Fix nettle_hash() function to avoid ABI incompatibilities.

The way of accessing the list of available hashes on nettle was
vulnerable to breaking if the version of libnettle in use was
different to the version dnsmasq was compiled against.
Change to a new system if libnettle >= 3.4 is in use.
Older versions if nettle are still OK, once 3.4 is reached,
the ABi problem is fixed. Thanks to Petr Menšík for clues on this.

debian/changelog

@@ -5,6 +5,9 @@ dnsmasq (2.79-1) unstable; urgency=low
    * Fix exit code for dhcp_release6 (closes: #833596)
    * Add project homepage to control file. (closes: #887764)
    * New binary package dnsmasq-base-lua, includes Lua support.
+   * Remove hardwired shlibs dependency for libnettle 3.3 and
+	fix code to avoid ABI breakage as long as compiled against
+	libnettle 3.4 or later. (closes: #891315)
 
  -- Simon Kelley <simon@thekelleys.org.uk>  Fri, 16 Feb 2018 19:54:22 +0000
 

debian/shlibs.local

-libnettle 6 libnettle6 (>= 3.3)

src/crypto.c

@@ -114,17 +114,25 @@ const struct nettle_hash *hash_find(char *name)
   if (!name)
     return NULL;
   
+  /* We provide a "null" hash which returns the input data as digest. */
+  if (strcmp(null_hash.name, name) == 0)
+    return &null_hash;
+
+  /* libnettle >= 3.4 provides nettle_lookup_hash() which avoids nasty ABI
+     incompatibilities if sizeof(nettle_hashes) changes between library
+     versions. */
+  
+#if (NETTLE_VERSION_MAJOR>3) || ((NETTLE_VERSION_MAJOR==3) && (NETTLE_VERSION_MINOR >=4))
+  return nettle_lookup_hash(name);
+#else
   for (i = 0; nettle_hashes[i]; i++)
     {
       if (strcmp(nettle_hashes[i]->name, name) == 0)
 	return nettle_hashes[i];
     }
 
-  /* We provide a "null" hash which returns the input data as digest. */
-  if (strcmp(null_hash.name, name) == 0)
-    return &null_hash;
-
-  return NULL;
+   return NULL;
+#endif
 }
 
 /* expand ctx and digest memory allocations if necessary and init hash function */