mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 22:45:39 +00:00
Code Issues Releases Wiki Activity

[master] merge several interdependent fixes

Browse Source 
3760.   [bug]           Improve SIT with native PKCS#11 and on Windows.
			[RT #35433]

3759.   [port]          Enable delve on Windows. [RT #35441]

3758.   [port]          Enable export library APIs on windows. [RT #35382]
This commit is contained in:
Evan Hunt
2014-02-26 19:00:05 -08:00
parent 95c3a5e116
commit 98922b2b2b
109 changed files with 7208 additions and 529 deletions
Download Patch File Download Diff File Expand all files Collapse all files

280
win32utils/Configure
View File

@@ -42,6 +42,8 @@ my @filelist = ("..\\bin\\check\\win32\\checktool.dsp",
"..\\bin\\confgen\\win32\\ddnsconfgen.mak",
"..\\bin\\confgen\\win32\\rndcconfgen.dsp",
"..\\bin\\confgen\\win32\\rndcconfgen.mak",
"..\\bin\\delve\\win32\\delve.dsp",
"..\\bin\\delve\\win32\\delve.mak",
"..\\bin\\dig\\win32\\dig.dsp",
"..\\bin\\dig\\win32\\dig.mak",
"..\\bin\\dig\\win32\\dighost.dsp",
@@ -154,6 +156,8 @@ my @filelist = ("..\\bin\\check\\win32\\checktool.dsp",
"..\\lib\\dns\\win32\\libdns.def",
"..\\lib\\dns\\win32\\libdns.dsp",
"..\\lib\\dns\\win32\\libdns.mak",
"..\\lib\\irs\\win32\\libirs.dsp",
"..\\lib\\irs\\win32\\libirs.mak",
"..\\lib\\isc\\win32\\libisc.def",
"..\\lib\\isc\\win32\\libisc.dsp",
"..\\lib\\isc\\win32\\libisc.mak",
@@ -163,6 +167,18 @@ my @filelist = ("..\\bin\\check\\win32\\checktool.dsp",
"..\\lib\\isccfg\\win32\\libisccfg.mak",
"..\\lib\\lwres\\win32\\liblwres.dsp",
"..\\lib\\lwres\\win32\\liblwres.mak",
"..\\lib\\samples\\win32\\async.dsp",
"..\\lib\\samples\\win32\\async.mak",
"..\\lib\\samples\\win32\\gai.dsp",
"..\\lib\\samples\\win32\\gai.mak",
"..\\lib\\samples\\win32\\nsprobe.dsp",
"..\\lib\\samples\\win32\\nsprobe.mak",
"..\\lib\\samples\\win32\\request.dsp",
"..\\lib\\samples\\win32\\request.mak",
"..\\lib\\samples\\win32\\resolve.dsp",
"..\\lib\\samples\\win32\\resolve.mak",
"..\\lib\\samples\\win32\\update.dsp",
"..\\lib\\samples\\win32\\update.mak",
"..\\lib\\tests\\win32\\libtests.dsp",
"..\\lib\\tests\\win32\\libtests.mak",
"..\\lib\\win32\\bindevt\\bindevt.dsp",
@@ -184,6 +200,8 @@ my @projectlist = ("..\\bin\\check\\win32\\checkconf.vcxproj",
"..\\bin\\confgen\\win32\\ddnsconfgen.vcxproj.filters",
"..\\bin\\confgen\\win32\\rndcconfgen.vcxproj",
"..\\bin\\confgen\\win32\\rndcconfgen.vcxproj.filters",
"..\\bin\\delve\\win32\\delve.vcxproj",
"..\\bin\\delve\\win32\\delve.vcxproj.filters",
"..\\bin\\dig\\win32\\dig.vcxproj",
"..\\bin\\dig\\win32\\dig.vcxproj.filters",
"..\\bin\\dig\\win32\\dighost.vcxproj",
@@ -296,6 +314,8 @@ my @projectlist = ("..\\bin\\check\\win32\\checkconf.vcxproj",
"..\\lib\\dns\\win32\\gen.vcxproj.filters",
"..\\lib\\dns\\win32\\libdns.vcxproj",
"..\\lib\\dns\\win32\\libdns.vcxproj.filters",
"..\\lib\\irs\\win32\\libirs.vcxproj",
"..\\lib\\irs\\win32\\libirs.vcxproj.filters",
"..\\lib\\isc\\win32\\libisc.vcxproj",
"..\\lib\\isc\\win32\\libisc.vcxproj.filters",
"..\\lib\\isccc\\win32\\libisccc.vcxproj",
@@ -304,6 +324,18 @@ my @projectlist = ("..\\bin\\check\\win32\\checkconf.vcxproj",
