Commit c3b8130f authored by Ondřej Surý's avatar Ondřej Surý

Make OpenSSL mandatory

parent 3322e41e
......@@ -121,12 +121,6 @@ int sigwait(const unsigned int *set, int *sig);
/** define if you have strerror in the C library. */
#undef HAVE_STRERROR
/* Define if OpenSSL includes DSA support */
#undef HAVE_OPENSSL_DSA
/* Define if you have getpassphrase in the C library. */
#undef HAVE_GETPASSPHRASE
/* Define to the length type used by the socket API (socklen_t, size_t, int). */
#undef ISC_SOCKADDR_LEN_T
......
......@@ -288,8 +288,9 @@ AS_VAR_COPY([$1], [pkg_cv_][$1])
AS_VAR_IF([$1], [""], [$5], [$4])dnl
])dnl PKG_CHECK_VAR
m4_include([libtool.m4/libtool.m4])
m4_include([libtool.m4/ltoptions.m4])
m4_include([libtool.m4/ltsugar.m4])
m4_include([libtool.m4/ltversion.m4])
m4_include([libtool.m4/lt~obsolete.m4])
m4_include([m4/ax_check_openssl.m4])
m4_include([m4/libtool.m4])
m4_include([m4/ltoptions.m4])
m4_include([m4/ltsugar.m4])
m4_include([m4/ltversion.m4])
m4_include([m4/lt~obsolete.m4])
......@@ -16,15 +16,15 @@ VERSION=@BIND9_VERSION@
@BIND9_MAKE_INCLUDES@
CINCLUDES = ${NS_INCLUDES} ${BIND9_INCLUDES} ${DNS_INCLUDES} ${ISCCFG_INCLUDES} \
${ISC_INCLUDES} @DST_OPENSSL_INC@
${ISC_INCLUDES} @OPENSSL_INCLUDES@
CDEFINES = -DNAMED_CONFFILE=\"${sysconfdir}/named.conf\"
CWARNINGS =
DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
ISCLIBS = ../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @ISC_OPENSSL_LIBS@
ISCLIBS = ../../lib/isc/libisc.@A@ @OPENSSL_LDFLAGS@ @OPENSSL_LIBS@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @OPENSSL_LDFLAGS@ @OPENSSL_LIBS@
BIND9LIBS = ../../lib/bind9/libbind9.@A@
NSLIBS = ../../lib/ns/libns.@A@
......
......@@ -27,8 +27,8 @@ CWARNINGS =
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
ISCCCLIBS = ../../lib/isccc/libisccc.@A@
ISCLIBS = ../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @ISC_OPENSSL_LIBS@
ISCLIBS = ../../lib/isc/libisc.@A@ @OPENSSL_LDFLAGS@ @OPENSSL_LIBS@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @OPENSSL_LDFLAGS@ @OPENSSL_LIBS@
DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
BIND9LIBS = ../../lib/bind9/libbind9.@A@
......
......@@ -36,7 +36,7 @@
#include <isc/time.h>
#include <isc/util.h>
#if HAVE_PKCS11
#if USE_PKCS11
#include <pk11/result.h>
#endif
......@@ -102,7 +102,7 @@ main(int argc, char **argv) {
int len = 0;
int ch;
#if HAVE_PKCS11
#if USE_PKCS11
pk11_result_register();
#endif
dns_result_register();
......
......@@ -43,10 +43,8 @@
const char *
alg_totext(dns_secalg_t alg) {
switch (alg) {
#ifndef PK11_MD5_DISABLE
case DST_ALG_HMACMD5:
return "hmac-md5";
#endif
case DST_ALG_HMACSHA1:
return "hmac-sha1";
case DST_ALG_HMACSHA224:
......@@ -71,10 +69,8 @@ alg_fromtext(const char *name) {
if (strncasecmp(p, "hmac-", 5) == 0)
p = &name[5];
#ifndef PK11_MD5_DISABLE
if (strcasecmp(p, "md5") == 0)
return DST_ALG_HMACMD5;
#endif
if (strcasecmp(p, "sha1") == 0)
return DST_ALG_HMACSHA1;
if (strcasecmp(p, "sha224") == 0)
......@@ -124,9 +120,7 @@ generate_key(isc_mem_t *mctx, dns_secalg_t alg, int keysize,
dst_key_t *key = NULL;
switch (alg) {
#ifndef PK11_MD5_DISABLE
case DST_ALG_HMACMD5:
#endif
case DST_ALG_HMACSHA1:
case DST_ALG_HMACSHA224:
case DST_ALG_HMACSHA256:
......
