From 73a4cd17c37f61159a365e55bdd5ff2b8327d439 Mon Sep 17 00:00:00 2001
From: ott <ott@users.noreply.github.com>
Date: Tue, 23 Jan 2018 21:13:05 +0100
Subject: [PATCH] resolve: signal Ed25519 support (#7960)

Ed25519 is supported but not signalled as an understood cryptographic
algorithm as per RFC 6975.
---
 src/resolve/resolved-dns-packet.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
index ac8e6a1eea..b6feddba98 100644
--- a/src/resolve/resolved-dns-packet.c
+++ b/src/resolve/resolved-dns-packet.c
@@ -18,6 +18,10 @@
   along with systemd; If not, see <http://www.gnu.org/licenses/>.
  ***/
 
+#if HAVE_GCRYPT
+#include <gcrypt.h>
+#endif
+
 #include "alloc-util.h"
 #include "dns-domain.h"
 #include "resolved-dns-packet.h"
@@ -752,13 +756,20 @@ int dns_packet_append_opt(DnsPacket *p, uint16_t max_udp_size, bool edns0_do, in
                 static const uint8_t rfc6975[] = {
 
                         0, 5, /* OPTION_CODE: DAU */
+#if GCRYPT_VERSION_NUMBER >= 0x010600
+                        0, 7, /* LIST_LENGTH */
+#else
                         0, 6, /* LIST_LENGTH */
+#endif
                         DNSSEC_ALGORITHM_RSASHA1,
                         DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1,
                         DNSSEC_ALGORITHM_RSASHA256,
                         DNSSEC_ALGORITHM_RSASHA512,
                         DNSSEC_ALGORITHM_ECDSAP256SHA256,
                         DNSSEC_ALGORITHM_ECDSAP384SHA384,
+#if GCRYPT_VERSION_NUMBER >= 0x010600
+                        DNSSEC_ALGORITHM_ED25519,
+#endif
 
                         0, 6, /* OPTION_CODE: DHU */
                         0, 3, /* LIST_LENGTH */
-- 
2.25.1