Commit 27593e65 authored by Ondřej Surý's avatar Ondřej Surý

Remove support for obsoleted ECC-GOST (GOST R 34.11-94) algorithm

parent 57f0949e
......@@ -1115,7 +1115,7 @@ usage(void) {
program);
fprintf(stderr, "Version: %s\n", VERSION);
fprintf(stderr, "Options:\n"
" -a <algorithm> digest algorithm (SHA-1 / SHA-256 / GOST / SHA-384)\n"
" -a <algorithm> digest algorithm (SHA-1 / SHA-256 / SHA-384)\n"
" -c <class> of domain (default IN)\n"
" -D prefer CDNSKEY records instead of CDS\n"
" -d <file|dir> where to find parent dsset- file\n"
......
......@@ -144,7 +144,7 @@
</para>
<para>
The <replaceable>algorithm</replaceable> must be one of SHA-1
(SHA1), SHA-256 (SHA256), GOST, or SHA-384 (SHA384). These
(SHA1), SHA-256 (SHA256), or SHA-384 (SHA384). These
values are case insensitive. If no algorithm is specified,
the default is SHA-256.
</para>
......
......@@ -117,7 +117,7 @@
<para>
Select the digest algorithm. The value of
<option>algorithm</option> must be one of SHA-1 (SHA1),
SHA-256 (SHA256), GOST or SHA-384 (SHA384).
SHA-256 (SHA256) or SHA-384 (SHA384).
These values are case insensitive.
</para>
</listitem>
......
......@@ -97,7 +97,7 @@
<p>
Select the digest algorithm. The value of
<code class="option">algorithm</code> must be one of SHA-1 (SHA1),
SHA-256 (SHA256), GOST or SHA-384 (SHA384).
SHA-256 (SHA256) or SHA-384 (SHA384).
These values are case insensitive.
</p>
</dd>
......
......@@ -64,7 +64,7 @@ usage(void) {
fprintf(stderr, " -a algorithm: \n"
" RSA | RSAMD5 | DH | DSA | RSASHA1 |\n"
" NSEC3DSA | NSEC3RSASHA1 |\n"
" RSASHA256 | RSASHA512 | ECCGOST |\n"
" RSASHA256 | RSASHA512 |\n"
" ECDSAP256SHA256 | ECDSAP384SHA384\n");
fprintf(stderr, " -3: use NSEC3-capable algorithm\n");
fprintf(stderr, " -c class (default: IN)\n");
......@@ -427,7 +427,6 @@ main(int argc, char **argv) {
case DST_ALG_NSEC3RSASHA1:
case DST_ALG_RSASHA256:
case DST_ALG_RSASHA512:
case DST_ALG_ECCGOST:
case DST_ALG_ECDSA256:
case DST_ALG_ECDSA384:
case DST_ALG_ED25519:
......
......@@ -106,7 +106,7 @@
<para>
Selects the cryptographic algorithm. The value of
<option>algorithm</option> must be one of RSAMD5, RSASHA1,
DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST,
DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512,
ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448.
</para>
<para>
......
......@@ -79,7 +79,7 @@ usage(void) {
fprintf(stderr, " -a <algorithm>:\n");
fprintf(stderr, " RSA | RSAMD5 | DSA | RSASHA1 | NSEC3RSASHA1"
" | NSEC3DSA |\n");
fprintf(stderr, " RSASHA256 | RSASHA512 | ECCGOST |\n");
fprintf(stderr, " RSASHA256 | RSASHA512 |\n");
fprintf(stderr, " ECDSAP256SHA256 | ECDSAP384SHA384 |\n");
fprintf(stderr, " ED25519 | ED448 | DH\n");
fprintf(stderr, " -3: use NSEC3-capable algorithm\n");
......
......@@ -123,7 +123,7 @@
<para>
Selects the cryptographic algorithm. For DNSSEC keys, the value
of <option>algorithm</option> must be one of RSAMD5, RSASHA1,
DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST,
DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512,
ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448. For
TKEY, the value must be DH (Diffie Hellman); specifying
his value will automatically set the <option>-T KEY</option>
......
......@@ -360,10 +360,6 @@ strtodsdigest(const char *algname) {
strcasecmp(algname, "SHA-256") == 0)
{
return (DNS_DSDIGEST_SHA256);
#if defined(HAVE_OPENSSL_GOST) || defined(HAVE_PKCS11_GOST)
} else if (strcasecmp(algname, "GOST") == 0) {
return (DNS_DSDIGEST_GOST);
#endif
} else if (strcasecmp(algname, "SHA384") == 0 ||
strcasecmp(algname, "SHA-384") == 0)
{
......
