# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
#
-# $Id: configure,v 1.284.2.19.2.61 2006/08/10 02:05:18 marka Exp $
+# $Id: configure,v 1.284.2.19.2.62 2006/10/02 02:06:07 marka Exp $
#
# Portions Copyright (C) 1996-2001 Nominum, Inc.
#
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
# OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-# From configure.in Revision: 1.294.2.23.2.66 .
+# From configure.in Revision: 1.294.2.23.2.67 .
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.59.
#
Optional Features:
--disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
--enable-FEATURE[=ARG] include FEATURE [ARG=yes]
+ --enable-openssl-version-check
+ Check OpenSSL Version [default=yes]
--enable-threads enable multithreading
--enable-largefile 64-bit file support
--enable-shared[=PKGS]
fi
-#
-# OpenSSLDie is new with CERT CS-2002-23. If we see it we have may
-# have a patched library otherwise check that we are greater than
-# the fixed versions
-#
- echo "$as_me:$LINENO: checking for OpenSSLDie" >&5
-echo $ECHO_N "checking for OpenSSLDie... $ECHO_C" >&6
-if test "${ac_cv_func_OpenSSLDie+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-/* Define OpenSSLDie to an innocuous variant, in case <limits.h> declares OpenSSLDie.
- For example, HP-UX 11i <limits.h> declares gettimeofday. */
-#define OpenSSLDie innocuous_OpenSSLDie
-
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char OpenSSLDie (); below.
- Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
- <limits.h> exists even on freestanding compilers. */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-#undef OpenSSLDie
+# Check whether --enable-openssl-version-check or --disable-openssl-version-check was given.
+if test "${enable_openssl_version_check+set}" = set; then
+ enableval="$enable_openssl_version_check"
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char OpenSSLDie ();
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined (__stub_OpenSSLDie) || defined (__stub___OpenSSLDie)
-choke me
-#else
-char (*f) () = OpenSSLDie;
-#endif
-#ifdef __cplusplus
-}
-#endif
-
-int
-main ()
-{
-return f != OpenSSLDie;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_func_OpenSSLDie=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ac_cv_func_OpenSSLDie=no
-fi
-rm -f conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_OpenSSLDie" >&5
-echo "${ECHO_T}$ac_cv_func_OpenSSLDie" >&6
-if test $ac_cv_func_OpenSSLDie = yes; then
- echo "$as_me:$LINENO: checking OpenSSL library version" >&5
-echo $ECHO_N "checking OpenSSL library version... $ECHO_C" >&6
- if test "$cross_compiling" = yes; then
- echo "$as_me:$LINENO: result: assuming target platform has compatible version" >&5
-echo "${ECHO_T}assuming target platform has compatible version" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-
-#include <stdio.h>
-#include <openssl/opensslv.h>
-int main() {
- if (OPENSSL_VERSION_NUMBER >= 0x0090581fL)
- return (0);
