commit cdb755c5f16a6768c3e8b1f345fe15fc9244228d
author Simon Kelley <simon@thekelleys.org.uk> Wed Jun 18 20:52:53 2014 +0100
committer Simon Kelley <simon@thekelleys.org.uk> Wed Jun 18 20:52:53 2014 +0100
tree 518ca7e0894f91c60c1a7447802404aa4fd86fe5
parent 063efb330a3f341c2548e2cf1f67f83e49cd6395

Fix FTBFS with Nettle-3.0.

CHANGELOG

diff --git a/CHANGELOG b/CHANGELOG
index d42d3f5..f59e7c5 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -10,6 +10,9 @@
 
 	    Add DBus methods SetFilterWin2KOption and SetBogusPrivOption
 	    Thanks to the Smoothwall project for the patch.
+
+	    Fix failure to build against Nettle-3.0. Thanks to Steven 
+	    Barth for spotting this and finding the fix. 
 	    
 
 version 2.71

src/dnssec.c

diff --git a/src/dnssec.c b/src/dnssec.c
index 2ffb75d..69bfc29 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -28,6 +28,12 @@
 #include <nettle/nettle-meta.h>
 #include <nettle/bignum.h>
 
+/* Nettle-3.0 moved to a new API for DSA. We use a name that's defined in the new API
+   to detect Nettle-3, and invoke the backwards compatibility mode. */
+#ifdef dsa_params_init
+#include <nettle/dsa-compat.h>
+#endif
+
 
 #define SERIAL_UNDEF  -100
 #define SERIAL_EQ        0
@@ -121,8 +127,8 @@
   return 1;
 }
   
-static int rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
-		      unsigned char *digest, int algo)
+static int dnsmasq_rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
+			      unsigned char *digest, int algo)
 {
   unsigned char *p;
   size_t exp_len;
@@ -173,8 +179,8 @@
   return 0;
 }  
 
-static int dsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
-		      unsigned char *digest, int algo)
+static int dnsmasq_dsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
+			      unsigned char *digest, int algo)
 {
   unsigned char *p;
   unsigned int t;
@@ -293,10 +299,10 @@
   switch (algo)
     {
     case 1: case 5: case 7: case 8: case 10:
-      return rsa_verify(key_data, key_len, sig, sig_len, digest, algo);
+      return dnsmasq_rsa_verify(key_data, key_len, sig, sig_len, digest, algo);
       
     case 3: case 6: 
-      return dsa_verify(key_data, key_len, sig, sig_len, digest, algo);
+      return dnsmasq_dsa_verify(key_data, key_len, sig, sig_len, digest, algo);
  
 #ifndef NO_NETTLE_ECC   
     case 13: case 14: