Finish refactoring after the removal of --with-ecdsa and --with-eddsa.

Missed in c3b8130fe8.

bin/tests/system/testcrypto.sh

@@ -18,8 +18,7 @@ args=""
 alg="-a $DEFAULT_ALGORITHM -b $DEFAULT_BITS"
 quiet=0
 
-msg1="cryptography"
-msg2="--with-openssl, or --enable-native-pkcs11 --with-pkcs11"
+msg="cryptography"
 while test "$#" -gt 0; do
         case $1 in
         -q)
@@ -28,18 +27,16 @@ while test "$#" -gt 0; do
                 ;;
         rsa|RSA)
                 alg="-a RSASHA1"
-                msg1="RSA cryptography"
+                msg="RSA cryptography"
                 ;;
         ecdsa|ECDSA)
                 alg="-a ecdsap256sha256"
-                msg1="ECDSA cryptography"
-                msg2="--with-ecdsa"
+                msg="ECDSA cryptography"
+                ;;
+        eddsa|EDDSA)
+                alg="-a ED25519"
+                msg="EDDSA cryptography"
                 ;;
-	eddsa|EDDSA)
-		alg="-a ED25519"
-		msg1="EDDSA cryptography"
-		msg2="--with-eddsa"
-		;;
         *)
                 echo "${prog}: unknown argument"
                 exit 1
@@ -48,14 +45,14 @@ while test "$#" -gt 0; do
         shift
 done
 
-
 if $KEYGEN $args $alg foo > /dev/null 2>&1
 then
     rm -f Kfoo*
 else
     if test $quiet -eq 0; then
-        echo "I:This test requires support for $msg1" >&2
-        echo "I:configure with $msg2" >&2
+        echo "I:This test requires support for $msg" >&2
+        echo "I:configure with --with-openssl, or --enable-native-pkcs11" \
+            "--with-pkcs11" >&2
     fi
     exit 255
 fi

config.h.win32

@@ -289,12 +289,6 @@ typedef __int64 off_t;
 /* Define if native PKCS#11 is used as cryptographic library provider */
 @USE_PKCS11@
 
-/* Define if your PKCS11 provider supports Ed25519. */
-@HAVE_PKCS11_ED25519@
-
-/* Define if your PKCS11 provider supports Ed448. */
-@HAVE_PKCS11_ED448@
-
 /* HMAC_*() return ints */
 @HMAC_RETURN_INT@
 

lib/dns/dst_api.c

@@ -228,12 +228,8 @@ dst_lib_init(isc_mem_t *mctx, const char *engine) {
 	RETERR(dst__pkcs11rsa_init(&dst_t_func[DST_ALG_RSASHA512]));
 	RETERR(dst__pkcs11ecdsa_init(&dst_t_func[DST_ALG_ECDSA256]));
 	RETERR(dst__pkcs11ecdsa_init(&dst_t_func[DST_ALG_ECDSA384]));
-#ifdef HAVE_PKCS11_ED25519
 	RETERR(dst__pkcs11eddsa_init(&dst_t_func[DST_ALG_ED25519]));
-#endif /* ifdef HAVE_PKCS11_ED25519 */
-#ifdef HAVE_PKCS11_ED448
 	RETERR(dst__pkcs11eddsa_init(&dst_t_func[DST_ALG_ED448]));
-#endif /* ifdef HAVE_PKCS11_ED448 */
 #endif /* USE_PKCS11 */
 #ifdef GSSAPI
 	RETERR(dst__gssapi_init(&dst_t_func[DST_ALG_GSSAPI]));

lib/dns/dst_internal.h

@@ -234,10 +234,8 @@ isc_result_t
 dst__pkcs11dsa_init(struct dst_func **funcp);
 isc_result_t
 dst__pkcs11ecdsa_init(struct dst_func **funcp);
-#if defined(HAVE_PKCS11_ED25519) || defined(HAVE_PKCS11_ED448)
 isc_result_t
 dst__pkcs11eddsa_init(struct dst_func **funcp);
-#endif /* if defined(HAVE_PKCS11_ED25519) || defined(HAVE_PKCS11_ED448) */
 #endif /* USE_PKCS11 */
 #ifdef GSSAPI
 isc_result_t

