* Fix reading \DDD: Error on values that are outside range (>255).
* bugfix #429: fix doxyparse.pl fails on NetBSD because specified
path to perl.
+ * New ECDSA support (RFC 6605), use --disable-ecdsa for older openssl.
1.6.12
* bugfix #413: Fix manpage source for srcdir != builddir
;;
esac
-AC_ARG_ENABLE(ecdsa, AC_HELP_STRING([--enable-ecdsa], [Enable ECDSA support, experimental]))
+AC_ARG_ENABLE(ecdsa, AC_HELP_STRING([--enable-ecdsa], [Enable ECDSA support]))
case "$enable_ecdsa" in
- yes)
+ no)
+ ;;
+ *) dnl default
if test "x$HAVE_SSL" != "xyes"; then
AC_MSG_ERROR([ECDSA enabled, but no SSL support])
fi
- AC_CHECK_FUNC(ECDSA_sign, [], [AC_MSG_ERROR([OpenSSL does not support ECDSA])])
- AC_CHECK_FUNC(SHA384_Init, [], [AC_MSG_ERROR([OpenSSL does not support SHA384])])
- AC_CHECK_DECLS([NID_X9_62_prime256v1, NID_secp384r1], [], [AC_MSG_ERROR([OpenSSL does not support the ECDSA curves])], [AC_INCLUDES_DEFAULT
+ AC_CHECK_FUNC(ECDSA_sign, [], [AC_MSG_ERROR([OpenSSL does not support ECDSA: please upgrade OpenSSL or rerun with --disable-ecdsa])])
+ AC_CHECK_FUNC(SHA384_Init, [], [AC_MSG_ERROR([OpenSSL does not support SHA384: please upgrade OpenSSL or rerun with --disable-ecdsa])])
+ AC_CHECK_DECLS([NID_X9_62_prime256v1, NID_secp384r1], [], [AC_MSG_ERROR([OpenSSL does not support the ECDSA curves: please upgrade OpenSSL or rerun with --disable-ecdsa])], [AC_INCLUDES_DEFAULT
#include <openssl/evp.h>
])
# we now know we have ECDSA and the required curves.
AC_DEFINE_UNQUOTED([USE_ECDSA], [1], [Define this to enable ECDSA support.])
- AC_SUBST(ldns_build_config_use_ecdsa, 1)
- ;;
- no)
- AC_SUBST(ldns_build_config_use_ecdsa, 0)
- ;;
- *)
- AC_SUBST(ldns_build_config_use_ecdsa, 0)
;;
esac
ldns_rr_free(ds);
return NULL;
#endif
-#ifdef USE_ECDSA
- /* Make similar ``not implemented'' construct as above when
- draft-hoffman-dnssec-ecdsa-04 becomes a standard
- */
case LDNS_SHA384:
+#ifdef USE_ECDSA
digest = LDNS_XMALLOC(uint8_t, SHA384_DIGEST_LENGTH);
if (!digest) {
ldns_rr_free(ds);
return NULL;
}
break;
+#else
+ /* not implemented */
+ ldns_rr_free(ds);
+ return NULL;
#endif
}
ldns_rr_push_rdf(ds, tmp);
#endif
break;
-#ifdef USE_ECDSA
case LDNS_SHA384:
+#ifdef USE_ECDSA
(void) SHA384((unsigned char *) ldns_buffer_begin(data_buf),
(unsigned int) ldns_buffer_position(data_buf),
(unsigned char *) digest);
SHA384_DIGEST_LENGTH,
digest);
ldns_rr_push_rdf(ds, tmp);
- break;
#endif
+ break;
}
LDNS_FREE(digest);
fprintf(stderr, "version of ldns, use --enable-gost\n");
#endif
}
-#ifdef USE_ECDSA
if (strncmp(d, "13 ECDSAP256SHA256", 3) == 0) {
+#ifdef USE_ECDSA
alg = LDNS_SIGN_ECDSAP256SHA256;
+#else
+ fprintf(stderr, "Warning: ECDSA not compiled into this ");
+ fprintf(stderr, "version of ldns, use --enable-ecdsa\n");
+#endif
}
if (strncmp(d, "14 ECDSAP384SHA384", 3) == 0) {
+#ifdef USE_ECDSA
alg = LDNS_SIGN_ECDSAP384SHA384;
- }
+#else
+ fprintf(stderr, "Warning: ECDSA not compiled into this ");
+ fprintf(stderr, "version of ldns, use --enable-ecdsa\n");
#endif
+ }
if (strncmp(d, "157 HMAC-MD5", 4) == 0) {
alg = LDNS_SIGN_HMACMD5;
}
* as detected and determined by the auto configure script.
