Commit c3b8130f authored by Ondřej Surý's avatar Ondřej Surý

Make OpenSSL mandatory

parent 3322e41e
...@@ -121,12 +121,6 @@ int sigwait(const unsigned int *set, int *sig); ...@@ -121,12 +121,6 @@ int sigwait(const unsigned int *set, int *sig);
/** define if you have strerror in the C library. */ /** define if you have strerror in the C library. */
#undef HAVE_STRERROR #undef HAVE_STRERROR
/* Define if OpenSSL includes DSA support */
#undef HAVE_OPENSSL_DSA
/* Define if you have getpassphrase in the C library. */
#undef HAVE_GETPASSPHRASE
/* Define to the length type used by the socket API (socklen_t, size_t, int). */ /* Define to the length type used by the socket API (socklen_t, size_t, int). */
#undef ISC_SOCKADDR_LEN_T #undef ISC_SOCKADDR_LEN_T
......
...@@ -288,8 +288,9 @@ AS_VAR_COPY([$1], [pkg_cv_][$1]) ...@@ -288,8 +288,9 @@ AS_VAR_COPY([$1], [pkg_cv_][$1])
AS_VAR_IF([$1], [""], [$5], [$4])dnl AS_VAR_IF([$1], [""], [$5], [$4])dnl
])dnl PKG_CHECK_VAR ])dnl PKG_CHECK_VAR
m4_include([libtool.m4/libtool.m4]) m4_include([m4/ax_check_openssl.m4])
m4_include([libtool.m4/ltoptions.m4]) m4_include([m4/libtool.m4])
m4_include([libtool.m4/ltsugar.m4]) m4_include([m4/ltoptions.m4])
m4_include([libtool.m4/ltversion.m4]) m4_include([m4/ltsugar.m4])
m4_include([libtool.m4/lt~obsolete.m4]) m4_include([m4/ltversion.m4])
m4_include([m4/lt~obsolete.m4])
...@@ -16,15 +16,15 @@ VERSION=@BIND9_VERSION@ ...@@ -16,15 +16,15 @@ VERSION=@BIND9_VERSION@
@BIND9_MAKE_INCLUDES@ @BIND9_MAKE_INCLUDES@
CINCLUDES = ${NS_INCLUDES} ${BIND9_INCLUDES} ${DNS_INCLUDES} ${ISCCFG_INCLUDES} \ CINCLUDES = ${NS_INCLUDES} ${BIND9_INCLUDES} ${DNS_INCLUDES} ${ISCCFG_INCLUDES} \
${ISC_INCLUDES} @DST_OPENSSL_INC@ ${ISC_INCLUDES} @OPENSSL_INCLUDES@
CDEFINES = -DNAMED_CONFFILE=\"${sysconfdir}/named.conf\" CDEFINES = -DNAMED_CONFFILE=\"${sysconfdir}/named.conf\"
CWARNINGS = CWARNINGS =
DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@ DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@ ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
ISCLIBS = ../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@ ISCLIBS = ../../lib/isc/libisc.@A@ @OPENSSL_LDFLAGS@ @OPENSSL_LIBS@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @ISC_OPENSSL_LIBS@ ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @OPENSSL_LDFLAGS@ @OPENSSL_LIBS@
BIND9LIBS = ../../lib/bind9/libbind9.@A@ BIND9LIBS = ../../lib/bind9/libbind9.@A@
NSLIBS = ../../lib/ns/libns.@A@ NSLIBS = ../../lib/ns/libns.@A@
......
...@@ -27,8 +27,8 @@ CWARNINGS = ...@@ -27,8 +27,8 @@ CWARNINGS =
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@ ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
ISCCCLIBS = ../../lib/isccc/libisccc.@A@ ISCCCLIBS = ../../lib/isccc/libisccc.@A@
ISCLIBS = ../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@ ISCLIBS = ../../lib/isc/libisc.@A@ @OPENSSL_LDFLAGS@ @OPENSSL_LIBS@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @ISC_OPENSSL_LIBS@ ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @OPENSSL_LDFLAGS@ @OPENSSL_LIBS@
DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@ DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
BIND9LIBS = ../../lib/bind9/libbind9.@A@ BIND9LIBS = ../../lib/bind9/libbind9.@A@
......
