Fix ECC algorithms unused constants in PKCS#11 build (c116fb96) falls short (#935) · Issues · ISC Open Source Projects / BIND

Fix ECC algorithms unused constants in PKCS#11 build (c116fb96) falls short

Summary

While trying to compile on Solaris I receive the following error:

libtool: compile:  /usr/gcc/7/bin/gcc -I/builds/smarshal/bind-9.11/components/bind/build/amd64 -I/builds/smarshal/bind-9.11/components/bind/bind-9.11.6 -I/builds/smarshal/bin
d-9.11/components/bind/build/amd64/lib/isc/include -I/builds/smarshal/bind-9.11/components/bind/bind-9.11.6/lib/isc -I/builds/smarshal/bind-9.11/components/bind/bind-9.11.6/l
ib/isc/include -I/builds/smarshal/bind-9.11/components/bind/bind-9.11.6/lib/isc/unix/include -I/builds/smarshal/bind-9.11/components/bind/bind-9.11.6/lib/isc/pthreads/include
 -I/builds/smarshal/bind-9.11/components/bind/bind-9.11.6/lib/isc/x86_32/include -D_REENTRANT -D_XPG4_2 -D__EXTENSIONS__ -m64 -O3 -I/usr/include/libxml2 -fPIC -W -Wall -Wmiss
ing-prototypes -Wcast-qual -Wwrite-strings -Wformat -Wpointer-arith -fno-strict-aliasing -fno-delete-null-pointer-checks -c /builds/smarshal/bind-9.11/components/bind/bind-9.
11.6/bin/pkcs11/pkcs11-keygen.c  -fPIC -DPIC -o .libs/pkcs11-keygen.o
/builds/smarshal/bind-9.11/components/bind/bind-9.11.6/bin/pkcs11/pkcs11-keygen.c: In function 'main':
/builds/smarshal/bind-9.11/components/bind/bind-9.11.6/bin/pkcs11/pkcs11-keygen.c:424:32: error: 'pk11_ecc_prime256v1' undeclared (first use in this function)
    public_template[4].pValue = pk11_ecc_prime256v1;
                                ^~~~~~~~~~~~~~~~~~~
/builds/smarshal/bind-9.11/components/bind/bind-9.11.6/bin/pkcs11/pkcs11-keygen.c:424:32: note: each undeclared identifier is reported only once for each function it appears
in
/builds/smarshal/bind-9.11/components/bind/bind-9.11.6/bin/pkcs11/pkcs11-keygen.c:428:32: error: 'pk11_ecc_secp384r1' undeclared (first use in this function); did you mean 'p
k11_ecc_prime256v1'?
    public_template[4].pValue = pk11_ecc_secp384r1;
                                ^~~~~~~~~~~~~~~~~~
                                pk11_ecc_prime256v1

BIND version used

$ gmake test-named-version
LD_LIBRARY_PATH=/builds/smarshal/bind-9.11-sru/components/bind/build/prototype/i386/usr/lib/dns/amd64 \
        /builds/smarshal/bind-9.11-sru/components/bind/build/prototype/i386/usr/sbin/named -V; \

BIND 9.11.6 (Extended Support Version) <id:f4bd4ca>
running on SunOS i86pc 5.11 11.4.0.15.0
built by make with '--prefix=/usr' '--mandir=/usr/share/man' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--libdir=/usr/lib/dns/amd64' '--enable-full-report' '--with-python=/usr/bin/python3.4' '--with-libtool' '--with-openssl=/usr' '--with-pkcs11=/usr/lib/amd64/libpkcs11.so.1' '--with-libxml2=/usr' '--enable-threads' '--enable-devpoll' '--enable-fixed-rrset' '--with-tuning=large' '--enable-largefile' '--sysconfdir=/etc' '--localstatedir=/var' '--with-randomdev=/dev/random' '--with-gssapi=krb5-config' '--with-docbook-xsl=/usr/share/sgml/docbook' '--with-python-install-dir=/usr/lib/python3.4/vendor-packages' 'CC=/usr/gcc/7/bin/gcc' 'CFLAGS=-m64 -O3' 'LDFLAGS=' 'CPPFLAGS=-m64' 'PKG_CONFIG_PATH=/usr/lib/amd64/pkgconfig'
compiled by GCC 7.3.0
compiled with OpenSSL version: OpenSSL 1.0.2o  27 Mar 2018
linked to OpenSSL version: OpenSSL 1.0.2o  27 Mar 2018
compiled with libxml2 version: 2.9.5
linked to libxml2 version: 20905
compiled with libjson-c version: 0.12
linked to libjson-c version: 0.12
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
threads support is enabled
$