*/
#define LDNS_BUILD_CONFIG_HAVE_SSL @ldns_build_config_have_ssl@
-#define LDNS_BUILD_CONFIG_USE_ECDSA @ldns_build_config_use_ecdsa@
#define LDNS_BUILD_CONFIG_HAVE_INTTYPES_H @ldns_build_config_have_inttypes_h@
#define LDNS_BUILD_CONFIG_HAVE_ATTR_FORMAT @ldns_build_config_have_attr_format@
#define LDNS_BUILD_CONFIG_HAVE_ATTR_UNUSED @ldns_build_config_have_attr_unused@
LDNS_RSASHA256 = 8, /* RFC 5702 */
LDNS_RSASHA512 = 10, /* RFC 5702 */
LDNS_ECC_GOST = 12, /* RFC 5933 */
-#if LDNS_BUILD_CONFIG_USE_ECDSA
- /* this ifdef has to be removed once it is no longer experimental,
- * to be able to use these values outside of the ldns library itself */
- LDNS_ECDSAP256SHA256 = 13, /* draft-hoffman-dnssec-ecdsa */
- LDNS_ECDSAP384SHA384 = 14, /* EXPERIMENTAL */
-#endif
+ LDNS_ECDSAP256SHA256 = 13, /* RFC 6605 */
+ LDNS_ECDSAP384SHA384 = 14, /* RFC 6605 */
LDNS_INDIRECT = 252,
LDNS_PRIVATEDNS = 253,
LDNS_PRIVATEOID = 254
{
LDNS_SHA1 = 1, /* RFC 4034 */
LDNS_SHA256 = 2, /* RFC 4509 */
- LDNS_HASH_GOST = 3 /* RFC 5933 */
-#if LDNS_BUILD_CONFIG_USE_ECDSA
- /* this ifdef has to be removed once it is no longer experimental,
- * to be able to use these values outside of the ldns library itself */
- ,LDNS_SHA384 = 4 /* draft-hoffman-dnssec-ecdsa EXPERIMENTAL */
-#endif
+ LDNS_HASH_GOST = 3, /* RFC 5933 */
+ LDNS_SHA384 = 4 /* RFC 6605 */
};
typedef enum ldns_enum_hash ldns_hash;
LDNS_SIGN_RSASHA512 = LDNS_RSASHA512,
LDNS_SIGN_DSA_NSEC3 = LDNS_DSA_NSEC3,
LDNS_SIGN_ECC_GOST = LDNS_ECC_GOST,
-#if LDNS_BUILD_CONFIG_USE_ECDSA
- /* this ifdef has to be removed once it is no longer experimental,
- * to be able to use these values outside of the ldns library itself */
LDNS_SIGN_ECDSAP256SHA256 = LDNS_ECDSAP256SHA256,
LDNS_SIGN_ECDSAP384SHA384 = LDNS_ECDSAP384SHA384,
-#endif
LDNS_SIGN_HMACMD5 = 157, /* not official! This type is for TSIG, not DNSSEC */
LDNS_SIGN_HMACSHA1 = 158, /* not official! This type is for TSIG, not DNSSEC */
LDNS_SIGN_HMACSHA256 = 159 /* ditto */
projects / thirdparty / ldns.git / commitdiff
