From c0707105f60934d59321c2fccbc254f9e31ff28a Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Fri, 21 May 2004 08:09:27 +0000 Subject: [PATCH] 1642. [port] Support OpenSSL implementations which don't have DSA support. [RT #11360] --- CHANGES | 3 +++ acconfig.h | 5 ++++- configure.in | 10 +++++++++- lib/dns/sec/dst/dst_api.c | 8 ++++++-- 4 files changed, 22 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index a673cc8983..8ae5143140 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +1642. [port] Support OpenSSL implementations which don't have + DSA support. [RT #11360] + 1641. [bug] Update the check-names description in ARM. [RT #11389] 1640. [bug] win32: isc_socket_cancel(ISC_SOCKCANCEL_ACCEPT) was diff --git a/acconfig.h b/acconfig.h index 70fc191a32..c44755fd40 100644 --- a/acconfig.h +++ b/acconfig.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: acconfig.h,v 1.44 2004/03/05 04:56:57 marka Exp $ */ +/* $Id: acconfig.h,v 1.45 2004/05/21 08:09:27 marka Exp $ */ /*** *** This file is not to be included by any public header files, because @@ -136,3 +136,6 @@ int sigwait(const unsigned int *set, int *sig); /* Define if you are running under Compaq TruCluster.. */ #undef HAVE_TRUCLUSTER + +/* Define if OpenSSL includes DSA support */ +#undef HAVE_OPENSSL_DSA diff --git a/configure.in b/configure.in index 17ea5538d2..dc5cc413b2 100644 --- a/configure.in +++ b/configure.in @@ -18,7 +18,7 @@ AC_DIVERT_PUSH(1)dnl esyscmd([sed "s/^/# /" COPYRIGHT])dnl AC_DIVERT_POP()dnl -AC_REVISION($Revision: 1.356 $) +AC_REVISION($Revision: 1.357 $) AC_INIT(lib/dns/name.c) AC_PREREQ(2.13) @@ -467,6 +467,14 @@ int main() { [AC_MSG_RESULT(not compatible) AC_MSG_ERROR(you need OpenSSL 0.9.6e/0.9.7-beta2 (or newer): CERT CA-2002-23)], [AC_MSG_RESULT(assuming target platform has compatible version)])) + AC_MSG_CHECKING(for OpenSSL DSA support) + if test -f $use_openssl/include/openssl/dsa.h + then + AC_DEFINE(HAVE_OPENSSL_DSA) + AC_MSG_RESULT(yes) + else + AC_MSG_RESULT(no) + fi CFLAGS="$saved_cflags" LIBS="$saved_libs" ;; diff --git a/lib/dns/sec/dst/dst_api.c b/lib/dns/sec/dst/dst_api.c index 4e44c96113..6008832368 100644 --- a/lib/dns/sec/dst/dst_api.c +++ b/lib/dns/sec/dst/dst_api.c @@ -18,7 +18,7 @@ /* * Principal Author: Brian Wellington - * $Id: dst_api.c,v 1.114 2004/03/18 02:58:05 marka Exp $ + * $Id: dst_api.c,v 1.115 2004/05/21 08:09:27 marka Exp $ */ #include @@ -145,9 +145,11 @@ dst_lib_init(isc_mem_t *mctx, isc_entropy_t *ectx, unsigned int eflags) { RETERR(dst__openssl_init()); RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSAMD5])); RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA1])); +#ifdef HAVE_OPENSSL_DSA RETERR(dst__openssldsa_init(&dst_t_func[DST_ALG_DSA])); - RETERR(dst__openssldh_init(&dst_t_func[DST_ALG_DH])); #endif + RETERR(dst__openssldh_init(&dst_t_func[DST_ALG_DH])); +#endif /* OPENSSL */ #ifdef GSSAPI RETERR(dst__gssapi_init(&dst_t_func[DST_ALG_GSSAPI])); #endif @@ -1136,10 +1138,12 @@ algorithm_status(unsigned int alg) { if (dst_algorithm_supported(alg)) return (ISC_R_SUCCESS); +#ifndef OPENSSL if (alg == DST_ALG_RSAMD5 || alg == DST_ALG_RSASHA1 || alg == DST_ALG_DSA || alg == DST_ALG_DH || alg == DST_ALG_HMACMD5) return (DST_R_NOCRYPTO); +#endif return (DST_R_UNSUPPORTEDALG); }