Only print warning when PKCS#11 dnssec-keygen fails from Edwards curves

2020-04-17 10:58:46 +02:00
parent 541d7bafe6
commit 9d979d7cd6
7 changed files with 22 additions and 5 deletions
--- a/aclocal.m4
+++ b/aclocal.m4
@@ -1,6 +1,6 @@
-# generated automatically by aclocal 1.16.1 -*- Autoconf -*-
+# generated automatically by aclocal 1.16.2 -*- Autoconf -*-

-# Copyright (C) 1996-2018 Free Software Foundation, Inc.
+# Copyright (C) 1996-2020 Free Software Foundation, Inc.

 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -290,7 +290,7 @@ AS_VAR_IF([$1], [""], [$5], [$4])dnl

 # AM_CONDITIONAL                                            -*- Autoconf -*-

-# Copyright (C) 1997-2018 Free Software Foundation, Inc.
+# Copyright (C) 1997-2020 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -324,7 +324,7 @@ fi])])
 # Add --enable-maintainer-mode option to configure.         -*- Autoconf -*-
 # From Jim Meyering

-# Copyright (C) 1996-2018 Free Software Foundation, Inc.
+# Copyright (C) 1996-2020 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -357,7 +357,7 @@ AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles])
 ]
 )

-# Copyright (C) 2006-2018 Free Software Foundation, Inc.
+# Copyright (C) 2006-2020 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
--- a/bin/tests/system/conf.sh.in
+++ b/bin/tests/system/conf.sh.in
@@ -127,3 +127,4 @@ HAVEGEOIP2=${MAXMINDDB_LIBS:+1}
 ZLIB_LIBS="@ZLIB_LIBS@"
 HAVEZLIB=${ZLIB_LIBS:+1}
 NZD=@NZD_TOOLS@
+CRYPTO=@CRYPTO@
--- a/bin/tests/system/conf.sh.win32
+++ b/bin/tests/system/conf.sh.win32
@@ -122,6 +122,7 @@ HAVEXMLSTATS=@XMLSTATS@
 HAVEJSONSTATS=@JSONSTATS@
 HAVEZLIB=@ZLIB@
 NZD=@NZD_TOOLS@
+CRYPTO=@CRYPTO@

 # The rest is shared between Windows and Unices
 . $TOP/bin/tests/system/conf.sh.common
--- a/bin/tests/system/dnssec/tests.sh
+++ b/bin/tests/system/dnssec/tests.sh
@@ -3248,6 +3248,15 @@ do
 	1|5|7|8|10) # RSA algorithms
 	    key1=$($KEYGEN -a "$alg" -b "1024" -n zone example 2> keygen.err || true)
 	    ;;
+	15|16)
+	    key1=$($KEYGEN -a "$alg" -b "1024" -n zone example 2> keygen.err || true)
+	    # Soft-fail	in case HSM doesn't support Edwards curves
+	    if grep "not found" keygen.err > /dev/null && [ "$CRYPTO" = "pkcs11" ]; then
+		echo_i "Algorithm $alg not supported by HSM: skipping"
+		alg=$((alg+1))
+		continue
+	    fi
+	    ;;
 	*)
 	    key1=$($KEYGEN -a "$alg" -n zone example 2> keygen.err || true)
    esac
--- a/2
+++ b/2
@@ -745,6 +745,7 @@ ISC_PLATFORM_GSSAPI_KRB5_HEADER
 ISC_PLATFORM_GSSAPIHEADER
 ISC_PLATFORM_HAVEGSSAPI
 KRB5_CONFIG
+CRYPTO
 PKCS11_TOOLS
 PKCS11_TEST
 OPENSSL_LIBS
@@ -16993,6 +16994,7 @@ esac



+
 case $CRYPTO in #(
  pkcs11) :

--- a/configure.ac
+++ b/configure.ac
@@ -849,6 +849,7 @@ AS_CASE([$enable_native_pkcs11],
 AC_SUBST([PKCS11_TEST])
 AC_SUBST([PKCS11_TOOLS])

+AC_SUBST([CRYPTO])
 AS_CASE([$CRYPTO],
 	[pkcs11],[AC_DEFINE([USE_PKCS11], [1], [define if PKCS11 is used for Public-Key Cryptography])],
 	[AC_DEFINE([USE_OPENSSL], [1], [define if OpenSSL is used for Public-Key Cryptography])])
--- a/win32utils/Configure
+++ b/win32utils/Configure
@@ -238,6 +238,7 @@ my %configtest;

 my @substtest = ("CHECKDS",
                 "COVERAGE",
+                 "CRYPTO",
                 "DNSTAP",
                 "FSTRM_CAPTURE",
                 "JSONSTATS",
@@ -1423,8 +1424,10 @@ if ($use_openssl eq "yes") {

 if ($cryptolib eq "openssl") {
    $configdefh{"USE_OPENSSL"} = 1;
+    $configtest{"CRYPTO"} = "OpenSSL";
 } else {
    $configdefh{"USE_PKCS11"} = 1;
+    $configtest{"CRYPTO"} = "pkcs11";
 }

 # check OpenSSL