Add support to native PKCS11

Set of patches and changes, that fixes compilation of native PKCS11
support as subpackage. Moves definition of USE_PKCS11 from config.h to
Makefiles. Defaults to off and only PKCS11 subdirectories set it to
true.
This commit is contained in:
Petr Menšík 2020-04-27 21:59:25 +02:00
parent 3ef9cd3dce
commit afbbd0be52
4 changed files with 114 additions and 277 deletions

View File

@ -12,7 +12,7 @@ index 9ad7f62..094775a 100644
TARGETS =
diff --git a/bin/confgen/Makefile.in b/bin/confgen/Makefile.in
index 1e0fe0e..dc3a7f6 100644
index ef3e70c..1f5165a 100644
--- a/bin/confgen/Makefile.in
+++ b/bin/confgen/Makefile.in
@@ -22,7 +22,7 @@ VERSION=@BIND9_VERSION@
@ -23,62 +23,56 @@ index 1e0fe0e..dc3a7f6 100644
+CDEFINES =
CWARNINGS =
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
diff --git a/bin/dig/Makefile.in b/bin/dig/Makefile.in
index 2317ec0..0601939 100644
--- a/bin/dig/Makefile.in
+++ b/bin/dig/Makefile.in
@@ -21,7 +21,7 @@ CINCLUDES = -I${srcdir}/include ${DNS_INCLUDES} \
${BIND9_INCLUDES} ${ISC_INCLUDES} \
${IRS_INCLUDES} ${ISCCFG_INCLUDES} @LIBIDN2_CFLAGS@ @OPENSSL_INCLUDES@
-CDEFINES = -DVERSION=\"${VERSION}\" @USE_PKCS11@
+CDEFINES = -DVERSION=\"${VERSION}\"
CWARNINGS =
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
diff --git a/bin/dnssec-pkcs11/Makefile.in b/bin/dnssec-pkcs11/Makefile.in
index 1dad340..ffac64e 100644
index 7486bf0..7d791d1 100644
--- a/bin/dnssec-pkcs11/Makefile.in
+++ b/bin/dnssec-pkcs11/Makefile.in
@@ -15,16 +15,16 @@ VERSION=@BIND9_VERSION@
@@ -15,18 +15,18 @@ VERSION=@BIND9_VERSION@
@BIND9_MAKE_INCLUDES@
-CINCLUDES = ${DNS_INCLUDES} ${ISC_INCLUDES} @OPENSSL_INCLUDES@
+CINCLUDES = ${DNS_PKCS11_INCLUDES} ${ISC_INCLUDES} @OPENSSL_INCLUDES@
-CINCLUDES = ${DNS_INCLUDES} ${ISC_INCLUDES} ${ISCCFG_INCLUDES} \
+CINCLUDES = ${DNS_PKCS11_INCLUDES} ${ISC_INCLUDES} ${ISCCFG_INCLUDES} \
${OPENSSL_CFLAGS}
CDEFINES = -DVERSION=\"${VERSION}\" @USE_PKCS11@
-CDEFINES = -DVERSION=\"${VERSION}\" -DNAMED_CONFFILE=\"${sysconfdir}/named.conf\"
+CDEFINES = -DVERSION=\"${VERSION}\" -DNAMED_CONFFILE=\"${sysconfdir}/named.conf\" -DUSE_PKCS11=1
CWARNINGS =
-DNSLIBS = ../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
+DNSLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_PK11_LIBS@
ISCLIBS = ../../lib/isc/libisc.@A@ @OPENSSL_LIBS@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @OPENSSL_LIBS@
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
ISCLIBS = ../../lib/isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS} ${ZLIB_LIBS}
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS} ${ZLIB_LIBS}
-DNSDEPLIBS = ../../lib/dns/libdns.@A@
+DNSDEPLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@
ISCDEPLIBS = ../../lib/isc/libisc.@A@
ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@
DEPLIBS = ${DNSDEPLIBS} ${ISCDEPLIBS}
@@ -34,11 +34,11 @@ LIBS = ${DNSLIBS} ${ISCLIBS} @LIBS@
NOSYMLIBS = ${DNSLIBS} ${ISCNOSYMLIBS} @LIBS@
@@ -36,12 +36,15 @@ LIBS = ${DNSLIBS} ${ISCCFGLIBS} ${ISCLIBS} @LIBS@
NOSYMLIBS = ${DNSLIBS} ${ISCCFGLIBS} ${ISCNOSYMLIBS} @LIBS@
+# Add suffix to all targets
+EXEEXT = -pkcs11@EXEEXT@
+
# Alphabetically
-TARGETS = dnssec-cds@EXEEXT@ dnssec-dsfromkey@EXEEXT@ \
- dnssec-importkey@EXEEXT@ dnssec-keyfromlabel@EXEEXT@ \
- dnssec-keygen@EXEEXT@ dnssec-revoke@EXEEXT@ \
- dnssec-settime@EXEEXT@ dnssec-signzone@EXEEXT@ \
- dnssec-verify@EXEEXT@
+TARGETS = dnssec-cds-pkcs11@EXEEXT@ dnssec-dsfromkey-pkcs11@EXEEXT@ \
