afbbd0be52
Set of patches and changes, that fixes compilation of native PKCS11 support as subpackage. Moves definition of USE_PKCS11 from config.h to Makefiles. Defaults to off and only PKCS11 subdirectories set it to true.
83 lines
2.4 KiB
Diff
83 lines
2.4 KiB
Diff
From 2d8abd838870b58629ce55df411b6ba1b2c7288f Mon Sep 17 00:00:00 2001
|
|
From: Petr Mensik <pemensik@redhat.com>
|
|
Date: Fri, 18 Oct 2019 21:30:52 +0200
|
|
Subject: [PATCH] Move USE_PKCS11 and USE_OPENSSL out of config.h
|
|
|
|
Building two variants with the same common code requires to unset
|
|
USE_PKCS11 on part of build. That is not possible with config.h value.
|
|
Move it as normal define to CDEFINES.
|
|
---
|
|
bin/confgen/Makefile.in | 2 +-
|
|
configure.ac | 8 ++++++--
|
|
lib/dns/dst_internal.h | 12 +++++++++---
|
|
3 files changed, 16 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/bin/confgen/Makefile.in b/bin/confgen/Makefile.in
|
|
index 1f5165a..ef3e70c 100644
|
|
--- a/bin/confgen/Makefile.in
|
|
+++ b/bin/confgen/Makefile.in
|
|
@@ -22,7 +22,7 @@ VERSION=@BIND9_VERSION@
|
|
CINCLUDES = -I${srcdir}/include ${ISC_INCLUDES} ${ISCCC_INCLUDES} \
|
|
${ISCCFG_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES}
|
|
|
|
-CDEFINES =
|
|
+CDEFINES = @USE_PKCS11@
|
|
CWARNINGS =
|
|
|
|
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
|
|
diff --git a/configure.ac b/configure.ac
|
|
index c69bc37..de6a248 100644
|
|
--- a/configure.ac
|
|
+++ b/configure.ac
|
|
@@ -883,9 +883,13 @@ AS_CASE([$enable_native_pkcs11],
|
|
AC_SUBST([PKCS11_TEST])
|
|
AC_SUBST([PKCS11_TOOLS])
|
|
|
|
+USE_PKCS11='-DUSE_PKCS11=0'
|
|
+USE_OPENSSL='-DUSE_OPENSSL=0'
|
|
AS_CASE([$CRYPTO],
|
|
- [pkcs11],[AC_DEFINE([USE_PKCS11], [1], [define if PKCS11 is used for Public-Key Cryptography])],
|
|
- [AC_DEFINE([USE_OPENSSL], [1], [define if OpenSSL is used for Public-Key Cryptography])])
|
|
+ [pkcs11],[USE_PKCS11='-DUSE_PKCS11=1'],
|
|
+ [USE_OPENSSL='-DUSE_OPENSSL=1'])
|
|
+AC_SUBST(USE_PKCS11)
|
|
+AC_SUBST(USE_OPENSSL)
|
|
|
|
# preparation for automake
|
|
# AM_CONDITIONAL([PKCS11_TOOLS], [test "$with_native_pkcs11" = "yes"])
|
|
diff --git a/lib/dns/dst_internal.h b/lib/dns/dst_internal.h
|
|
index bce2a9f..ef9d045 100644
|
|
--- a/lib/dns/dst_internal.h
|
|
+++ b/lib/dns/dst_internal.h
|
|
@@ -38,6 +38,13 @@
|
|
#include <isc/stdtime.h>
|
|
#include <isc/types.h>
|
|
|
|
+#ifndef USE_PKCS11
|
|
+#define USE_PKCS11 0
|
|
+#endif
|
|
+#ifndef USE_OPENSSL
|
|
+#define USE_OPENSSL (! USE_PKCS11)
|
|
+#endif
|
|
+
|
|
#if USE_PKCS11
|
|
#include <pk11/pk11.h>
|
|
#include <pk11/site.h>
|
|
@@ -98,11 +105,10 @@ struct dst_key {
|
|
void *generic;
|
|
gss_ctx_id_t gssctx;
|
|
DH *dh;
|
|
-#if USE_OPENSSL
|
|
- EVP_PKEY *pkey;
|
|
-#endif /* if USE_OPENSSL */
|
|
#if USE_PKCS11
|
|
pk11_object_t *pkey;
|
|
+#else
|
|
+ EVP_PKEY *pkey;
|
|
#endif /* if USE_PKCS11 */
|
|
dst_hmac_key_t *hmac_key;
|
|
} keydata; /*%< pointer to key in crypto pkg fmt */
|
|
--
|
|
2.21.1
|
|
|