...@@ -36,7 +36,7 @@ ...@@ -36,7 +36,7 @@
#include <isc/time.h> #include <isc/time.h>
#include <isc/util.h> #include <isc/util.h>
#if HAVE_PKCS11 #if USE_PKCS11
#include <pk11/result.h> #include <pk11/result.h>
#endif #endif
...@@ -102,7 +102,7 @@ main(int argc, char **argv) { ...@@ -102,7 +102,7 @@ main(int argc, char **argv) {
int len = 0; int len = 0;
int ch; int ch;
#if HAVE_PKCS11 #if USE_PKCS11
pk11_result_register(); pk11_result_register();
#endif #endif
dns_result_register(); dns_result_register();
......
...@@ -43,10 +43,8 @@ ...@@ -43,10 +43,8 @@
const char * const char *
alg_totext(dns_secalg_t alg) { alg_totext(dns_secalg_t alg) {
switch (alg) { switch (alg) {
#ifndef PK11_MD5_DISABLE
case DST_ALG_HMACMD5: case DST_ALG_HMACMD5:
return "hmac-md5"; return "hmac-md5";
#endif
case DST_ALG_HMACSHA1: case DST_ALG_HMACSHA1:
return "hmac-sha1"; return "hmac-sha1";
case DST_ALG_HMACSHA224: case DST_ALG_HMACSHA224:
...@@ -71,10 +69,8 @@ alg_fromtext(const char *name) { ...@@ -71,10 +69,8 @@ alg_fromtext(const char *name) {
if (strncasecmp(p, "hmac-", 5) == 0) if (strncasecmp(p, "hmac-", 5) == 0)
p = &name[5]; p = &name[5];
#ifndef PK11_MD5_DISABLE
if (strcasecmp(p, "md5") == 0) if (strcasecmp(p, "md5") == 0)
return DST_ALG_HMACMD5; return DST_ALG_HMACMD5;
#endif
if (strcasecmp(p, "sha1") == 0) if (strcasecmp(p, "sha1") == 0)
return DST_ALG_HMACSHA1; return DST_ALG_HMACSHA1;
if (strcasecmp(p, "sha224") == 0) if (strcasecmp(p, "sha224") == 0)
...@@ -124,9 +120,7 @@ generate_key(isc_mem_t *mctx, dns_secalg_t alg, int keysize, ...@@ -124,9 +120,7 @@ generate_key(isc_mem_t *mctx, dns_secalg_t alg, int keysize,
dst_key_t *key = NULL; dst_key_t *key = NULL;
switch (alg) { switch (alg) {
#ifndef PK11_MD5_DISABLE
case DST_ALG_HMACMD5: case DST_ALG_HMACMD5:
#endif
case DST_ALG_HMACSHA1: case DST_ALG_HMACSHA1:
case DST_ALG_HMACSHA224: case DST_ALG_HMACSHA224:
case DST_ALG_HMACSHA256: case DST_ALG_HMACSHA256:
......
...@@ -16,7 +16,7 @@ VERSION=@BIND9_VERSION@ ...@@ -16,7 +16,7 @@ VERSION=@BIND9_VERSION@
@BIND9_MAKE_INCLUDES@ @BIND9_MAKE_INCLUDES@
CINCLUDES = -I${srcdir}/include ${DNS_INCLUDES} ${ISC_INCLUDES} \ CINCLUDES = -I${srcdir}/include ${DNS_INCLUDES} ${ISC_INCLUDES} \
${IRS_INCLUDES} ${ISCCFG_INCLUDES} @DST_OPENSSL_INC@ ${IRS_INCLUDES} ${ISCCFG_INCLUDES} @OPENSSL_INCLUDES@
CDEFINES = -DVERSION=\"${VERSION}\" \ CDEFINES = -DVERSION=\"${VERSION}\" \
-DSYSCONFDIR=\"${sysconfdir}\" -DSYSCONFDIR=\"${sysconfdir}\"
...@@ -24,8 +24,8 @@ CWARNINGS = ...@@ -24,8 +24,8 @@ CWARNINGS =
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@ ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@ DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @ISC_OPENSSL_LIBS@ ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @OPENSSL_LDFLAGS@ @OPENSSL_LIBS@
ISCLIBS = ../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@ ISCLIBS = ../../lib/isc/libisc.@A@ @OPENSSL_LDFLAGS@ @OPENSSL_LIBS@
IRSLIBS = ../../lib/irs/libirs.@A@ IRSLIBS = ../../lib/irs/libirs.@A@
ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@ ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@
......