......@@ -16,7 +16,7 @@ VERSION=@BIND9_VERSION@
@BIND9_MAKE_INCLUDES@
CINCLUDES = -I${srcdir}/include ${DNS_INCLUDES} ${ISC_INCLUDES} \
${IRS_INCLUDES} ${ISCCFG_INCLUDES} @DST_OPENSSL_INC@
${IRS_INCLUDES} ${ISCCFG_INCLUDES} @OPENSSL_INCLUDES@
CDEFINES = -DVERSION=\"${VERSION}\" \
-DSYSCONFDIR=\"${sysconfdir}\"
......@@ -24,8 +24,8 @@ CWARNINGS =
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @ISC_OPENSSL_LIBS@
ISCLIBS = ../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @OPENSSL_LDFLAGS@ @OPENSSL_LIBS@
ISCLIBS = ../../lib/isc/libisc.@A@ @OPENSSL_LDFLAGS@ @OPENSSL_LIBS@
IRSLIBS = ../../lib/irs/libirs.@A@
ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@
......
......@@ -19,7 +19,7 @@ READLINE_LIB = @READLINE_LIB@
CINCLUDES = -I${srcdir}/include ${DNS_INCLUDES} \
${BIND9_INCLUDES} ${ISC_INCLUDES} \
${IRS_INCLUDES} ${ISCCFG_INCLUDES} @LIBIDN2_CFLAGS@ @DST_OPENSSL_INC@
${IRS_INCLUDES} ${ISCCFG_INCLUDES} @LIBIDN2_CFLAGS@ @OPENSSL_INCLUDES@
CDEFINES = -DVERSION=\"${VERSION}\"
CWARNINGS =
......@@ -27,8 +27,8 @@ CWARNINGS =
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
BIND9LIBS = ../../lib/bind9/libbind9.@A@
ISCLIBS = ../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @ISC_OPENSSL_LIBS@
ISCLIBS = ../../lib/isc/libisc.@A@ @OPENSSL_LDFLAGS@ @OPENSSL_LIBS@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @OPENSSL_LDFLAGS@ @OPENSSL_LIBS@
IRSLIBS = ../../lib/irs/libirs.@A@
ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@
......
......@@ -1771,11 +1771,7 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
ptr = ptr2;
ptr2 = ptr3;
} else {
#ifndef PK11_MD5_DISABLE
hmacname = DNS_TSIG_HMACMD5_NAME;
#else
hmacname = DNS_TSIG_HMACSHA256_NAME;
#endif
digestbits = 0;
}
/* XXXONDREJ: FIXME */
......
......@@ -84,7 +84,7 @@
#include <dig/dig.h>
#if HAVE_PKCS11
#if USE_PKCS11
#include <pk11/result.h>
#endif
......@@ -1032,14 +1032,12 @@ parse_hmac(const char *hmac) {
digestbits = 0;
#ifndef PK11_MD5_DISABLE
if (strcasecmp(buf, "hmac-md5") == 0) {
hmacname = DNS_TSIG_HMACMD5_NAME;
} else if (strncasecmp(buf, "hmac-md5-", 9) == 0) {
hmacname = DNS_TSIG_HMACMD5_NAME;
digestbits = parse_bits(&buf[9], "digest-bits [0..128]", 128);
} else
#endif
if (strcasecmp(buf, "hmac-sha1") == 0) {
hmacname = DNS_TSIG_HMACSHA1_NAME;
digestbits = 0;
......@@ -1153,11 +1151,9 @@ setup_file_key(void) {
}
switch (dst_key_alg(dstkey)) {
#ifndef PK11_MD5_DISABLE
case DST_ALG_HMACMD5:
hmacname = DNS_TSIG_HMACMD5_NAME;
break;
#endif
case DST_ALG_HMACSHA1:
hmacname = DNS_TSIG_HMACSHA1_NAME;
break;
......@@ -1314,7 +1310,7 @@ setup_libs(void) {
debug("setup_libs()");
#if HAVE_PKCS11
#if USE_PKCS11
pk11_result_register();
#endif
dns_result_register();
......
