Commit 9d979d7c authored by Ondřej Surý's avatar Ondřej Surý

Only print warning when PKCS#11 dnssec-keygen fails from Edwards curves

parent 541d7baf
# generated automatically by aclocal 1.16.1 -*- Autoconf -*-
# generated automatically by aclocal 1.16.2 -*- Autoconf -*-
# Copyright (C) 1996-2018 Free Software Foundation, Inc.
# Copyright (C) 1996-2020 Free Software Foundation, Inc.
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -290,7 +290,7 @@ AS_VAR_IF([$1], [""], [$5], [$4])dnl
# AM_CONDITIONAL -*- Autoconf -*-
# Copyright (C) 1997-2018 Free Software Foundation, Inc.
# Copyright (C) 1997-2020 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -324,7 +324,7 @@ fi])])
# Add --enable-maintainer-mode option to configure. -*- Autoconf -*-
# From Jim Meyering
# Copyright (C) 1996-2018 Free Software Foundation, Inc.
# Copyright (C) 1996-2020 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -357,7 +357,7 @@ AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles])
]
)
# Copyright (C) 2006-2018 Free Software Foundation, Inc.
# Copyright (C) 2006-2020 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......
......@@ -127,3 +127,4 @@ HAVEGEOIP2=${MAXMINDDB_LIBS:+1}
ZLIB_LIBS="@ZLIB_LIBS@"
HAVEZLIB=${ZLIB_LIBS:+1}
NZD=@NZD_TOOLS@
CRYPTO=@CRYPTO@
......@@ -122,6 +122,7 @@ HAVEXMLSTATS=@XMLSTATS@
HAVEJSONSTATS=@JSONSTATS@
HAVEZLIB=@ZLIB@
NZD=@NZD_TOOLS@
CRYPTO=@CRYPTO@
# The rest is shared between Windows and Unices
. $TOP/bin/tests/system/conf.sh.common
......@@ -3248,6 +3248,15 @@ do
1|5|7|8|10) # RSA algorithms
key1=$($KEYGEN -a "$alg" -b "1024" -n zone example 2> keygen.err || true)
;;
15|16)
key1=$($KEYGEN -a "$alg" -b "1024" -n zone example 2> keygen.err || true)
# Soft-fail in case HSM doesn't support Edwards curves
if grep "not found" keygen.err > /dev/null && [ "$CRYPTO" = "pkcs11" ]; then
echo_i "Algorithm $alg not supported by HSM: skipping"
alg=$((alg+1))
continue
fi
;;
*)
key1=$($KEYGEN -a "$alg" -n zone example 2> keygen.err || true)
esac
......
......@@ -745,6 +745,7 @@ ISC_PLATFORM_GSSAPI_KRB5_HEADER
ISC_PLATFORM_GSSAPIHEADER
ISC_PLATFORM_HAVEGSSAPI
KRB5_CONFIG
CRYPTO
PKCS11_TOOLS
PKCS11_TEST
OPENSSL_LIBS
......@@ -16993,6 +16994,7 @@ esac
case $CRYPTO in #(
pkcs11) :
......
......@@ -849,6 +849,7 @@ AS_CASE([$enable_native_pkcs11],
AC_SUBST([PKCS11_TEST])
AC_SUBST([PKCS11_TOOLS])
AC_SUBST([CRYPTO])
AS_CASE([$CRYPTO],
[pkcs11],[AC_DEFINE([USE_PKCS11], [1], [define if PKCS11 is used for Public-Key Cryptography])],
[AC_DEFINE([USE_OPENSSL], [1], [define if OpenSSL is used for Public-Key Cryptography])])
......
......@@ -238,6 +238,7 @@ my %configtest;
my @substtest = ("CHECKDS",
"COVERAGE",
"CRYPTO",
"DNSTAP",
"FSTRM_CAPTURE",
"JSONSTATS",
......@@ -1423,8 +1424,10 @@ if ($use_openssl eq "yes") {
if ($cryptolib eq "openssl") {
$configdefh{"USE_OPENSSL"} = 1;
$configtest{"CRYPTO"} = "OpenSSL";
} else {
$configdefh{"USE_PKCS11"} = 1;
$configtest{"CRYPTO"} = "pkcs11";
}
# check OpenSSL
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment