[Dnsmasq-discuss] [PATCH] Fix HAVE_CRYPOHASH build and tune GOST/ECDSA usage

Vladislav Grishenko themiron.ru at gmail.com
Sat Apr 10 14:57:44 UTC 2021


Hello,

 

Recent nettle version detection changes in dnsmasq 2.85 have brought build
regression with HAVE_CRYPTOHASH defined due no MIN_VERSION macro is defined.

Also, DNSSEC GOST validation is not consistent in case only hash but not
signature functions are available.

Please refer patch set attached.

 

As for disabling GOST, what if disable it by default?

Current implemented GOST algos are obsolete, newer ones didn't pass
certification as DNSSEC algo, so.

 

--

Best Regards, Vladislav Grishenko

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20210410/063adfc2/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Fix-HAVE_CRYPOHASH-build-and-tune-GOST-ECDSA-usage.patch
Type: application/octet-stream
Size: 5724 bytes
Desc: not available
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20210410/063adfc2/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-Allow-to-disable-DNSSEC-GOST-algo-validation.patch
Type: application/octet-stream
Size: 1601 bytes
Desc: not available
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20210410/063adfc2/attachment-0001.obj>


More information about the Dnsmasq-discuss mailing list