lib/dns/pkcs11eddsa_link.c

@@ -11,7 +11,7 @@
 
 /*! \file */
 
-#if USE_PKCS11 && (HAVE_PKCS11_ED25519 || HAVE_PKCS11_ED448)
+#if USE_PKCS11
 
 #include <stdbool.h>
 

lib/isc/include/pk11/constants.h

@@ -24,12 +24,8 @@ static CK_BYTE pk11_ecc_prime256v1[] = { 0x06, 0x08, 0x2a, 0x86, 0x48,
 static CK_BYTE pk11_ecc_secp384r1[] = {
 	0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22
 };
-#if HAVE_PKCS11_ED25519
 static CK_BYTE pk11_ecc_ed25519[] = { 0x06, 0x03, 0x2b, 0x65, 0x70 };
-#endif /* HAVE_PKCS11_ED25519 */
-#if HAVE_PKCS11_ED448
 static CK_BYTE pk11_ecc_ed448[] = { 0x06, 0x03, 0x2b, 0x65, 0x71 };
-#endif /* HAVE_PKCS11_ED448 */
 
 #ifdef WANT_DH_PRIMES
 static CK_BYTE pk11_dh_bn2[] = { 2 };

win32utils/Configure

@@ -203,8 +203,6 @@ my @substdefh = ("CONFIGARGS",
                  "USE_BACKTRACE",
                  "USE_OPENSSL",
                  "USE_PKCS11",
-                 "HAVE_PKCS11_ED25519",
-                 "HAVE_PKCS11_ED448",
                  "HAVE_READLINE",
                  "HAVE_ZLIB",
                  "ISC_LIST_CHECKINIT",
@@ -368,8 +366,6 @@ my @enablelist = ("developer",
 
 my @withlist = ("aes",
                 "cross-compile",
-                "ecdsa",
-                "eddsa",
                 "extra-tests",
                 "gssapi",
                 "geoip2",
@@ -427,7 +423,6 @@ my @help = (
 "  with-openssl[=PATH]   build with OpenSSL yes|path (mandatory)\n",
 "  with-libuv[=PATH]     build with libuv yes|path (mandatory)\n",
 "  with-pkcs11[=PATH]    build with PKCS#11 support yes|no|provider-path\n",
-"  with-eddsa            crypto EDDSA yes|all|no\n",
 "  with-gssapi[=PATH]    build with MIT KfW GSSAPI yes|no|path\n",
 "  with-libxml2[=PATH]   build with libxml2 library yes|no|path\n",
 "  with-geoip2[=PATH]    build with GeoIP2 support yes|no|path\n",
@@ -475,8 +470,6 @@ my $use_openssl = "auto";
 my $openssl_path = "..\\..\\";
 my $use_pkcs11 = "no";
 my $pkcs11_path = "unknown";
-my $use_eddsa = "auto";
-my $use_ed448 = "auto";
 my $use_aes = "auto";
 my $use_gssapi = "no";
 my $validation_default = "auto";
@@ -762,15 +755,6 @@ sub mywith {
             $pkcs11_path = $val;
             $pkcs11_path =~ s/\.dll$//i;
         }
-    } elsif ($key =~ /^eddsa$/i) {
-        if ($val =~ /^no$/i) {
-            $use_eddsa = "no";
-        } elsif ($val !~ /^no$/i) {
-            $use_eddsa = "yes";
-            if ($val =~ /^all$/i) {
-                $use_ed448 = "yes";
-            }
-        }
     } elsif ($key =~ /^aes$/i) {
         if ($val =~ /^no$/i) {
             $use_aes = "no";
@@ -974,17 +958,6 @@ if ($verbose) {
     } else {
         print "pkcs11-provider-path: $pkcs11_path\n";
     }
-    print "ecdsa: enabled\n";
-    if ($use_eddsa eq "no") {
-        print "eddsa: disabled\n";
-    } else {
-        print "ed25519: enabled\n";
-        if ($use_ed448 eq "no") {
-            print "ed448: disabled\n";
-        } else {
-            print "ed448: enabled\n";
-        }
-    }
     if ($use_aes eq "no") {
         print "aes: disabled\n";
     } else {
@@ -1247,26 +1220,6 @@ if ($enable_native_pkcs11 eq "yes") {
             print "native PKCS#11 support: no PKCS#11 provider defined?\n";
         }
     }
-    if ($use_eddsa eq "no") {
-        if ($verbose) {
-            print "no EDDSA support in native PKCS#11\n";
-        }
-    } else {
-        if ($verbose) {
-            print "enabled Ed25519 support in native PKCS#11\n";
-        }
-        $configdefh{"HAVE_PKCS11_ED25519"} = 1;
-        if ($use_ed448 eq "no") {
-            if ($verbose) {
-                print "no Ed448 support in native PKCS#11\n";
-            }
-        } else {
-            if ($verbose) {
-                print "enabled Ed448 support in native PKCS#11\n";
-            }
-            $configdefh{"HAVE_PKCS11_ED448"} = 1;
-        }
-    }
 }
 