......@@ -15,15 +15,14 @@ VERSION=@BIND9_VERSION@
@BIND9_MAKE_INCLUDES@
CINCLUDES = ${DNS_INCLUDES} ${ISC_INCLUDES} @DST_OPENSSL_INC@
CINCLUDES = ${DNS_INCLUDES} ${ISC_INCLUDES} @OPENSSL_INCLUDES@
CDEFINES = -DVERSION=\"${VERSION}\" @USE_PKCS11@ @PKCS11_ENGINE@ \
-DPK11_LIB_LOCATION=\"@PKCS11_PROVIDER@\"
CDEFINES = -DVERSION=\"${VERSION}\"
CWARNINGS =
DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
ISCLIBS = ../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @ISC_OPENSSL_LIBS@
ISCLIBS = ../../lib/isc/libisc.@A@ @OPENSSL_LDFLAGS@ @OPENSSL_LIBS@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @OPENSSL_LDFLAGS@ @OPENSSL_LIBS@
DNSDEPLIBS = ../../lib/dns/libdns.@A@
ISCDEPLIBS = ../../lib/isc/libisc.@A@
......
......@@ -53,7 +53,7 @@
#include <dst/dst.h>
#if HAVE_PKCS11
#if USE_PKCS11
#include <pk11/result.h>
#endif
......@@ -1147,7 +1147,7 @@ main(int argc, char *argv[]) {
fatal("out of memory");
}
#if HAVE_PKCS11
#if USE_PKCS11
pk11_result_register();
#endif
dns_result_register();
......
......@@ -41,7 +41,7 @@
#include <dst/dst.h>
#if HAVE_PKCS11
#if USE_PKCS11
#include <pk11/result.h>
#endif
......@@ -370,7 +370,7 @@ main(int argc, char **argv) {
if (result != ISC_R_SUCCESS)
fatal("out of memory");
#if HAVE_PKCS11
#if USE_PKCS11
pk11_result_register();
#endif
dns_result_register();
......
......@@ -41,7 +41,7 @@
#include <dst/dst.h>
#if HAVE_PKCS11
#if USE_PKCS11
#include <pk11/result.h>
#endif
......@@ -310,7 +310,7 @@ main(int argc, char **argv) {
if (result != ISC_R_SUCCESS)
fatal("out of memory");
#if HAVE_PKCS11
#if USE_PKCS11
pk11_result_register();
#endif
dns_result_register();
......
......@@ -37,7 +37,7 @@
#include <dst/dst.h>
#if HAVE_PKCS11
#if USE_PKCS11
#include <pk11/result.h>
#endif
......@@ -69,12 +69,9 @@ usage(void) {
fprintf(stderr, " -3: use NSEC3-capable algorithm\n");
fprintf(stderr, " -c class (default: IN)\n");
fprintf(stderr, " -E <engine>:\n");
#if HAVE_PKCS11
#if USE_PKCS11
fprintf(stderr, " path to PKCS#11 provider library "
"(default is %s)\n", PK11_LIB_LOCATION);
#elif defined(USE_PKCS11)
fprintf(stderr, " name of an OpenSSL engine to use "
"(default is \"pkcs11\")\n");
#else
fprintf(stderr, " name of an OpenSSL engine to use\n");
#endif
......@@ -124,11 +121,7 @@ main(int argc, char **argv) {
const char *directory = NULL;
const char *predecessor = NULL;
dst_key_t *prevkey = NULL;
#ifdef USE_PKCS11
const char *engine = PKCS11_ENGINE;
#else
const char *engine = NULL;
#endif
char *classname = NULL;
char *endp;
dst_key_t *key = NULL;
......@@ -173,7 +166,7 @@ main(int argc, char **argv) {
RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
#if HAVE_PKCS11
#if USE_PKCS11
pk11_result_register();
#endif
dns_result_register();
......@@ -388,20 +381,10 @@ main(int argc, char **argv) {
}
if (strcasecmp(algname, "RSA") == 0) {
#ifndef PK11_MD5_DISABLE
fprintf(stderr, "The use of RSA (RSAMD5) is not "
"recommended.\nIf you still wish to "
"use RSA (RSAMD5) please specify "
"\"-a RSAMD5\"\n");
#else
fprintf(stderr,
"The use of RSA (RSAMD5) was disabled\n");
if (freeit != NULL)
free(freeit);
return (1);
} else if (strcasecmp(algname, "RSAMD5") == 0) {
fprintf(stderr, "The use of RSAMD5 was disabled\n");
#endif
if (freeit != NULL)
free(freeit);
return (1);
......@@ -512,11 +495,6 @@ main(int argc, char **argv) {
alg = dst_key_alg(prevkey);
flags = dst_key_flags(prevkey);
#ifdef PK11_MD5_DISABLE
if (alg == DST_ALG_RSAMD5)
fatal("Key %s uses disabled RSAMD5", predecessor);
#endif
dst_key_format(prevkey, keystr, sizeof(keystr));
dst_key_getprivateformat(prevkey, &major, &minor);
if (major != DST_MAJOR_VERSION || minor < DST_MINOR_VERSION)
......@@ -606,7 +584,7 @@ main(int argc, char **argv) {
/* associate the key */
ret = dst_key_fromlabel(name, alg, flags, protocol, rdclass,
#if HAVE_PKCS11
#if USE_PKCS11
"pkcs11",
#else
engine,
......