...@@ -19,7 +19,7 @@ READLINE_LIB = @READLINE_LIB@ ...@@ -19,7 +19,7 @@ READLINE_LIB = @READLINE_LIB@
CINCLUDES = -I${srcdir}/include ${DNS_INCLUDES} \ CINCLUDES = -I${srcdir}/include ${DNS_INCLUDES} \
${BIND9_INCLUDES} ${ISC_INCLUDES} \ ${BIND9_INCLUDES} ${ISC_INCLUDES} \
${IRS_INCLUDES} ${ISCCFG_INCLUDES} @LIBIDN2_CFLAGS@ @DST_OPENSSL_INC@ ${IRS_INCLUDES} ${ISCCFG_INCLUDES} @LIBIDN2_CFLAGS@ @OPENSSL_INCLUDES@
CDEFINES = -DVERSION=\"${VERSION}\" CDEFINES = -DVERSION=\"${VERSION}\"
CWARNINGS = CWARNINGS =
...@@ -27,8 +27,8 @@ CWARNINGS = ...@@ -27,8 +27,8 @@ CWARNINGS =
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@ ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@ DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
BIND9LIBS = ../../lib/bind9/libbind9.@A@ BIND9LIBS = ../../lib/bind9/libbind9.@A@
ISCLIBS = ../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@ ISCLIBS = ../../lib/isc/libisc.@A@ @OPENSSL_LDFLAGS@ @OPENSSL_LIBS@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @ISC_OPENSSL_LIBS@ ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @OPENSSL_LDFLAGS@ @OPENSSL_LIBS@
IRSLIBS = ../../lib/irs/libirs.@A@ IRSLIBS = ../../lib/irs/libirs.@A@
ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@ ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@
......
...@@ -1771,11 +1771,7 @@ dash_option(char *option, char *next, dig_lookup_t **lookup, ...@@ -1771,11 +1771,7 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
ptr = ptr2; ptr = ptr2;
ptr2 = ptr3; ptr2 = ptr3;
} else { } else {
#ifndef PK11_MD5_DISABLE
hmacname = DNS_TSIG_HMACMD5_NAME; hmacname = DNS_TSIG_HMACMD5_NAME;
#else
hmacname = DNS_TSIG_HMACSHA256_NAME;
#endif
digestbits = 0; digestbits = 0;
} }
/* XXXONDREJ: FIXME */ /* XXXONDREJ: FIXME */
......