+ dnssec-importkey-pkcs11@EXEEXT@ dnssec-keyfromlabel-pkcs11@EXEEXT@ \
+ dnssec-keygen-pkcs11@EXEEXT@ dnssec-revoke-pkcs11@EXEEXT@ \
+ dnssec-settime-pkcs11@EXEEXT@ dnssec-signzone-pkcs11@EXEEXT@ \
+ dnssec-verify-pkcs11@EXEEXT@
+TARGETS = dnssec-cds${EXEEXT} dnssec-dsfromkey${EXEEXT} \
+ dnssec-importkey${EXEEXT} dnssec-keyfromlabel${EXEEXT} \
+ dnssec-keygen${EXEEXT} dnssec-revoke${EXEEXT} \
+ dnssec-settime${EXEEXT} dnssec-signzone${EXEEXT} \
+ dnssec-verify${EXEEXT}
OBJS = dnssectool.@O@
@@ -61,19 +61,19 @@ MANOBJS = ${MANPAGES} ${HTMLPAGES}
@@ -64,19 +67,19 @@ MANOBJS = ${MANPAGES} ${HTMLPAGES}
@BIND9_MAKE_RULES@
@ -102,7 +96,7 @@ index 1dad340..ffac64e 100644
export BASEOBJS="dnssec-keygen.@O@ ${OBJS}"; \
${FINALBUILDCMD}
@@ -81,7 +81,7 @@ dnssec-signzone.@O@: dnssec-signzone.c
@@ -84,7 +87,7 @@ dnssec-signzone.@O@: dnssec-signzone.c
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \
-c ${srcdir}/dnssec-signzone.c
@ -111,7 +105,7 @@ index 1dad340..ffac64e 100644
export BASEOBJS="dnssec-signzone.@O@ ${OBJS}"; \
${FINALBUILDCMD}
@@ -89,19 +89,19 @@ dnssec-verify.@O@: dnssec-verify.c
@@ -92,19 +95,19 @@ dnssec-verify.@O@: dnssec-verify.c
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \
-c ${srcdir}/dnssec-verify.c
@ -135,7 +129,7 @@ index 1dad340..ffac64e 100644
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
dnssec-importkey.@O@ ${OBJS} ${LIBS}
@@ -112,16 +112,14 @@ docclean manclean maintainer-clean::
@@ -115,16 +118,14 @@ docclean manclean maintainer-clean::
installdirs:
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
@ -153,33 +147,36 @@ index 1dad340..ffac64e 100644
for t in ${TARGETS}; do ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/$$t || exit 1; done
clean distclean::
diff --git a/bin/dnssec/Makefile.in b/bin/dnssec/Makefile.in
index 1dad340..321058b 100644
--- a/bin/dnssec/Makefile.in
+++ b/bin/dnssec/Makefile.in
@@ -17,7 +17,7 @@ VERSION=@BIND9_VERSION@
CINCLUDES = ${DNS_INCLUDES} ${ISC_INCLUDES} @OPENSSL_INCLUDES@
-CDEFINES = -DVERSION=\"${VERSION}\" @USE_PKCS11@
+CDEFINES = -DVERSION=\"${VERSION}\"
CWARNINGS =
DNSLIBS = ../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
diff --git a/bin/named-pkcs11/Makefile.in b/bin/named-pkcs11/Makefile.in
index e5b0d4b..b739869 100644
index cb187e5..1bcb249 100644
--- a/bin/named-pkcs11/Makefile.in
+++ b/bin/named-pkcs11/Makefile.in
@@ -43,7 +43,7 @@ DLZDRIVER_INCLUDES = @DLZ_DRIVER_INCLUDES@
DLZDRIVER_LIBS = @DLZ_DRIVER_LIBS@
@@ -37,13 +37,14 @@ DBDRIVER_LIBS =
DLZ_DRIVER_DIR = ${top_srcdir}/contrib/dlz/drivers
-DLZDRIVER_OBJS = @DLZ_DRIVER_OBJS@
-DLZDRIVER_SRCS = @DLZ_DRIVER_SRCS@
-DLZDRIVER_INCLUDES = @DLZ_DRIVER_INCLUDES@
-DLZDRIVER_LIBS = @DLZ_DRIVER_LIBS@
+# Skip building on PKCS11 variant
+DLZDRIVER_OBJS =
+DLZDRIVER_SRCS =
+DLZDRIVER_INCLUDES =
+DLZDRIVER_LIBS =
CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \
- ${NS_INCLUDES} ${DNS_INCLUDES} \
+ ${NS_PKCS11_INCLUDES} ${DNS_PKCS11_INCLUDES} \
${BIND9_INCLUDES} ${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} \
${ISC_INCLUDES} ${DLZDRIVER_INCLUDES} \
${DBDRIVER_INCLUDES} ${MAXMINDDB_CFLAGS} \
@@ -53,37 +53,37 @@ CDEFINES = @CONTRIB_DLZ@ @USE_PKCS11@
${DBDRIVER_INCLUDES} \
@@ -53,24 +54,24 @@ CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \
${MAXMINDDB_CFLAGS} \
${ZLIB_CFLAGS}
-CDEFINES = @CONTRIB_DLZ@
+CDEFINES =
CWARNINGS =
@ -187,8 +184,8 @@ index e5b0d4b..b739869 100644
+DNSLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_PK11_LIBS@
