Only print warning when PKCS#11 dnssec-keygen fails from Edwards curves

(cherry picked from commit 9d979d7cd60122486c48a8f750af830710807595)

diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in
index d6b07a5f048a52f8bf704aef980d858c25429aea..7934930fa6ad0a437c5b06e42c1dff6a8950ce34 100644 (file)
--- a/bin/tests/system/conf.sh.in
+++ b/bin/tests/system/conf.sh.in
@@ -128,5 +128,6 @@ HAVEGEOIP2=${MAXMINDDB_LIBS:+1}
 ZLIB_LIBS="@ZLIB_LIBS@"
 HAVEZLIB=${ZLIB_LIBS:+1}
 NZD=@NZD_TOOLS@
+CRYPTO=@CRYPTO@
 
 export HAVEXMLSTATS HAVEJSONSTATS

diff --git a/bin/tests/system/conf.sh.win32 b/bin/tests/system/conf.sh.win32
index 9439fdb72db38bceffbf5c10c74a218bf8bb57c0..be55dd8eda19bedda0426747889bddbb2aae4e16 100644 (file)
--- a/bin/tests/system/conf.sh.win32
+++ b/bin/tests/system/conf.sh.win32
@@ -122,6 +122,7 @@ HAVEXMLSTATS=@XMLSTATS@
 HAVEJSONSTATS=@JSONSTATS@
 HAVEZLIB=@ZLIB@
 NZD=@NZD_TOOLS@
+CRYPTO=@CRYPTO@
 
 # The rest is shared between Windows and Unices
 . $TOP/bin/tests/system/conf.sh.common

diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh
index 2e32dab6e81e71b8324129d75dae9d868d44ef82..cce7b3fcb0d2436698e793f72f95ed532a6d080d 100644 (file)
--- a/bin/tests/system/dnssec/tests.sh
+++ b/bin/tests/system/dnssec/tests.sh
@@ -3230,6 +3230,15 @@ do
        1|5|7|8|10) # RSA algorithms
            key1=$($KEYGEN -a "$alg" -b "1024" -n zone example 2> keygen.err || true)
            ;;
+       15|16)
+           key1=$($KEYGEN -a "$alg" -b "1024" -n zone example 2> keygen.err || true)
+           # Soft-fail in case HSM doesn't support Edwards curves
+           if grep "not found" keygen.err > /dev/null && [ "$CRYPTO" = "pkcs11" ]; then
+               echo_i "Algorithm $alg not supported by HSM: skipping"
+               alg=$((alg+1))
+               continue
+           fi
+           ;;
        *)
            key1=$($KEYGEN -a "$alg" -n zone example 2> keygen.err || true)
     esac

diff --git a/configure b/configure
index 2832065e55948ccf3c868f4f238ede2d50ae4fbe..b279ab9a757e6d8b64b609225457064a5ff9c609 100755 (executable)
--- a/configure
+++ b/configure
@@ -743,6 +743,7 @@ ISC_PLATFORM_GSSAPI_KRB5_HEADER
 ISC_PLATFORM_GSSAPIHEADER
 ISC_PLATFORM_HAVEGSSAPI
 KRB5_CONFIG
+CRYPTO
 PKCS11_TOOLS
 PKCS11_TEST
 OPENSSL_LIBS
@@ -17092,6 +17093,7 @@ esac
 
 
 
+
 case $CRYPTO in #(
   pkcs11) :
 

diff --git a/configure.ac b/configure.ac
index 23b6eae81c3b94f7735db7f748c9c79e2283e9b1..fde41dce446915d2a898a5acea823892808a44ae 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -889,6 +889,7 @@ AS_CASE([$enable_native_pkcs11],
 AC_SUBST([PKCS11_TEST])
 AC_SUBST([PKCS11_TOOLS])
 
+AC_SUBST([CRYPTO])
 AS_CASE([$CRYPTO],
        [pkcs11],[AC_DEFINE([USE_PKCS11], [1], [define if PKCS11 is used for Public-Key Cryptography])],
        [AC_DEFINE([USE_OPENSSL], [1], [define if OpenSSL is used for Public-Key Cryptography])])

diff --git a/win32utils/Configure b/win32utils/Configure
index 8a02e580ff1c336b61b8da5e33e98a351c671d56..dc403e32e9960464f8b8cd3a5662586371e70dea 100644 (file)
--- a/win32utils/Configure
+++ b/win32utils/Configure
@@ -238,6 +238,7 @@ my %configtest;
 
 my @substtest = ("CHECKDS",
                  "COVERAGE",
+                 "CRYPTO",
                  "DNSTAP",
                  "FSTRM_CAPTURE",
                  "JSONSTATS",
@@ -1423,8 +1424,10 @@ if ($use_openssl eq "yes") {
 
 if ($cryptolib eq "openssl") {
     $configdefh{"USE_OPENSSL"} = 1;
+    $configtest{"CRYPTO"} = "OpenSSL";
 } else {
     $configdefh{"USE_PKCS11"} = 1;
+    $configtest{"CRYPTO"} = "pkcs11";
 }
 
 # check OpenSSL