--- /dev/null
+From 8a12d9183271b2b16f399c3fe867f149dbf753d7 Mon Sep 17 00:00:00 2001
+From: Rosen Penev <rosenp@gmail.com>
+Date: Thu, 20 Feb 2020 18:58:52 -0800
+Subject: [PATCH] Fix compilation without DSA and deprecated APIs
+
+Signed-off-by: Rosen Penev <rosenp@gmail.com>
+---
+ dnssec.c | 2 ++
+ examples/ldns-dane.c | 2 ++
+ examples/ldns-keygen.c | 2 ++
+ examples/ldns-signzone.c | 16 ++++++++++++++++
+ examples/ldns-verify-zone.c | 2 ++
+ host2str.c | 8 ++++++++
+ keys.c | 10 +++++++---
+ ldns/keys.h | 8 ++++++++
+ rr_functions.c | 4 ++++
+ 9 files changed, 51 insertions(+), 3 deletions(-)
+
+diff --git a/dnssec.c b/dnssec.c
+index 482cefd6..71508600 100644
+--- a/dnssec.c
++++ b/dnssec.c
+@@ -332,6 +332,7 @@ uint16_t ldns_calc_keytag_raw(const uint8_t* key, size_t keysize)
+ }
+
+ #ifdef HAVE_SSL
++#ifdef USE_DSA
+ DSA *
+ ldns_key_buf2dsa(const ldns_buffer *key)
+ {
+@@ -407,6 +408,7 @@ ldns_key_buf2dsa_raw(const unsigned char* key, size_t len)
+ #endif /* OPENSSL_VERSION_NUMBER */
+ return dsa;
+ }
++#endif /* USE_DSA */
+
+ RSA *
+ ldns_key_buf2rsa(const ldns_buffer *key)
+diff --git a/examples/ldns-dane.c b/examples/ldns-dane.c
+index 4c31fd8f..7b33ad18 100644
+--- a/examples/ldns-dane.c
++++ b/examples/ldns-dane.c
+@@ -1680,9 +1680,11 @@ main(int argc, char* const* argv)
+ assert(0);
+ }
+
++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
+ /* ssl inititalize */
+ SSL_load_error_strings();
+ SSL_library_init();
++#endif
+
+ /* ssl load validation store */
+ if (! assume_pkix_validity || CAfile || CApath) {
+diff --git a/examples/ldns-keygen.c b/examples/ldns-keygen.c
+index 62b8d228..237016e5 100644
+--- a/examples/ldns-keygen.c
++++ b/examples/ldns-keygen.c
+@@ -148,6 +148,7 @@ main(int argc, char *argv[])
+ exit(1);
+ }
+ break;
++#ifdef USE_DSA
+ case LDNS_SIGN_DSA:
+ case LDNS_SIGN_DSA_NSEC3:
+ if (bits < 512 || bits > 1024) {
+@@ -156,6 +157,7 @@ main(int argc, char *argv[])
+ exit(1);
+ }
+ break;
++#endif /* USE_DSA */
+ #ifdef USE_GOST
+ case LDNS_SIGN_ECC_GOST:
+ if(!ldns_key_EVP_load_gost_id()) {
+diff --git a/examples/ldns-signzone.c b/examples/ldns-signzone.c
+index 7d24ad90..abae352a 100644
+--- a/examples/ldns-signzone.c
++++ b/examples/ldns-signzone.c
+@@ -72,10 +72,14 @@ usage(FILE *fp, const char *prog) {
+
+ fprintf ( fp, "\n " );
+ __LIST ( RSAMD5 );
++#ifdef USE_DSA
+ __LIST ( DSA );
++#endif
+ __LIST ( RSASHA1 );
+ fprintf ( fp, "\n " );
++#ifdef USE_DSA
+ __LIST ( DSA_NSEC3 );
++#endif
+ __LIST ( RSASHA1_NSEC3 );
+ __LIST ( RSASHA256 );
+ fprintf ( fp, "\n " );
+@@ -350,11 +354,15 @@ parse_algspec ( const char * const p )
+
+ __MATCH ( RSAMD5 );
+ __MATCH ( RSASHA1 );
++#ifdef USE_DSA
+ __MATCH ( DSA );
++#endif
+ __MATCH ( RSASHA1_NSEC3 );
+ __MATCH ( RSASHA256 );
+ __MATCH ( RSASHA512 );
++#ifdef USE_DSA
+ __MATCH ( DSA_NSEC3 );
++#endif
+ __MATCH ( ECC_GOST );
+ __MATCH ( ECDSAP256SHA256 );
+ __MATCH ( ECDSAP384SHA384 );
+@@ -419,8 +427,10 @@ load_key ( const char * const p, ENGINE * const e )
+ case LDNS_SIGN_RSASHA1_NSEC3:
+ case LDNS_SIGN_RSASHA256:
+ case LDNS_SIGN_RSASHA512:
++#ifdef USE_DSA
+ case LDNS_SIGN_DSA:
+ case LDNS_SIGN_DSA_NSEC3:
++#endif
+ case LDNS_SIGN_ECC_GOST:
+ #ifdef USE_ECDSA
+ case LDNS_SIGN_ECDSAP256SHA256:
+@@ -995,9 +1005,13 @@ main(int argc, char *argv[])
+
+ #ifdef HAVE_SSL
+ if (ERR_peek_error()) {
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(HAVE_LIBRESSL)
+ ERR_load_crypto_strings();
++#endif
+ ERR_print_errors_fp(stderr);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(HAVE_LIBRESSL)
+ ERR_free_strings();
++#endif
+ }
+ #endif
+ exit(EXIT_FAILURE);
+@@ -1018,7 +1032,9 @@ main(int argc, char *argv[])
+ #ifndef OPENSSL_NO_ENGINE
+ shutdown_openssl ( engine );
+ #else
++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
+ CRYPTO_cleanup_all_ex_data();
++#endif
+ #endif
+
+ free(prog);
+diff --git a/examples/ldns-verify-zone.c b/examples/ldns-verify-zone.c
+index c17bd21c..a5a1d003 100644
+--- a/examples/ldns-verify-zone.c
++++ b/examples/ldns-verify-zone.c
+@@ -113,7 +113,9 @@ print_rr_status_error(FILE* stream, ldns_rr* rr, ldns_status status)
+ if (status != LDNS_STATUS_OK) {
+ print_rr_error(stream, rr, ldns_get_errorstr_by_id(status));
+ if (verbosity > 0 && status == LDNS_STATUS_SSL_ERR) {
++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
+ ERR_load_crypto_strings();
++#endif
+ ERR_print_errors_fp(stream);
+ }
+ }
+diff --git a/host2str.c b/host2str.c
+index 3ca23c20..29a5f5c9 100644
+--- a/host2str.c
++++ b/host2str.c
+@@ -49,10 +49,14 @@
+ ldns_lookup_table ldns_algorithms[] = {
+ { LDNS_RSAMD5, "RSAMD5" },
+ { LDNS_DH, "DH" },
++#ifdef USE_DSA
+ { LDNS_DSA, "DSA" },
++#endif /* USE_DSA */
+ { LDNS_ECC, "ECC" },
+ { LDNS_RSASHA1, "RSASHA1" },
++#ifdef USE_DSA
+ { LDNS_DSA_NSEC3, "DSA-NSEC3-SHA1" },
++#endif /* USE_DSA */
+ { LDNS_RSASHA1_NSEC3, "RSASHA1-NSEC3-SHA1" },
+ #ifdef USE_SHA2
+ { LDNS_RSASHA256, "RSASHA256"},
+@@ -2133,7 +2137,9 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
+ unsigned char *bignum;
+ #ifdef HAVE_SSL
+ RSA *rsa;
++#ifdef USE_DSA
+ DSA *dsa;
++#endif /* USE_DSA */
+ #endif /* HAVE_SSL */
+
+ if (!k) {
+@@ -2243,6 +2249,7 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
+
+ RSA_free(rsa);
+ break;
++#ifdef USE_DSA
+ case LDNS_SIGN_DSA:
+ case LDNS_SIGN_DSA_NSEC3:
+ dsa = ldns_key_dsa_key(k);
+@@ -2283,6 +2290,7 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
+ goto error;
+ }
+ break;
++#endif /* USE_DSA */
+ case LDNS_SIGN_ECC_GOST:
+ /* no format defined, use blob */
+ #if defined(HAVE_SSL) && defined(USE_GOST)
+diff --git a/keys.c b/keys.c
+index 06afb739..ddff6f35 100644
+--- a/keys.c
++++ b/keys.c
+@@ -905,6 +905,7 @@ ldns_key_new_frm_fp_rsa_l(FILE *f, int *line_nr)
+ return NULL;
+ }
+
++#ifdef USE_DSA
+ DSA *
+ ldns_key_new_frm_fp_dsa(FILE *f)
+ {
+@@ -1015,6 +1016,7 @@ ldns_key_new_frm_fp_dsa_l(FILE *f, ATTR_UNUSED(int *line_nr))
+ BN_free(pub_key);
+ return NULL;
+ }
++#endif /* USE_DSA */
+
+ unsigned char *
+ ldns_key_new_frm_fp_hmac(FILE *f, size_t *hmac_size)
+@@ -1149,9 +1151,9 @@ ldns_key_new_frm_algorithm(ldns_signing_algorithm alg, uint16_t size)
