Fix ECC algorithms unused constants in PKCS#11 build (c116fb96) falls short
Summary
While trying to compile on Solaris I receive the following error:
libtool: compile: /usr/gcc/7/bin/gcc -I/builds/smarshal/bind-9.11/components/bind/build/amd64 -I/builds/smarshal/bind-9.11/components/bind/bind-9.11.6 -I/builds/smarshal/bin
d-9.11/components/bind/build/amd64/lib/isc/include -I/builds/smarshal/bind-9.11/components/bind/bind-9.11.6/lib/isc -I/builds/smarshal/bind-9.11/components/bind/bind-9.11.6/l
ib/isc/include -I/builds/smarshal/bind-9.11/components/bind/bind-9.11.6/lib/isc/unix/include -I/builds/smarshal/bind-9.11/components/bind/bind-9.11.6/lib/isc/pthreads/include
-I/builds/smarshal/bind-9.11/components/bind/bind-9.11.6/lib/isc/x86_32/include -D_REENTRANT -D_XPG4_2 -D__EXTENSIONS__ -m64 -O3 -I/usr/include/libxml2 -fPIC -W -Wall -Wmiss
ing-prototypes -Wcast-qual -Wwrite-strings -Wformat -Wpointer-arith -fno-strict-aliasing -fno-delete-null-pointer-checks -c /builds/smarshal/bind-9.11/components/bind/bind-9.
11.6/bin/pkcs11/pkcs11-keygen.c -fPIC -DPIC -o .libs/pkcs11-keygen.o
/builds/smarshal/bind-9.11/components/bind/bind-9.11.6/bin/pkcs11/pkcs11-keygen.c: In function 'main':
/builds/smarshal/bind-9.11/components/bind/bind-9.11.6/bin/pkcs11/pkcs11-keygen.c:424:32: error: 'pk11_ecc_prime256v1' undeclared (first use in this function)
public_template[4].pValue = pk11_ecc_prime256v1;
^~~~~~~~~~~~~~~~~~~
/builds/smarshal/bind-9.11/components/bind/bind-9.11.6/bin/pkcs11/pkcs11-keygen.c:424:32: note: each undeclared identifier is reported only once for each function it appears
in
/builds/smarshal/bind-9.11/components/bind/bind-9.11.6/bin/pkcs11/pkcs11-keygen.c:428:32: error: 'pk11_ecc_secp384r1' undeclared (first use in this function); did you mean 'p
k11_ecc_prime256v1'?
public_template[4].pValue = pk11_ecc_secp384r1;
^~~~~~~~~~~~~~~~~~
pk11_ecc_prime256v1BIND version used
$ gmake test-named-version
LD_LIBRARY_PATH=/builds/smarshal/bind-9.11-sru/components/bind/build/prototype/i386/usr/lib/dns/amd64 \
/builds/smarshal/bind-9.11-sru/components/bind/build/prototype/i386/usr/sbin/named -V; \
BIND 9.11.6 (Extended Support Version) <id:f4bd4ca>
running on SunOS i86pc 5.11 11.4.0.15.0
built by make with '--prefix=/usr' '--mandir=/usr/share/man' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--libdir=/usr/lib/dns/amd64' '--enable-full-report' '--with-python=/usr/bin/python3.4' '--with-libtool' '--with-openssl=/usr' '--with-pkcs11=/usr/lib/amd64/libpkcs11.so.1' '--with-libxml2=/usr' '--enable-threads' '--enable-devpoll' '--enable-fixed-rrset' '--with-tuning=large' '--enable-largefile' '--sysconfdir=/etc' '--localstatedir=/var' '--with-randomdev=/dev/random' '--with-gssapi=krb5-config' '--with-docbook-xsl=/usr/share/sgml/docbook' '--with-python-install-dir=/usr/lib/python3.4/vendor-packages' 'CC=/usr/gcc/7/bin/gcc' 'CFLAGS=-m64 -O3' 'LDFLAGS=' 'CPPFLAGS=-m64' 'PKG_CONFIG_PATH=/usr/lib/amd64/pkgconfig'
compiled by GCC 7.3.0
compiled with OpenSSL version: OpenSSL 1.0.2o 27 Mar 2018
linked to OpenSSL version: OpenSSL 1.0.2o 27 Mar 2018
compiled with libxml2 version: 2.9.5
linked to libxml2 version: 20905
compiled with libjson-c version: 0.12
linked to libjson-c version: 0.12
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
threads support is enabled
$Steps to reproduce
gmake install
What is the current bug behavior?
Build fails, see above.
What is the expected correct behavior?
Build completes.
Relevant configuration files
Non-Applicable
Relevant logs and/or screenshots
Non-Applicable
Possible fixes
--- orig-bind-9.11.6/bin/pkcs11/pkcs11-keygen.c 2019-02-27 15:28:15.000000000 -0800
+++ bind-9.11.6/bin/pkcs11/pkcs11-keygen.c 2019-03-11 09:20:50.955257469 -0700
@@ -403,6 +403,10 @@
public_template[RSA_PUBLIC_EXPONENT].ulValueLen = expsize;
break;
case key_ecc:
+#if !defined(HAVE_PKCS11_ECDSA)
+ fprintf(stderr, "prime256v1 and secp3841r1 is not supported\n");
+ usage();
+#else
op_type = OP_EC;
if (bits == 0)
bits = 256;
@@ -429,7 +433,7 @@
public_template[4].ulValueLen =
sizeof(pk11_ecc_secp384r1);
}
-
+#endif
break;
case key_ecx:
#if !defined(CKM_EDDSA_KEY_PAIR_GEN)