"..\\lib\\isccfg\\win32\\libisccfg.vcxproj.filters",
"..\\lib\\lwres\\win32\\liblwres.vcxproj",
"..\\lib\\lwres\\win32\\liblwres.vcxproj.filters",
"..\\lib\\samples\\win32\\resolve.vcxproj",
"..\\lib\\samples\\win32\\resolve.vcxproj.filters",
"..\\lib\\samples\\win32\\async.vcxproj",
"..\\lib\\samples\\win32\\async.vcxproj.filters",
"..\\lib\\samples\\win32\\gai.vcxproj",
"..\\lib\\samples\\win32\\gai.vcxproj.filters",
"..\\lib\\samples\\win32\\update.vcxproj",
"..\\lib\\samples\\win32\\update.vcxproj.filters",
"..\\lib\\samples\\win32\\request.vcxproj",
"..\\lib\\samples\\win32\\request.vcxproj.filters",
"..\\lib\\samples\\win32\\nsprobe.vcxproj",
"..\\lib\\samples\\win32\\nsprobe.vcxproj.filters",
"..\\lib\\tests\\win32\\libtests.vcxproj",
"..\\lib\\tests\\win32\\libtests.vcxproj.filters",
"..\\lib\\win32\\bindevt\\bindevt.vcxproj",
@@ -314,7 +346,8 @@ my @projectlist = ("..\\bin\\check\\win32\\checkconf.vcxproj",
my %configdefh;
my @substdefh = ("ALLOW_FILTER_AAAA",
my @substdefh = ("AES_SIT",
"ALLOW_FILTER_AAAA",
"CONFIGARGS",
"DNS_RDATASET_FIXED",
"ENABLE_RPZ_NSDNAME",
@@ -323,19 +356,23 @@ my @substdefh = ("ALLOW_FILTER_AAAA",
"HAVE_EVP_SHA384",
"HAVE_EVP_SHA512",
"HAVE_GEOIP",
"HAVE_GEOIP_V6",
"HAVE_GEOIP_CITY_V6",
"HAVE_GEOIP_V6",
"HAVE_LIBXML2",
"HAVE_OPENSSL_AES",
"HAVE_OPENSSL_DSA",
"HAVE_OPENSSL_ECDSA",
"HAVE_OPENSSL_EVP_AES",
"HAVE_OPENSSL_GOST",
"HAVE_PKCS11_ECDSA",
"HAVE_PKCS11_GOST",
"HAVE_READLINE",
"HMAC_SHA1_SIT",
"HMAC_SHA256_SIT",
"ISC_LIST_CHECKINIT",
"PREFER_GOSTASN1",
"WITH_IDN",
"TUNE_LARGE");
"TUNE_LARGE",
"WITH_IDN");
# for platform.h
@@ -346,8 +383,9 @@ my @substdefp = ("ISC_PLATFORM_HAVEATOMICSTORE",
"ISC_PLATFORM_HAVEXADD",
"ISC_PLATFORM_HAVEXADDQ",
"ISC_PLATFORM_NEEDSTRCASESTR",
"ISC_PLATFORM_OPENSSLHASH",
"ISC_PLATFORM_USEBACKTRACE");
"ISC_PLATFORM_USEBACKTRACE",
"ISC_PLATFORM_USESIT",
"ISC_PLATFORM_WANTAES");
# includes
@@ -423,7 +461,8 @@ my @substdefd = ("CRYPTO",
my %configcond;
my @substcond = ("ATOMIC",
my @substcond = ("AES",
"ATOMIC",
"GSSAPI",
"GEOIP",
"IDNKIT",
@@ -431,6 +470,7 @@ my @substcond = ("ATOMIC",
"OPENSSL",
"PKCS11",
"PYTHON",
"SAMPLES",
"TESTS",
"XTESTS");
@@ -446,12 +486,13 @@ my @enablelist = ("developer",
"openssl-hash",
"filter-aaaa",
"rpz-nsdname",
"rpz-nsip");
"rpz-nsip",
"sit");
# with-xxx/without-xxx
my @withlist = ("cross-compile",
my @withlist = ("aes",
"cross-compile",
"ecdsa",
"extra-tests",
"gssapi",
@@ -464,6 +505,8 @@ my @withlist = ("cross-compile",
"pkcs11",
"python",
"readline",
"samples",
"sit-alg",
"tests",
"tuning",
"vcredist");
@@ -494,20 +537,24 @@ my @help = (
"\nOptional Features:\n",
" enable-intrinsics enable instrinsic/atomic functions [default=yes]\n",
" enable-native-pkcs11 use native PKCS#11 for all crypto [default=no]\n",
" enable-openssl-hash use OpenSSL for hash functions [default=no]\n",
" enable-openssl-hash use OpenSSL for hash functions [default=yes]\n",
" enable-isc-spnego use SPNEGO from lib/dns [default=yes]\n",
" enable-filter-aaaa enable filtering of AAAA records [default=no]\n",
" enable-fixed-rrset enable fixed rrset ordering [default=no]\n",
" enable-developer enable developer build settings [default=no]\n",
