Only print warning when PKCS#11 dnssec-keygen fails from Edwards curves

diff --git a/aclocal.m4 b/aclocal.m4
index fa9e0bf9fb69455423a742cb7408b44980f440ad..bbf2316042a81f95ab8c88f6bd9d8975452b551b 100644 (file)
--- a/aclocal.m4
+++ b/aclocal.m4
@@ -1,6 +1,6 @@
-# generated automatically by aclocal 1.16.1 -*- Autoconf -*-
+# generated automatically by aclocal 1.16.2 -*- Autoconf -*-
 
-# Copyright (C) 1996-2018 Free Software Foundation, Inc.
+# Copyright (C) 1996-2020 Free Software Foundation, Inc.
 
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -290,7 +290,7 @@ AS_VAR_IF([$1], [""], [$5], [$4])dnl
 
 # AM_CONDITIONAL                                            -*- Autoconf -*-
 
-# Copyright (C) 1997-2018 Free Software Foundation, Inc.
+# Copyright (C) 1997-2020 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -324,7 +324,7 @@ fi])])
 # Add --enable-maintainer-mode option to configure.         -*- Autoconf -*-
 # From Jim Meyering
 
-# Copyright (C) 1996-2018 Free Software Foundation, Inc.
+# Copyright (C) 1996-2020 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -357,7 +357,7 @@ AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles])
 ]
 )
 
-# Copyright (C) 2006-2018 Free Software Foundation, Inc.
+# Copyright (C) 2006-2020 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,

diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in
index 2317bd8544c7a055025d75b8b4ce566dae40fad0..1ea6a273c503b7820ae8ef8e2d48927015cdddc4 100644 (file)
--- a/bin/tests/system/conf.sh.in
+++ b/bin/tests/system/conf.sh.in
@@ -127,3 +127,4 @@ HAVEGEOIP2=${MAXMINDDB_LIBS:+1}
 ZLIB_LIBS="@ZLIB_LIBS@"
 HAVEZLIB=${ZLIB_LIBS:+1}
 NZD=@NZD_TOOLS@
+CRYPTO=@CRYPTO@

diff --git a/bin/tests/system/conf.sh.win32 b/bin/tests/system/conf.sh.win32
index 9439fdb72db38bceffbf5c10c74a218bf8bb57c0..be55dd8eda19bedda0426747889bddbb2aae4e16 100644 (file)
--- a/bin/tests/system/conf.sh.win32
+++ b/bin/tests/system/conf.sh.win32
@@ -122,6 +122,7 @@ HAVEXMLSTATS=@XMLSTATS@
 HAVEJSONSTATS=@JSONSTATS@
 HAVEZLIB=@ZLIB@
 NZD=@NZD_TOOLS@
+CRYPTO=@CRYPTO@
 
 # The rest is shared between Windows and Unices
 . $TOP/bin/tests/system/conf.sh.common

diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh
index 4e8910d1c83121ecbddd9d21be82bcbeae7d1b7f..03dd25658960d9bec258a61afae981e3cab6c451 100644 (file)
--- a/bin/tests/system/dnssec/tests.sh
+++ b/bin/tests/system/dnssec/tests.sh
@@ -3248,6 +3248,15 @@ do
        1|5|7|8|10) # RSA algorithms
            key1=$($KEYGEN -a "$alg" -b "1024" -n zone example 2> keygen.err || true)
            ;;
+       15|16)
+           key1=$($KEYGEN -a "$alg" -b "1024" -n zone example 2> keygen.err || true)
+           # Soft-fail in case HSM doesn't support Edwards curves
+           if grep "not found" keygen.err > /dev/null && [ "$CRYPTO" = "pkcs11" ]; then
+               echo_i "Algorithm $alg not supported by HSM: skipping"
+               alg=$((alg+1))
+               continue
+           fi
+           ;;
        *)
            key1=$($KEYGEN -a "$alg" -n zone example 2> keygen.err || true)
     esac

diff --git a/configure b/configure
index 9d848547573986dc1f6eaac28a1d1785740b507e..68587664549d20ba15ba82918f7101a03b924c42 100755 (executable)
--- a/configure
+++ b/configure
@@ -745,6 +745,7 @@ ISC_PLATFORM_GSSAPI_KRB5_HEADER
 ISC_PLATFORM_GSSAPIHEADER
 ISC_PLATFORM_HAVEGSSAPI
 KRB5_CONFIG
+CRYPTO
 PKCS11_TOOLS
 PKCS11_TEST
 OPENSSL_LIBS
@@ -16993,6 +16994,7 @@ esac
 
 
 
+
 case $CRYPTO in #(
   pkcs11) :
 

diff --git a/configure.ac b/configure.ac
index 3f36c92c22503b405e1c4ba257504f164254cf99..215d054c926147176ce518e79010886a88079870 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -849,6 +849,7 @@ AS_CASE([$enable_native_pkcs11],
 AC_SUBST([PKCS11_TEST])
 AC_SUBST([PKCS11_TOOLS])
 
+AC_SUBST([CRYPTO])
 AS_CASE([$CRYPTO],
        [pkcs11],[AC_DEFINE([USE_PKCS11], [1], [define if PKCS11 is used for Public-Key Cryptography])],
        [AC_DEFINE([USE_OPENSSL], [1], [define if OpenSSL is used for Public-Key Cryptography])])

diff --git a/win32utils/Configure b/win32utils/Configure
index 8a02e580ff1c336b61b8da5e33e98a351c671d56..dc403e32e9960464f8b8cd3a5662586371e70dea 100644 (file)
--- a/win32utils/Configure
+++ b/win32utils/Configure
@@ -238,6 +238,7 @@ my %configtest;
 
 my @substtest = ("CHECKDS",
                  "COVERAGE",
+                 "CRYPTO",
                  "DNSTAP",
                  "FSTRM_CAPTURE",
                  "JSONSTATS",
@@ -1423,8 +1424,10 @@ if ($use_openssl eq "yes") {
 
 if ($cryptolib eq "openssl") {
     $configdefh{"USE_OPENSSL"} = 1;
+    $configtest{"CRYPTO"} = "OpenSSL";
 } else {
     $configdefh{"USE_PKCS11"} = 1;
+    $configtest{"CRYPTO"} = "pkcs11";
 }
 
 # check OpenSSL