address win32 build issues

- Replace external -DOPENSSL/-DPKCS11CRYPTO with properly AC_DEFINEd
  HAVE_OPENSSL/HAVE_PKCS11
- Don't enforce the crypto provider from platform.h, just from dst_api.c
  and configure scripts

bin/check/Makefile.in

@@ -18,7 +18,7 @@ VERSION=@BIND9_VERSION@
 CINCLUDES =	${NS_INCLUDES} ${BIND9_INCLUDES} ${DNS_INCLUDES} ${ISCCFG_INCLUDES} \
 		${ISC_INCLUDES} @DST_OPENSSL_INC@
 
-CDEFINES = 	@CRYPTO@ -DNAMED_CONFFILE=\"${sysconfdir}/named.conf\"
+CDEFINES = 	-DNAMED_CONFFILE=\"${sysconfdir}/named.conf\"
 CWARNINGS =
 
 DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@

bin/confgen/Makefile.in

@@ -22,7 +22,7 @@ VERSION=@BIND9_VERSION@
 CINCLUDES = -I${srcdir}/include ${ISC_INCLUDES} ${ISCCC_INCLUDES} \
 	${ISCCFG_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES}
 
-CDEFINES =	@CRYPTO@
+CDEFINES =
 CWARNINGS =
 
 ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@

bin/confgen/ddns-confgen.c

@@ -36,7 +36,7 @@
 #include <isc/time.h>
 #include <isc/util.h>
 
-#ifdef PKCS11CRYPTO
+#if HAVE_PKCS11
 #include <pk11/result.h>
 #endif
 
@@ -102,7 +102,7 @@ main(int argc, char **argv) {
 	int len = 0;
 	int ch;
 
-#ifdef PKCS11CRYPTO
+#if HAVE_PKCS11
 	pk11_result_register();
 #endif
 	dns_result_register();

bin/confgen/unix/Makefile.in

@@ -16,7 +16,7 @@ top_srcdir =	@top_srcdir@
 CINCLUDES =	-I${srcdir}/include -I${srcdir}/../include \
 		${DNS_INCLUDES} ${ISC_INCLUDES}
 
-CDEFINES =	@CRYPTO@
+CDEFINES =
 CWARNINGS =
 
 OBJS =		os.@O@

bin/delv/Makefile.in

@@ -18,7 +18,7 @@ VERSION=@BIND9_VERSION@
 CINCLUDES =	-I${srcdir}/include ${DNS_INCLUDES} ${ISC_INCLUDES} \
 		${IRS_INCLUDES} ${ISCCFG_INCLUDES} @DST_OPENSSL_INC@
 
-CDEFINES =	@CRYPTO@ -DVERSION=\"${VERSION}\" \
+CDEFINES =	-DVERSION=\"${VERSION}\" \
 		-DSYSCONFDIR=\"${sysconfdir}\"
 CWARNINGS =
 

bin/dig/Makefile.in

@@ -21,7 +21,7 @@ CINCLUDES =	-I${srcdir}/include ${DNS_INCLUDES} \
 		${BIND9_INCLUDES} ${ISC_INCLUDES} \
 		${IRS_INCLUDES} ${ISCCFG_INCLUDES} @LIBIDN2_CFLAGS@ @DST_OPENSSL_INC@
 
-CDEFINES =	-DVERSION=\"${VERSION}\" @CRYPTO@
+CDEFINES =	-DVERSION=\"${VERSION}\"
 CWARNINGS =
 
 ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@

bin/dig/dighost.c

@@ -86,7 +86,7 @@
 
 #include <dig/dig.h>
 
-#ifdef PKCS11CRYPTO
+#if HAVE_PKCS11
 #include <pk11/result.h>
 #endif
 
@@ -1340,7 +1340,7 @@ setup_libs(void) {
 
 	debug("setup_libs()");
 
-#ifdef PKCS11CRYPTO
+#if HAVE_PKCS11
 	pk11_result_register();
 #endif
 	dns_result_register();

bin/dnssec/Makefile.in

@@ -18,7 +18,7 @@ VERSION=@BIND9_VERSION@
 CINCLUDES =	${DNS_INCLUDES} ${ISC_INCLUDES} @DST_OPENSSL_INC@
 
 CDEFINES =	-DVERSION=\"${VERSION}\" @USE_PKCS11@ @PKCS11_ENGINE@ \
-		@CRYPTO@ -DPK11_LIB_LOCATION=\"@PKCS11_PROVIDER@\"
+		-DPK11_LIB_LOCATION=\"@PKCS11_PROVIDER@\"
 CWARNINGS =
 
 DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@

bin/dnssec/dnssec-cds.c

@@ -53,7 +53,7 @@
 
 #include <dst/dst.h>
 
-#ifdef PKCS11CRYPTO
+#if HAVE_PKCS11
 #include <pk11/result.h>
 #endif
 
@@ -1147,7 +1147,7 @@ main(int argc, char *argv[]) {
 		fatal("out of memory");
 	}
 
-#ifdef PKCS11CRYPTO
+#if HAVE_PKCS11
 	pk11_result_register();
 #endif
 	dns_result_register();

bin/dnssec/dnssec-dsfromkey.c

@@ -41,7 +41,7 @@
 
 #include <dst/dst.h>
 
-#ifdef PKCS11CRYPTO
+#if HAVE_PKCS11
 #include <pk11/result.h>
 #endif
 
@@ -370,7 +370,7 @@ main(int argc, char **argv) {
 	if (result != ISC_R_SUCCESS)
 		fatal("out of memory");
 
-#ifdef PKCS11CRYPTO
+#if HAVE_PKCS11
 	pk11_result_register();
 #endif
 	dns_result_register();

bin/dnssec/dnssec-importkey.c

@@ -41,7 +41,7 @@
 
 #include <dst/dst.h>
 
-#ifdef PKCS11CRYPTO
+#if HAVE_PKCS11
 #include <pk11/result.h>
 #endif
 
@@ -310,7 +310,7 @@ main(int argc, char **argv) {
 	if (result != ISC_R_SUCCESS)
 		fatal("out of memory");
 
-#ifdef PKCS11CRYPTO
+#if HAVE_PKCS11
 	pk11_result_register();
 #endif
 	dns_result_register();

bin/dnssec/dnssec-keyfromlabel.c

@@ -37,7 +37,7 @@
 
 #include <dst/dst.h>
 
-#ifdef PKCS11CRYPTO
+#if HAVE_PKCS11
 #include <pk11/result.h>
 #endif
 
@@ -69,7 +69,7 @@ usage(void) {
 	fprintf(stderr, "    -3: use NSEC3-capable algorithm\n");
 	fprintf(stderr, "    -c class (default: IN)\n");
 	fprintf(stderr, "    -E <engine>:\n");
-#if defined(PKCS11CRYPTO)
+#if HAVE_PKCS11
 	fprintf(stderr, "        path to PKCS#11 provider library "
 				"(default is %s)\n", PK11_LIB_LOCATION);
 #elif defined(USE_PKCS11)
@@ -173,7 +173,7 @@ main(int argc, char **argv) {
 
 	RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
 
-#ifdef PKCS11CRYPTO
+#if HAVE_PKCS11
 	pk11_result_register();
 #endif
 	dns_result_register();
@@ -607,7 +607,7 @@ main(int argc, char **argv) {
 
 	/* associate the key */
 	ret = dst_key_fromlabel(name, alg, flags, protocol, rdclass,
-#ifdef PKCS11CRYPTO
+#if HAVE_PKCS11
 				"pkcs11",
 #else
 				engine,

bin/dnssec/dnssec-keygen.c

@@ -52,7 +52,7 @@
 
 #include <dst/dst.h>
 
-#ifdef PKCS11CRYPTO
+#if HAVE_PKCS11
 #include <pk11/result.h>
 #endif
 
@@ -106,7 +106,7 @@ usage(void) {
 	fprintf(stderr, "    -c <class>: (default: IN)\n");
 	fprintf(stderr, "    -d <digest bits> (0 => max, default)\n");
 	fprintf(stderr, "    -E <engine>:\n");
-#if defined(PKCS11CRYPTO)
+#if HAVE_PKCS11
 	fprintf(stderr, "        path to PKCS#11 provider library "
 				"(default is %s)\n", PK11_LIB_LOCATION);
 #elif defined(USE_PKCS11)
@@ -247,7 +247,7 @@ main(int argc, char **argv) {
 	if (argc == 1)
 		usage();
 