Steps to reproduce

gmake install

What is the current bug behavior?

Build fails, see above.

What is the expected correct behavior?

Build completes.

Relevant configuration files

Non-Applicable

Relevant logs and/or screenshots

Non-Applicable

Possible fixes

--- orig-bind-9.11.6/bin/pkcs11/pkcs11-keygen.c	2019-02-27 15:28:15.000000000 -0800
+++ bind-9.11.6/bin/pkcs11/pkcs11-keygen.c	2019-03-11 09:20:50.955257469 -0700
@@ -403,6 +403,10 @@
 		public_template[RSA_PUBLIC_EXPONENT].ulValueLen = expsize;
 		break;
 	case key_ecc:
+#if !defined(HAVE_PKCS11_ECDSA)
+		fprintf(stderr, "prime256v1 and secp3841r1 is not supported\n");
+		usage();
+#else
 		op_type = OP_EC;
 		if (bits == 0)
 			bits = 256;
@@ -429,7 +433,7 @@
 			public_template[4].ulValueLen =
 				sizeof(pk11_ecc_secp384r1);
 		}
-
+#endif
 		break;
 	case key_ecx:
 #if !defined(CKM_EDDSA_KEY_PAIR_GEN)

### Summary

While trying to compile on Solaris I receive the following error:
```
libtool: compile:  /usr/gcc/7/bin/gcc -I/builds/smarshal/bind-9.11/components/bind/build/amd64 -I/builds/smarshal/bind-9.11/components/bind/bind-9.11.6 -I/builds/smarshal/bin
d-9.11/components/bind/build/amd64/lib/isc/include -I/builds/smarshal/bind-9.11/components/bind/bind-9.11.6/lib/isc -I/builds/smarshal/bind-9.11/components/bind/bind-9.11.6/l
ib/isc/include -I/builds/smarshal/bind-9.11/components/bind/bind-9.11.6/lib/isc/unix/include -I/builds/smarshal/bind-9.11/components/bind/bind-9.11.6/lib/isc/pthreads/include
 -I/builds/smarshal/bind-9.11/components/bind/bind-9.11.6/lib/isc/x86_32/include -D_REENTRANT -D_XPG4_2 -D__EXTENSIONS__ -m64 -O3 -I/usr/include/libxml2 -fPIC -W -Wall -Wmiss
ing-prototypes -Wcast-qual -Wwrite-strings -Wformat -Wpointer-arith -fno-strict-aliasing -fno-delete-null-pointer-checks -c /builds/smarshal/bind-9.11/components/bind/bind-9.
11.6/bin/pkcs11/pkcs11-keygen.c  -fPIC -DPIC -o .libs/pkcs11-keygen.o
/builds/smarshal/bind-9.11/components/bind/bind-9.11.6/bin/pkcs11/pkcs11-keygen.c: In function 'main':
/builds/smarshal/bind-9.11/components/bind/bind-9.11.6/bin/pkcs11/pkcs11-keygen.c:424:32: error: 'pk11_ecc_prime256v1' undeclared (first use in this function)
    public_template[4].pValue = pk11_ecc_prime256v1;
                                ^~~~~~~~~~~~~~~~~~~
/builds/smarshal/bind-9.11/components/bind/bind-9.11.6/bin/pkcs11/pkcs11-keygen.c:424:32: note: each undeclared identifier is reported only once for each function it appears
in
/builds/smarshal/bind-9.11/components/bind/bind-9.11.6/bin/pkcs11/pkcs11-keygen.c:428:32: error: 'pk11_ecc_secp384r1' undeclared (first use in this function); did you mean 'p
k11_ecc_prime256v1'?
    public_template[4].pValue = pk11_ecc_secp384r1;
                                ^~~~~~~~~~~~~~~~~~
                                pk11_ecc_prime256v1
```