...@@ -84,7 +84,7 @@ ...@@ -84,7 +84,7 @@
#include <dig/dig.h> #include <dig/dig.h>
#if HAVE_PKCS11 #if USE_PKCS11
#include <pk11/result.h> #include <pk11/result.h>
#endif #endif
...@@ -1032,14 +1032,12 @@ parse_hmac(const char *hmac) { ...@@ -1032,14 +1032,12 @@ parse_hmac(const char *hmac) {
digestbits = 0; digestbits = 0;
#ifndef PK11_MD5_DISABLE
if (strcasecmp(buf, "hmac-md5") == 0) { if (strcasecmp(buf, "hmac-md5") == 0) {
hmacname = DNS_TSIG_HMACMD5_NAME; hmacname = DNS_TSIG_HMACMD5_NAME;
} else if (strncasecmp(buf, "hmac-md5-", 9) == 0) { } else if (strncasecmp(buf, "hmac-md5-", 9) == 0) {
hmacname = DNS_TSIG_HMACMD5_NAME; hmacname = DNS_TSIG_HMACMD5_NAME;
digestbits = parse_bits(&buf[9], "digest-bits [0..128]", 128); digestbits = parse_bits(&buf[9], "digest-bits [0..128]", 128);
} else } else
#endif
if (strcasecmp(buf, "hmac-sha1") == 0) { if (strcasecmp(buf, "hmac-sha1") == 0) {
hmacname = DNS_TSIG_HMACSHA1_NAME; hmacname = DNS_TSIG_HMACSHA1_NAME;
digestbits = 0; digestbits = 0;
...@@ -1153,11 +1151,9 @@ setup_file_key(void) { ...@@ -1153,11 +1151,9 @@ setup_file_key(void) {
} }
switch (dst_key_alg(dstkey)) { switch (dst_key_alg(dstkey)) {
#ifndef PK11_MD5_DISABLE
case DST_ALG_HMACMD5: case DST_ALG_HMACMD5:
hmacname = DNS_TSIG_HMACMD5_NAME; hmacname = DNS_TSIG_HMACMD5_NAME;
break; break;
#endif
case DST_ALG_HMACSHA1: case DST_ALG_HMACSHA1:
hmacname = DNS_TSIG_HMACSHA1_NAME; hmacname = DNS_TSIG_HMACSHA1_NAME;
break; break;
...@@ -1314,7 +1310,7 @@ setup_libs(void) { ...@@ -1314,7 +1310,7 @@ setup_libs(void) {
debug("setup_libs()"); debug("setup_libs()");
#if HAVE_PKCS11 #if USE_PKCS11
pk11_result_register(); pk11_result_register();
#endif #endif
dns_result_register(); dns_result_register();
......
...@@ -15,15 +15,14 @@ VERSION=@BIND9_VERSION@ ...@@ -15,15 +15,14 @@ VERSION=@BIND9_VERSION@
@BIND9_MAKE_INCLUDES@ @BIND9_MAKE_INCLUDES@
CINCLUDES = ${DNS_INCLUDES} ${ISC_INCLUDES} @DST_OPENSSL_INC@ CINCLUDES = ${DNS_INCLUDES} ${ISC_INCLUDES} @OPENSSL_INCLUDES@
CDEFINES = -DVERSION=\"${VERSION}\" @USE_PKCS11@ @PKCS11_ENGINE@ \ CDEFINES = -DVERSION=\"${VERSION}\"
-DPK11_LIB_LOCATION=\"@PKCS11_PROVIDER@\"
CWARNINGS = CWARNINGS =
DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@ DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
ISCLIBS = ../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@ ISCLIBS = ../../lib/isc/libisc.@A@ @OPENSSL_LDFLAGS@ @OPENSSL_LIBS@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @ISC_OPENSSL_LIBS@ ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @OPENSSL_LDFLAGS@ @OPENSSL_LIBS@
DNSDEPLIBS = ../../lib/dns/libdns.@A@ DNSDEPLIBS = ../../lib/dns/libdns.@A@
ISCDEPLIBS = ../../lib/isc/libisc.@A@ ISCDEPLIBS = ../../lib/isc/libisc.@A@
......
...@@ -53,7 +53,7 @@ ...@@ -53,7 +53,7 @@
#include <dst/dst.h> #include <dst/dst.h>
#if HAVE_PKCS11 #if USE_PKCS11
#include <pk11/result.h> #include <pk11/result.h>
#endif #endif
...@@ -1147,7 +1147,7 @@ main(int argc, char *argv[]) { ...@@ -1147,7 +1147,7 @@ main(int argc, char *argv[]) {
fatal("out of memory"); fatal("out of memory");
} }
#if HAVE_PKCS11 #if USE_PKCS11
pk11_result_register(); pk11_result_register();
#endif #endif
dns_result_register(); dns_result_register();
......
...@@ -41,7 +41,7 @@ ...@@ -41,7 +41,7 @@
#include <dst/dst.h> #include <dst/dst.h>
#if HAVE_PKCS11 #if USE_PKCS11
#include <pk11/result.h> #include <pk11/result.h>
#endif #endif
...@@ -370,7 +370,7 @@ main(int argc, char **argv) { ...@@ -370,7 +370,7 @@ main(int argc, char **argv) {
if (result != ISC_R_SUCCESS) if (result != ISC_R_SUCCESS)
fatal("out of memory"); fatal("out of memory");
#if HAVE_PKCS11 #if USE_PKCS11
pk11_result_register(); pk11_result_register();
#endif #endif
dns_result_register(); dns_result_register();
......