-#ifdef PKCS11CRYPTO
+#if HAVE_PKCS11
 	pk11_result_register();
 #endif
 	dns_result_register();

bin/dnssec/dnssec-revoke.c

@@ -30,7 +30,7 @@
 
 #include <dst/dst.h>
 
-#ifdef PKCS11CRYPTO
+#if HAVE_PKCS11
 #include <pk11/result.h>
 #endif
 
@@ -49,7 +49,7 @@ usage(void) {
 	fprintf(stderr, "Usage:\n");
 	fprintf(stderr,	"    %s [options] keyfile\n\n", program);
 	fprintf(stderr, "Version: %s\n", VERSION);
-#if defined(PKCS11CRYPTO)
+#if HAVE_PKCS11
 	fprintf(stderr, "    -E engine:    specify PKCS#11 provider "
 					"(default: %s)\n", PK11_LIB_LOCATION);
 #elif defined(USE_PKCS11)
@@ -100,7 +100,7 @@ main(int argc, char **argv) {
 	if (result != ISC_R_SUCCESS)
 		fatal("Out of memory");
 
-#ifdef PKCS11CRYPTO
+#if HAVE_PKCS11
 	pk11_result_register();
 #endif
 	dns_result_register();

bin/dnssec/dnssec-settime.c

@@ -33,7 +33,7 @@
 
 #include <dst/dst.h>
 
-#ifdef PKCS11CRYPTO
+#if HAVE_PKCS11
 #include <pk11/result.h>
 #endif
 
@@ -53,7 +53,7 @@ usage(void) {
 	fprintf(stderr,	"    %s [options] keyfile\n\n", program);
 	fprintf(stderr, "Version: %s\n", VERSION);
 	fprintf(stderr, "General options:\n");
-#if defined(PKCS11CRYPTO)
+#if HAVE_PKCS11
 	fprintf(stderr, "    -E engine:          specify PKCS#11 provider "
 					"(default: %s)\n", PK11_LIB_LOCATION);
 #elif defined(USE_PKCS11)
@@ -178,7 +178,7 @@ main(int argc, char **argv) {
 
 	setup_logging(mctx, &log);
 
-#ifdef PKCS11CRYPTO
+#if HAVE_PKCS11
 	pk11_result_register();
 #endif
 	dns_result_register();

bin/dnssec/dnssec-signzone.c

@@ -79,7 +79,7 @@
 
 #include <dst/dst.h>
 
-#ifdef PKCS11CRYPTO
+#if HAVE_PKCS11
 #include <pk11/result.h>
 #endif
 
@@ -3057,7 +3057,7 @@ usage(void) {
 	fprintf(stderr, "verify generated signatures\n");
 	fprintf(stderr, "\t-c class (IN)\n");
 	fprintf(stderr, "\t-E engine:\n");
-#if defined(PKCS11CRYPTO)
+#if HAVE_PKCS11
 	fprintf(stderr, "\t\tpath to PKCS#11 provider library "
 		"(default is %s)\n", PK11_LIB_LOCATION);
 #elif defined(USE_PKCS11)
@@ -3212,7 +3212,7 @@ main(int argc, char *argv[]) {
 	if (result != ISC_R_SUCCESS)
 		fatal("out of memory");
 
-#ifdef PKCS11CRYPTO
+#if HAVE_PKCS11
 	pk11_result_register();
 #endif
 	dns_result_register();

bin/dnssec/dnssec-verify.c

@@ -61,7 +61,7 @@
 
 #include <dst/dst.h>
 
-#ifdef PKCS11CRYPTO
+#if HAVE_PKCS11
 #include <pk11/result.h>
 #endif
 
@@ -149,7 +149,7 @@ usage(void) {
 	fprintf(stderr, "\t\tfile format of input zonefile (text)\n");
 	fprintf(stderr, "\t-c class (IN)\n");
 	fprintf(stderr, "\t-E engine:\n");
-#if defined(PKCS11CRYPTO)
+#if HAVE_PKCS11
 	fprintf(stderr, "\t\tpath to PKCS#11 provider library "
 		"(default is %s)\n", PK11_LIB_LOCATION);
 #elif defined(USE_PKCS11)
@@ -211,7 +211,7 @@ main(int argc, char *argv[]) {
 	if (result != ISC_R_SUCCESS)
 		fatal("out of memory");
 
-#ifdef PKCS11CRYPTO
+#if HAVE_PKCS11
 	pk11_result_register();
 #endif
 	dns_result_register();

bin/named/Makefile.in

@@ -48,7 +48,7 @@ CINCLUDES =	-I${srcdir}/include -I${srcdir}/unix/include -I. \
 		${ISC_INCLUDES} ${DLZDRIVER_INCLUDES} \
 		${DBDRIVER_INCLUDES} @DST_OPENSSL_INC@
 
