mirror of
https://github.com/pi-hole/dnsmasq.git
synced 2025-12-19 10:18:25 +00:00
Tidy crypto.c of old library compat. Now need libnettle 3.
This commit is contained in:
Simon Kelley
@@ -60,6 +60,9 @@ version 2.79
|
||||
internal-20.thekelleys.org.uk being 192.168.0.70
|
||||
Thanks to Andy Hawkins for the suggestion.
|
||||
|
||||
Tidy up Crypto code, removing workarounds for ancient
|
||||
versions of libnettle. We now require libnettle 3.
|
||||
|
||||
|
||||
version 2.78
|
||||
Fix logic of appending ".<layer>" to PXE basename. Thanks to Chris
|
||||
|
||||
@@ -137,9 +137,6 @@ NO_INOTIFY
|
||||
otherwise be enabled automatically (HAVE_IPV6, >2Gb file sizes) or
|
||||
which are enabled by default in the distributed source tree. Building dnsmasq
|
||||
with something like "make COPTS=-DNO_SCRIPT" will do the trick.
|
||||
|
||||
NO_NETTLE_ECC
|
||||
Don't include the ECDSA cypher in DNSSEC validation. Needed for older Nettle versions.
|
||||
NO_GMP
|
||||
Don't use and link against libgmp, Useful if nettle is built with --enable-mini-gmp.
|
||||
|
||||
|
||||
44
src/crypto.c
44
src/crypto.c
@@ -20,20 +20,12 @@
|
||||
|
||||
#include <nettle/rsa.h>
|
||||
#include <nettle/dsa.h>
|
||||
#ifndef NO_NETTLE_ECC
|
||||
# include <nettle/ecdsa.h>
|
||||
# include <nettle/ecc-curve.h>
|
||||
# include <nettle/eddsa.h>
|
||||
#endif
|
||||
#include <nettle/ecdsa.h>
|
||||
#include <nettle/ecc-curve.h>
|
||||
#include <nettle/eddsa.h>
|
||||
#include <nettle/nettle-meta.h>
|
||||
#include <nettle/bignum.h>
|
||||
|
||||
/* Nettle-3.0 moved to a new API for DSA. We use a name that's defined in the new API
|
||||
to detect Nettle-3, and invoke the backwards compatibility mode. */
|
||||
#ifdef dsa_params_init
|
||||
#include <nettle/dsa-compat.h>
|
||||
#endif
|
||||
|
||||
/* Implement a "hash-function" to the nettle API, which simply returns
|
||||
the input data, concatenated into a single, statically maintained, buffer.
|
||||
|
||||
@@ -118,9 +110,10 @@ const struct nettle_hash *hash_find(char *name)
|
||||
|
||||
/* libnettle >= 3.4 provides nettle_lookup_hash() which avoids nasty ABI
|
||||
incompatibilities if sizeof(nettle_hashes) changes between library
|
||||
versions. */
|
||||
versions. It also #defines nettle_hashes, so use that to tell
|
||||
if we have the new facilities. */
|
||||
|
||||
#if (NETTLE_VERSION_MAJOR>3) || ((NETTLE_VERSION_MAJOR==3) && (NETTLE_VERSION_MINOR >=4))
|
||||
#ifdef nettle_hashes
|
||||
return nettle_lookup_hash(name);
|
||||
#else
|
||||
{
|
||||
@@ -233,18 +226,20 @@ static int dnsmasq_dsa_verify(struct blockdata *key_data, unsigned int key_len,
|
||||
unsigned char *p;
|
||||
unsigned int t;
|
||||
|
||||
static struct dsa_public_key *key = NULL;
|
||||
static mpz_t y;
|
||||
static struct dsa_params *params = NULL;
|
||||
static struct dsa_signature *sig_struct;
|
||||
|
||||
(void)digest_len;
|
||||
|
||||
if (key == NULL)
|
||||
if (params == NULL)
|
||||
{
|
||||
if (!(sig_struct = whine_malloc(sizeof(struct dsa_signature))) ||
|
||||
!(key = whine_malloc(sizeof(struct dsa_public_key))))
|
||||
!(params = whine_malloc(sizeof(struct dsa_params))))
|
||||
return 0;
|
||||
|
||||
nettle_dsa_public_key_init(key);
|
||||
mpz_init(y);
|
||||
nettle_dsa_params_init(params);
|
||||
nettle_dsa_signature_init(sig_struct);
|
||||
}
|
||||
|
||||
@@ -256,20 +251,19 @@ static int dnsmasq_dsa_verify(struct blockdata *key_data, unsigned int key_len,
|
||||
if (key_len < (213 + (t * 24)))
|
||||
return 0;
|
||||
|
||||
mpz_import(key->q, 20, 1, 1, 0, 0, p); p += 20;
|
||||
mpz_import(key->p, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
|
||||
mpz_import(key->g, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
|
||||
mpz_import(key->y, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
|
||||
mpz_import(params->q, 20, 1, 1, 0, 0, p); p += 20;
|
||||
mpz_import(params->p, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
|
||||
mpz_import(params->g, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
|
||||
mpz_import(y, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
|
||||
|
||||
mpz_import(sig_struct->r, 20, 1, 1, 0, 0, sig+1);
|
||||
mpz_import(sig_struct->s, 20, 1, 1, 0, 0, sig+21);
|
||||
|
||||
(void)algo;
|
||||
|
||||
return nettle_dsa_sha1_verify_digest(key, digest, sig_struct);
|
||||
return nettle_dsa_verify(params, y, digest_len, digest, sig_struct);
|
||||
}
|
||||
|
||||
#ifndef NO_NETTLE_ECC
|
||||
static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len,
|
||||
unsigned char *sig, size_t sig_len,
|
||||
unsigned char *digest, size_t digest_len, int algo)
|
||||
@@ -371,8 +365,6 @@ static int dnsmasq_eddsa_verify(struct blockdata *key_data, unsigned int key_len
|
||||
return 0;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
static int (*verify_func(int algo))(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
|
||||
unsigned char *digest, size_t digest_len, int algo)
|
||||
{
|
||||
@@ -390,13 +382,11 @@ static int (*verify_func(int algo))(struct blockdata *key_data, unsigned int key
|
||||
case 3: case 6:
|
||||
return dnsmasq_dsa_verify;
|
||||
|
||||
#ifndef NO_NETTLE_ECC
|
||||
case 13: case 14:
|
||||
return dnsmasq_ecdsa_verify;
|
||||
|
||||
case 15: case 16:
|
||||
return dnsmasq_eddsa_verify;
|
||||
#endif
|
||||
}
|
||||
|
||||
return NULL;
|
||||
|
||||
Reference in New Issue
Block a user