......@@ -52,7 +52,7 @@
#include <dst/dst.h>
#if HAVE_PKCS11
#if USE_PKCS11
#include <pk11/result.h>
#endif
......@@ -106,12 +106,9 @@ usage(void) {
fprintf(stderr, " -c <class>: (default: IN)\n");
fprintf(stderr, " -d <digest bits> (0 => max, default)\n");
fprintf(stderr, " -E <engine>:\n");
#if HAVE_PKCS11
#if USE_PKCS11
fprintf(stderr, " path to PKCS#11 provider library "
"(default is %s)\n", PK11_LIB_LOCATION);
#elif defined(USE_PKCS11)
fprintf(stderr, " name of an OpenSSL engine to use "
"(default is \"pkcs11\")\n");
#else
fprintf(stderr, " name of an OpenSSL engine to use\n");
#endif
......@@ -216,11 +213,7 @@ main(int argc, char **argv) {
dst_key_t *prevkey = NULL;
isc_buffer_t buf;
isc_log_t *log = NULL;
#ifdef USE_PKCS11
const char *engine = PKCS11_ENGINE;
#else
const char *engine = NULL;
#endif
dns_rdataclass_t rdclass;
int options = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC;
int dbits = 0;
......@@ -247,7 +240,7 @@ main(int argc, char **argv) {
if (argc == 1)
usage();
#if HAVE_PKCS11
#if USE_PKCS11
pk11_result_register();
#endif
dns_result_register();
......@@ -523,23 +516,12 @@ main(int argc, char **argv) {
}
if (strcasecmp(algname, "RSA") == 0) {
#ifndef PK11_MD5_DISABLE
fprintf(stderr, "The use of RSA (RSAMD5) is not "
"recommended.\nIf you still wish to "
"use RSA (RSAMD5) please specify "
"\"-a RSAMD5\"\n");
INSIST(freeit == NULL);
return (1);
#else
fprintf(stderr,
"The use of RSA (RSAMD5) was disabled\n");
INSIST(freeit == NULL);
return (1);
} else if (strcasecmp(algname, "RSAMD5") == 0) {
fprintf(stderr, "The use of RSAMD5 was disabled\n");
INSIST(freeit == NULL);
return (1);
#endif
} else {
r.base = algname;
r.length = strlen(algname);
......@@ -552,10 +534,6 @@ main(int argc, char **argv) {
}
}
#ifdef PK11_MD5_DISABLE
INSIST((alg != DNS_KEYALG_RSAMD5));
#endif
if (!dst_algorithm_supported(alg)) {
fatal("unsupported algorithm: %d", alg);
}
......
......@@ -30,7 +30,7 @@
#include <dst/dst.h>
#if HAVE_PKCS11
#if USE_PKCS11
#include <pk11/result.h>
#endif
......@@ -49,12 +49,9 @@ usage(void) {
fprintf(stderr, "Usage:\n");
fprintf(stderr, " %s [options] keyfile\n\n", program);
fprintf(stderr, "Version: %s\n", VERSION);
#if HAVE_PKCS11
#if USE_PKCS11
fprintf(stderr, " -E engine: specify PKCS#11 provider "
"(default: %s)\n", PK11_LIB_LOCATION);
#elif defined(USE_PKCS11)
fprintf(stderr, " -E engine: specify OpenSSL engine "
"(default \"pkcs11\")\n");
#else
fprintf(stderr, " -E engine: specify OpenSSL engine\n");
#endif
......@@ -75,11 +72,7 @@ usage(void) {
int
main(int argc, char **argv) {
isc_result_t result;
#ifdef USE_PKCS11
const char *engine = PKCS11_ENGINE;
#else
const char *engine = NULL;
#endif
char const *filename = NULL;
char *dir = NULL;
char newname[1024], oldname[1024];
......
