mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-04 08:35:31 +00:00
Code Issues Releases Wiki Activity

Finish refactoring after the removal of --with-ecdsa and --with-eddsa.

Browse Source 
Missed in c3b8130fe8.
This commit is contained in:
Aaron Thompson
2020-03-29 05:50:25 +00:00
committed by Ondřej Surý
parent 48e0c0bc4a
commit 7fc4f926fb
7 changed files with 27 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
bin/tests/system/testcrypto.sh
View File

@@ -18,8 +18,7 @@ args=""
alg="-a $DEFAULT_ALGORITHM -b $DEFAULT_BITS" alg="-a $DEFAULT_ALGORITHM -b $DEFAULT_BITS"
quiet=0 quiet=0
msg1="cryptography" msg="cryptography"
msg2="--with-openssl, or --enable-native-pkcs11 --with-pkcs11"
while test "$#" -gt 0; do while test "$#" -gt 0; do
case $1 in case $1 in
-q) -q)
@@ -28,17 +27,15 @@ while test "$#" -gt 0; do
;; ;;
rsa|RSA) rsa|RSA)
alg="-a RSASHA1" alg="-a RSASHA1"
msg1="RSA cryptography" msg="RSA cryptography"
;; ;;
ecdsa|ECDSA) ecdsa|ECDSA)
alg="-a ecdsap256sha256" alg="-a ecdsap256sha256"
msg1="ECDSA cryptography" msg="ECDSA cryptography"
msg2="--with-ecdsa"
;; ;;
eddsa|EDDSA) eddsa|EDDSA)
alg="-a ED25519" alg="-a ED25519"
msg1="EDDSA cryptography" msg="EDDSA cryptography"
msg2="--with-eddsa"
;; ;;
*) *)
echo "${prog}: unknown argument" echo "${prog}: unknown argument"
@@ -48,14 +45,14 @@ while test "$#" -gt 0; do
shift shift
done done
if $KEYGEN $args $alg foo > /dev/null 2>&1 if $KEYGEN $args $alg foo > /dev/null 2>&1
then then
rm -f Kfoo* rm -f Kfoo*
else else
if test $quiet -eq 0; then if test $quiet -eq 0; then
echo "I:This test requires support for $msg1" >&2 echo "I:This test requires support for $msg" >&2
echo "I:configure with $msg2" >&2 echo "I:configure with --with-openssl, or --enable-native-pkcs11" \
"--with-pkcs11" >&2
fi fi
exit 255 exit 255
fi fi

6
config.h.win32
View File

@@ -289,12 +289,6 @@ typedef __int64 off_t;
/* Define if native PKCS#11 is used as cryptographic library provider */ /* Define if native PKCS#11 is used as cryptographic library provider */
@USE_PKCS11@ @USE_PKCS11@
/* Define if your PKCS11 provider supports Ed25519. */
@HAVE_PKCS11_ED25519@
/* Define if your PKCS11 provider supports Ed448. */
@HAVE_PKCS11_ED448@
/* HMAC_*() return ints */ /* HMAC_*() return ints */
@HMAC_RETURN_INT@ @HMAC_RETURN_INT@

4
lib/dns/dst_api.c
View File

@@ -228,12 +228,8 @@ dst_lib_init(isc_mem_t *mctx, const char *engine) {
RETERR(dst__pkcs11rsa_init(&dst_t_func[DST_ALG_RSASHA512])); RETERR(dst__pkcs11rsa_init(&dst_t_func[DST_ALG_RSASHA512]));
RETERR(dst__pkcs11ecdsa_init(&dst_t_func[DST_ALG_ECDSA256])); RETERR(dst__pkcs11ecdsa_init(&dst_t_func[DST_ALG_ECDSA256]));
RETERR(dst__pkcs11ecdsa_init(&dst_t_func[DST_ALG_ECDSA384])); RETERR(dst__pkcs11ecdsa_init(&dst_t_func[DST_ALG_ECDSA384]));
#ifdef HAVE_PKCS11_ED25519
RETERR(dst__pkcs11eddsa_init(&dst_t_func[DST_ALG_ED25519])); RETERR(dst__pkcs11eddsa_init(&dst_t_func[DST_ALG_ED25519]));
#endif /* ifdef HAVE_PKCS11_ED25519 */
#ifdef HAVE_PKCS11_ED448
RETERR(dst__pkcs11eddsa_init(&dst_t_func[DST_ALG_ED448])); RETERR(dst__pkcs11eddsa_init(&dst_t_func[DST_ALG_ED448]));
#endif /* ifdef HAVE_PKCS11_ED448 */
#endif /* USE_PKCS11 */ #endif /* USE_PKCS11 */
#ifdef GSSAPI #ifdef GSSAPI
RETERR(dst__gssapi_init(&dst_t_func[DST_ALG_GSSAPI])); RETERR(dst__gssapi_init(&dst_t_func[DST_ALG_GSSAPI]));