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
ISCCCLIBS = ../../lib/isccc/libisccc.@A@
ISCLIBS = ../../lib/isc/libisc.@A@ @OPENSSL_LIBS@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @OPENSSL_LIBS@
ISCLIBS = ../../lib/isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS} ${ZLIB_LIBS}
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS} ${ZLIB_LIBS}
BIND9LIBS = ../../lib/bind9/libbind9.@A@
-NSLIBS = ../../lib/ns/libns.@A@
+NSLIBS = ../../lib/ns-pkcs11/libns-pkcs11.@A@
@ -204,47 +201,16 @@ index e5b0d4b..b739869 100644
DEPLIBS = ${NSDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \
${ISCCFGDEPLIBS} ${ISCCCDEPLIBS} ${ISCDEPLIBS}
LIBS = ${NSLIBS} ${DNSLIBS} ${BIND9LIBS} \
${ISCCFGLIBS} ${ISCCCLIBS} ${ISCLIBS} \
- ${DLZDRIVER_LIBS} ${DBDRIVER_LIBS} @LIBCAP_LIBS@ \
+ @LIBCAP_LIBS@ \
@LIBS@
NOSYMLIBS = ${NSLIBS} ${DNSLIBS} ${BIND9LIBS} \
${ISCCFGLIBS} ${ISCCCLIBS} ${ISCNOSYMLIBS} \
- ${DLZDRIVER_LIBS} ${DBDRIVER_LIBS} @LIBCAP_LIBS@ \
+ @LIBCAP_LIBS@ \
@LIBS@
@@ -87,7 +88,7 @@ NOSYMLIBS = ${NSLIBS} ${DNSLIBS} ${BIND9LIBS} \
SUBDIRS = unix
-TARGETS = named@EXEEXT@ feature-test@EXEEXT@
+TARGETS = named-pkcs11@EXEEXT@ feature-test-pkcs11@EXEEXT@
GEOIPLINKOBJS = geoip.@O@
GEOIP2LINKOBJS = geoip.@O@
@@ -93,8 +93,7 @@ OBJS = builtin.@O@ config.@O@ control.@O@ \
@GEOIPLINKOBJS@ @GEOIP2LINKOBJS@ \
log.@O@ logconf.@O@ main.@O@ \
server.@O@ statschannel.@O@ \
- tkeyconf.@O@ tsigconf.@O@ zoneconf.@O@ \
- ${DLZDRIVER_OBJS} ${DBDRIVER_OBJS}
+ tkeyconf.@O@ tsigconf.@O@ zoneconf.@O@
UOBJS = unix/os.@O@ unix/dlz_dlopen_driver.@O@
@@ -108,8 +107,7 @@ SRCS = builtin.c config.c control.c \
@GEOIPLINKSRCS@ @GEOIP2LINKSRCS@ \
log.c logconf.c main.c \
server.c statschannel.c \
- tkeyconf.c tsigconf.c zoneconf.c \
- ${DLZDRIVER_SRCS} ${DBDRIVER_SRCS}
+ tkeyconf.c tsigconf.c zoneconf.c
MANPAGES = named.8 named.conf.5
@@ -149,7 +147,7 @@ server.@O@: server.c
@@ -151,7 +152,7 @@ server.@O@: server.c
-DPRODUCT=\"${PRODUCT}\" \
-DVERSION=\"${VERSION}\" -c ${srcdir}/server.c
@ -253,7 +219,7 @@ index e5b0d4b..b739869 100644
export MAKE_SYMTABLE="yes"; \
export BASEOBJS="${OBJS} ${UOBJS}"; \
${FINALBUILDCMD}
@@ -159,7 +157,7 @@ feature-test.@O@: ${top_srcdir}/bin/tests/system/feature-test.c
@@ -161,7 +162,7 @@ feature-test.@O@: ${top_srcdir}/bin/tests/system/feature-test.c
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
-c ${top_srcdir}/bin/tests/system/feature-test.c
@ -262,7 +228,7 @@ index e5b0d4b..b739869 100644
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} \
-o $@ feature-test.@O@ ${ISCLIBS} ${LIBS}
@@ -192,13 +190,13 @@ install-man8: named.8
@@ -194,13 +195,13 @@ install-man8: named.8
install-man: install-man5 install-man8
@ -279,24 +245,11 @@ index e5b0d4b..b739869 100644
@DLZ_DRIVER_RULES@
diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in
index e5b0d4b..eecfa76 100644
--- a/bin/named/Makefile.in
+++ b/bin/named/Makefile.in
@@ -49,7 +49,7 @@ CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \
${DBDRIVER_INCLUDES} ${MAXMINDDB_CFLAGS} \
@OPENSSL_INCLUDES@
-CDEFINES = @CONTRIB_DLZ@ @USE_PKCS11@
+CDEFINES = @CONTRIB_DLZ@
CWARNINGS =
diff --git a/configure.ac b/configure.ac
index 6cce3bb..d80ae31 100644
index de6a248..e95ef36 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1276,12 +1276,14 @@ AC_SUBST(USE_GSSAPI)
@@ -1196,12 +1196,14 @@ AC_SUBST(USE_GSSAPI)
AC_SUBST(DST_GSSAPI_INC)
AC_SUBST(DNS_GSSAPI_LIBS)
DNS_CRYPTO_LIBS="$DNS_GSSAPI_LIBS"