......@@ -33,7 +33,7 @@
#include <dst/dst.h>
#if HAVE_PKCS11
#if USE_PKCS11
#include <pk11/result.h>
#endif
......@@ -53,7 +53,7 @@ usage(void) {
fprintf(stderr, " %s [options] keyfile\n\n", program);
fprintf(stderr, "Version: %s\n", VERSION);
fprintf(stderr, "General options:\n");
#if HAVE_PKCS11
#if USE_PKCS11
fprintf(stderr, " -E engine: specify PKCS#11 provider "
"(default: %s)\n", PK11_LIB_LOCATION);
#elif defined(USE_PKCS11)
......@@ -127,11 +127,7 @@ printtime(dst_key_t *key, int type, const char *tag, isc_boolean_t epoch,
int
main(int argc, char **argv) {
isc_result_t result;
#ifdef USE_PKCS11
const char *engine = PKCS11_ENGINE;
#else
const char *engine = NULL;
#endif
const char *filename = NULL;
char *directory = NULL;
char newname[1024];
......@@ -178,7 +174,7 @@ main(int argc, char **argv) {
setup_logging(mctx, &log);
#if HAVE_PKCS11
#if USE_PKCS11
pk11_result_register();
#endif
dns_result_register();
......
......@@ -80,7 +80,7 @@
#include <dst/dst.h>
#if HAVE_PKCS11
#if USE_PKCS11
#include <pk11/result.h>
#endif
......@@ -3131,12 +3131,9 @@ usage(void) {
fprintf(stderr, "verify generated signatures\n");
fprintf(stderr, "\t-c class (IN)\n");
fprintf(stderr, "\t-E engine:\n");
#if HAVE_PKCS11
#if USE_PKCS11
fprintf(stderr, "\t\tpath to PKCS#11 provider library "
"(default is %s)\n", PK11_LIB_LOCATION);
#elif defined(USE_PKCS11)
fprintf(stderr, "\t\tname of an OpenSSL engine to use "
"(default is \"pkcs11\")\n");
#else
fprintf(stderr, "\t\tname of an OpenSSL engine to use\n");
#endif
......@@ -3229,11 +3226,7 @@ main(int argc, char *argv[]) {
dns_dnsseckey_t *key;
isc_result_t result, vresult;
isc_log_t *log = NULL;
#ifdef USE_PKCS11
const char *engine = PKCS11_ENGINE;
#else
const char *engine = NULL;
#endif
isc_boolean_t free_output = ISC_FALSE;
int tempfilelen = 0;
dns_rdataclass_t rdclass;
......@@ -3286,7 +3279,7 @@ main(int argc, char *argv[]) {
if (result != ISC_R_SUCCESS)
fatal("out of memory");
#if HAVE_PKCS11
#if USE_PKCS11
pk11_result_register();
#endif
dns_result_register();
......
......@@ -62,7 +62,7 @@
#include <dst/dst.h>
#if HAVE_PKCS11
#if USE_PKCS11
#include <pk11/result.h>
#endif
......@@ -150,12 +150,9 @@ usage(void) {
fprintf(stderr, "\t\tfile format of input zonefile (text)\n");
fprintf(stderr, "\t-c class (IN)\n");
fprintf(stderr, "\t-E engine:\n");
#if HAVE_PKCS11
#if USE_PKCS11
fprintf(stderr, "\t\tpath to PKCS#11 provider library "
"(default is %s)\n", PK11_LIB_LOCATION);
#elif defined(USE_PKCS11)
fprintf(stderr, "\t\tname of an OpenSSL engine to use "
"(default is \"pkcs11\")\n");
#else
fprintf(stderr, "\t\tname of an OpenSSL engine to use\n");
#endif
......@@ -171,11 +168,7 @@ main(int argc, char *argv[]) {
char *inputformatstr = NULL;
isc_result_t result;
isc_log_t *log = NULL;
#ifdef USE_PKCS11
const char *engine = PKCS11_ENGINE;
#else
const char *engine = NULL;
#endif
char *classname = NULL;
dns_rdataclass_t rdclass;
char *endp;
......@@ -212,7 +205,7 @@ main(int argc, char *argv[]) {
if (result != ISC_R_SUCCESS)
fatal("out of memory");
#if HAVE_PKCS11
#if USE_PKCS11
pk11_result_register();
#endif
dns_result_register();
......