2
lib/dns/dst_internal.h
View File

@@ -234,10 +234,8 @@ isc_result_t
dst__pkcs11dsa_init(struct dst_func **funcp); dst__pkcs11dsa_init(struct dst_func **funcp);
isc_result_t isc_result_t
dst__pkcs11ecdsa_init(struct dst_func **funcp); dst__pkcs11ecdsa_init(struct dst_func **funcp);
#if defined(HAVE_PKCS11_ED25519) || defined(HAVE_PKCS11_ED448)
isc_result_t isc_result_t
dst__pkcs11eddsa_init(struct dst_func **funcp); dst__pkcs11eddsa_init(struct dst_func **funcp);
#endif /* if defined(HAVE_PKCS11_ED25519) || defined(HAVE_PKCS11_ED448) */
#endif /* USE_PKCS11 */ #endif /* USE_PKCS11 */
#ifdef GSSAPI #ifdef GSSAPI
isc_result_t isc_result_t

2
lib/dns/pkcs11eddsa_link.c
View File

@@ -11,7 +11,7 @@
/*! \file */ /*! \file */
#if USE_PKCS11 && (HAVE_PKCS11_ED25519 || HAVE_PKCS11_ED448) #if USE_PKCS11
#include <stdbool.h> #include <stdbool.h>

4
lib/isc/include/pk11/constants.h
View File

@@ -24,12 +24,8 @@ static CK_BYTE pk11_ecc_prime256v1[] = { 0x06, 0x08, 0x2a, 0x86, 0x48,
static CK_BYTE pk11_ecc_secp384r1[] = { static CK_BYTE pk11_ecc_secp384r1[] = {
0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22
}; };
#if HAVE_PKCS11_ED25519
static CK_BYTE pk11_ecc_ed25519[] = { 0x06, 0x03, 0x2b, 0x65, 0x70 }; static CK_BYTE pk11_ecc_ed25519[] = { 0x06, 0x03, 0x2b, 0x65, 0x70 };
#endif /* HAVE_PKCS11_ED25519 */
#if HAVE_PKCS11_ED448
static CK_BYTE pk11_ecc_ed448[] = { 0x06, 0x03, 0x2b, 0x65, 0x71 }; static CK_BYTE pk11_ecc_ed448[] = { 0x06, 0x03, 0x2b, 0x65, 0x71 };
#endif /* HAVE_PKCS11_ED448 */
#ifdef WANT_DH_PRIMES #ifdef WANT_DH_PRIMES
static CK_BYTE pk11_dh_bn2[] = { 2 }; static CK_BYTE pk11_dh_bn2[] = { 2 };