-CDEFINES =      @CONTRIB_DLZ@ @USE_PKCS11@ @PKCS11_ENGINE@ @CRYPTO@
+CDEFINES =      @CONTRIB_DLZ@ @USE_PKCS11@ @PKCS11_ENGINE@
 
 CWARNINGS =
 

bin/named/main.c

@@ -44,7 +44,7 @@
 #include <dns/view.h>
 
 #include <dst/result.h>
-#ifdef PKCS11CRYPTO
+#if HAVE_PKCS11
 #include <pk11/result.h>
 #endif
 
@@ -75,7 +75,7 @@
 #include <named/smf_globals.h>
 #endif
 
-#ifdef OPENSSL
+#if HAVE_OPENSSL
 #include <openssl/opensslv.h>
 #include <openssl/crypto.h>
 #endif
@@ -693,7 +693,7 @@ parse_command_line(int argc, char *argv[]) {
 #ifdef __SUNPRO_C
 			printf("compiled by Solaris Studio %x\n", __SUNPRO_C);
 #endif
-#ifdef OPENSSL
+#if HAVE_OPENSSL
 			printf("compiled with OpenSSL version: %s\n",
 			       OPENSSL_VERSION_TEXT);
 #if !defined(LIBRESSL_VERSION_NUMBER) && \
@@ -1279,7 +1279,7 @@ main(int argc, char *argv[]) {
 	dns_result_register();
 	dst_result_register();
 	isccc_result_register();
-#ifdef PKCS11CRYPTO
+#if HAVE_PKCS11
 	pk11_result_register();
 #endif
 

bin/named/unix/Makefile.in

@@ -17,7 +17,7 @@ CINCLUDES =	-I${srcdir}/include -I${srcdir}/../include \
 		${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} \
 		${DNS_INCLUDES} ${ISC_INCLUDES} @DST_OPENSSL_INC@
 
-CDEFINES =	@CRYPTO@
+CDEFINES =
 CWARNINGS =
 
 OBJS =		os.@O@ dlz_dlopen_driver.@O@

bin/nsupdate/Makefile.in

@@ -23,7 +23,7 @@ CINCLUDES =	${DNS_INCLUDES} ${BIND9_INCLUDES} ${ISC_INCLUDES} \
 		${ISCCFG_INCLUDES} ${IRS_INCLUDES} ${DST_GSSAPI_INC} \
 		@DST_OPENSSL_INC@
 
-CDEFINES =	-DVERSION=\"${VERSION}\" @CRYPTO@ @USE_GSSAPI@
+CDEFINES =	-DVERSION=\"${VERSION}\" @USE_GSSAPI@
 CWARNINGS =
 
 DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@

bin/pkcs11/Makefile.in

@@ -15,7 +15,7 @@ top_srcdir =	@top_srcdir@
 
 CINCLUDES =	${ISC_INCLUDES}
 
-CDEFINES =	@CRYPTO@
+CDEFINES =
 
 ISCLIBS =	../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@
 

bin/rndc/Makefile.in

@@ -18,7 +18,7 @@ VERSION=@BIND9_VERSION@
 CINCLUDES = -I${srcdir}/include ${ISC_INCLUDES} ${ISCCC_INCLUDES} \
 	${ISCCFG_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES}
 
-CDEFINES =	@CRYPTO@
+CDEFINES =
 CWARNINGS =
 
 ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@

bin/tests/Makefile.in

@@ -16,7 +16,7 @@ top_srcdir =	@top_srcdir@
 CINCLUDES =	${DNS_INCLUDES} ${ISC_INCLUDES} ${ISCCFG_INCLUDES} \
 		@DST_OPENSSL_INC@
 
-CDEFINES =	@CRYPTO@
+CDEFINES =
 CWARNINGS =
 BACKTRACECFLAGS = @BACKTRACECFLAGS@
 

bin/tests/optional/Makefile.in

@@ -16,7 +16,7 @@ top_srcdir =	@top_srcdir@
 CINCLUDES =	${DNS_INCLUDES} ${ISC_INCLUDES} ${ISCCFG_INCLUDES} \
 		@DST_OPENSSL_INC@ @DST_GSSAPI_INC@
 
-CDEFINES =	@CRYPTO@ @USE_GSSAPI@
+CDEFINES =	@USE_GSSAPI@
 
 CWARNINGS =
 BACKTRACECFLAGS = @BACKTRACECFLAGS@

bin/tests/pkcs11/Makefile.in

@@ -17,7 +17,7 @@ PROVIDER =	@PKCS11_PROVIDER@
 
 CINCLUDES =	${ISC_INCLUDES}
 
-CDEFINES =	-DPK11_LIB_LOCATION=\"${PROVIDER}\" @CRYPTO@
+CDEFINES =	-DPK11_LIB_LOCATION=\"${PROVIDER}\"
 