......@@ -46,17 +46,17 @@ CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \
${NS_INCLUDES} ${DNS_INCLUDES} \
${BIND9_INCLUDES} ${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} \
${ISC_INCLUDES} ${DLZDRIVER_INCLUDES} \
${DBDRIVER_INCLUDES} @DST_OPENSSL_INC@
${DBDRIVER_INCLUDES} @OPENSSL_INCLUDES@
CDEFINES = @CONTRIB_DLZ@ @USE_PKCS11@ @PKCS11_ENGINE@
CDEFINES = @CONTRIB_DLZ@
CWARNINGS =
DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
ISCCCLIBS = ../../lib/isccc/libisccc.@A@
ISCLIBS = ../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @ISC_OPENSSL_LIBS@
ISCLIBS = ../../lib/isc/libisc.@A@ @OPENSSL_LDFLAGS@ @OPENSSL_LIBS@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @OPENSSL_LDFLAGS@ @OPENSSL_LIBS@
BIND9LIBS = ../../lib/bind9/libbind9.@A@
NSLIBS = ../../lib/ns/libns.@A@
......
......@@ -51,11 +51,7 @@ options {\n\
automatic-interface-scan yes;\n\
bindkeys-file \"" NAMED_SYSCONFDIR "/bind.keys\";\n\
# blackhole {none;};\n"
#if defined(HAVE_OPENSSL_AES) || defined(HAVE_OPENSSL_EVP_AES)
" cookie-algorithm aes;\n"
#else
" cookie-algorithm sha256;\n"
#endif
#ifndef WIN32
" coresize default;\n\
datasize default;\n"
......@@ -957,11 +953,9 @@ struct keyalgorithms {
unsigned int type;
isc_uint16_t size;
} algorithms[] = {
#ifndef PK11_MD5_DISABLE
{ "hmac-md5", hmacmd5, DST_ALG_HMACMD5, 128 },
{ "hmac-md5.sig-alg.reg.int", hmacmd5, DST_ALG_HMACMD5, 0 },
{ "hmac-md5.sig-alg.reg.int.", hmacmd5, DST_ALG_HMACMD5, 0 },
#endif
{ "hmac-sha1", hmacsha1, DST_ALG_HMACSHA1, 160 },
{ "hmac-sha224", hmacsha224, DST_ALG_HMACSHA224, 224 },
{ "hmac-sha256", hmacsha256, DST_ALG_HMACSHA256, 256 },
......@@ -1008,9 +1002,7 @@ named_config_getkeyalgorithm2(const char *str, const dns_name_t **name,
if (name != NULL) {
switch (algorithms[i].hmac) {
#ifndef PK11_MD5_DISABLE
case hmacmd5: *name = dns_tsig_hmacmd5_name; break;
#endif
case hmacsha1: *name = dns_tsig_hmacsha1_name; break;
case hmacsha224: *name = dns_tsig_hmacsha224_name; break;
case hmacsha256: *name = dns_tsig_hmacsha256_name; break;
......
......@@ -142,11 +142,7 @@ EXTERN const char * named_g_defaultdnstap INIT(NULL);
EXTERN const char * named_g_username INIT(NULL);
#if defined(USE_PKCS11)
EXTERN const char * named_g_engine INIT(PKCS11_ENGINE);
#else
EXTERN const char * named_g_engine INIT(NULL);
#endif
EXTERN isc_time_t named_g_boottime;
EXTERN isc_time_t named_g_configtime;
......
......@@ -44,7 +44,7 @@
#include <dns/view.h>
#include <dst/result.h>
#if HAVE_PKCS11
#if USE_PKCS11
#include <pk11/result.h>
#endif
......@@ -75,10 +75,8 @@
#include <named/smf_globals.h>
#endif
#if HAVE_OPENSSL
#include <openssl/opensslv.h>