#include <pk11/pk11.h>
#include <pk11/result.h>
#define WANT_DH_PRIMES
-#define WANT_ECC_CURVES
#include <pk11/constants.h>
#include <pkcs11/eddsa.h>
#ifndef CKM_EDDSA_KEY_PAIR_GEN
fprintf(stderr, "CKM_EDDSA_KEY_PAIR_GEN is not defined\n");
usage();
- UNUSED(pk11_ecc_ed25519);
- UNUSED(pk11_ecc_ed448);
#else
op_type = OP_EDDSA;
if (bits == 0)
ISC_PLATFORM_HAVEGSSAPI
KRB5_CONFIG
PKCS11_TOOLS
+PKCS11_TEST
OPENSSL_LDFLAGS
OPENSSL_LIBS
OPENSSL_INCLUDES
PKCS11_TOOLS=
+PKCS11_TEST=
#
# was --enable-native-pkcs11 specified?
#
$as_echo "no" >&6; } ;; #(
yes) :
PKCS11_TOOLS=pkcs11
+ PKCS11_TEST=pkcs11
CRYPTO=pkcs11
if $use_threads; then :
:
fi
done
- ;; #(
+ ;; #(
*) :
;;
esac
+
case $CRYPTO in #(
pkcs11) :
PKCS11_TOOLS=
+PKCS11_TEST=
#
# was --enable-native-pkcs11 specified?
#
AS_CASE([$enable_native_pkcs11],
[no],[AC_MSG_RESULT([no])],
[yes],[PKCS11_TOOLS=pkcs11
+ PKCS11_TEST=pkcs11
CRYPTO=pkcs11
AS_IF([$use_threads],
[:],
[AC_MSG_ERROR([PKCS11 requires threading support])])
AC_MSG_RESULT([yes])
AC_CHECK_FUNCS([getpassphrase])
- ])
+ ])
+AC_SUBST([PKCS11_TEST])
AC_SUBST([PKCS11_TOOLS])
AS_CASE([$CRYPTO],
RETERR(dst__hmacsha384_init(&dst_t_func[DST_ALG_HMACSHA384]));
RETERR(dst__hmacsha512_init(&dst_t_func[DST_ALG_HMACSHA512]));
RETERR(dst__openssl_init(engine));
+ RETERR(dst__openssldh_init(&dst_t_func[DST_ALG_DH]));
#if USE_OPENSSL
RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSAMD5],
DST_ALG_RSAMD5));
DST_ALG_RSASHA512));
RETERR(dst__openssldsa_init(&dst_t_func[DST_ALG_DSA]));
RETERR(dst__openssldsa_init(&dst_t_func[DST_ALG_NSEC3DSA]));
- RETERR(dst__openssldh_init(&dst_t_func[DST_ALG_DH]));
RETERR(dst__opensslecdsa_init(&dst_t_func[DST_ALG_ECDSA256]));
RETERR(dst__opensslecdsa_init(&dst_t_func[DST_ALG_ECDSA384]));
#ifdef HAVE_OPENSSL_ED25519
RETERR(dst__pkcs11rsa_init(&dst_t_func[DST_ALG_RSASHA512]));
RETERR(dst__pkcs11dsa_init(&dst_t_func[DST_ALG_DSA]));
RETERR(dst__pkcs11dsa_init(&dst_t_func[DST_ALG_NSEC3DSA]));
-#if HAVE_PKCS11_ECDSA
RETERR(dst__pkcs11ecdsa_init(&dst_t_func[DST_ALG_ECDSA256]));
RETERR(dst__pkcs11ecdsa_init(&dst_t_func[DST_ALG_ECDSA384]));
-#endif
#ifdef HAVE_PKCS11_ED25519
RETERR(dst__pkcs11eddsa_init(&dst_t_func[DST_ALG_ED25519]));
#endif
isc_result_t dst__hmacsha256_init(struct dst_func **funcp);
isc_result_t dst__hmacsha384_init(struct dst_func **funcp);
isc_result_t dst__hmacsha512_init(struct dst_func **funcp);
+isc_result_t dst__openssldh_init(struct dst_func **funcp);
#if USE_OPENSSL
isc_result_t dst__opensslrsa_init(struct dst_func **funcp,
unsigned char algorithm);
isc_result_t dst__openssldsa_init(struct dst_func **funcp);
-isc_result_t dst__openssldh_init(struct dst_func **funcp);
isc_result_t dst__opensslecdsa_init(struct dst_func **funcp);
#if HAVE_OPENSSL_ED25519 || HAVE_OPENSSL_ED448
isc_result_t dst__openssleddsa_init(struct dst_func **funcp);
#if USE_PKCS11
isc_result_t dst__pkcs11rsa_init(struct dst_func **funcp);
isc_result_t dst__pkcs11dsa_init(struct dst_func **funcp);
-#ifdef HAVE_PKCS11_ECDSA
isc_result_t dst__pkcs11ecdsa_init(struct dst_func **funcp);
-#endif