" enable-rpz-nsip enable rpz-nsip rules [default=yes]\n",
" enable-rpz-nsdname enable rpz-nsdname rules [default=yes]\n",
" enable-sit enable source identity token [default=yes]\n",
"\nOptional Packages:\n",
" with-tests build with test suite\n",
" with-extra-tests build with extra test suite\n",
" with-samples build with sample programs\n",
" with-openssl[=PATH] build with OpenSSL yes|no|path\n",
" with-pkcs11[=PATH] build with PKCS#11 support yes|no|provider-path\n",
" with-ecdsa crypto ECDSA\n",
" with-gost[=ENC] crypto GOST yes|no|raw|ans1\n",
" with-aes crypto AES\n",
" with-sit-alg choose the algorithm for SIT aes|sha1|sha256\n",
" with-gssapi[=PATH] build with MIT KfW GSSAPI yes|no|path\n",
" with-libxml2[=PATH] build with libxml2 library yes|no|path\n",
" with-geoip[=PATH] build with GeoIP support yes|no|path\n",
@@ -531,15 +578,17 @@ my $want_unknown = "no";
my $unknown_value;
my $enable_intrinsics = "yes";
my $enable_native_pkcs11 = "no";
my $enable_openssl_hash = "no";
my $enable_openssl_hash = "auto";
my $enable_filter_aaaa = "no";
my $enable_isc_spnego = "yes";
my $enable_fixed_rrset = "no";
my $enable_developer = "no";
my $enable_rpz_nsip = "yes";
my $enable_rpz_nsdname = "yes";
my $enable_sit = "yes";
my $use_tests = "no";
my $use_xtests = "no";
my $use_samples = "no";
my $use_openssl = "auto";
my $openssl_path = "..\\..\\";
my $use_pkcs11 = "no";
@@ -547,6 +596,8 @@ my $pkcs11_path = "unknown";
my $use_ecdsa = "auto";
my $use_gost = "auto";
my $gost_encoding = "raw";
my $use_aes = "auto";
my $sit_algorithm = "aes";
my $use_gssapi = "no";
my $gssapi_path = "C:\\Program\ Files\\MIT\\Kerberos\\";
my $use_geoip = "no";
@@ -671,6 +722,8 @@ sub myenable {
} elsif ($key =~ /^openssl-hash$/i) {
if ($val =~ /^yes$/i) {
$enable_openssl_hash = "yes";
} elsif ($val =~ /^no$/i) {
$enable_openssl_hash = "no";
}
} elsif ($key =~ /^isc-spnego$/i) {
if ($val =~ /^no$/i) {
@@ -696,6 +749,10 @@ sub myenable {
if ($val =~ /^no$/i) {
$enable_rpz_nsdname = "no";
}
} elsif ($key =~ /^sit$/i) {
if ($val =~ /^no$/i) {
$enable_sit = "no";
}
} else {
$want_unknown = "yes";
if ($val eq "no") {
@@ -715,6 +772,8 @@ if ($enable_developer eq "yes") {
$enable_fixed_rrset = "yes";
# TODO: dlz filesystem
$use_tests = "yes";
$use_samples = "yes";
$enable_sit = "yes";
}
# parse with/without
@@ -732,6 +791,10 @@ sub mywith {
$use_tests = "yes";
$use_xtests = "yes";
}
} elsif ($key =~ /^samples$/i) {
if ($val =~ /^yes$/i) {
$use_samples = "yes";
}
} elsif ($key =~ /^openssl$/i) {
if ($val =~ /^no$/i) {
$use_openssl = "no";
@@ -760,6 +823,14 @@ sub mywith {
$use_gost = "yes";
$gost_encoding = $val;
}
} elsif ($key =~ /^aes$/i) {
if ($val =~ /^no$/i) {
$use_aes = "no";
} elsif ($val =~ /^yes$/i) {
$use_aes = "yes";
}
} elsif ($key =~ /^sit-alg$/i) {
$sit_algorithm = $val;
} elsif ($key =~ /^gssapi$/i) {
if ($val !~ /^no$/i) {
$use_gssapi = "yes";
@@ -836,6 +907,19 @@ sub mywith {
}
}
# resolve enable-openssl-hash
if ($enable_openssl_hash eq "auto") {
if ($use_openssl ne "no") {
if ($enable_native_pkcs11 eq "yes") {
$enable_openssl_hash="no";
} else {
$enable_openssl_hash="yes";
}
} else {
$enable_openssl_hash="no";
}
}
if ($want_help ne "no") {