@ -311,7 +264,7 @@ index 6cce3bb..d80ae31 100644
#
# was --with-lmdb specified?
@@ -2522,6 +2524,8 @@ AC_SUBST(BIND9_DNS_BUILDINCLUDE)
@@ -2296,6 +2298,8 @@ AC_SUBST(BIND9_DNS_BUILDINCLUDE)
AC_SUBST(BIND9_NS_BUILDINCLUDE)
AC_SUBST(BIND9_BIND9_BUILDINCLUDE)
AC_SUBST(BIND9_IRS_BUILDINCLUDE)
@ -320,7 +273,7 @@ index 6cce3bb..d80ae31 100644
if test "X$srcdir" != "X"; then
BIND9_ISC_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/isc/include"
BIND9_ISCCC_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/isccc/include"
@@ -2530,6 +2534,8 @@ if test "X$srcdir" != "X"; then
@@ -2304,6 +2308,8 @@ if test "X$srcdir" != "X"; then
BIND9_NS_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/ns/include"
BIND9_BIND9_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/bind9/include"
BIND9_IRS_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/irs/include"
@ -329,7 +282,7 @@ index 6cce3bb..d80ae31 100644
else
BIND9_ISC_BUILDINCLUDE=""
BIND9_ISCCC_BUILDINCLUDE=""
@@ -2538,6 +2544,8 @@ else
@@ -2312,6 +2318,8 @@ else
BIND9_NS_BUILDINCLUDE=""
BIND9_BIND9_BUILDINCLUDE=""
BIND9_IRS_BUILDINCLUDE=""
@ -338,7 +291,7 @@ index 6cce3bb..d80ae31 100644
fi
AC_SUBST_FILE(BIND9_MAKE_INCLUDES)
@@ -3001,8 +3009,11 @@ AC_CONFIG_FILES([
@@ -2771,8 +2779,11 @@ AC_CONFIG_FILES([
bin/delv/Makefile
bin/dig/Makefile
bin/dnssec/Makefile
@ -350,7 +303,7 @@ index 6cce3bb..d80ae31 100644
bin/nsupdate/Makefile
bin/pkcs11/Makefile
bin/plugins/Makefile
@@ -3075,6 +3086,10 @@ AC_CONFIG_FILES([
@@ -2843,6 +2854,10 @@ AC_CONFIG_FILES([
lib/dns/include/dns/Makefile
lib/dns/include/dst/Makefile
lib/dns/tests/Makefile
@ -361,7 +314,7 @@ index 6cce3bb..d80ae31 100644
lib/irs/Makefile
lib/irs/include/Makefile
lib/irs/include/irs/Makefile
@@ -3107,6 +3122,10 @@ AC_CONFIG_FILES([
@@ -2875,6 +2890,10 @@ AC_CONFIG_FILES([
lib/ns/include/Makefile
lib/ns/include/ns/Makefile
lib/ns/tests/Makefile
@ -371,7 +324,7 @@ index 6cce3bb..d80ae31 100644
+ lib/ns-pkcs11/tests/Makefile
lib/samples/Makefile
lib/samples/Makefile-postinstall
unit/unittest.sh
make/Makefile
diff --git a/lib/Makefile.in b/lib/Makefile.in
index ffa2d5a..6fbc192 100644
--- a/lib/Makefile.in
@ -386,24 +339,27 @@ index ffa2d5a..6fbc192 100644
@BIND9_MAKE_RULES@
diff --git a/lib/dns-pkcs11/Makefile.in b/lib/dns-pkcs11/Makefile.in
index 9125b10..593270d 100644
index 0ef3b5f..80683c2 100644
--- a/lib/dns-pkcs11/Makefile.in
+++ b/lib/dns-pkcs11/Makefile.in
@@ -26,11 +26,11 @@ VERSION=@BIND9_VERSION@
@@ -26,14 +26,14 @@ VERSION=@BIND9_VERSION@
USE_ISC_SPNEGO = @USE_ISC_SPNEGO@
-CINCLUDES = -I. -I${top_srcdir}/lib/dns -Iinclude ${DNS_INCLUDES} \
+CINCLUDES = -I. -I${top_srcdir}/lib/dns-pkcs11 -Iinclude ${DNS_PKCS11_INCLUDES} \
${ISC_INCLUDES} ${MAXMINDDB_CFLAGS} \
@OPENSSL_INCLUDES@ @DST_GSSAPI_INC@
${ISC_INCLUDES} \
