bind/bind-9.14-config-pkcs11.patch
Petr Menšík 05dbc88928 Iterative update, not working properly
Fixed PKCS#11 used everywhere. Just custom system to use PKCS11 on part
of built tools.

FIXME: unit tests not passing, something broken inside.
2020-03-27 11:26:09 +01:00

153 lines
4.6 KiB
Diff

From 233d3784d04bee37b772f391da8726f0cd7b223e Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Fri, 18 Oct 2019 21:30:52 +0200
Subject: [PATCH] Move USE_PKCS11 and USE_OPENSSL out of config.h
Building two variants with the same common code requires to unset
USE_PKCS11 on part of build. That is not possible with config.h value.
Move it as normal define to CDEFINES.
---
bin/confgen/Makefile.in | 2 +-
bin/dig/Makefile.in | 2 +-
bin/dnssec/Makefile.in | 2 +-
bin/named/Makefile.in | 2 +-
configure.ac | 8 ++++++--
lib/dns/Makefile.in | 2 +-
lib/dns/dst_internal.h | 12 +++++++++---
lib/ns/Makefile.in | 2 +-
8 files changed, 21 insertions(+), 11 deletions(-)
diff --git a/bin/confgen/Makefile.in b/bin/confgen/Makefile.in
index dc3a7f6..1e0fe0e 100644
--- a/bin/confgen/Makefile.in
+++ b/bin/confgen/Makefile.in
@@ -22,7 +22,7 @@ VERSION=@BIND9_VERSION@
CINCLUDES = -I${srcdir}/include ${ISC_INCLUDES} ${ISCCC_INCLUDES} \
${ISCCFG_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES}
-CDEFINES =
+CDEFINES = @USE_PKCS11@
CWARNINGS =
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
diff --git a/bin/dig/Makefile.in b/bin/dig/Makefile.in
index 0601939..2317ec0 100644
--- a/bin/dig/Makefile.in
+++ b/bin/dig/Makefile.in
@@ -21,7 +21,7 @@ CINCLUDES = -I${srcdir}/include ${DNS_INCLUDES} \
${BIND9_INCLUDES} ${ISC_INCLUDES} \
${IRS_INCLUDES} ${ISCCFG_INCLUDES} @LIBIDN2_CFLAGS@ @OPENSSL_INCLUDES@
-CDEFINES = -DVERSION=\"${VERSION}\"
+CDEFINES = -DVERSION=\"${VERSION}\" @USE_PKCS11@
CWARNINGS =
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
diff --git a/bin/dnssec/Makefile.in b/bin/dnssec/Makefile.in
index 321058b..1dad340 100644
--- a/bin/dnssec/Makefile.in
+++ b/bin/dnssec/Makefile.in
@@ -17,7 +17,7 @@ VERSION=@BIND9_VERSION@
CINCLUDES = ${DNS_INCLUDES} ${ISC_INCLUDES} @OPENSSL_INCLUDES@
-CDEFINES = -DVERSION=\"${VERSION}\"
+CDEFINES = -DVERSION=\"${VERSION}\" @USE_PKCS11@
CWARNINGS =
DNSLIBS = ../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in
index eecfa76..e5b0d4b 100644
--- a/bin/named/Makefile.in
+++ b/bin/named/Makefile.in
@@ -49,7 +49,7 @@ CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \
${DBDRIVER_INCLUDES} ${MAXMINDDB_CFLAGS} \
@OPENSSL_INCLUDES@
-CDEFINES = @CONTRIB_DLZ@
+CDEFINES = @CONTRIB_DLZ@ @USE_PKCS11@
CWARNINGS =
diff --git a/configure.ac b/configure.ac
index 80039b7..6cce3bb 100644
--- a/configure.ac
+++ b/configure.ac
@@ -963,9 +963,13 @@ AS_CASE([$enable_native_pkcs11],
AC_SUBST([PKCS11_TEST])
AC_SUBST([PKCS11_TOOLS])
+USE_PKCS11='-DUSE_PKCS11=0'
+USE_OPENSSL='-DUSE_OPENSSL=0'
AS_CASE([$CRYPTO],
- [pkcs11],[AC_DEFINE([USE_PKCS11], [1], [define if PKCS11 is used for Public-Key Cryptography])],
- [AC_DEFINE([USE_OPENSSL], [1], [define if OpenSSL is used for Public-Key Cryptography])])
+ [pkcs11],[USE_PKCS11='-DUSE_PKCS11=1'],
+ [USE_OPENSSL='-DUSE_OPENSSL=1'])
+AC_SUBST(USE_PKCS11)
+AC_SUBST(USE_OPENSSL)
# preparation for automake
# AM_CONDITIONAL([PKCS11_TOOLS], [test "$with_native_pkcs11" = "yes"])
diff --git a/lib/dns/Makefile.in b/lib/dns/Makefile.in
index 60c87a8..9125b10 100644
--- a/lib/dns/Makefile.in
+++ b/lib/dns/Makefile.in
@@ -30,7 +30,7 @@ CINCLUDES = -I. -I${top_srcdir}/lib/dns -Iinclude ${DNS_INCLUDES} \
${ISC_INCLUDES} ${MAXMINDDB_CFLAGS} \
@OPENSSL_INCLUDES@ @DST_GSSAPI_INC@
-CDEFINES = @USE_GSSAPI@ ${USE_ISC_SPNEGO}
+CDEFINES = @USE_GSSAPI@ ${USE_ISC_SPNEGO} @USE_OPENSSL@ @USE_PKCS11@
CWARNINGS =
diff --git a/lib/dns/dst_internal.h b/lib/dns/dst_internal.h
index bfa28f0..d3ff613 100644
--- a/lib/dns/dst_internal.h
+++ b/lib/dns/dst_internal.h
@@ -40,6 +40,13 @@
#include <isc/stdtime.h>
#include <isc/hmac.h>
+#ifndef USE_OPENSSL
+#define USE_OPENSSL 1
+#endif
+#ifndef USE_PKCS11
+#define USE_PKCS11 0
+#endif
+
#if USE_PKCS11
#include <pk11/pk11.h>
#include <pk11/site.h>
@@ -99,11 +106,10 @@ struct dst_key {
void *generic;
gss_ctx_id_t gssctx;
DH *dh;
-#if USE_OPENSSL
- EVP_PKEY *pkey;
-#endif
#if USE_PKCS11
pk11_object_t *pkey;
+#else
+ EVP_PKEY *pkey;
#endif
dst_hmac_key_t *hmac_key;
} keydata; /*%< pointer to key in crypto pkg fmt */
diff --git a/lib/ns/Makefile.in b/lib/ns/Makefile.in
index a14728d..58d731a 100644
--- a/lib/ns/Makefile.in
+++ b/lib/ns/Makefile.in
@@ -24,7 +24,7 @@ CINCLUDES = -I. -I${top_srcdir}/lib/ns -Iinclude \
${NS_INCLUDES} ${DNS_INCLUDES} ${ISC_INCLUDES} \
@OPENSSL_INCLUDES@ @DST_GSSAPI_INC@
-CDEFINES = -DNAMED_PLUGINDIR=\"${plugindir}\"
+CDEFINES = @USE_PKCS11@ -DNAMED_PLUGINDIR=\"${plugindir}\"
CWARNINGS =
--
2.20.1