- printf("\n\nFound OPENSSL_VERSION_NUMBER %#010x\n",
- OPENSSL_VERSION_NUMBER);
- printf("Require OPENSSL_VERSION_NUMBER 0x0090581f or greater\n\n");
- return (1);
-}
-
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- echo "$as_me:$LINENO: result: ok" >&5
-echo "${ECHO_T}ok" >&6
-else
- echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-( exit $ac_status )
-echo "$as_me:$LINENO: result: not compatible" >&5
-echo "${ECHO_T}not compatible" >&6
- { { echo "$as_me:$LINENO: error: you need OpenSSL 0.9.5a or newer" >&5
-echo "$as_me: error: you need OpenSSL 0.9.5a or newer" >&2;}
- { (exit 1); exit 1; }; }
-fi
-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-
-else
- echo "$as_me:$LINENO: result: did not find fixes for CERT CA-2002-23" >&5
-echo "${ECHO_T}did not find fixes for CERT CA-2002-23" >&6
+fi;
+case "$enable_openssl_version_check" in
+yes|'')
echo "$as_me:$LINENO: checking OpenSSL library version" >&5
echo $ECHO_N "checking OpenSSL library version... $ECHO_C" >&6
if test "$cross_compiling" = yes; then
#include <stdio.h>
#include <openssl/opensslv.h>
int main() {
- if ((OPENSSL_VERSION_NUMBER >= 0x0090605fL &&
- OPENSSL_VERSION_NUMBER < 0x009070000L) ||
- OPENSSL_VERSION_NUMBER >= 0x00907003L)
+ if ((OPENSSL_VERSION_NUMBER >= 0x009070cfL &&
+ OPENSSL_VERSION_NUMBER < 0x009080000L) ||
+ OPENSSL_VERSION_NUMBER >= 0x0090804fL)
return (0);
printf("\n\nFound OPENSSL_VERSION_NUMBER %#010x\n",
OPENSSL_VERSION_NUMBER);
- printf("Require OPENSSL_VERSION_NUMBER 0x0090605f or greater (0.9.6e)\n"
- "Require OPENSSL_VERSION_NUMBER 0x00907003 or greater (0.9.7-beta2)\n\n");
+ printf("Require OPENSSL_VERSION_NUMBER 0x009070cf or greater (0.9.7l)\n"
+ "Require OPENSSL_VERSION_NUMBER 0x0090804f or greater (0.9.8d)\n\n");
return (1);
}
( exit $ac_status )
echo "$as_me:$LINENO: result: not compatible" >&5
echo "${ECHO_T}not compatible" >&6
- { { echo "$as_me:$LINENO: error: you need OpenSSL 0.9.6e/0.9.7-beta2 (or newer): CERT CA-2002-23" >&5
-echo "$as_me: error: you need OpenSSL 0.9.6e/0.9.7-beta2 (or newer): CERT CA-2002-23" >&2;}
+ { { echo "$as_me:$LINENO: error: you need OpenSSL 0.9.7k/0.9.8c (or newer) for:
+CAN-2002-0659 and CAN-2006-4339
+to skip this test specify: --disable-openssl-version-check
+" >&5
+echo "$as_me: error: you need OpenSSL 0.9.7k/0.9.8c (or newer) for:
+CAN-2002-0659 and CAN-2006-4339
+to skip this test specify: --disable-openssl-version-check
+" >&2;}
{ (exit 1); exit 1; }; }
+
fi
rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
fi
-fi
+;;
+no)
+ echo "$as_me:$LINENO: result: Skipped OpenSSL version check" >&5
+echo "${ECHO_T}Skipped OpenSSL version check" >&6
+;;
+esac
echo "$as_me:$LINENO: checking for OpenSSL DSA support" >&5
echo $ECHO_N "checking for OpenSSL DSA support... $ECHO_C" >&6
;;
*-*-irix6*)
# Find out which ABI we are using.
- echo '#line 8962 "configure"' > conftest.$ac_ext
+ echo '#line 8832 "configure"' > conftest.$ac_ext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>&5
ac_status=$?