${OPENSSL_CFLAGS} @DST_GSSAPI_INC@ \
${JSON_C_CFLAGS} \
${LIBXML2_CFLAGS} \
${MAXMINDDB_CFLAGS}
-CDEFINES = @USE_GSSAPI@ ${USE_ISC_SPNEGO} @USE_OPENSSL@ @USE_PKCS11@
+CDEFINES = @USE_GSSAPI@ ${USE_ISC_SPNEGO} @USE_PKCS11@ -DUSE_OPENSSL=0
-CDEFINES = @USE_GSSAPI@ ${USE_ISC_SPNEGO}
+CDEFINES = @USE_GSSAPI@ ${USE_ISC_SPNEGO} @USE_PKCS11@
CWARNINGS =
@@ -138,15 +138,15 @@ version.@O@: version.c
@@ -139,15 +139,15 @@ version.@O@: version.c
-DLIBAGE=${LIBAGE} \
-c ${srcdir}/version.c
@ -423,7 +379,7 @@ index 9125b10..593270d 100644
include: gen
${MAKE} include/dns/enumtype.h
@@ -177,22 +177,22 @@ gen: gen.c
@@ -178,22 +178,22 @@ gen: gen.c
${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} -o $@ ${srcdir}/gen.c \
${BUILD_LIBS} ${LFS_LIBS}
@ -452,7 +408,7 @@ index 9125b10..593270d 100644
rm -f include/dns/rdatastruct.h
rm -f dnstap.pb-c.c dnstap.pb-c.h
diff --git a/lib/dns-pkcs11/tests/Makefile.in b/lib/dns-pkcs11/tests/Makefile.in
index 0e91523..9351c3f 100644
index fd8ebb9..9384a4f 100644
--- a/lib/dns-pkcs11/tests/Makefile.in
+++ b/lib/dns-pkcs11/tests/Makefile.in
@@ -15,14 +15,14 @@ VERSION=@BIND9_VERSION@
@ -461,11 +417,11 @@ index 0e91523..9351c3f 100644
-CINCLUDES = -I. -Iinclude ${DNS_INCLUDES} ${ISC_INCLUDES} \
+CINCLUDES = -I. -Iinclude ${DNS_PKCS11_INCLUDES} ${ISC_INCLUDES} \
@OPENSSL_INCLUDES@ @CMOCKA_CFLAGS@
${OPENSSL_CFLAGS} ${MAXMINDDB_CFLAGS} @CMOCKA_CFLAGS@
-CDEFINES = -DTESTS="\"${top_builddir}/lib/dns/tests/\""
+CDEFINES = @USE_PKCS11@ -DTESTS="\"${top_builddir}/lib/dns-pkcs11/tests/\""
ISCLIBS = ../../isc/libisc.@A@ @OPENSSL_LIBS@
ISCLIBS = ../../isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS} ${ZLIB_LIBS}
ISCDEPLIBS = ../../isc/libisc.@A@
-DNSLIBS = ../libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
-DNSDEPLIBS = ../libdns.@A@
@ -474,24 +430,11 @@ index 0e91523..9351c3f 100644
LIBS = @LIBS@ @CMOCKA_LIBS@
diff --git a/lib/dns/Makefile.in b/lib/dns/Makefile.in
index 9125b10..70644d8 100644
--- a/lib/dns/Makefile.in
+++ b/lib/dns/Makefile.in
@@ -30,7 +30,7 @@ CINCLUDES = -I. -I${top_srcdir}/lib/dns -Iinclude ${DNS_INCLUDES} \
${ISC_INCLUDES} ${MAXMINDDB_CFLAGS} \
@OPENSSL_INCLUDES@ @DST_GSSAPI_INC@
-CDEFINES = @USE_GSSAPI@ ${USE_ISC_SPNEGO} @USE_OPENSSL@ @USE_PKCS11@
+CDEFINES = @USE_GSSAPI@ ${USE_ISC_SPNEGO} @USE_OPENSSL@
CWARNINGS =
diff --git a/lib/ns-pkcs11/Makefile.in b/lib/ns-pkcs11/Makefile.in
index 58d731a..47b4b98 100644
index 97aaaf6..c7ffc7b 100644
--- a/lib/ns-pkcs11/Makefile.in
+++ b/lib/ns-pkcs11/Makefile.in
@@ -20,8 +20,8 @@ VERSION=@BIND9_VERSION@
@@ -20,11 +20,11 @@ VERSION=@BIND9_VERSION@
USE_ISC_SPNEGO = @USE_ISC_SPNEGO@
@ -499,10 +442,14 @@ index 58d731a..47b4b98 100644
- ${NS_INCLUDES} ${DNS_INCLUDES} ${ISC_INCLUDES} \
+CINCLUDES = -I. -I${top_srcdir}/lib/ns-pkcs11 -Iinclude \
