7 files changed, 80 insertions, 6 deletions

diff --git a/external/unbound/compat/arc4random.c b/external/unbound/compat/arc4random.c
index 27a626b7b..2c859f184 100644
--- a/external/unbound/compat/arc4random.c
+++ b/external/unbound/compat/arc4random.c
@@ -26,7 +26,9 @@
 #include <fcntl.h>
 #include <limits.h>
 #include <signal.h>
+#ifdef HAVE_STDINT_H
 #include <stdint.h>
+#endif
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
diff --git a/external/unbound/compat/getentropy_linux.c b/external/unbound/compat/getentropy_linux.c
index 76f0f9df5..37d86a8f1 100644
--- a/external/unbound/compat/getentropy_linux.c
+++ b/external/unbound/compat/getentropy_linux.c
@@ -46,7 +46,12 @@
 #include <errno.h>
 #include <unistd.h>
 #include <time.h>
+
+#if defined(HAVE_SSL)
 #include <openssl/sha.h>
+#elif defined(HAVE_NETTLE)
+#include <nettle/sha.h>
+#endif
 
 #include <linux/types.h>
 #include <linux/random.h>
@@ -67,9 +72,21 @@
 			HD(b); \
 	} while (0)
 
+#if defined(HAVE_SSL)
+#define CRYPTO_SHA512_CTX		SHA512_CTX
+#define CRYPTO_SHA512_INIT(x)		SHA512_Init(x)
+#define CRYPTO_SHA512_FINAL(r, c)	SHA512_Final(r, c)
 #define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l)))
 #define HD(x)	 (SHA512_Update(&ctx, (char *)&(x), sizeof (x)))
 #define HF(x)    (SHA512_Update(&ctx, (char *)&(x), sizeof (void*)))
+#elif defined(HAVE_NETTLE)
+#define CRYPTO_SHA512_CTX		struct sha512_ctx
+#define CRYPTO_SHA512_INIT(x)		sha512_init(x)
+#define CRYPTO_SHA512_FINAL(r, c)	sha512_digest(c, SHA512_DIGEST_SIZE, r)
+#define HR(x, l) (sha512_update(&ctx, (l), (uint8_t *)(x)))
+#define HD(x)	 (sha512_update(&ctx, sizeof (x), (uint8_t *)&(x)))
+#define HF(x)    (sha512_update(&ctx, sizeof (void*), (uint8_t *)&(x)))
+#endif
 
 int	getentropy(void *buf, size_t len);
 
@@ -122,7 +139,7 @@ getentropy(void *buf, size_t len)
 	 * Try to use sysctl CTL_KERN, KERN_RANDOM, RANDOM_UUID.
 	 * sysctl is a failsafe API, so it guarantees a result.  This
 	 * should work inside a chroot, or when file descriptors are
-	 * exhuasted.
+	 * exhausted.
 	 *
 	 * However this can fail if the Linux kernel removes support
 	 * for sysctl.  Starting in 2007, there have been efforts to
@@ -337,7 +354,7 @@ getentropy_fallback(void *buf, size_t len)
 	struct rusage ru;
 	sigset_t sigset;
 	struct stat st;
-	SHA512_CTX ctx;
+	CRYPTO_SHA512_CTX ctx;
 	static pid_t lastpid;
 	pid_t pid;
 	size_t i, ii, m;
@@ -354,7 +371,7 @@ getentropy_fallback(void *buf, size_t len)
 	}
 	for (i = 0; i < len; ) {
 		int j;
-		SHA512_Init(&ctx);
+		CRYPTO_SHA512_INIT(&ctx);
 		for (j = 0; j < repeat; j++) {
 			HX((e = gettimeofday(&tv, NULL)) == -1, tv);
 			if (e != -1) {
@@ -526,7 +543,7 @@ getentropy_fallback(void *buf, size_t len)
 #  endif
 #endif /* HAVE_GETAUXVAL */
 
-		SHA512_Final(results, &ctx);
+		CRYPTO_SHA512_FINAL(results, &ctx);
 		memcpy((char*)buf + i, results, min(sizeof(results), len - i));
 		i += min(sizeof(results), len - i);
 	}
diff --git a/external/unbound/compat/getentropy_solaris.c b/external/unbound/compat/getentropy_solaris.c
index 838957382..810098a8d 100644
--- a/external/unbound/compat/getentropy_solaris.c
+++ b/external/unbound/compat/getentropy_solaris.c
@@ -30,7 +30,9 @@
 #include <sys/stat.h>
 #include <sys/time.h>
 #include <stdlib.h>
+#ifdef HAVE_STDINT_H
 #include <stdint.h>
+#endif
 #include <stdio.h>
 #include <termios.h>
 #include <fcntl.h>
@@ -39,10 +41,14 @@
 #include <errno.h>
 #include <unistd.h>
 #include <time.h>
+#ifdef HAVE_SYS_SHA2_H
 #include <sys/sha2.h>
 #define SHA512_Init SHA512Init
 #define SHA512_Update SHA512Update
 #define SHA512_Final SHA512Final
+#else
+#include "openssl/sha.h"
+#endif
 
 #include <sys/vfs.h>
 #include <sys/statfs.h>
diff --git a/external/unbound/compat/isblank.c b/external/unbound/compat/isblank.c
new file mode 100644
index 000000000..8feabed45
--- /dev/null
+++ b/external/unbound/compat/isblank.c
@@ -0,0 +1,45 @@
+/* isblank - compatibility implementation of isblank
+ *
+ * Copyright (c) 2015, NLnet Labs. All rights reserved.
+ *
+ * This software is open source.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * 
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * 
+ * Neither the name of the NLNET LABS nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+/* return true for a blank character: space or tab */
+int isblank(int c);
+
+/* implementation of isblank. unsigned char is the argument */
+int
+isblank(int c)
+{
+	return (c==' ' || c=='\t');
+}
diff --git a/external/unbound/compat/reallocarray.c b/external/unbound/compat/reallocarray.c
index 04d5d71c8..c969bd067 100644
--- a/external/unbound/compat/reallocarray.c
+++ b/external/unbound/compat/reallocarray.c
@@ -18,7 +18,10 @@
 #include "config.h"
 #include <sys/types.h>
 #include <errno.h>
+#ifdef HAVE_STDINT_H
 #include <stdint.h>
+#endif
+#include <limits.h>
 #include <stdlib.h>
 
 /*
diff --git a/external/unbound/compat/sha512.c b/external/unbound/compat/sha512.c
index ac046abb7..744b7ac7b 100644
--- a/external/unbound/compat/sha512.c
+++ b/external/unbound/compat/sha512.c
@@ -70,7 +70,7 @@ unsigned char *SHA512(void *data, unsigned int data_len, unsigned char *digest);
  * Please make sure that your system defines BYTE_ORDER.  If your
  * architecture is little-endian, make sure it also defines
  * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are
- * equivilent.
+ * equivalent.
  *
  * If your system does not define the above, then you can do so by
  * hand like this:
diff --git a/external/unbound/compat/snprintf.c b/external/unbound/compat/snprintf.c
index 066355703..97cd7061f 100644
--- a/external/unbound/compat/snprintf.c
+++ b/external/unbound/compat/snprintf.c
@@ -42,6 +42,7 @@
 #ifdef HAVE_STDINT_H
 #include <stdint.h>
 #endif
+#include <limits.h>
 
 /* for test */
 /* #define SNPRINTF_TEST 1 */
@@ -428,7 +429,7 @@ print_num_llp(char** at, size_t* left, int* ret, void* value,
 	char buf[PRINT_DEC_BUFSZ];
 	int negative = 0;
 	int zero = (value == 0);
-#if defined(UINTPTR_MAX) && defined(UINT32_MAX) && (UINTPTR_MAX == UINT32_MAX)
+#if defined(SIZE_MAX) && defined(UINT32_MAX) && (UINT32_MAX == SIZE_MAX || INT32_MAX == SIZE_MAX)
 	/* avoid warning about upcast on 32bit systems */
 	unsigned long long llvalue = (unsigned long)value;
 #else