3068. [bug] Named failed to build with a OpenSSL without engine

support. [RT #23473]

CHANGES

@@ -1,3 +1,6 @@
+3068.	[bug]		Named failed to build with a OpenSSL without engine
+			support. [RT #23473]
+
 3067.	[bug]		ixfr-from-differences {master|slave}; failed to
 			select the master/slave zones.  [RT #23580]
 

lib/dns/dst_openssl.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dst_openssl.h,v 1.9 2009/10/06 04:40:14 tbox Exp $ */
+/* $Id: dst_openssl.h,v 1.10 2011/03/11 01:11:54 marka Exp $ */
 
 #ifndef DST_OPENSSL_H
 #define DST_OPENSSL_H 1
@@ -23,13 +23,28 @@
 #include <isc/lang.h>
 #include <isc/result.h>
 
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include <openssl/evp.h>
+#include <openssl/conf.h>
+#include <openssl/crypto.h>
+
+#if !defined(OPENSSL_NO_ENGINE) && defined(CRYPTO_LOCK_ENGINE) && \
+    (OPENSSL_VERSION_NUMBER >= 0x0090707f)
+#define USE_ENGINE 1
+#endif
+
 ISC_LANG_BEGINDECLS
 
 isc_result_t
 dst__openssl_toresult(isc_result_t fallback);
 
+#ifdef USE_ENGINE
 ENGINE *
 dst__openssl_getengine(const char *engine);
+#else
+#define dst__openssl_getengine(x) NULL
+#endif
 
 ISC_LANG_ENDDECLS
 

lib/dns/openssl_link.c

@@ -31,7 +31,7 @@
 
 /*
  * Principal Author: Brian Wellington
- * $Id: openssl_link.c,v 1.29 2010/09/15 12:38:36 tbox Exp $
+ * $Id: openssl_link.c,v 1.30 2011/03/11 01:11:54 marka Exp $
  */
 #ifdef OPENSSL
 
@@ -50,16 +50,6 @@
 #include "dst_internal.h"
 #include "dst_openssl.h"
 
-#include <openssl/err.h>
-#include <openssl/rand.h>
-#include <openssl/evp.h>
-#include <openssl/conf.h>
-#include <openssl/crypto.h>
-
-#if defined(CRYPTO_LOCK_ENGINE) && (OPENSSL_VERSION_NUMBER >= 0x0090707f)
-#define USE_ENGINE 1
-#endif
-
 #ifdef USE_ENGINE
 #include <openssl/engine.h>
 #endif
@@ -308,19 +298,19 @@ dst__openssl_toresult(isc_result_t fallback) {
 	return (result);
 }
 
+#if defined(USE_ENGINE)
 ENGINE *
 dst__openssl_getengine(const char *engine) {
 
 	if (engine == NULL)
 		return (NULL);
-#if defined(USE_ENGINE)
 	if (e == NULL)
 		return (NULL);
 	if (strcmp(engine, ENGINE_get_id(e)) == 0)
 		return (e);
-#endif
 	return (NULL);
 }
+#endif
 
 #else /* OPENSSL */
 

lib/dns/opensslrsa_link.c

@@ -17,7 +17,7 @@
 
 /*
  * Principal Author: Brian Wellington
- * $Id: opensslrsa_link.c,v 1.39 2011/01/11 23:47:13 tbox Exp $
+ * $Id: opensslrsa_link.c,v 1.40 2011/03/11 01:11:54 marka Exp $
  */
 #ifdef OPENSSL
 #include <config.h>
@@ -51,7 +51,9 @@
 #if OPENSSL_VERSION_NUMBER > 0x00908000L
 #include <openssl/bn.h>
 #endif
+#ifdef USE_ENGINE
 #include <openssl/engine.h>
+#endif
 
 /*
  * We don't use configure for windows so enforce the OpenSSL version
@@ -1138,7 +1140,9 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
 	isc_result_t ret;
 	int i;
 	RSA *rsa = NULL, *pubrsa = NULL;
+#ifdef USE_ENGINE
 	ENGINE *e = NULL;
+#endif
 	isc_mem_t *mctx = key->mctx;
 	const char *engine = NULL, *label = NULL;
 	EVP_PKEY *pkey = NULL;
@@ -1175,6 +1179,7 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
 	 * See if we can fetch it.
 	 */
 	if (label != NULL) {
+#ifdef USE_ENGINE
 		if (engine == NULL)
 			DST_RET(DST_R_NOENGINE);
 		e = dst__openssl_getengine(engine);
@@ -1209,6 +1214,9 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
 		dst__privstruct_free(&priv, mctx);
 		memset(&priv, 0, sizeof(priv));
 		return (ISC_R_SUCCESS);
+#else
+		DST_RET(DST_R_NOENGINE);
+#endif
 	}
 
 	rsa = RSA_new();
@@ -1303,6 +1311,7 @@ static isc_result_t
 opensslrsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
 		     const char *pin)
 {
+#ifdef USE_ENGINE
 	ENGINE *e = NULL;
 	isc_result_t ret;
 	EVP_PKEY *pkey = NULL;
@@ -1366,6 +1375,13 @@ opensslrsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
 	if (pkey != NULL)
 		EVP_PKEY_free(pkey);
 	return (ret);
+#else
+	UNUSED(key);
+	UNUSED(engine);
+	UNUSED(label);
+	UNUSED(pin);
+	return(DST_R_NOENGINE);
+#endif
 }
 
 static dst_func_t opensslrsa_functions = {