+ ${NS_PKCS11_INCLUDES} ${DNS_PKCS11_INCLUDES} ${ISC_INCLUDES} \
@OPENSSL_INCLUDES@ @DST_GSSAPI_INC@
${OPENSSL_CFLAGS} @DST_GSSAPI_INC@
CDEFINES = @USE_PKCS11@ -DNAMED_PLUGINDIR=\"${plugindir}\"
@@ -32,9 +32,9 @@ ISCLIBS = ../../lib/isc/libisc.@A@ @OPENSSL_LIBS@
-CDEFINES = -DNAMED_PLUGINDIR=\"${plugindir}\"
+CDEFINES = @USE_PKCS11@ -DNAMED_PLUGINDIR=\"${plugindir}\"
CWARNINGS =
@@ -32,9 +32,9 @@ ISCLIBS = ../../lib/isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS
ISCDEPLIBS = ../../lib/isc/libisc.@A@
@ -552,20 +499,21 @@ index 58d731a..47b4b98 100644
- rm -f libns.@A@ timestamp
+ rm -f libns-pkcs11.@A@ timestamp
diff --git a/lib/ns-pkcs11/tests/Makefile.in b/lib/ns-pkcs11/tests/Makefile.in
index ffd8f41..4a6cb1b 100644
index 70c77a4..87955a7 100644
--- a/lib/ns-pkcs11/tests/Makefile.in
+++ b/lib/ns-pkcs11/tests/Makefile.in
@@ -15,16 +15,16 @@ VERSION=@BIND9_VERSION@
@BIND9_MAKE_INCLUDES@
@@ -21,17 +21,17 @@ WRAP_NAME = -Wl,-install_name,${top_builddir}/lib/ns/tests/$@
WRAP_RPATH = -Wl,-rpath,${top_builddir}/lib/ns/tests
WRAP_LIB = -L${top_builddir}/lib/ns/tests -lwrap
-CINCLUDES = -I. -Iinclude ${NS_INCLUDES} ${DNS_INCLUDES} ${ISC_INCLUDES} \
+CINCLUDES = -I. -Iinclude ${NS_PKCS11_INCLUDES} ${DNS_PKCS11_INCLUDES} ${ISC_INCLUDES} \
@OPENSSL_INCLUDES@ @CMOCKA_CFLAGS@
${OPENSSL_CFLAGS} \
@CMOCKA_CFLAGS@
-CDEFINES = -DTESTS="\"${top_builddir}/lib/ns/tests/\"" -DNAMED_PLUGINDIR=\"${plugindir}\"
+CDEFINES = @USE_PKCS11@ -DTESTS="\"${top_builddir}/lib/ns/tests/\"" -DNAMED_PLUGINDIR=\"${plugindir}\"
+CDEFINES = -DTESTS="\"${top_builddir}/lib/ns/tests/\"" -DNAMED_PLUGINDIR=\"${plugindir}\" @USE_PKCS11@
ISCLIBS = ../../isc/libisc.@A@ @OPENSSL_LIBS@
ISCLIBS = ../../isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS} ${ZLIB_LIBS}
ISCDEPLIBS = ../../isc/libisc.@A@
-DNSLIBS = ../../dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
-DNSDEPLIBS = ../../dns/libdns.@A@
@ -578,19 +526,6 @@ index ffd8f41..4a6cb1b 100644
LIBS = @LIBS@ @CMOCKA_LIBS@
diff --git a/lib/ns/Makefile.in b/lib/ns/Makefile.in
index 58d731a..a14728d 100644
--- a/lib/ns/Makefile.in
+++ b/lib/ns/Makefile.in
@@ -24,7 +24,7 @@ CINCLUDES = -I. -I${top_srcdir}/lib/ns -Iinclude \
${NS_INCLUDES} ${DNS_INCLUDES} ${ISC_INCLUDES} \
@OPENSSL_INCLUDES@ @DST_GSSAPI_INC@
-CDEFINES = @USE_PKCS11@ -DNAMED_PLUGINDIR=\"${plugindir}\"
+CDEFINES = -DNAMED_PLUGINDIR=\"${plugindir}\"
CWARNINGS =
diff --git a/make/includes.in b/make/includes.in
index 48cdaf7..7b17738 100644
--- a/make/includes.in

View File

@ -1,27 +0,0 @@
From 37f89ccfc439f8d86c401d9ae10e94e53b924961 Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Tue, 27 Aug 2019 20:39:59 +0200
Subject: [PATCH] Do not set engine for native PKCS11
It resets already set lib_path to pkcs11, which is invalid in native
pkcs11 crypto. Engine has to be path to PKCS#11 module.
---
bin/named/include/named/globals.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bin/named/include/named/globals.h b/bin/named/include/named/globals.h
index eda2214..2a611d5 100644
--- a/bin/named/include/named/globals.h
+++ b/bin/named/include/named/globals.h
@@ -160,7 +160,7 @@ EXTERN const char * ns_g_defaultdnstap INIT(NULL);
EXTERN const char * ns_g_username INIT(NULL);
-#if defined(USE_PKCS11)
+#if defined(USE_PKCS11) && !defined(PKCS11CRYPTO)
EXTERN const char * ns_g_engine INIT(PKCS11_ENGINE);
#else
EXTERN const char * ns_g_engine INIT(NULL);
--
2.20.1

View File

@ -1,4 +1,4 @@
From 233d3784d04bee37b772f391da8726f0cd7b223e Mon Sep 17 00:00:00 2001
From 2d8abd838870b58629ce55df411b6ba1b2c7288f Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Fri, 18 Oct 2019 21:30:52 +0200
Subject: [PATCH] Move USE_PKCS11 and USE_OPENSSL out of config.h
@ -8,17 +8,12 @@ USE_PKCS11 on part of build. That is not possible with config.h value.
Move it as normal define to CDEFINES.
---
bin/confgen/Makefile.in | 2 +-
bin/dig/Makefile.in | 2 +-
bin/dnssec/Makefile.in | 2 +-
bin/named/Makefile.in | 2 +-
configure.ac | 8 ++++++--
lib/dns/Makefile.in | 2 +-
lib/dns/dst_internal.h | 12 +++++++++---
lib/ns/Makefile.in | 2 +-
8 files changed, 21 insertions(+), 11 deletions(-)
3 files changed, 16 insertions(+), 6 deletions(-)
diff --git a/bin/confgen/Makefile.in b/bin/confgen/Makefile.in
index dc3a7f6..1e0fe0e 100644
index 1f5165a..ef3e70c 100644
--- a/bin/confgen/Makefile.in
+++ b/bin/confgen/Makefile.in
@@ -22,7 +22,7 @@ VERSION=@BIND9_VERSION@
@ -30,50 +25,11 @@ index dc3a7f6..1e0fe0e 100644
CWARNINGS =
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
diff --git a/bin/dig/Makefile.in b/bin/dig/Makefile.in
index 0601939..2317ec0 100644
--- a/bin/dig/Makefile.in
+++ b/bin/dig/Makefile.in
@@ -21,7 +21,7 @@ CINCLUDES = -I${srcdir}/include ${DNS_INCLUDES} \
${BIND9_INCLUDES} ${ISC_INCLUDES} \
${IRS_INCLUDES} ${ISCCFG_INCLUDES} @LIBIDN2_CFLAGS@ @OPENSSL_INCLUDES@
-CDEFINES = -DVERSION=\"${VERSION}\"
+CDEFINES = -DVERSION=\"${VERSION}\" @USE_PKCS11@
CWARNINGS =
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
diff --git a/bin/dnssec/Makefile.in b/bin/dnssec/Makefile.in
index 321058b..1dad340 100644
--- a/bin/dnssec/Makefile.in
+++ b/bin/dnssec/Makefile.in
@@ -17,7 +17,7 @@ VERSION=@BIND9_VERSION@
CINCLUDES = ${DNS_INCLUDES} ${ISC_INCLUDES} @OPENSSL_INCLUDES@
-CDEFINES = -DVERSION=\"${VERSION}\"
+CDEFINES = -DVERSION=\"${VERSION}\" @USE_PKCS11@
CWARNINGS =
DNSLIBS = ../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in
index eecfa76..e5b0d4b 100644
--- a/bin/named/Makefile.in
+++ b/bin/named/Makefile.in
@@ -49,7 +49,7 @@ CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \
${DBDRIVER_INCLUDES} ${MAXMINDDB_CFLAGS} \
@OPENSSL_INCLUDES@
-CDEFINES = @CONTRIB_DLZ@
+CDEFINES = @CONTRIB_DLZ@ @USE_PKCS11@
CWARNINGS =
diff --git a/configure.ac b/configure.ac
index 80039b7..6cce3bb 100644
index c69bc37..de6a248 100644
--- a/configure.ac
+++ b/configure.ac
@@ -963,9 +963,13 @@ AS_CASE([$enable_native_pkcs11],
@@ -883,9 +883,13 @@ AS_CASE([$enable_native_pkcs11],
AC_SUBST([PKCS11_TEST])
AC_SUBST([PKCS11_TOOLS])