# Provide some information about the compiler.
-echo "$as_me:9959:" \
+echo "$as_me:9829:" \
"checking for Fortran 77 compiler version" >&5
ac_compiler=`set X $ac_compile; echo $2`
{ (eval echo "$as_me:$LINENO: \"$ac_compiler --version </dev/null >&5\"") >&5
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:11020: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:10890: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:11024: \$? = $ac_status" >&5
+ echo "$as_me:10894: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:11263: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:11133: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:11267: \$? = $ac_status" >&5
+ echo "$as_me:11137: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:11323: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:11193: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:11327: \$? = $ac_status" >&5
+ echo "$as_me:11197: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 13508 "configure"
+#line 13378 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 13606 "configure"
+#line 13476 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:15803: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:15673: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:15807: \$? = $ac_status" >&5
+ echo "$as_me:15677: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:15863: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:15733: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:15867: \$? = $ac_status" >&5
+ echo "$as_me:15737: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 17224 "configure"
+#line 17094 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 17322 "configure"
+#line 17192 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:18159: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:18029: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:18163: \$? = $ac_status" >&5
+ echo "$as_me:18033: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:18219: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:18089: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:18223: \$? = $ac_status" >&5
+ echo "$as_me:18093: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:20258: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:20128: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:20262: \$? = $ac_status" >&5
+ echo "$as_me:20132: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:20501: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:20371: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:20505: \$? = $ac_status" >&5
+ echo "$as_me:20375: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:20561: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:20431: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:20565: \$? = $ac_status" >&5
+ echo "$as_me:20435: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 22746 "configure"
+#line 22616 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 22844 "configure"
+#line 22714 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
/*
* Principal Author: Brian Wellington
- * $Id: opensslrsa_link.c,v 1.1.4.4 2006/03/01 02:40:17 marka Exp $
+ * $Id: opensslrsa_link.c,v 1.1.4.5 2006/10/02 02:03:19 marka Exp $
*/
#ifdef OPENSSL
#include <openssl/err.h>
#include <openssl/objects.h>
#include <openssl/rsa.h>
+#if OPENSSL_VERSION_NUMBER > 0x00908000L
+#include <openssl/bn.h>
+#endif
/*
* XXXMPA Temporarially disable RSA_BLINDING as it requires
return (ISC_TRUE);
}
-#ifndef HAVE_RSA_GENERATE_KEY
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-static RSA *
-RSA_generate_key(int bits, unsigned long e_value,
- void (*callback)(int,int,void *), void *cb_arg)
-{
+static isc_result_t
+opensslrsa_generate(dst_key_t *key, int exp) {
+#if OPENSSL_VERSION_NUMBER > 0x00908000L
BN_GENCB cb;
- size_t i;
RSA *rsa = RSA_new();
BIGNUM *e = BN_new();
if (rsa == NULL || e == NULL)
goto err;
- /* The problem is when building with 8, 16, or 32 BN_ULONG,
- * unsigned long can be larger */
- for (i = 0; i < sizeof(unsigned long) * 8; i++) {
- if ((e_value & (1UL<<i)) != 0)
- BN_set_bit(e, i);
+ if (exp == 0) {
+ /* RSA_F4 0x10001 */
+ BN_set_bit(e, 0);
+ BN_set_bit(e, 16);
+ } else {
+ /* 0x40000003 */
+ BN_set_bit(e, 0);
+ BN_set_bit(e, 1);
+ BN_set_bit(e, 30);
}
- BN_GENCB_set_old(&cb, callback, cb_arg);
+ BN_GENCB_set_old(&cb, NULL, NULL);
- if (RSA_generate_key_ex(rsa, bits, e, &cb)) {
+ if (RSA_generate_key_ex(rsa, key->key_size, e, &cb)) {
BN_free(e);
- return (rsa);
+ SET_FLAGS(rsa);
+ key->opaque = rsa;
+ return (ISC_R_SUCCESS);
}
+
err:
if (e != NULL)
BN_free(e);
if (rsa != NULL)
RSA_free(rsa);
- return (NULL);
-}
-#endif
-
-static isc_result_t
-opensslrsa_generate(dst_key_t *key, int exp) {
+ return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
+#else
RSA *rsa;
unsigned long e;
if (exp == 0)
- e = RSA_3;
+ e = RSA_F4;
else
- e = RSA_F4;
+ e = 0x40000003;
rsa = RSA_generate_key(key->key_size, e, NULL, NULL);
if (rsa == NULL)
- return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
+ return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
SET_FLAGS(rsa);
key->opaque = rsa;
return (ISC_R_SUCCESS);
+#endif
}
static isc_boolean_t
projects / thirdparty / bind9.git / commitdiff