......@@ -32,7 +32,7 @@ class dnskey:
_ALGNAMES = (None, 'RSAMD5', 'DH', 'DSA', 'ECC', 'RSASHA1',
'NSEC3DSA', 'NSEC3RSASHA1', 'RSASHA256', None,
'RSASHA512', None, 'ECCGOST', 'ECDSAP256SHA256',
'RSASHA512', None, None, 'ECDSAP256SHA256',
'ECDSAP384SHA384', 'ED25519', 'ED448')
def __init__(self, key, directory=None, keyttl=None):
......
......@@ -71,7 +71,7 @@ class PolicyLex:
return t
def t_ALGNAME(self, t):
r'(?i)\b(RSAMD5|DH|DSA|NSEC3DSA|ECC|RSASHA1|NSEC3RSASHA1|RSASHA256|RSASHA512|ECCGOST|ECDSAP256SHA256|ECDSAP384SHA384|ED25519|ED448)\b'
r'(?i)\b(RSAMD5|DH|DSA|NSEC3DSA|ECC|RSASHA1|NSEC3RSASHA1|RSASHA256|RSASHA512|ECDSAP256SHA256|ECDSAP384SHA384|ED25519|ED448)\b'
t.value = t.value.upper()
return t
......@@ -139,7 +139,6 @@ class Policy:
'NSEC3RSASHA1': [512, 4096],
'RSASHA256': [1024, 4096],
'RSASHA512': [1024, 4096],
'ECCGOST': None,
'ECDSAP256SHA256': None,
'ECDSAP384SHA384': None,
'ED25519': None,
......@@ -278,8 +277,7 @@ class Policy:
('ZSK key size %d not divisible by 64 ' +
'as required for DSA') % self.zsk_keysize
if self.algorithm in ['ECCGOST', \
'ECDSAP256SHA256', \
if self.algorithm in ['ECDSAP256SHA256', \
'ECDSAP384SHA384', \
'ED25519', \
'ED448']:
......@@ -369,10 +367,6 @@ class dnssec_policy:
self.alg_policy['RSASHA512'].algorithm = "RSASHA512"
self.alg_policy['RSASHA512'].name = "RSASHA512"
self.alg_policy['ECCGOST'] = copy(p)
self.alg_policy['ECCGOST'].algorithm = "ECCGOST"
self.alg_policy['ECCGOST'].name = "ECCGOST"
self.alg_policy['ECDSAP256SHA256'] = copy(p)
self.alg_policy['ECDSAP256SHA256'].algorithm = "ECDSAP256SHA256"
self.alg_policy['ECDSAP256SHA256'].name = "ECDSAP256SHA256"
......
......@@ -76,7 +76,7 @@ KRB5_CONFIG=/dev/null
#
# List of tests hard-coded to use ports 5300 and 9953. For this
# reason, these must be run sequentially.
SEQUENTIALDIRS="ecdsa eddsa gost @PKCS11_TEST@ tkey"
SEQUENTIALDIRS="ecdsa eddsa @PKCS11_TEST@ tkey"
# List of tests that use ports assigned by caller (other than 5300
# and 9953). Because separate blocks of ports can be used for teach
......
......@@ -87,7 +87,7 @@ SEQUENTIALDIRS="acl additional addzone autosign builtin \
database digdelv dlv dlvauto dlz dlzexternal dname \
dns64 dnssec @DNSTAP@ dscp dsdigest dyndb ecdsa eddsa \
ednscompliance emptyzones \
fetchlimit filter-aaaa formerr forward geoip glue gost idna inline ixfr \
fetchlimit filter-aaaa formerr forward geoip glue idna inline ixfr \
keepalive @KEYMGR@ legacy limits logfileconfig masterfile \
masterformat metadata mkeys names notify nslookup nsupdate \
nzd2nzf padding pending pipelined @PKCS11_TEST@ reclimit \
......
......@@ -37,7 +37,6 @@ $DSFROMKEY -a SHA-256 $keyname22 > $DSFILENAME2
supported=`cat ../supported`
case "$supported" in
gost) algo=GOST ;;
*) algo=SHA-384 ;;
esac
......