@ -89,64 +45,38 @@ index 80039b7..6cce3bb 100644
# preparation for automake
# AM_CONDITIONAL([PKCS11_TOOLS], [test "$with_native_pkcs11" = "yes"])
diff --git a/lib/dns/Makefile.in b/lib/dns/Makefile.in
index 60c87a8..9125b10 100644
--- a/lib/dns/Makefile.in
+++ b/lib/dns/Makefile.in
@@ -30,7 +30,7 @@ CINCLUDES = -I. -I${top_srcdir}/lib/dns -Iinclude ${DNS_INCLUDES} \
${ISC_INCLUDES} ${MAXMINDDB_CFLAGS} \
@OPENSSL_INCLUDES@ @DST_GSSAPI_INC@
-CDEFINES = @USE_GSSAPI@ ${USE_ISC_SPNEGO}
+CDEFINES = @USE_GSSAPI@ ${USE_ISC_SPNEGO} @USE_OPENSSL@ @USE_PKCS11@
CWARNINGS =
diff --git a/lib/dns/dst_internal.h b/lib/dns/dst_internal.h
index bfa28f0..d3ff613 100644
index bce2a9f..ef9d045 100644
--- a/lib/dns/dst_internal.h
+++ b/lib/dns/dst_internal.h
@@ -40,6 +40,13 @@
@@ -38,6 +38,13 @@
#include <isc/stdtime.h>
#include <isc/hmac.h>
#include <isc/types.h>
+#ifndef USE_OPENSSL
+#define USE_OPENSSL 1
+#endif
+#ifndef USE_PKCS11
+#define USE_PKCS11 0
+#endif
+#ifndef USE_OPENSSL
+#define USE_OPENSSL (! USE_PKCS11)
+#endif
+
#if USE_PKCS11
#include <pk11/pk11.h>
#include <pk11/site.h>
@@ -99,11 +106,10 @@ struct dst_key {
@@ -98,11 +105,10 @@ struct dst_key {
void *generic;
gss_ctx_id_t gssctx;
DH *dh;
-#if USE_OPENSSL
- EVP_PKEY *pkey;
-#endif
-#endif /* if USE_OPENSSL */
#if USE_PKCS11
pk11_object_t *pkey;
+#else
+ EVP_PKEY *pkey;
#endif
#endif /* if USE_PKCS11 */
dst_hmac_key_t *hmac_key;
} keydata; /*%< pointer to key in crypto pkg fmt */
diff --git a/lib/ns/Makefile.in b/lib/ns/Makefile.in
index a14728d..58d731a 100644
--- a/lib/ns/Makefile.in
+++ b/lib/ns/Makefile.in
@@ -24,7 +24,7 @@ CINCLUDES = -I. -I${top_srcdir}/lib/ns -Iinclude \
${NS_INCLUDES} ${DNS_INCLUDES} ${ISC_INCLUDES} \
@OPENSSL_INCLUDES@ @DST_GSSAPI_INC@
-CDEFINES = -DNAMED_PLUGINDIR=\"${plugindir}\"
+CDEFINES = @USE_PKCS11@ -DNAMED_PLUGINDIR=\"${plugindir}\"
CWARNINGS =
--
2.20.1
2.21.1

View File

@ -57,6 +57,7 @@
%global sover_isc 1602
%global sover_irs 1600
%global sover_isccfg 1600
%global sover_ns 1602
Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
@ -115,7 +116,6 @@ Patch149:bind-9.11-kyua-pkcs11.patch
Patch137:bind-9.10-use-of-strlcat.patch
Patch140:bind-9.11-rh1410433.patch
# Avoid conflicts with OpenSSL PKCS11 engine
Patch150:bind-9.11-engine-pkcs11.patch
Patch154:bind-9.11-oot-manual.patch
Patch157:bind-9.11-fips-tests.patch
Patch164:bind-9.11-rh1666814.patch
@ -445,7 +445,6 @@ cp -r lib/dns{,-pkcs11}
cp -r lib/ns{,-pkcs11}
%patch136 -p1 -b .dist_pkcs11
%patch149 -p1 -b .kyua-pkcs11
%patch150 -p1 -b .engine-pkcs11
%endif
%patch133 -p1 -b .rh640538
@ -978,7 +977,7 @@ fi;
%files libs
%{_libdir}/libbind9.so.1600*
%{_libdir}/libisccc.so.1600*
%{_libdir}/libns.so.1602*
%{_libdir}/libns.so.%{sover_ns}*
%files libs-lite
%{_libdir}/libdns.so.%{sover_dns}*
@ -1113,14 +1112,14 @@ fi;
%files pkcs11-libs
%{_libdir}/libdns-pkcs11.so.%{sover_dns}*
%{_libdir}/libisc-pkcs11.so.%{sover_isc}*
%{_libdir}/libns-pkcs11.so.%{sover_ns}*
%files pkcs11-devel
%{_includedir}/bind9/pk11/*.h
%exclude %{_includedir}/bind9/pk11/site.h
%{_includedir}/bind9/pkcs11
%{_libdir}/libdns-pkcs11.so
%{_libdir}/libisc-pkcs11.so
%{_libdir}/libns-pkcs11.so
%endif
%if %{with DLZ} && %{with BDB}