### BIND version used

```
$ gmake test-named-version
LD_LIBRARY_PATH=/builds/smarshal/bind-9.11-sru/components/bind/build/prototype/i386/usr/lib/dns/amd64 \
        /builds/smarshal/bind-9.11-sru/components/bind/build/prototype/i386/usr/sbin/named -V; \

BIND 9.11.6 (Extended Support Version) <id:f4bd4ca>
running on SunOS i86pc 5.11 11.4.0.15.0
built by make with '--prefix=/usr' '--mandir=/usr/share/man' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--libdir=/usr/lib/dns/amd64' '--enable-full-report' '--with-python=/usr/bin/python3.4' '--with-libtool' '--with-openssl=/usr' '--with-pkcs11=/usr/lib/amd64/libpkcs11.so.1' '--with-libxml2=/usr' '--enable-threads' '--enable-devpoll' '--enable-fixed-rrset' '--with-tuning=large' '--enable-largefile' '--sysconfdir=/etc' '--localstatedir=/var' '--with-randomdev=/dev/random' '--with-gssapi=krb5-config' '--with-docbook-xsl=/usr/share/sgml/docbook' '--with-python-install-dir=/usr/lib/python3.4/vendor-packages' 'CC=/usr/gcc/7/bin/gcc' 'CFLAGS=-m64 -O3' 'LDFLAGS=' 'CPPFLAGS=-m64' 'PKG_CONFIG_PATH=/usr/lib/amd64/pkgconfig'
compiled by GCC 7.3.0
compiled with OpenSSL version: OpenSSL 1.0.2o  27 Mar 2018
linked to OpenSSL version: OpenSSL 1.0.2o  27 Mar 2018
compiled with libxml2 version: 2.9.5
linked to libxml2 version: 20905
compiled with libjson-c version: 0.12
linked to libjson-c version: 0.12
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
threads support is enabled
$
```

### Steps to reproduce

`gmake install`

### What is the current *bug* behavior?

Build fails, see above.

### What is the expected *correct* behavior?

Build completes.

### Relevant configuration files

Non-Applicable

### Relevant logs and/or screenshots

Non-Applicable

### Possible fixes

```
--- orig-bind-9.11.6/bin/pkcs11/pkcs11-keygen.c	2019-02-27 15:28:15.000000000 -0800
+++ bind-9.11.6/bin/pkcs11/pkcs11-keygen.c	2019-03-11 09:20:50.955257469 -0700
@@ -403,6 +403,10 @@
 		public_template[RSA_PUBLIC_EXPONENT].ulValueLen = expsize;
 		break;
 	case key_ecc:
+#if !defined(HAVE_PKCS11_ECDSA)
+		fprintf(stderr, "prime256v1 and secp3841r1 is not supported\n");
+		usage();
+#else
 		op_type = OP_EC;
 		if (bits == 0)
 			bits = 256;
@@ -429,7 +433,7 @@
 			public_template[4].ulValueLen =
 				sizeof(pk11_ecc_secp384r1);
 		}
-
+#endif
 		break;
 	case key_ecx:
 #if !defined(CKM_EDDSA_KEY_PAIR_GEN)

```

To upload designs, you'll need to enable LFS. More information