......@@ -26,7 +26,7 @@ options {
dnssec-validation yes;
dnssec-must-be-secure . yes;
/* only SHA-256 is enabled */
disable-ds-digests . { SHA-1; GOST; SHA-384; 5; 6; 7; 8; 9; };
disable-ds-digests . { SHA-1; SHA-384; 5; 6; 7; 8; 9; };
};
......
......@@ -25,7 +25,7 @@ options {
dnssec-enable yes;
dnssec-validation yes;
/* only SHA-256 is enabled */
disable-ds-digests . { SHA-1; GOST; SHA-384; 5; 6; 7; 8; 9; };
disable-ds-digests . { SHA-1; SHA-384; 5; 6; 7; 8; 9; };
};
zone "." {
......
......@@ -12,17 +12,12 @@
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
gostfail=0 ecdsafail=0
$SHELL ../testcrypto.sh -q gost || gostfail=1
ecdsafail=0
$SHELL ../testcrypto.sh -q ecdsa || ecdsafail=1
if [ $gostfail = 0 -a $ecdsafail = 0 ]; then
echo both > supported
elif [ $gostfail = 1 -a $ecdsafail = 1 ]; then
echo_i "This test requires support for ECDSA or GOST cryptography." >&2
if [ $ecdsafail = 1 ]; then
echo_i "This test requires support for ECDSA cryptography." >&2
exit 255
elif [ $gostfail = 0 ]; then
echo gost > supported
else
echo ecdsa > supported
fi
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
rm -f */K* */dsset-* */*.signed */trusted.conf
rm -f ns1/root.db
rm -f ns1/signer.err
rm -f dig.out*
rm -f */named.run
rm -f */named.memstats
rm -f ns*/named.lock
rm -f ns*/managed-keys.bind*
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
// NS1
controls { /* empty */ };
options {
query-source address 10.53.0.1;
notify-source 10.53.0.1;
transfer-source 10.53.0.1;
port 5300;
pid-file "named.pid";
listen-on { 10.53.0.1; };
listen-on-v6 { none; };
recursion no;
notify yes;
dnssec-enable yes;
dnssec-validation yes;
};
zone "." {
type master;
file "root.db.signed";
};
include "trusted.conf";
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
;
; See the COPYRIGHT file distributed with this work for additional
; information regarding copyright ownership.
$TTL 300
. IN SOA marka.isc.org. a.root.servers.nil. (
2010121600 ; serial
600 ; refresh
600 ; retry
1200 ; expire
600 ; minimum
)
. NS a.root-servers.nil.
a.root-servers.nil. A 10.53.0.1
#!/bin/sh -e
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh
zone=.
infile=root.db.in
zonefile=root.db
key1=`$KEYGEN -q -a ECCGOST -n zone $zone`
key2=`$KEYGEN -q -a ECCGOST -n zone -f KSK $zone`
$DSFROMKEY -a gost $key2.key > dsset-gost
cat $infile $key1.key $key2.key > $zonefile
$SIGNER -P -g -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err
# Configure the resolving server with a trusted key.
cat $key1.key | grep -v '^; ' | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print <<EOF
trusted-keys {
"$dn" $flags $proto $alg "$key";
};
EOF
' > trusted.conf
cp trusted.conf ../ns2/trusted.conf
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
// NS2
controls { /* empty */ };
options {
query-source address 10.53.0.2;
notify-source 10.53.0.2;
transfer-source 10.53.0.2;
port 5300;
pid-file "named.pid";
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
recursion yes;
notify yes;
dnssec-enable yes;
dnssec-validation yes;
};
zone "." {
type hint;
file "../../common/root.hint";
};
include "trusted.conf";
#!/bin/sh -e
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
exec $SHELL ../testcrypto.sh gost
#!/bin/sh -e
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
cd ns1 && $SHELL sign.sh
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
status=0
n=0
rm -f dig.out.*
DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p 5300"
# Check the example. domain
echo "I:checking that positive validation works ($n)"
ret=0
$DIG $DIGOPTS . @10.53.0.1 soa > dig.out.ns1.test$n || ret=1
$DIG $DIGOPTS . @10.53.0.2 soa > dig.out.ns2.test$n || ret=1
$PERL ../digcomp.pl dig.out.ns1.test$n dig.out.ns2.test$n || ret=1
grep "flags:.*ad.*QUERY" dig.out.ns2.test$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:exit status: $status"
[ $status -eq 0 ] || exit 1
......@@ -114,7 +114,7 @@ rm -f ns3/test-?.bk
rm -f ns3/test-?.bk.signed
rm -f ns3/test-?.bk.signed.jnl
rm -f import.key Kimport*
rm -f checkgost checkdsa checkecdsa
rm -f checkdsa checkecdsa
rm -f ns3/a-file
rm -f ns*/named.lock
rm -f dig.out.*
......
