disable algorithm 13 and 14 in the opensslsigner if OpenSSL does not support ecdsa...

diff --git a/configure.ac b/configure.ac
index 3920a42639f9851066633ce4f77332c838b531f1..5e41bee834302994e6b9211aee87a5194a30cf8d 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -346,6 +346,10 @@ AC_MSG_NOTICE([LIBS: $LIBS])
 AC_MSG_NOTICE([])
 AC_MSG_NOTICE([BOOST_CPPFLAGS: $BOOST_CPPFLAGS])
 AC_MSG_NOTICE([])
+AS_IF([test "x$openssl_ecdsa" == "xyes"],
+  [AC_MSG_NOTICE([OpenSSL ecdsa support: yes])],
+  [AC_MSG_NOTICE([OpenSSL ecdsa support: no])]
+)
 AS_IF([test "x$needsqlite3" != "x"],
   [AC_MSG_NOTICE([SQLite3 support: yes])],
   [AC_MSG_NOTICE([SQLite3 support: no])]

diff --git a/m4/ax_check_openssl.m4 b/m4/ax_check_openssl.m4
index 6bbfde856a4ec23b4ed4a0619fd07adb2c0c2635..12207f9ff25ade54361634a61a73f1e864541f3c 100644 (file)
--- a/m4/ax_check_openssl.m4
+++ b/m4/ax_check_openssl.m4
@@ -109,6 +109,18 @@ AC_DEFUN([AX_CHECK_OPENSSL], [
         [AC_LANG_PROGRAM([#include <openssl/crypto.h>], [CRYPTO_free(NULL)])],
         [
             AC_MSG_RESULT([yes])
+            openssl_ecdsa=yes
+            AC_CHECK_FUNC(ECDSA_do_sign,
+            [
+                AC_CHECK_DECLS([NID_X9_62_prime256v1, NID_secp384r1], [ : ], [ openssl_ecdsa=no ], [AC_INCLUDES_DEFAULT
+#include <openssl/evp.h>
+                ])
+            ], [
+                openssl_ecdsa=no
+            ])
+            AS_IF([test "x$openssl_ecdsa" = "xyes"], [
+                AC_DEFINE([OPENSSL_USE_ECDSA], [1], [define to 1 if OpenSSL ecdsa support is avalable.])
+            ])
             $1
         ], [
             AC_MSG_RESULT([no])

diff --git a/pdns/opensslsigners.cc b/pdns/opensslsigners.cc
index 8c37dd7051b4b3b9f54414a5a781d6fa13c9afdf..c420c43a771a40a4e6c7c326d9dfe0ab274a295c 100644 (file)
--- a/pdns/opensslsigners.cc
+++ b/pdns/opensslsigners.cc
@@ -2,7 +2,9 @@
 #include "config.h"
 #endif
 #include <openssl/obj_mac.h>
+#ifdef OPENSSL_USE_ECDSA
 #include <openssl/ecdsa.h>
+#endif
 #include <openssl/sha.h>
 #include <openssl/rand.h>
 #include <openssl/rsa.h>
@@ -416,6 +418,7 @@ void OpenSSLRSADNSCryptoKeyEngine::fromPublicKeyString(const std::string& input)
   d_key = key;
 }
 
+#ifdef OPENSSL_USE_ECDSA
 class OpenSSLECDSADNSCryptoKeyEngine : public DNSCryptoKeyEngine
 {
 public:
@@ -716,6 +719,7 @@ void OpenSSLECDSADNSCryptoKeyEngine::fromPublicKeyString(const std::string& inpu
 
   EC_POINT_free(pub_key);
 }
+#endif
 
 
 namespace {
@@ -727,8 +731,10 @@ namespace {
       DNSCryptoKeyEngine::report(7, &OpenSSLRSADNSCryptoKeyEngine::maker);
       DNSCryptoKeyEngine::report(8, &OpenSSLRSADNSCryptoKeyEngine::maker);
       DNSCryptoKeyEngine::report(10, &OpenSSLRSADNSCryptoKeyEngine::maker);
+#ifdef OPENSSL_USE_ECDSA
       DNSCryptoKeyEngine::report(13, &OpenSSLECDSADNSCryptoKeyEngine::maker);
       DNSCryptoKeyEngine::report(14, &OpenSSLECDSADNSCryptoKeyEngine::maker);
+#endif
     }
   } loaderOpenSSL;
 }