1642. [port] Support OpenSSL implementations which don't have

                        DSA support. [RT #11360]

diff --git a/CHANGES b/CHANGES
index a673cc89835f8b390d3879ec3fcf30b61f663306..8ae51431403d6b55c392d0bf702c64c16604b0e7 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+1642.  [port]          Support OpenSSL implementations which don't have
+                       DSA support. [RT #11360]
+
 1641.  [bug]           Update the check-names description in ARM. [RT #11389]
 
 1640.  [bug]           win32: isc_socket_cancel(ISC_SOCKCANCEL_ACCEPT) was

diff --git a/acconfig.h b/acconfig.h
index 70fc191a32684f3901bff939fadf1e144516d97a..c44755fd4017a815cee732980fd6249c87ff3678 100644 (file)
--- a/acconfig.h
+++ b/acconfig.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: acconfig.h,v 1.44 2004/03/05 04:56:57 marka Exp $ */
+/* $Id: acconfig.h,v 1.45 2004/05/21 08:09:27 marka Exp $ */
 
 /***
  *** This file is not to be included by any public header files, because
@@ -136,3 +136,6 @@ int sigwait(const unsigned int *set, int *sig);
 
 /* Define if you are running under Compaq TruCluster..  */
 #undef HAVE_TRUCLUSTER
+
+/* Define if OpenSSL includes DSA support */
+#undef HAVE_OPENSSL_DSA

diff --git a/configure.in b/configure.in
index 17ea5538d212770cb083352c3bff2ce5cac8a8b3..dc5cc413b29fa6b792f1cbeda11df8877efd06f7 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -18,7 +18,7 @@ AC_DIVERT_PUSH(1)dnl
 esyscmd([sed "s/^/# /" COPYRIGHT])dnl
 AC_DIVERT_POP()dnl
 
-AC_REVISION($Revision: 1.356 $)
+AC_REVISION($Revision: 1.357 $)
 
 AC_INIT(lib/dns/name.c)
 AC_PREREQ(2.13)
@@ -467,6 +467,14 @@ int main() {
                [AC_MSG_RESULT(not compatible)
                 AC_MSG_ERROR(you need OpenSSL 0.9.6e/0.9.7-beta2 (or newer): CERT CA-2002-23)],
                [AC_MSG_RESULT(assuming target platform has compatible version)]))
+               AC_MSG_CHECKING(for OpenSSL DSA support)
+               if test -f $use_openssl/include/openssl/dsa.h
+               then
+                       AC_DEFINE(HAVE_OPENSSL_DSA)
+                       AC_MSG_RESULT(yes)
+               else
+                       AC_MSG_RESULT(no)
+               fi
                CFLAGS="$saved_cflags"
                LIBS="$saved_libs"
                ;;

diff --git a/lib/dns/sec/dst/dst_api.c b/lib/dns/sec/dst/dst_api.c
index 4e44c96113411efdf1602539e3db9a0f1c6a7feb..6008832368a359237ca45f435bfe4e3e0a91dad3 100644 (file)
--- a/lib/dns/sec/dst/dst_api.c
+++ b/lib/dns/sec/dst/dst_api.c
@@ -18,7 +18,7 @@
 
 /*
  * Principal Author: Brian Wellington
- * $Id: dst_api.c,v 1.114 2004/03/18 02:58:05 marka Exp $
+ * $Id: dst_api.c,v 1.115 2004/05/21 08:09:27 marka Exp $
  */
 
 #include <config.h>
@@ -145,9 +145,11 @@ dst_lib_init(isc_mem_t *mctx, isc_entropy_t *ectx, unsigned int eflags) {
        RETERR(dst__openssl_init());
        RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSAMD5]));
        RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA1]));
+#ifdef HAVE_OPENSSL_DSA
        RETERR(dst__openssldsa_init(&dst_t_func[DST_ALG_DSA]));
-       RETERR(dst__openssldh_init(&dst_t_func[DST_ALG_DH]));
 #endif
+       RETERR(dst__openssldh_init(&dst_t_func[DST_ALG_DH]));
+#endif /* OPENSSL */
 #ifdef GSSAPI
        RETERR(dst__gssapi_init(&dst_t_func[DST_ALG_GSSAPI]));
 #endif
@@ -1136,10 +1138,12 @@ algorithm_status(unsigned int alg) {
 
        if (dst_algorithm_supported(alg))
                return (ISC_R_SUCCESS);
+#ifndef OPENSSL
        if (alg == DST_ALG_RSAMD5 || alg == DST_ALG_RSASHA1 ||
            alg == DST_ALG_DSA || alg == DST_ALG_DH ||
            alg == DST_ALG_HMACMD5)
                return (DST_R_NOCRYPTO);
+#endif
        return (DST_R_UNSUPPORTEDALG);
 }