......@@ -125,20 +125,13 @@ zone=externalkey
rm -f K${zone}.+*+*.key
rm -f K${zone}.+*+*.private
for alg in ECCGOST ECDSAP256SHA256 NSEC3RSASHA1 DSA
for alg in ECDSAP256SHA256 NSEC3RSASHA1 DSA
do
case $alg in
DSA)
$SHELL ../checkdsa.sh 2> /dev/null || continue
checkfile=../checkdsa
touch $checkfile ;;
ECCGOST)
fail=0
$KEYGEN -q -a eccgost test > /dev/null 2>&1 || fail=1
rm -f Ktest*
[ $fail != 0 ] && continue
checkfile=../checkgost
touch $checkfile ;;
ECDSAP256SHA256)
fail=0
$KEYGEN -q -a ecdsap256sha256 test > /dev/null 2>&1 || fail=1
......
......@@ -897,16 +897,14 @@ n=`expr $n + 1`
echo_i "testing adding external keys to a inline zone ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.3 dnskey externalkey > dig.out.ns3.test$n
for alg in 3 7 12 13
for alg in 3 7 13
do
[ $alg = 3 -a ! -f checkdsa ] && continue;
[ $alg = 12 -a ! -f checkgost ] && continue;
[ $alg = 13 -a ! -f checkecdsa ] && continue;
case $alg in
3) echo_i "checking DSA";;
7) echo_i "checking NSEC3RSASHA1";;
12) echo_i "checking GOST";;
13) echo_i "checking ECDSAP256SHA256";;
*) echo_i "checking $alg";;
esac
......
......@@ -30,11 +30,6 @@ while test "$#" -gt 0; do
alg="-a RSASHA1"
msg1="RSA cryptography"
;;
gost|GOST)
alg="-a eccgost"
msg1="GOST cryptography"
msg2="--with-gost"
;;
ecdsa|ECDSA)
alg="-a ecdsap256sha256"
msg1="ECDSA cryptography"
......
......@@ -395,9 +395,6 @@ int sigwait(const unsigned int *set, int *sig);
/* Define if your OpenSSL version supports EVP AES */
#undef HAVE_OPENSSL_EVP_AES
/* Define if your OpenSSL version supports GOST. */
#undef HAVE_OPENSSL_GOST
/* Define if native PKCS#11 is used as cryptographic library provider */
#undef HAVE_PKCS11
......@@ -410,9 +407,6 @@ int sigwait(const unsigned int *set, int *sig);
/* Define if your PKCS11 provider supports Ed448. */
#undef HAVE_PKCS11_ED448
/* Define if your PKCS11 provider supports GOST. */
#undef HAVE_PKCS11_GOST
/* Support for PTHREAD_MUTEX_ADAPTIVE_NP */
#undef HAVE_PTHREAD_MUTEX_ADAPTIVE_NP
......@@ -604,9 +598,6 @@ int sigwait(const unsigned int *set, int *sig);
(O_NDELAY/O_NONBLOCK). */
#undef PORT_NONBLOCK
/* Define if GOST private keys are encoded in ASN.1. */
#undef PREFER_GOSTASN1
/* The size of `void *', as computed by sizeof. */
#undef SIZEOF_VOID_P
......
......@@ -327,9 +327,6 @@ typedef __int64 off_t;
/* Define if OpenSSL includes Ed448 support */
@HAVE_OPENSSL_ED448@
/* Define if your OpenSSL version supports GOST. */
@HAVE_OPENSSL_GOST@
/* Define if your OpenSSL version supports DH functions. */
@HAVE_DH_GET0_KEY@
......@@ -354,12 +351,6 @@ typedef __int64 off_t;
/* Define if your PKCS11 provider supports Ed448. */
@HAVE_PKCS11_ED448@
/* Define if your PKCS11 provider supports GOST. */
@HAVE_PKCS11_GOST@
/* Define if GOST private keys are encoded in ASN.1. */
@PREFER_GOSTASN1@
/* Define if OpenSSL is used as cryptographic library provider. */
@HAVE_OPENSSL@
......