97
win32utils/Configure
View File

@@ -203,8 +203,6 @@ my @substdefh = ("CONFIGARGS",
"USE_BACKTRACE", "USE_BACKTRACE",
"USE_OPENSSL", "USE_OPENSSL",
"USE_PKCS11", "USE_PKCS11",
"HAVE_PKCS11_ED25519",
"HAVE_PKCS11_ED448",
"HAVE_READLINE", "HAVE_READLINE",
"HAVE_ZLIB", "HAVE_ZLIB",
"ISC_LIST_CHECKINIT", "ISC_LIST_CHECKINIT",
@@ -368,8 +366,6 @@ my @enablelist = ("developer",
my @withlist = ("aes", my @withlist = ("aes",
"cross-compile", "cross-compile",
"ecdsa",
"eddsa",
"extra-tests", "extra-tests",
"gssapi", "gssapi",
"geoip2", "geoip2",
@@ -427,7 +423,6 @@ my @help = (
" with-openssl[=PATH] build with OpenSSL yes|path (mandatory)\n", " with-openssl[=PATH] build with OpenSSL yes|path (mandatory)\n",
" with-libuv[=PATH] build with libuv yes|path (mandatory)\n", " with-libuv[=PATH] build with libuv yes|path (mandatory)\n",
" with-pkcs11[=PATH] build with PKCS#11 support yes|no|provider-path\n", " with-pkcs11[=PATH] build with PKCS#11 support yes|no|provider-path\n",
" with-eddsa crypto EDDSA yes|all|no\n",
" with-gssapi[=PATH] build with MIT KfW GSSAPI yes|no|path\n", " with-gssapi[=PATH] build with MIT KfW GSSAPI yes|no|path\n",
" with-libxml2[=PATH] build with libxml2 library yes|no|path\n", " with-libxml2[=PATH] build with libxml2 library yes|no|path\n",
" with-geoip2[=PATH] build with GeoIP2 support yes|no|path\n", " with-geoip2[=PATH] build with GeoIP2 support yes|no|path\n",
@@ -475,8 +470,6 @@ my $use_openssl = "auto";
my $openssl_path = "..\\..\\"; my $openssl_path = "..\\..\\";
my $use_pkcs11 = "no"; my $use_pkcs11 = "no";
my $pkcs11_path = "unknown"; my $pkcs11_path = "unknown";
my $use_eddsa = "auto";
my $use_ed448 = "auto";
my $use_aes = "auto"; my $use_aes = "auto";
my $use_gssapi = "no"; my $use_gssapi = "no";
my $validation_default = "auto"; my $validation_default = "auto";
@@ -762,15 +755,6 @@ sub mywith {
$pkcs11_path = $val; $pkcs11_path = $val;
$pkcs11_path =~ s/\.dll$//i; $pkcs11_path =~ s/\.dll$//i;
} }
} elsif ($key =~ /^eddsa$/i) {
if ($val =~ /^no$/i) {
$use_eddsa = "no";
} elsif ($val !~ /^no$/i) {
$use_eddsa = "yes";
if ($val =~ /^all$/i) {
$use_ed448 = "yes";
}
}
} elsif ($key =~ /^aes$/i) { } elsif ($key =~ /^aes$/i) {
if ($val =~ /^no$/i) { if ($val =~ /^no$/i) {
$use_aes = "no"; $use_aes = "no";
@@ -974,17 +958,6 @@ if ($verbose) {
} else { } else {
print "pkcs11-provider-path: $pkcs11_path\n"; print "pkcs11-provider-path: $pkcs11_path\n";
} }
print "ecdsa: enabled\n";
if ($use_eddsa eq "no") {
print "eddsa: disabled\n";
} else {
print "ed25519: enabled\n";
if ($use_ed448 eq "no") {
print "ed448: disabled\n";
} else {
print "ed448: enabled\n";
}
}
if ($use_aes eq "no") { if ($use_aes eq "no") {
print "aes: disabled\n"; print "aes: disabled\n";
} else { } else {
@@ -1247,26 +1220,6 @@ if ($enable_native_pkcs11 eq "yes") {
print "native PKCS#11 support: no PKCS#11 provider defined?\n"; print "native PKCS#11 support: no PKCS#11 provider defined?\n";
} }
} }
if ($use_eddsa eq "no") {
if ($verbose) {
print "no EDDSA support in native PKCS#11\n";
}
} else {
if ($verbose) {
print "enabled Ed25519 support in native PKCS#11\n";
}
$configdefh{"HAVE_PKCS11_ED25519"} = 1;
if ($use_ed448 eq "no") {
if ($verbose) {
print "no Ed448 support in native PKCS#11\n";
}
} else {
if ($verbose) {
print "enabled Ed448 support in native PKCS#11\n";
}
$configdefh{"HAVE_PKCS11_ED448"} = 1;
}
}
} }
# enable-fixed-rrset # enable-fixed-rrset
@@ -1587,13 +1540,9 @@ EOF
} }
} }
# with-eddsa if ($use_openssl eq "yes") {
if ($use_openssl eq "no") {
$use_eddsa = "no";
}
if ($use_eddsa eq "auto") {
if ($verbose) { if ($verbose) {
print "checking for OpenSSL ED25519 support\n"; print "checking for OpenSSL Ed25519 support\n";
} }
open F, ">tested25519.c" || die $!; open F, ">tested25519.c" || die $!;
print F << 'EOF'; print F << 'EOF';
@@ -1617,31 +1566,24 @@ EOF
$compret = `cl /nologo /MD /I "$include" tested25519.c "$library"`; $compret = `cl /nologo /MD /I "$include" tested25519.c "$library"`;
if (grep { -f and -x } ".\\tested25519.exe") { if (grep { -f and -x } ".\\tested25519.exe") {
`.\\tested25519.exe`; `.\\tested25519.exe`;
if ($? != 0) { if ($? == 0) {
$configdefh{"HAVE_OPENSSL_ED25519"} = 1;
} else {
if ($verbose) { if ($verbose) {
print "EDDSA test failed: disabling EDDSA\n"; print "Ed25519 test failed: disabling Ed25519\n";
} }
$use_eddsa = "no";
} }
} else { } else {
if ($verbose) { if ($verbose) {
print "can't compile EDDSA test: $compret\n"; print "can't compile Ed25519 test: $compret\n";
print "disabling EDDSA\n"; print "disabling Ed25519\n";
} }
$use_eddsa = "no";
} }
} }
if ($use_eddsa ne "no") { if ($use_openssl eq "yes") {
$use_eddsa = "yes";
$configdefh{"HAVE_OPENSSL_ED25519"} = 1;
} else {
$use_ed448 = "no";
}
if ($use_ed448 eq "auto") {
if ($verbose) { if ($verbose) {
print "checking for OpenSSL ED448 support\n"; print "checking for OpenSSL Ed448 support\n";
} }
open F, ">tested448.c" || die $!; open F, ">tested448.c" || die $!;
print F << 'EOF'; print F << 'EOF';
@@ -1665,26 +1607,21 @@ EOF
$compret = `cl /nologo /MD /I "$include" tested448.c "$library"`; $compret = `cl /nologo /MD /I "$include" tested448.c "$library"`;
if (grep { -f and -x } ".\\tested448.exe") { if (grep { -f and -x } ".\\tested448.exe") {
`.\\tested448.exe`; `.\\tested448.exe`;
if ($? != 0) { if ($? == 0) {
$configdefh{"HAVE_OPENSSL_ED448"} = 1;
} else {
if ($verbose) { if ($verbose) {
print "ED448 test failed: disabling ED448\n"; print "Ed448 test failed: disabling Ed448\n";
} }
$use_ed448 = "no";
} }
} else { } else {
if ($verbose) { if ($verbose) {
print "can't compile ED448 test: $compret\n"; print "can't compile Ed448 test: $compret\n";
print "disabling ED448\n"; print "disabling Ed448\n";
} }
$use_ed448 = "no";
} }
} }
if ($use_ed448 ne "no") {
$use_ed448 = "yes";
$configdefh{"HAVE_OPENSSL_ED448"} = 1;
}
# with-aes # with-aes
if ($use_openssl eq "no") { if ($use_openssl eq "no") {
if ($use_aes ne "pkcs11") { if ($use_aes ne "pkcs11") {
@@ -2926,8 +2863,6 @@ exit 0;
# --with-python supported # --with-python supported
# --with-openssl supported # --with-openssl supported
# --with-pkcs11 supported # --with-pkcs11 supported
# --with-ecdsa supported
# --with-eddsa supported
# --with-aes supported # --with-aes supported
# --with-randomdev not supported on WIN32 (makes no sense) # --with-randomdev not supported on WIN32 (makes no sense)
# --with-geoip2 supported # --with-geoip2 supported