...@@ -41,7 +41,7 @@ ...@@ -41,7 +41,7 @@
#include <dst/dst.h> #include <dst/dst.h>
#if HAVE_PKCS11 #if USE_PKCS11
#include <pk11/result.h> #include <pk11/result.h>
#endif #endif
...@@ -310,7 +310,7 @@ main(int argc, char **argv) { ...@@ -310,7 +310,7 @@ main(int argc, char **argv) {
if (result != ISC_R_SUCCESS) if (result != ISC_R_SUCCESS)
fatal("out of memory"); fatal("out of memory");
#if HAVE_PKCS11 #if USE_PKCS11
pk11_result_register(); pk11_result_register();
#endif #endif
dns_result_register(); dns_result_register();
......
...@@ -37,7 +37,7 @@ ...@@ -37,7 +37,7 @@
#include <dst/dst.h> #include <dst/dst.h>
#if HAVE_PKCS11 #if USE_PKCS11
#include <pk11/result.h> #include <pk11/result.h>
#endif #endif
...@@ -69,12 +69,9 @@ usage(void) { ...@@ -69,12 +69,9 @@ usage(void) {
fprintf(stderr, " -3: use NSEC3-capable algorithm\n"); fprintf(stderr, " -3: use NSEC3-capable algorithm\n");
fprintf(stderr, " -c class (default: IN)\n"); fprintf(stderr, " -c class (default: IN)\n");
fprintf(stderr, " -E <engine>:\n"); fprintf(stderr, " -E <engine>:\n");
#if HAVE_PKCS11 #if USE_PKCS11
fprintf(stderr, " path to PKCS#11 provider library " fprintf(stderr, " path to PKCS#11 provider library "
"(default is %s)\n", PK11_LIB_LOCATION); "(default is %s)\n", PK11_LIB_LOCATION);
#elif defined(USE_PKCS11)
fprintf(stderr, " name of an OpenSSL engine to use "
"(default is \"pkcs11\")\n");
#else #else
fprintf(stderr, " name of an OpenSSL engine to use\n"); fprintf(stderr, " name of an OpenSSL engine to use\n");
#endif #endif
...@@ -124,11 +121,7 @@ main(int argc, char **argv) { ...@@ -124,11 +121,7 @@ main(int argc, char **argv) {
const char *directory = NULL; const char *directory = NULL;
const char *predecessor = NULL; const char *predecessor = NULL;
dst_key_t *prevkey = NULL; dst_key_t *prevkey = NULL;
#ifdef USE_PKCS11
const char *engine = PKCS11_ENGINE;
#else
const char *engine = NULL; const char *engine = NULL;
#endif
char *classname = NULL; char *classname = NULL;
char *endp; char *endp;
dst_key_t *key = NULL; dst_key_t *key = NULL;
...@@ -173,7 +166,7 @@ main(int argc, char **argv) { ...@@ -173,7 +166,7 @@ main(int argc, char **argv) {
RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS); RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
#if HAVE_PKCS11 #if USE_PKCS11
pk11_result_register(); pk11_result_register();
#endif #endif
dns_result_register(); dns_result_register();
...@@ -388,20 +381,10 @@ main(int argc, char **argv) { ...@@ -388,20 +381,10 @@ main(int argc, char **argv) {
} }
if (strcasecmp(algname, "RSA") == 0) { if (strcasecmp(algname, "RSA") == 0) {
#ifndef PK11_MD5_DISABLE
fprintf(stderr, "The use of RSA (RSAMD5) is not " fprintf(stderr, "The use of RSA (RSAMD5) is not "
"recommended.\nIf you still wish to " "recommended.\nIf you still wish to "
"use RSA (RSAMD5) please specify " "use RSA (RSAMD5) please specify "
"\"-a RSAMD5\"\n"); "\"-a RSAMD5\"\n");
#else
fprintf(stderr,
"The use of RSA (RSAMD5) was disabled\n");
if (freeit != NULL)
free(freeit);
return (1);