......@@ -800,7 +800,6 @@ NZDSRCS
NZD_TOOLS
PKCS11_TEST
PKCS11_ED25519
PKCS11_GOST
PKCS11_ECDSA
PKCS11LINKSRCS
PKCS11LINKOBJS
......@@ -820,13 +819,10 @@ ISC_OPENSSL_LIBS
ISC_OPENSSL_INC
ISC_PLATFORM_OPENSSLHASH
ISC_PLATFORM_WANTAES
OPENSSL_GOST
OPENSSL_ED25519
OPENSSL_ECDSA
OPENSSLLINKSRCS
OPENSSLLINKOBJS
OPENSSLGOSTLINKSRCS
OPENSSLGOSTLINKOBJS
OPENSSLEDDSALINKSRCS
OPENSSLEDDSALINKOBJS
OPENSSLECDSALINKSRCS
......@@ -1001,7 +997,6 @@ enable_native_pkcs11
with_openssl
with_pkcs11
with_ecdsa
with_gost
with_eddsa
with_aes
with_cc_alg
......@@ -1747,7 +1742,6 @@ Optional Packages:
--with-pkcs11=PATH Build with PKCS11 support [yes|no|path] (PATH is for
the PKCS11 provider)
--with-ecdsa Crypto ECDSA
--with-gost Crypto GOST [yes|no|raw|asn1].
--with-eddsa Crypto EDDSA [yes|all|no].
--with-aes Crypto AES
--with-cc-alg=ALG choose the algorithm for Client Cookie
......@@ -16150,7 +16144,7 @@ fi
#
# were --with-ecdsa, --with-gost, --with-eddsa, --with-aes specified
# were --with-ecdsa, --with-eddsa, --with-aes specified
#
# Check whether --with-ecdsa was given.
......@@ -16161,14 +16155,6 @@ else
fi
# Check whether --with-gost was given.
if test "${with_gost+set}" = set; then :
withval=$with_gost; with_gost="$withval"
else
with_gost="auto"
fi
# Check whether --with-eddsa was given.
if test "${with_eddsa+set}" = set; then :
withval=$with_eddsa; with_eddsa="$withval"
......@@ -16245,26 +16231,7 @@ then
done
fi
OPENSSL_ECDSA=""
OPENSSL_GOST=""
OPENSSL_ED25519=""
gosttype="raw"
case "$with_gost" in
raw)
with_gost="yes"
;;
asn1)
$as_echo "#define PREFER_GOSTASN1 1" >>confdefs.h
gosttype="asn1"
with_gost="yes"
;;
auto|yes|no)
;;
*)
as_fn_error $? "unknown GOST private key encoding" "$LINENO" 5
;;
esac
case "$use_openssl" in
native_pkcs11)
......@@ -16277,8 +16244,6 @@ $as_echo "disabled because of native PKCS11" >&6; }
OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS=""
OPENSSLEDDSALINKSRCS=""
OPENSSLGOSTLINKOBJS=""
OPENSSLGOSTLINKSRCS=""
OPENSSLLINKOBJS=""
OPENSSLLINKSRCS=""
......@@ -16295,8 +16260,6 @@ $as_echo "no" >&6; }
OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS=""
OPENSSLEDDSALINKSRCS=""
OPENSSLGOSTLINKOBJS=""
OPENSSLGOSTLINKSRCS=""
OPENSSLLINKOBJS=""
OPENSSLLINKSRCS=""
;;
......@@ -16308,8 +16271,6 @@ $as_echo "no" >&6; }
OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS=""
OPENSSLEDDSALINKSRCS=""
OPENSSLGOSTLINKOBJS=""
OPENSSLGOSTLINKSRCS=""
OPENSSLLINKOBJS=""
OPENSSLLINKSRCS=""
as_fn_error $? "OpenSSL was not found in any of $openssldirs; use --with-openssl=/path
......@@ -16663,89 +16624,6 @@ $as_echo "#define HAVE_OPENSSL_ECDSA 1" >>confdefs.h
;;
esac
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL GOST support" >&5
$as_echo_n "checking for OpenSSL GOST support... " >&6; }
have_gost=""
case "$use_pkcs11" in
auto|no)
;;
*)
if $use_threads; then
CC="$CC -pthread"
fi
;;
esac
if test "$cross_compiling" = yes; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: using --with-gost" >&5
$as_echo "using --with-gost" >&6; }
else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <openssl/conf.h>
#include <openssl/engine.h>
int main() {
#if !defined(LIBRESSL_VERSION_NUMB