 # enable-fixed-rrset
@@ -1587,13 +1540,9 @@ EOF
     }
 }
 
-# with-eddsa
-if ($use_openssl eq "no") {
-    $use_eddsa = "no";
-}
-if ($use_eddsa eq "auto") {
+if ($use_openssl eq "yes") {
     if ($verbose) {
-        print "checking for OpenSSL ED25519 support\n";
+        print "checking for OpenSSL Ed25519 support\n";
     }
     open F, ">tested25519.c" || die $!;
     print F << 'EOF';
@@ -1617,31 +1566,24 @@ EOF
     $compret = `cl /nologo /MD /I "$include" tested25519.c "$library"`;
     if (grep { -f and -x } ".\\tested25519.exe") {
         `.\\tested25519.exe`;
-        if ($? != 0) {
+        if ($? == 0) {
+            $configdefh{"HAVE_OPENSSL_ED25519"} = 1;
+        } else {
             if ($verbose) {
-                print "EDDSA test failed: disabling EDDSA\n";
+                print "Ed25519 test failed: disabling Ed25519\n";
             }
-            $use_eddsa = "no";
         }
     } else {
         if ($verbose) {
-            print "can't compile EDDSA test: $compret\n";
-            print "disabling EDDSA\n";
+            print "can't compile Ed25519 test: $compret\n";
+            print "disabling Ed25519\n";
         }
-    $use_eddsa = "no";
     }
 }
 
-if ($use_eddsa ne "no") {
-    $use_eddsa = "yes";
-    $configdefh{"HAVE_OPENSSL_ED25519"} = 1;
-} else {
-    $use_ed448 = "no";
-}
-
-if ($use_ed448 eq "auto") {
+if ($use_openssl eq "yes") {
     if ($verbose) {
-        print "checking for OpenSSL ED448 support\n";
+        print "checking for OpenSSL Ed448 support\n";
     }
     open F, ">tested448.c" || die $!;
     print F << 'EOF';
@@ -1665,26 +1607,21 @@ EOF
     $compret = `cl /nologo /MD /I "$include" tested448.c "$library"`;
     if (grep { -f and -x } ".\\tested448.exe") {
         `.\\tested448.exe`;
-        if ($? != 0) {
+        if ($? == 0) {
+            $configdefh{"HAVE_OPENSSL_ED448"} = 1;
+        } else {
             if ($verbose) {
-                print "ED448 test failed: disabling ED448\n";
+                print "Ed448 test failed: disabling Ed448\n";
             }
-            $use_ed448 = "no";
         }
     } else {
         if ($verbose) {
-            print "can't compile ED448 test: $compret\n";
-            print "disabling ED448\n";
+            print "can't compile Ed448 test: $compret\n";
+            print "disabling Ed448\n";
         }
-    $use_ed448 = "no";
     }
 }
 
-if ($use_ed448 ne "no") {
-    $use_ed448 = "yes";
-    $configdefh{"HAVE_OPENSSL_ED448"} = 1;
-}
-
 # with-aes
 if ($use_openssl eq "no") {
     if ($use_aes ne "pkcs11") {
@@ -2926,8 +2863,6 @@ exit 0;
 #  --with-python supported
 #  --with-openssl supported
 #  --with-pkcs11 supported
-#  --with-ecdsa supported
-#  --with-eddsa supported
 #  --with-aes supported
 #  --with-randomdev not supported on WIN32 (makes no sense)
 #  --with-geoip2 supported