCRIPT" will do the trick.
NO_NETTLE_ECC
Don't include the ECDSA cypher in DNSSEC validation. Needed for older Nettle versions.
NO_GMP NO_GMP
Don't use and link against libgmp, Useful if nettle is built with --enable-mini-gmp. Don't use and link against libgmp, Useful if nettle is built with --enable-mini-gmp.

44
src/crypto.c
View File

@@ -20,20 +20,12 @@
#include <nettle/rsa.h> #include <nettle/rsa.h>
#include <nettle/dsa.h> #include <nettle/dsa.h>
#ifndef NO_NETTLE_ECC #include <nettle/ecdsa.h>
# include <nettle/ecdsa.h> #include <nettle/ecc-curve.h>
# include <nettle/ecc-curve.h> #include <nettle/eddsa.h>
# include <nettle/eddsa.h>
#endif
#include <nettle/nettle-meta.h> #include <nettle/nettle-meta.h>
#include <nettle/bignum.h> #include <nettle/bignum.h>
/* Nettle-3.0 moved to a new API for DSA. We use a name that's defined in the new API
to detect Nettle-3, and invoke the backwards compatibility mode. */
#ifdef dsa_params_init
#include <nettle/dsa-compat.h>
#endif
/* Implement a "hash-function" to the nettle API, which simply returns /* Implement a "hash-function" to the nettle API, which simply returns
the input data, concatenated into a single, statically maintained, buffer. the input data, concatenated into a single, statically maintained, buffer.
@@ -118,9 +110,10 @@ const struct nettle_hash *hash_find(char *name)
/* libnettle >= 3.4 provides nettle_lookup_hash() which avoids nasty ABI /* libnettle >= 3.4 provides nettle_lookup_hash() which avoids nasty ABI
incompatibilities if sizeof(nettle_hashes) changes between library incompatibilities if sizeof(nettle_hashes) changes between library
versions. */ versions. It also #defines nettle_hashes, so use that to tell
if we have the new facilities. */
#if (NETTLE_VERSION_MAJOR>3) || ((NETTLE_VERSION_MAJOR==3) && (NETTLE_VERSION_MINOR >=4)) #ifdef nettle_hashes
return nettle_lookup_hash(name); return nettle_lookup_hash(name);
#else #else
{ {
@@ -233,18 +226,20 @@ static int dnsmasq_dsa_verify(struct blockdata *key_data, unsigned int key_len,
unsigned char *p; unsigned char *p;
unsigned int t; unsigned int t;
static struct dsa_public_key *key = NULL; static mpz_t y;
static struct dsa_params *params = NULL;
static struct dsa_signature *sig_struct; static struct dsa_signature *sig_struct;
(void)digest_len; (void)digest_len;
if (key == NULL) if (params == NULL)
{ {
if (!(sig_struct = whine_malloc(sizeof(struct dsa_signature))) || if (!(sig_struct = whine_malloc(sizeof(struct dsa_signature))) ||
!(key = whine_malloc(sizeof(struct dsa_public_key)))) !(params = whine_malloc(sizeof(struct dsa_params))))
return 0; return 0;
nettle_dsa_public_key_init(key); mpz_init(y);
nettle_dsa_params_init(params);
nettle_dsa_signature_init(sig_struct); nettle_dsa_signature_init(sig_struct);
} }
@@ -256,20 +251,19 @@ static int dnsmasq_dsa_verify(struct blockdata *key_data, unsigned int key_len,
if (key_len < (213 + (t * 24))) if (key_len < (213 + (t * 24)))
return 0; return 0;
mpz_import(key->q, 20, 1, 1, 0, 0, p); p += 20; mpz_import(params->q, 20, 1, 1, 0, 0, p); p += 20;
mpz_import(key->p, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8); mpz_import(params->p, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
mpz_import(key->g, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8); mpz_import(params->g, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
mpz_import(key->y, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8); mpz_import(y, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
mpz_import(sig_struct->r, 20, 1, 1, 0, 0, sig+1); mpz_import(sig_struct->r, 20, 1, 1, 0, 0, sig+1);
mpz_import(sig_struct->s, 20, 1, 1, 0, 0, sig+21); mpz_import(sig_struct->s, 20, 1, 1, 0, 0, sig+21);
(void)algo; (void)algo;
return nettle_dsa_sha1_verify_digest(key, digest, sig_struct); return nettle_dsa_verify(params, y, digest_len, digest, sig_struct);
} }
#ifndef NO_NETTLE_ECC
static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len, static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len,
unsigned char *sig, size_t sig_len, unsigned char *sig, size_t sig_len,
unsigned char *digest, size_t digest_len, int algo) unsigned char *digest, size_t digest_len, int algo)
@@ -371,8 +365,6 @@ static int dnsmasq_eddsa_verify(struct blockdata *key_data, unsigned int key_len
return 0; return 0;
} }
#endif
static int (*verify_func(int algo))(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len, static int (*verify_func(int algo))(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
unsigned char *digest, size_t digest_len, int algo) unsigned char *digest, size_t digest_len, int algo)
{ {
@@ -390,13 +382,11 @@ static int (*verify_func(int algo))(struct blockdata *key_data, unsigned int key
case 3: case 6: case 3: case 6:
return dnsmasq_dsa_verify; return dnsmasq_dsa_verify;
#ifndef NO_NETTLE_ECC
case 13: case 14: case 13: case 14:
return dnsmasq_ecdsa_verify; return dnsmasq_ecdsa_verify;
case 15: case 16: case 15: case 16:
return dnsmasq_eddsa_verify; return dnsmasq_eddsa_verify;
#endif
} }
return NULL; return NULL;