} else if (strcasecmp(algname, "RSAMD5") == 0) {
fprintf(stderr, "The use of RSAMD5 was disabled\n");
#endif
if (freeit != NULL) if (freeit != NULL)
free(freeit); free(freeit);
return (1); return (1);
...@@ -512,11 +495,6 @@ main(int argc, char **argv) { ...@@ -512,11 +495,6 @@ main(int argc, char **argv) {
alg = dst_key_alg(prevkey); alg = dst_key_alg(prevkey);
flags = dst_key_flags(prevkey); flags = dst_key_flags(prevkey);
#ifdef PK11_MD5_DISABLE
if (alg == DST_ALG_RSAMD5)
fatal("Key %s uses disabled RSAMD5", predecessor);
#endif
dst_key_format(prevkey, keystr, sizeof(keystr)); dst_key_format(prevkey, keystr, sizeof(keystr));
dst_key_getprivateformat(prevkey, &major, &minor); dst_key_getprivateformat(prevkey, &major, &minor);
if (major != DST_MAJOR_VERSION || minor < DST_MINOR_VERSION) if (major != DST_MAJOR_VERSION || minor < DST_MINOR_VERSION)
...@@ -606,7 +584,7 @@ main(int argc, char **argv) { ...@@ -606,7 +584,7 @@ main(int argc, char **argv) {
/* associate the key */ /* associate the key */
ret = dst_key_fromlabel(name, alg, flags, protocol, rdclass, ret = dst_key_fromlabel(name, alg, flags, protocol, rdclass,
#if HAVE_PKCS11 #if USE_PKCS11
"pkcs11", "pkcs11",
#else #else
engine, engine,
......
...@@ -52,7 +52,7 @@ ...@@ -52,7 +52,7 @@
#include <dst/dst.h> #include <dst/dst.h>
#if HAVE_PKCS11 #if USE_PKCS11
#include <pk11/result.h> #include <pk11/result.h>
#endif #endif
...@@ -106,12 +106,9 @@ usage(void) { ...@@ -106,12 +106,9 @@ usage(void) {
fprintf(stderr, " -c <class>: (default: IN)\n"); fprintf(stderr, " -c <class>: (default: IN)\n");
fprintf(stderr, " -d <digest bits> (0 => max, default)\n"); fprintf(stderr, " -d <digest bits> (0 => max, default)\n");
fprintf(stderr, " -E <engine>:\n"); fprintf(stderr, " -E <engine>:\n");
#if HAVE_PKCS11 #if USE_PKCS11
fprintf(stderr, " path to PKCS#11 provider library " fprintf(stderr, " path to PKCS#11 provider library "
"(default is %s)\n", PK11_LIB_LOCATION); "(default is %s)\n", PK11_LIB_LOCATION);
#elif defined(USE_PKCS11)
fprintf(stderr, " name of an OpenSSL engine to use "
"(default is \"pkcs11\")\n");
#else #else
fprintf(stderr, " name of an OpenSSL engine to use\n"); fprintf(stderr, " name of an OpenSSL engine to use\n");
#endif #endif
...@@ -216,11 +213,7 @@ main(int argc, char **argv) { ...@@ -216,11 +213,7 @@ main(int argc, char **argv) {
dst_key_t *prevkey = NULL; dst_key_t *prevkey = NULL;
isc_buffer_t buf; isc_buffer_t buf;
isc_log_t *log = NULL; isc_log_t *log = NULL;
#ifdef USE_PKCS11
const char *engine = PKCS11_ENGINE;
#else
const char *engine = NULL; const char *engine = NULL;
#endif
dns_rdataclass_t rdclass; dns_rdataclass_t rdclass;
int options = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC; int options = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC;
int dbits = 0; int dbits = 0;
...@@ -247,7 +240,7 @@ main(int argc, char **argv) { ...@@ -247,7 +240,7 @@ main(int argc, char **argv) {
if (argc == 1) if (argc == 1)
usage(); usage();
#if HAVE_PKCS11 #if USE_PKCS11
pk11_result_register(); pk11_result_register();