foreach (@help) {
print $_;
@@ -924,6 +1008,12 @@ if ($verbose) {
} else {
print "rpz-nsdname: disabled\n";
}
if ($enable_sit eq "yes") {
print "sit: enabled\n";
print "sit algorithm: $sit_algorithm\n";
} else {
print "sit: disabled\n";
}
if ($use_openssl eq "no") {
print "openssl: disabled\n";
} else {
@@ -935,6 +1025,9 @@ if ($verbose) {
if ($use_xtests eq "yes") {
print "extra tests: enabled\n";
}
if ($use_samples eq "yes") {
print "sample programs: enabled\n";
}
if ($use_pkcs11 eq "no") {
print "pkcs11: disabled\n";
} else {
@@ -951,6 +1044,11 @@ if ($verbose) {
print "gost: enabled\n";
print "gost private key encoding: $gost_encoding\n";
}
if ($use_aes eq "no") {
print "aes: disabled\n";
} else {
print "aes: enabled\n";
}
if ($use_gssapi eq "no") {
print "gssapi: disabled\n";
} else {
@@ -1237,6 +1335,16 @@ if ($enable_native_pkcs11 eq "yes") {
}
$configdefh{"HAVE_PKCS11_GOST"} = 1;
}
if ($use_aes eq "no") {
if ($verbose) {
print "no AES support in native PKCS#11\n";
}
} else {
if ($verbose) {
print "enabled AES support in native PKCS#11\n";
}
$use_aes = "pkcs11";
}
}
# enable-filter-aaaa
@@ -1259,6 +1367,11 @@ if ($enable_rpz_nsdname ne "no") {
$configdefh{"ENABLE_RPZ_NSDNAME"} = 1;
}
# enable-sit
if ($enable_sit ne "no") {
$configdefp{"ISC_PLATFORM_USESIT"} = 1;
}
# with-tests
if ($use_tests eq "yes") {
$configcond{"TESTS"} = 1;
@@ -1269,6 +1382,11 @@ if ($use_xtests eq "yes") {
$configcond{"XTESTS"} = 1;
}
# with-samples
if ($use_samples eq "yes") {
$configcond{"SAMPLES"} = 1;
}
# with-openssl
if ($use_openssl eq "no") {
if ($verbose) {
@@ -1436,6 +1554,7 @@ EOF
print "EVP_sha256 test failed: disabling EVP_sha256\n";
}
$use_ecdsa = "no";
$enable_openssl_hash = "no";
} else {
$configdefh{"HAVE_EVP_SHA256"} = 1;
}
@@ -1445,6 +1564,7 @@ EOF
print "disabling EVP_sha256\n";
}
$use_ecdsa = "no";
$enable_openssl_hash = "no";
}
if ($verbose) {
@@ -1467,6 +1587,7 @@ EOF
print "EVP_sha384 test failed: disabling EVP_sha384\n";
}
$use_ecdsa = "no";
$enable_openssl_hash = "no";
} else {
$configdefh{"HAVE_EVP_SHA384"} = 1;
}
@@ -1476,6 +1597,7 @@ EOF
print "disabling EVP_sha384\n";
}
$use_ecdsa = "no";
$enable_openssl_hash = "no";
}
if ($verbose) {
@@ -1625,6 +1747,131 @@ if ($gost_encoding eq "ans1") {
die "Unrecognized GOST private key encoding: $gost_encoding\n";
}
# with-aes
if ($use_openssl eq "no") {
if ($use_aes ne "pkcs11") {
$use_aes = "no";
}
}
if ($use_aes eq "auto") {
if ($verbose) {
print "checking for OpenSSL EVP AES support\n";
}
$use_aes = "evp";
open F, ">testevpaes.c" || die $!;
print F << 'EOF';
#include <openssl/evp.h>
int
main(void)
{
EVP_CIPHER *aes128, *aes192, *aes256;
aes128 = EVP_aes_128_ecb();
aes192 = EVP_aes_192_ecb();
aes256 = EVP_aes_256_ecb();
if (aes128 == NULL || aes192 == NULL || aes256 == NULL)
return (1);
return (0);
}
EOF
close F;
my $include = $configinc{"OPENSSL_INC"};
my $library = $configlib{"OPENSSL_LIB"};
$compret = `cl /nologo /MD /I "$include" testevpaes.c "$library"`;
if (grep { -f and -x } ".\\testevpaes.exe") {
`.\\testevpaes.exe`;
if ($? != 0) {
if ($verbose) {
print "EVP AES test failed: disabling EVP AES\n";
}
$use_aes = "auto";
}
} else {
if ($verbose) {
