Commit 65c7147e authored by Jan Včelák's avatar Jan Včelák 🚀

DNSSEC: enable ECDSA with OpenSSL 1.0.1 and higher

parent 6f15a79c
......@@ -138,6 +138,7 @@ src/libknot/dname.h
src/libknot/dnssec/algorithm.c
src/libknot/dnssec/algorithm.h
src/libknot/dnssec/cleanup.h
src/libknot/dnssec/config.h
src/libknot/dnssec/key.c
src/libknot/dnssec/key.h
src/libknot/dnssec/nsec-bitmap.h
......@@ -273,7 +274,6 @@ tests/journal.c
tests/rrl.c
tests/rrset.c
tests/runtests.c
tests/sample_conf.c
tests/sample_conf.h
tests/server.c
tests/slab.c
......
......@@ -6,7 +6,7 @@ Knot DNS has several dependencies:
* autoconf > 2.65
* flex >= 2.5.31
* bison >= 2.3
* libssl >= 0.9.8
* libssl >= 0.9.8 (>= 1.0.1 required for ECDSA)
* liburcu >= 0.5.4
Optional packages:
......
......@@ -151,6 +151,7 @@ libknot_la_SOURCES = \
libknot/dnssec/algorithm.c \
libknot/dnssec/algorithm.h \
libknot/dnssec/cleanup.h \
libknot/dnssec/config.h \
libknot/dnssec/key.c \
libknot/dnssec/key.h \
libknot/dnssec/nsec-bitmap.h \
......
/* Copyright (C) 2013 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*!
* \file config.h
*
* \author Jan Vcelak <jan.vcelak@nic.cz>
*
* \brief DNSSEC configuration for Knot DNS.
*
* \addtogroup dnssec
* @{
*/
#ifndef _KNOT_DNSSEC_CONFIG_H_
#define _KNOT_DNSSEC_CONFIG_H_
#include <openssl/opensslconf.h>
// ECDSA support requires OpenSSL version >= 1.0.1
#if !defined(OPENSSL_NO_ECDSA) && OPENSSL_VERSION_NUMBER >= 0x10001000
#define KNOT_ENABLE_ECDSA 1
#else
#undef KNOT_ENABLE_ECDSA
#endif
#endif // _KNOT_DNSSEC_CONFIG_H_
/*! @} */
......@@ -18,18 +18,20 @@
#include <assert.h>
#include <openssl/dsa.h>
#include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_ECDSA
#include <openssl/ecdsa.h>
#endif
#include <openssl/evp.h>
#include <openssl/rsa.h>
#include "common/descriptor.h"
#include "common/errcode.h"
#include "libknot/common.h"
#include "libknot/dnssec/algorithm.h"
#include "libknot/dnssec/config.h"
#include "libknot/dnssec/key.h"
#include "libknot/dnssec/sign.h"
#ifdef KNOT_ENABLE_ECDSA
#include <openssl/ecdsa.h>
#endif
struct algorithm_functions;
typedef struct algorithm_functions algorithm_functions_t;
......@@ -404,7 +406,7 @@ static int dsa_sign_verify(const knot_dnssec_sign_context_t *context,
/*- EC specific --------------------------------------------------------------*/
#ifndef OPENSSL_NO_ECDSA
#ifdef KNOT_ENABLE_ECDSA
/*!
* \brief Decode ECDSA public key from RDATA and set it into EC key.
......@@ -644,7 +646,7 @@ static const algorithm_functions_t dsa_functions = {
dsa_sign_verify
};
#ifndef OPENSSL_NO_ECDSA
#ifdef KNOT_ENABLE_ECDSA
static const algorithm_functions_t ecdsa_functions = {
ecdsa_create_pkey,
ecdsa_sign_size,
......@@ -675,7 +677,7 @@ static const algorithm_functions_t *get_implementation(int algorithm)
return &dsa_functions;
case KNOT_DNSSEC_ALG_ECDSAP256SHA256:
case KNOT_DNSSEC_ALG_ECDSAP384SHA384:
#ifndef OPENSSL_NO_ECDSA
#ifdef KNOT_ENABLE_ECDSA
return &ecdsa_functions;
#endif
default:
......
......@@ -20,13 +20,14 @@
#include <tests/tap/basic.h>
#include "common/errcode.h"
#include "libknot/dnssec/sign.h"
#include "libknot/dnssec/cleanup.h"
#include "libknot/dnssec/config.h"
#include "libknot/dnssec/sign.h"
#ifdef OPENSSL_NO_ECDSA
static const int ecdsa_supported = 0;
#else
#ifdef KNOT_ENABLE_ECDSA
static const int ecdsa_supported = 1;
#else
static const int ecdsa_supported = 0;
#endif
static void test_algorithm(const char *alg, const knot_key_params_t *kp)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment