Commit a1462e2f authored by Ondřej Surý's avatar Ondřej Surý Committed by Daniel Salzman

Use gnutls_privkey_sign_data2 where available

parent 9cb991dd
......@@ -122,9 +122,14 @@ PKG_CHECK_MODULES([gnutls], [gnutls >= 3.3 nettle], [
AS_IF([test "$enable_pkcs11" = yes],
[AC_DEFINE([ENABLE_PKCS11], [1], [PKCS #11 support available])])
AC_CHECK_DECL([GNUTLS_PK_EDDSA_ED25519], [enable_ed25519=yes], [enable_ed25519=no], [#include <gnutls/gnutls.h>])
AS_IF([test "$enable_ed25519" = yes],
[AC_DEFINE([HAVE_ED25519], [1], [GnuTLS ED25519 support available])])
AC_CHECK_DECL([GNUTLS_PK_EDDSA_ED25519],
[AC_DEFINE([HAVE_ED25519], [1], [GnuTLS ED25519 support available])
enable_ed25519=yes],
[enable_ed25519=no],
[#include <gnutls/gnutls.h>])
AC_CHECK_FUNC([gnutls_privkey_sign_data2],
[AC_DEFINE([HAVE_SIGN_DATA2], [1], [gnutls_privkey_sign_data2 available])])
CFLAGS=$save_CFLAGS
LIBS=$save_LIBS
......
......@@ -471,9 +471,16 @@ int dnssec_sign_write(dnssec_sign_ctx_t *ctx, dnssec_binary_t *signature)
assert(ctx->key->private_key);
_cleanup_datum_ gnutls_datum_t raw = { 0 };
#ifdef HAVE_SIGN_DATA2
gnutls_sign_algorithm_t algorithm = get_sign_algorithm(ctx);
int result = gnutls_privkey_sign_data2(ctx->key->private_key,
algorithm,
0, &data, &raw);
#else
int result = gnutls_privkey_sign_data(ctx->key->private_key,
ctx->hash_algorithm,
0, &data, &raw);
ctx->hash_algorithm,
0, &data, &raw);
#endif
if (result < 0) {
return DNSSEC_SIGN_ERROR;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment