pass USE_DSA to public facing header files

diff --git a/configure.ac b/configure.ac
index 9bd51319ddf37f58daf8fb295963c0d964014e07..a8efe399dc14d94bbfa973b7fead8be4eedb8010 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -562,13 +562,16 @@ esac
 AC_ARG_ENABLE(dsa, AC_HELP_STRING([--disable-dsa], [Disable DSA support]))
 case "$enable_dsa" in
     no)
+      AC_SUBST(ldns_build_config_use_dsa, 0)
       ;;
     *) dnl default
       # detect if DSA is supported, and turn it off if not.
       AC_CHECK_FUNC(DSA_SIG_new, [
        AC_DEFINE_UNQUOTED([USE_DSA], [1], [Define this to enable DSA support.])
+       AC_SUBST(ldns_build_config_use_dsa, 1)
       ], [if test "x$enable_dsa" = "xyes"; then AC_MSG_ERROR([OpenSSL does not support DSA and you used --enable-dsa.])
-         fi ])
+         fi
+         AC_SUBST(ldns_build_config_use_dsa, 0)])
       ;;
 esac
 

diff --git a/ldns/common.h.in b/ldns/common.h.in
index 805eb8bf42c7a1c618c5539be27fc2d0133d04ad..d4a8051df842c1b068faf0ddc119f22ad40242d8 100644 (file)
--- a/ldns/common.h.in
+++ b/ldns/common.h.in
@@ -27,6 +27,7 @@
 #define LDNS_BUILD_CONFIG_USE_DANE         @ldns_build_config_use_dane@
 #define LDNS_BUILD_CONFIG_HAVE_B32_PTON    @ldns_build_config_have_b32_pton@
 #define LDNS_BUILD_CONFIG_HAVE_B32_NTOP    @ldns_build_config_have_b32_ntop@
+#define LDNS_BUILD_CONFIG_USE_DSA          @ldns_build_config_use_dsa@
 
 /*
  * HAVE_STDBOOL_H is not available when distributed as a library, but no build 

diff --git a/ldns/keys.h b/ldns/keys.h
index 8442ad39f72ede9133a4fd0e459a1c9af5e4e357..7e5fac5c7f6bc41ab74b3e2b3f738df716411eb1 100644 (file)
--- a/ldns/keys.h
+++ b/ldns/keys.h
@@ -45,30 +45,22 @@ enum ldns_enum_algorithm
 {
         LDNS_RSAMD5             = 1,   /* RFC 4034,4035 */
         LDNS_DH                 = 2,
-#ifdef USE_DSA
+#if LDNS_BUILD_CONFIG_USE_DSA
         LDNS_DSA                = 3,
-#endif /* USE_DSA */
+#endif /* LDNS_BUILD_CONFIG_USE_DSA */
         LDNS_ECC                = 4,
         LDNS_RSASHA1            = 5,
-#ifdef USE_DSA
+#if LDNS_BUILD_CONFIG_USE_DSA
         LDNS_DSA_NSEC3          = 6,
-#endif /* USE_DSA */
+#endif /* LDNS_BUILD_CONFIG_USE_DSA */
         LDNS_RSASHA1_NSEC3      = 7,
         LDNS_RSASHA256          = 8,   /* RFC 5702 */
         LDNS_RSASHA512          = 10,  /* RFC 5702 */
         LDNS_ECC_GOST           = 12,  /* RFC 5933 */
         LDNS_ECDSAP256SHA256    = 13,  /* RFC 6605 */
         LDNS_ECDSAP384SHA384    = 14,  /* RFC 6605 */
-#ifdef USE_ED25519
-       /* this ifdef is internal to ldns, because we do not want to export
-        * the symbol.  Users can define it if they want access,
-        * the feature is not fully implemented at this time and openssl
-        * does not support it fully either (also for ED448). */
-       LDNS_ED25519            = 15,  /* draft-ietf-curdle-dnskey-ed25519 */
-#endif
-#ifdef USE_ED448
-       LDNS_ED448              = 16,  /* draft-ietf-curdle-dnskey-ed448 */
-#endif
+       LDNS_ED25519            = 15,  /* RFC 8080 */
+       LDNS_ED448              = 16,  /* RFC 8080 */
         LDNS_INDIRECT           = 252,
         LDNS_PRIVATEDNS         = 253,
         LDNS_PRIVATEOID         = 254
@@ -94,24 +86,20 @@ enum ldns_enum_signing_algorithm
 {
        LDNS_SIGN_RSAMD5         = LDNS_RSAMD5,
        LDNS_SIGN_RSASHA1        = LDNS_RSASHA1,
-#ifdef USE_DSA
+#if LDNS_BUILD_CONFIG_USE_DSA
        LDNS_SIGN_DSA            = LDNS_DSA,
-#endif /* USE_DSA */
+#endif /* LDNS_BUILD_CONFIG_USE_DSA */
        LDNS_SIGN_RSASHA1_NSEC3  = LDNS_RSASHA1_NSEC3,
        LDNS_SIGN_RSASHA256      = LDNS_RSASHA256,
        LDNS_SIGN_RSASHA512      = LDNS_RSASHA512,
-#ifdef USE_DSA
+#if LDNS_BUILD_CONFIG_USE_DSA
        LDNS_SIGN_DSA_NSEC3      = LDNS_DSA_NSEC3,
-#endif /* USE_DSA */
+#endif /* LDNS_BUILD_CONFIG_USE_DSA */
        LDNS_SIGN_ECC_GOST       = LDNS_ECC_GOST,
         LDNS_SIGN_ECDSAP256SHA256 = LDNS_ECDSAP256SHA256,
         LDNS_SIGN_ECDSAP384SHA384 = LDNS_ECDSAP384SHA384,
-#ifdef USE_ED25519
        LDNS_SIGN_ED25519        = LDNS_ED25519,
-#endif
-#ifdef USE_ED448
        LDNS_SIGN_ED448          = LDNS_ED448,
-#endif
        LDNS_SIGN_HMACMD5        = 157, /* not official! This type is for TSIG, not DNSSEC */
        LDNS_SIGN_HMACSHA1       = 158, /* not official! This type is for TSIG, not DNSSEC */
        LDNS_SIGN_HMACSHA256 = 159,  /* ditto */
@@ -250,9 +238,7 @@ ldns_status ldns_key_new_frm_engine(ldns_key **key, ENGINE *e, char *key_id, ldn
  * \return NULL on failure otherwise a RSA structure
  */
 RSA *ldns_key_new_frm_fp_rsa(FILE *fp);
-#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
 
-#if LDNS_BUILD_CONFIG_HAVE_SSL
 /**
  * frm_fp helper function. This function parses the
  * remainder of the (RSA) priv. key file generated from bind9
@@ -261,9 +247,9 @@ RSA *ldns_key_new_frm_fp_rsa(FILE *fp);
  * \return NULL on failure otherwise a RSA structure
  */
 RSA *ldns_key_new_frm_fp_rsa_l(FILE *fp, int *line_nr);
-#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
 
-#if LDNS_BUILD_CONFIG_HAVE_SSL
+
+# if LDNS_BUILD_CONFIG_USE_DSA
 /**
  * frm_fp helper function. This function parses the
  * remainder of the (DSA) priv. key file
@@ -271,9 +257,7 @@ RSA *ldns_key_new_frm_fp_rsa_l(FILE *fp, int *line_nr);
  * \return NULL on failure otherwise a RSA structure
  */
 DSA *ldns_key_new_frm_fp_dsa(FILE *fp);
-#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
 
-#if LDNS_BUILD_CONFIG_HAVE_SSL
 /**
  * frm_fp helper function. This function parses the
  * remainder of the (DSA) priv. key file
@@ -282,9 +266,8 @@ DSA *ldns_key_new_frm_fp_dsa(FILE *fp);
  * \return NULL on failure otherwise a RSA structure
  */
 DSA *ldns_key_new_frm_fp_dsa_l(FILE *fp, int *line_nr);
-#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
+# endif /* LDNS_BUILD_CONFIG_USE_DSA */
 
-#if LDNS_BUILD_CONFIG_HAVE_SSL
 /**
  * frm_fp helper function. This function parses the
  * remainder of the (HMAC-MD5) key file
@@ -294,9 +277,7 @@ DSA *ldns_key_new_frm_fp_dsa_l(FILE *fp, int *line_nr);
  * \return NULL on failure otherwise a newly allocated char buffer
  */
 unsigned char *ldns_key_new_frm_fp_hmac(FILE *fp, size_t *hmac_size);
-#endif
 
-#if LDNS_BUILD_CONFIG_HAVE_SSL
 /**
  * frm_fp helper function. This function parses the
  * remainder of the (HMAC-MD5) key file
@@ -316,6 +297,7 @@ unsigned char *ldns_key_new_frm_fp_hmac_l(FILE *fp, int *line_nr, size_t *hmac_s
  * \param[in] l the algorithm
  */
 void ldns_key_set_algorithm(ldns_key *k, ldns_signing_algorithm l);
+
 #if LDNS_BUILD_CONFIG_HAVE_SSL
 /**
  * Set the key's evp key
@@ -332,6 +314,7 @@ void ldns_key_set_evp_key(ldns_key *k, EVP_PKEY *e);
  */
 void ldns_key_set_rsa_key(ldns_key *k, RSA *r);
 
+# if LDNS_BUILD_CONFIG_USE_DSA
 /**
  * Set the key's dsa data
  * The dsa data should be freed by the user.
@@ -339,6 +322,7 @@ void ldns_key_set_rsa_key(ldns_key *k, RSA *r);
  * \param[in] d the dsa data
  */
 void ldns_key_set_dsa_key(ldns_key *k, DSA *d);
+# endif /* LDNS_BUILD_CONFIG_USE_DSA */
 
 /**
  * Assign the key's rsa data
@@ -348,6 +332,7 @@ void ldns_key_set_dsa_key(ldns_key *k, DSA *d);
  */
 void ldns_key_assign_rsa_key(ldns_key *k, RSA *r);
 
+# if LDNS_BUILD_CONFIG_USE_DSA
 /**
  * Assign the key's dsa data
  * The dsa data will be freed automatically when the key is freed.
@@ -355,6 +340,7 @@ void ldns_key_assign_rsa_key(ldns_key *k, RSA *r);
  * \param[in] d the dsa data
  */
 void ldns_key_assign_dsa_key(ldns_key *k, DSA *d);
+# endif /* LDNS_BUILD_CONFIG_USE_DSA */
 
 /** 
  * Get the PKEY id for GOST, loads GOST into openssl as a side effect.
@@ -471,13 +457,13 @@ RSA *ldns_key_rsa_key(const ldns_key *k);
  * \return the RSA * structure in the key
  */
 EVP_PKEY *ldns_key_evp_key(const ldns_key *k);
-#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
 
+# if LDNS_BUILD_CONFIG_USE_DSA
 /**
  * returns the (openssl) DSA struct contained in the key
  */
-#if LDNS_BUILD_CONFIG_HAVE_SSL
 DSA *ldns_key_dsa_key(const ldns_key *k);
+# endif /* LDNS_BUILD_CONFIG_USE_DSA */
 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
 
 /**