Bug 788 - Fails to build with Nettle >= 3.0 and --with-libunbound-only --with-nettle
Fails to build with Nettle >= 3.0 and --with-libunbound-only --with-nettle
Status: RESOLVED FIXED
Product: unbound
Classification: Unclassified
Component: server
1.5.9
x86_64 Linux
: P5 minor
Assigned To: unbound team
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-07-05 00:15 CEST by Robert Edmonds
Modified: 2016-07-05 16:02 CEST (History)
2 users (show)

See Also:


Attachments
Support nettle >= 3.0 by conditionally including dsa-compat.h (1.22 KB, patch)
2016-07-05 00:15 CEST, Robert Edmonds
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Edmonds 2016-07-05 00:15:13 CEST
Created attachment 336 [details]
Support nettle >= 3.0 by conditionally including dsa-compat.h

Hi,

libunbound fails to build with Nettle >= 3.0. The compile fails with the following messages:

validator/val_secalgo.c: In function ‘_verify_nettle_dsa’:
validator/val_secalgo.c:1378:24: error: storage size of ‘pubkey’ isn’t known
  struct dsa_public_key pubkey;
                        ^~~~~~
validator/val_secalgo.c:1434:2: warning: implicit declaration of function ‘nettle_dsa_public_key_init’ [-Wimplicit-function-declaration]
  nettle_dsa_public_key_init(&pubkey);
  ^~~~~~~~~~~~~~~~~~~~~~~~~~
validator/val_secalgo.c:1447:9: warning: implicit declaration of function ‘dsa_sha1_verify_digest’ [-Wimplicit-function-declaration]
  res &= dsa_sha1_verify_digest(&pubkey, digest, &signature);
         ^~~~~~~~~~~~~~~~~~~~~~
validator/val_secalgo.c:1451:2: warning: implicit declaration of function ‘nettle_dsa_public_key_clear’ [-Wimplicit-function-declaration]
  nettle_dsa_public_key_clear(&pubkey);
  ^~~~~~~~~~~~~~~~~~~~~~~~~~~
Makefile:267: recipe for target 'val_secalgo.lo' failed

The root cause is that these function and structure declarations were moved from dsa.h to dsa-compat.h for the Nettle 3.0 release:

        * New DSA interface, with a separate struct dsa_param to
          represent the underlying group, and generalized dsa_sign and
          dsa_verify functions which don't care about the hash
          function used. Limited backwards compatibility provided in
          dsa-compat.h.

          INCOMPATIBLE CHANGE: Declarations of the old interface,
          e.g., struct dsa_public_key, dsa_sha1_sign, etc, is moved to
          dsa-compat.h.

          INCOMPATIBLE CHANGE: The various key conversion functions,
          e.g., dsa_keypair_to_sexp, all use the new DSA interface, with
          no backwards compatible functions.

          INCOMPATIBLE CHANGE: dsa_generate_keypair also uses the new
          interface. dsa-compat.h declares a function
          dsa_compat_generate_keypair, implementing the old
          interface, and #defines dsa_generate_keypair to refer to
          this backwards compatible function.

(https://lists.gnu.org/archive/html/info-gnu/2014-06/msg00004.html)

Nettle 2.x is still fairly common in released distro versions, so it would be good to support both Nettle 2.x and 3.x by conditionally including the compatibility header dsa-compat.h instead of porting to the new interface.

The attached patch fixes this issue.
Comment 1 Wouter Wijngaards 2016-07-05 16:02:02 CEST
Hi Robert,

Thank you for the patch.  Integrated the patch.

Note there is also a new --disable-dsa, if DSA functionality becomes deprecated for some reason in nettle, that might be used to avoid having to port to the new API (in the future, perhaps).

Best regards, Wouter