print "can't compile EVP AES test: $compret\n";
print "disabling EVP AES\n";
}
$use_aes = "auto";
}
}
if ($use_aes eq "auto") {
if ($verbose) {
print "checking for OpenSSL native AES support\n";
}
$use_aes = "native";
open F, ">testaes.c" || die $!;
print F << 'EOF';
#include <openssl/aes.h>
AES_KEY k;
const unsigned char bufin[16];
unsigned char bufout[16];
int
main(void)
{
AES_encrypt(bufin, bufout, &k);
return (0);
}
EOF
close F;
my $include = $configinc{"OPENSSL_INC"};
my $library = $configlib{"OPENSSL_LIB"};
$compret = `cl /nologo /MD /I "$include" testaes.c "$library"`;
if (grep { -f and -x } ".\\testaes.exe") {
`.\\testaes.exe`;
if ($? != 0) {
if ($verbose) {
print "native AES test failed: disabling AES\n";
}
$use_aes = "no";
}
} else {
if ($verbose) {
print "can't compile native AES test: $compret\n";
print "disabling AES\n";
}
$use_aes = "no";
}
}
if ($use_aes eq "yes") {
$configdefh{"HAVE_OPENSSL_EVP_AES"} = 1;
} elsif ($use_aes eq "evp") {
$configdefh{"HAVE_OPENSSL_EVP_AES"} = 1;
$use_aes = "yes";
} elsif ($use_aes eq "native") {
$configdefh{"HAVE_OPENSSL_AES"} = 1;
$use_aes = "yes";
} elsif ($use_aes eq "pkcs11") {
$use_aes = "yes";
}
if ($use_aes eq "yes") {
$configdefp{"ISC_PLATFORM_WANTAES"} = 1;
$configcond{"AES"} = 1;
}
# with-sit-alg
if ($enable_sit ne "no") {
if ($sit_algorithm eq "aes") {
if ($use_aes ne "yes") {
$sit_algorithm = "sha256";
} else {
$configdefh{"AES_SIT"} = 1;
}
}
if ($sit_algorithm eq "sha1") {
$configdefh{"HMAC_SHA1_SIT"} = 1;
} elsif ($sit_algorithm eq "sha256") {
$configdefh{"HMAC_SHA256_SIT"} = 1;
} elsif ($sit_algorithm ne "aes") {
die "Unrecognized SIT algorithm: $sit_algorithm\n";
}
}
# enable-openssl-hash
if ($enable_openssl_hash eq "yes") {
if ($use_openssl eq "no") {
@@ -2340,10 +2587,11 @@ sub setupproject {
sub makeversion {
# List of directories with version files
my @dirlist = ("isc", "dns", "isccc", "isccfg", "lwres", "bind9");
my @dirlist = ("isc", "dns", "isccc", "isccfg", "lwres", "bind9", "irs");
my %LibMacros = (
"bind9" => "LIBBIND9_EXPORTS",
"dns" => "LIBDNS_EXPORTS",
"irs" => "LIBIRS_EXPORTS",
"isc" => "LIBISC_EXPORTS",
"isccc" => "LIBISCCC_EXPORTS",
"isccfg" => "LIBISCCFG_EXPORTS",
@@ -2659,7 +2907,6 @@ exit 0;
# --enable-native-pkcs11 supported
# --enable-openssl-version-check included without a way to disable it
# --enable-openssl-hash supported
# --enable-openssl-aes TODO
# --enable-threads included without a way to disable it
# --enable-backtrace backtrace included without a way to disable it
# --enable-symtable incompatible with DLLs (or libtool)
@@ -2671,14 +2918,15 @@ exit 0;
# --disable-rpz-nsip supported
# --disable-rpz-nsdname supported
# --enable-filter-aaaa supported
# --enable-sit included without a way to disable it (TO BE FIXED)
# --enable-sit supported
# --enable-full-report supported by verbose
# --with-python supported
# --with-openssl supported
# --with-pkcs11 supported
# --with-ecdsa supported
# --with-gost supported
# --with-sit-alg TODO (aes wired down)
# --with-aes supported
# --with-sit-alg supported
# --with-geoip supported
# --with-gssapi supported with MIT (K)erberos (f)or (W)indows
# --with-libxml2 supported