+ #endif /* HAVE_EVP_PKEY_KEYGEN */
+ #endif /* HAVE_SSL */
+ break;
++#ifdef USE_DSA
+ case LDNS_SIGN_DSA:
+ case LDNS_SIGN_DSA_NSEC3:
+-#ifdef USE_DSA
+ #ifdef HAVE_SSL
+ # if OPENSSL_VERSION_NUMBER < 0x00908000L
+ d = DSA_generate_parameters((int)size, NULL, 0, NULL, NULL, NULL, NULL);
+@@ -1878,10 +1880,10 @@ ldns_key2rr(const ldns_key *k)
+ #endif
+ size++;
+ break;
++#ifdef USE_DSA
+ case LDNS_SIGN_DSA:
+ ldns_rr_push_rdf(pubkey,
+ ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, LDNS_DSA));
+-#ifdef USE_DSA
+ #ifdef HAVE_SSL
+ dsa = ldns_key_dsa_key(k);
+ if (dsa) {
+@@ -1901,10 +1903,10 @@ ldns_key2rr(const ldns_key *k)
+ #endif /* HAVE_SSL */
+ #endif /* USE_DSA */
+ break;
++#ifdef USE_DSA
+ case LDNS_SIGN_DSA_NSEC3:
+ ldns_rr_push_rdf(pubkey,
+ ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, LDNS_DSA_NSEC3));
+-#ifdef USE_DSA
+ #ifdef HAVE_SSL
+ dsa = ldns_key_dsa_key(k);
+ if (dsa) {
+@@ -2165,7 +2167,9 @@ ldns_signing_algorithm ldns_get_signing_algorithm_by_name(const char* name)
+ ldns_lookup_table aliases[] = {
+ /* from bind dnssec-keygen */
+ {LDNS_SIGN_HMACMD5, "HMAC-MD5"},
++#ifdef USE_DSA
+ {LDNS_SIGN_DSA_NSEC3, "NSEC3DSA"},
++#endif /* USE_DSA */
+ {LDNS_SIGN_RSASHA1_NSEC3, "NSEC3RSASHA1"},
+ /* old ldns usage, now RFC names */
+ #ifdef USE_DSA
+diff --git a/ldns/keys.h b/ldns/keys.h
+index df4bb22b..826f876f 100644
+--- a/ldns/keys.h
++++ b/ldns/keys.h
+@@ -45,10 +45,14 @@ enum ldns_enum_algorithm
+ {
+ LDNS_RSAMD5 = 1, /* RFC 4034,4035 */
+ LDNS_DH = 2,
++#ifdef USE_DSA
+ LDNS_DSA = 3,
++#endif /* USE_DSA */
+ LDNS_ECC = 4,
+ LDNS_RSASHA1 = 5,
++#ifdef USE_DSA
+ LDNS_DSA_NSEC3 = 6,
++#endif /* USE_DSA */
+ LDNS_RSASHA1_NSEC3 = 7,
+ LDNS_RSASHA256 = 8, /* RFC 5702 */
+ LDNS_RSASHA512 = 10, /* RFC 5702 */
+@@ -90,11 +94,15 @@ enum ldns_enum_signing_algorithm
+ {
+ LDNS_SIGN_RSAMD5 = LDNS_RSAMD5,
+ LDNS_SIGN_RSASHA1 = LDNS_RSASHA1,
++#ifdef USE_DSA
+ LDNS_SIGN_DSA = LDNS_DSA,
++#endif /* USE_DSA */
+ LDNS_SIGN_RSASHA1_NSEC3 = LDNS_RSASHA1_NSEC3,
+ LDNS_SIGN_RSASHA256 = LDNS_RSASHA256,
+ LDNS_SIGN_RSASHA512 = LDNS_RSASHA512,
++#ifdef USE_DSA
+ LDNS_SIGN_DSA_NSEC3 = LDNS_DSA_NSEC3,
++#endif /* USE_DSA */
+ LDNS_SIGN_ECC_GOST = LDNS_ECC_GOST,
+ LDNS_SIGN_ECDSAP256SHA256 = LDNS_ECDSAP256SHA256,
+ LDNS_SIGN_ECDSAP384SHA384 = LDNS_ECDSAP384SHA384,
+diff --git a/rr_functions.c b/rr_functions.c
+index 20a0bfaa..8d72696b 100644
+--- a/rr_functions.c
++++ b/rr_functions.c
+@@ -269,14 +269,17 @@ ldns_rr_dnskey_key_size_raw(const unsigned char* keydata,
+ const size_t len,
+ const ldns_algorithm alg)
+ {
++#ifdef USE_DSA
+ /* for DSA keys */
+ uint8_t t;
++#endif /* USE_DSA */
+
+ /* for RSA keys */
+ uint16_t exp;
+ uint16_t int16;
+
+ switch ((ldns_signing_algorithm)alg) {
++#ifdef USE_DSA
+ case LDNS_SIGN_DSA:
+ case LDNS_SIGN_DSA_NSEC3:
+ if (len > 0) {
+@@ -286,6 +289,7 @@ ldns_rr_dnskey_key_size_raw(const unsigned char* keydata,
+ return 0;
+ }
+ break;
++#endif /* USE_DSA */
+ case LDNS_SIGN_RSAMD5:
+ case LDNS_SIGN_RSASHA1:
+ case LDNS_SIGN_RSASHA1_NSEC3:
projects / feed / packages.git / commitdiff