Bugzilla – Bug 788
Fails to build with Nettle >= 3.0 and --with-libunbound-only --with-nettle
Last modified: 2016-07-05 16:02:02 CEST
Created attachment 336 [details]
Support nettle >= 3.0 by conditionally including dsa-compat.h
libunbound fails to build with Nettle >= 3.0. The compile fails with the following messages:
validator/val_secalgo.c: In function ‘_verify_nettle_dsa’:
validator/val_secalgo.c:1378:24: error: storage size of ‘pubkey’ isn’t known
struct dsa_public_key pubkey;
validator/val_secalgo.c:1434:2: warning: implicit declaration of function ‘nettle_dsa_public_key_init’ [-Wimplicit-function-declaration]
validator/val_secalgo.c:1447:9: warning: implicit declaration of function ‘dsa_sha1_verify_digest’ [-Wimplicit-function-declaration]
res &= dsa_sha1_verify_digest(&pubkey, digest, &signature);
validator/val_secalgo.c:1451:2: warning: implicit declaration of function ‘nettle_dsa_public_key_clear’ [-Wimplicit-function-declaration]
Makefile:267: recipe for target 'val_secalgo.lo' failed
The root cause is that these function and structure declarations were moved from dsa.h to dsa-compat.h for the Nettle 3.0 release:
* New DSA interface, with a separate struct dsa_param to
represent the underlying group, and generalized dsa_sign and
dsa_verify functions which don't care about the hash
function used. Limited backwards compatibility provided in
INCOMPATIBLE CHANGE: Declarations of the old interface,
e.g., struct dsa_public_key, dsa_sha1_sign, etc, is moved to
INCOMPATIBLE CHANGE: The various key conversion functions,
e.g., dsa_keypair_to_sexp, all use the new DSA interface, with
no backwards compatible functions.
INCOMPATIBLE CHANGE: dsa_generate_keypair also uses the new
interface. dsa-compat.h declares a function
dsa_compat_generate_keypair, implementing the old
interface, and #defines dsa_generate_keypair to refer to
this backwards compatible function.
Nettle 2.x is still fairly common in released distro versions, so it would be good to support both Nettle 2.x and 3.x by conditionally including the compatibility header dsa-compat.h instead of porting to the new interface.
The attached patch fixes this issue.
Thank you for the patch. Integrated the patch.
Note there is also a new --disable-dsa, if DSA functionality becomes deprecated for some reason in nettle, that might be used to avoid having to port to the new API (in the future, perhaps).
Best regards, Wouter