"HAVE_ECDSA_SIG_GET0",
"HAVE_RSA_SET0_KEY",
"USE_PKCS11",
- "HAVE_PKCS11_ECDSA",
"HAVE_PKCS11_ED25519",
"HAVE_PKCS11_ED448",
"HAVE_READLINE",
my $cryptolib = "";
my $enable_native_pkcs11 = "no";
my $enable_crypto_rand = "yes";
-my $enable_openssl_hash = "auto";
my $enable_isc_spnego = "yes";
my $enable_fixed_rrset = "no";
my $enable_developer = "no";
my $openssl_path = "..\\..\\";
my $use_pkcs11 = "no";
my $pkcs11_path = "unknown";
-my $use_ecdsa = "auto";
my $use_eddsa = "auto";
my $use_ed448 = "auto";
my $use_aes = "auto";
if ($val =~ /^yes$/i) {
$enable_native_pkcs11 = "yes";
}
- } elsif ($key =~ /^openssl-hash$/i) {
- if ($val =~ /^yes$/i) {
- $enable_openssl_hash = "yes";
- } elsif ($val =~ /^no$/i) {
- $enable_openssl_hash = "no";
- }
} elsif ($key =~ /^isc-spnego$/i) {
if ($val =~ /^no$/i) {
$enable_isc_spnego = "no";
}
} elsif ($key =~ /^openssl$/i) {
if ($val =~ /^no$/i) {
- $use_openssl = "no";
+ die "OpenSSL support is now mandatory\n";
} elsif ($val !~ /^yes$/i) {
$use_openssl = "yes";
$openssl_path = $val;
$pkcs11_path = $val;
$pkcs11_path =~ s/\.dll$//i;
}
- } elsif ($key =~ /^ecdsa$/i) {
- if ($val =~ /^no$/i) {
- $use_ecdsa = "no";
- } elsif ($val =~ /^yes$/i) {
- $use_ecdsa = "yes";
- }
} elsif ($key =~ /^eddsa$/i) {
if ($val =~ /^no$/i) {
$use_eddsa = "no";
}
}
-# resolve enable-openssl-hash
-if ($enable_openssl_hash eq "auto") {
- if ($use_openssl ne "no") {
- if ($enable_native_pkcs11 eq "yes") {
- $enable_openssl_hash="no";
- } else {
- $enable_openssl_hash="yes";
- }
- } else {
- $enable_openssl_hash="no";
- }
-}
-
if ($want_help ne "no") {
foreach (@help) {
print $_;
} else {
print "native-pkcs11: disabled\n";
}
- if ($enable_openssl_hash eq "yes") {
- print "openssl-hash: enabled\n";
- } else {
- print "openssl-hash: disabled\n";
- }
+ print "openssl-hash: enabled\n";
if ($enable_isc_spnego eq "yes") {
print "isc-spnego: enabled\n";
} else {
print "rpz-nsdname: disabled\n";
}
print "cookie algorithm: $cookie_algorithm\n";
- if ($use_openssl eq "no") {
- print "openssl: disabled\n";
- } else {
- print "openssl-path: $openssl_path\n";
- }
+ print "openssl-path: $openssl_path\n";
if ($use_tests eq "yes") {
print "tests: enabled\n";
}
} else {
print "pkcs11-provider-path: $pkcs11_path\n";
}
- if ($use_ecdsa eq "no") {
- print "ecdsa: disabled\n";
- } else {
- print "ecdsa: enabled\n";
- }
+ print "ecdsa: enabled\n";
if ($use_eddsa eq "no") {
print "eddsa: disabled\n";
} else {
# enable-native-pkcs11
if ($enable_native_pkcs11 eq "yes") {
$cryptolib = "pkcs11";
- if ($use_openssl eq "auto") {
- $use_openssl = "no";
- }
- if ($use_openssl ne "no") {
- die "can't have both OpenSSL and native PKCS#11\n";
- }
if ($use_pkcs11 ne "yes") {
if ($verbose) {
print "native PKCS#11 support: force with-pkcs11\n";
}
$configdefd{"CRYPTO"} = "PKCS11CRYPTO";
$configdefh{"USE_PKCS11"} = 1;
- if ($use_ecdsa eq "no") {
- if ($verbose) {
- print "no ECDSA support in native PKCS#11\n";
- }
- } else {
- if ($verbose) {
- print "enabled ECDSA support in native PKCS#11\n";
- }
- $configdefh{"HAVE_PKCS11_ECDSA"} = 1;
- }
if ($use_eddsa eq "no") {
if ($verbose) {
print "no EDDSA support in native PKCS#11\n";
}
# with-openssl
-if ($use_openssl eq "no") {
- if ($verbose) {
- print "OpenSSL library is disabled\n";
- }
-} elsif ($use_openssl eq "auto") {
+if ($use_openssl eq "auto") {
if ($verbose) {
print "checking for an OpenSSL built directory at sibling root\n";
}
}
}
-# with-ecdsa
-if ($use_openssl eq "no") {
- $use_ecdsa = "no";
-}
-if ($use_ecdsa eq "auto") {
- if ($verbose) {
- print "checking for OpenSSL ECDSA support\n";
- }
- open F, ">testecdsa.c" || die $!;
- print F << 'EOF';
-#include <openssl/ecdsa.h>
-#include <openssl/objects.h>
-
-int
-main(void)
-{
- EC_KEY *ec256, *ec384;
-
- ec256 = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
- ec384 = EC_KEY_new_by_curve_name(NID_secp384r1);
- if (ec256 == NULL || ec384 == NULL)
- return (2);
- return (0);
-}
-EOF
- close F;
- my $include = $configinc{"OPENSSL_INC"};
- my $library = $configlib{"OPENSSL_LIB"};
- $compret = `cl /nologo /MD /I "$include" testecdsa.c "$library"`;
- if (grep { -f and -x } ".\\testecdsa.exe") {
- `.\\testecdsa.exe`;
- if ($? != 0) {
- if ($verbose) {
- print "ECDSA test failed: disabling ECDSA\n";
- }
- $use_ecdsa = "no";
- }
- } else {
- if ($verbose) {
- print "can't compile ECDSA test: $compret\n";
- print "disabling ECDSA\n";
- }
- $use_ecdsa = "no";
- }
-}
-
# with-eddsa
if ($use_openssl eq "no") {
$use_eddsa = "no";
die "No cryptography library has been found or provided."
}
-# enable-openssl-hash
-if ($enable_openssl_hash eq "yes") {
- if ($use_openssl eq "no") {
- die "No OpenSSL for hash functions\n";
- }
- $configdefp{"ISC_PLATFORM_OPENSSLHASH"} = 1;
-}
-
# with-pkcs11
if ($use_pkcs11 ne "no") {
$configcond{"PKCS11"} = 1;
projects / thirdparty / bind9.git / commitdiff