#if defined(HAVE_PKCS11_ED25519) || defined(HAVE_PKCS11_ED448)
isc_result_t dst__pkcs11eddsa_init(struct dst_func **funcp);
#endif
#include <config.h>
-#if !USE_PKCS11
-
#include <pk11/site.h>
#include <ctype.h>
if (bn1536 != NULL) BN_free(bn1536);
return (ISC_R_NOMEMORY);
}
-
-#endif /* !USE_PKCS11 */
#include <config.h>
-#if USE_PKCS11 && HAVE_PKCS11_ECDSA
+#if USE_PKCS11
#include <isc/mem.h>
#include <isc/safe.h>
#include <pk11/pk11.h>
#include <pk11/internal.h>
-#define WANT_ECC_CURVES
#include <pk11/constants.h>
#include <pkcs11/pkcs11.h>
if (ec->ontoken && (dctx->use == DO_SIGN))
slotid = ec->slot;
else
- slotid = pk11_get_best_token(OP_EC);
- ret = pk11_get_session(pk11_ctx, OP_EC, ISC_TRUE, ISC_FALSE,
+ slotid = pk11_get_best_token(OP_ECDSA);
+ ret = pk11_get_session(pk11_ctx, OP_ECDSA, ISC_TRUE, ISC_FALSE,
ec->reqlogon, NULL, slotid);
if (ret != ISC_R_SUCCESS)
goto err;
sizeof(*pk11_ctx));
if (pk11_ctx == NULL)
return (ISC_R_NOMEMORY);
- ret = pk11_get_session(pk11_ctx, OP_EC, ISC_TRUE, ISC_FALSE,
- ISC_FALSE, NULL, pk11_get_best_token(OP_EC));
+ ret = pk11_get_session(pk11_ctx, OP_ECDSA, ISC_TRUE, ISC_FALSE,
+ ISC_FALSE, NULL, pk11_get_best_token(OP_ECDSA));
if (ret != ISC_R_SUCCESS)
goto err;
memmove(attr->pValue, pubattr->pValue, pubattr->ulValueLen);
attr->ulValueLen = pubattr->ulValueLen;
- ret = pk11_parse_uri(ec, label, key->mctx, OP_EC);
+ ret = pk11_parse_uri(ec, label, key->mctx, OP_ECDSA);
if (ret != ISC_R_SUCCESS)
goto err;
sizeof(*pk11_ctx));
if (pk11_ctx == NULL)
DST_RET(ISC_R_NOMEMORY);
- ret = pk11_get_session(pk11_ctx, OP_EC, ISC_TRUE, ISC_FALSE,
+ ret = pk11_get_session(pk11_ctx, OP_ECDSA, ISC_TRUE, ISC_FALSE,
ec->reqlogon, NULL, ec->slot);
if (ret != ISC_R_SUCCESS)
goto err;
attr[0].type = CKA_EC_PARAMS;
attr[1].type = CKA_EC_POINT;
- ret = pk11_parse_uri(ec, label, key->mctx, OP_EC);
+ ret = pk11_parse_uri(ec, label, key->mctx, OP_ECDSA);
if (ret != ISC_R_SUCCESS)
goto err;
sizeof(*pk11_ctx));
if (pk11_ctx == NULL)
DST_RET(ISC_R_NOMEMORY);
- ret = pk11_get_session(pk11_ctx, OP_EC, ISC_TRUE, ISC_FALSE,
+ ret = pk11_get_session(pk11_ctx, OP_ECDSA, ISC_TRUE, ISC_FALSE,
ec->reqlogon, NULL, ec->slot);
if (ret != ISC_R_SUCCESS)
goto err;
return (ISC_R_SUCCESS);
}
-#endif /* USE_PKCS11 && HAVE_PKCS11_ECDSA */
+#endif /* USE_PKCS11 */
#include <pk11/pk11.h>
#include <pk11/internal.h>
-#define WANT_ECC_CURVES
#include <pk11/constants.h>
#include <pkcs11/pkcs11.h>
/*%
* Static arrays of data used for key template initalization
*/
-#ifdef WANT_ECC_CURVES
static CK_BYTE pk11_ecc_prime256v1[] = {
0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
};
static CK_BYTE pk11_ecc_secp384r1[] = {
0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22
};
+#if HAVE_PKCS11_ED25519
static CK_BYTE pk11_ecc_ed25519[] = {
0x06, 0x03, 0x2b, 0x65, 0x70
};
+#endif /* HAVE_PKCS11_ED25519 */
+#if HAVE_PKCS11_ED448
static CK_BYTE pk11_ecc_ed448[] = {
0x06, 0x03, 0x2b, 0x65, 0x71
};
-#endif
+#endif /* HAVE_PKCS11_ED448 */
#ifdef WANT_DH_PRIMES
static CK_BYTE pk11_dh_bn2[] = { 2 };
projects / thirdparty / bind9.git / commitdiff