 ISCLIBS =	../../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@
 

bin/tests/pkcs11/benchmarks/Makefile.in

@@ -17,7 +17,7 @@ PROVIDER =	@PKCS11_PROVIDER@
 
 CINCLUDES =	${ISC_INCLUDES}
 
-CDEFINES =	-DPK11_LIB_LOCATION=\"${PROVIDER}\" @CRYPTO@
+CDEFINES =	-DPK11_LIB_LOCATION=\"${PROVIDER}\"
 
 ISCLIBS =	../../../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@
 

bin/tests/system/Makefile.in

@@ -19,7 +19,7 @@ SUBDIRS =	dlzexternal dyndb pipelined rndc rpz rsabigexponent tkey
 
 CINCLUDES =	${ISC_INCLUDES} ${DNS_INCLUDES}
 
-CDEFINES =	@USE_GSSAPI@ @CRYPTO@
+CDEFINES =	@USE_GSSAPI@
 CWARNINGS =
 
 DNSLIBS =

bin/tests/system/dlzexternal/Makefile.in

@@ -16,7 +16,7 @@ VERSION=@BIND9_VERSION@
 @BIND9_MAKE_INCLUDES@
 
 CINCLUDES =	${DNS_INCLUDES} ${ISC_INCLUDES} @DST_OPENSSL_INC@
-CDEFINES =	@CRYPTO@
+CDEFINES =
 CWARNINGS =
 
 LIBS =		@LIBS@

bin/tests/system/dyndb/driver/Makefile.in

@@ -15,7 +15,7 @@ top_srcdir =	@top_srcdir@
 
 CINCLUDES =	${DNS_INCLUDES} ${ISC_INCLUDES} @DST_OPENSSL_INC@
 
-CDEFINES =	@CRYPTO@
+CDEFINES =
 CWARNINGS =
 
 DNSLIBS =	../../../../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@

bin/tests/system/pipelined/Makefile.in

@@ -17,7 +17,7 @@ VERSION=@BIND9_VERSION@
 
 CINCLUDES =	${DNS_INCLUDES} ${ISC_INCLUDES} @DST_OPENSSL_INC@
 
-CDEFINES =	@CRYPTO@
+CDEFINES =
 CWARNINGS =
 
 DNSLIBS =	../../../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@

bin/tests/system/rndc/Makefile.in

@@ -17,7 +17,7 @@ VERSION=@BIND9_VERSION@
 
 CINCLUDES =	${ISC_INCLUDES}
 
-CDEFINES =	@CRYPTO@
+CDEFINES =
 CWARNINGS =
 
 ISCLIBS =	../../../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@

bin/tests/system/rpz/Makefile.in

@@ -17,7 +17,7 @@ VERSION=@BIND9_VERSION@
 
 CINCLUDES =     ${ISC_INCLUDES} ${DNS_INCLUDES}
 
-CDEFINES =	@CRYPTO@
+CDEFINES =
 CWARNINGS =
 
 DNSLIBS =

bin/tests/system/rsabigexponent/Makefile.in

@@ -17,7 +17,7 @@ VERSION=@BIND9_VERSION@
 
 CINCLUDES =	${DNS_INCLUDES} ${ISC_INCLUDES} @DST_OPENSSL_INC@
 
-CDEFINES =	@CRYPTO@
+CDEFINES =
 CWARNINGS =
 
 DNSLIBS =	../../../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@

bin/tests/system/rsabigexponent/bigkey.c

@@ -12,8 +12,6 @@
 
 #include <config.h>
 
-#if defined(OPENSSL) || defined(PKCS11CRYPTO)
-
 #include <stdio.h>
 #include <stdlib.h>
 
@@ -40,7 +38,7 @@
 #include <dst/dst.h>
 #include <dst/result.h>
 
-#if !defined(OPENSSL)
+#if !HAVE_OPENSSL
 
 /*
  * Use a fixed key file pair if compiled without OpenSSL.
@@ -105,7 +103,7 @@ main(int argc, char **argv) {
 
 	return(0);
 }
-#else
+#else /* !HAVE_OPENSSL */
 #include <openssl/err.h>
 #include <openssl/objects.h>
 #include <openssl/rsa.h>
@@ -220,20 +218,4 @@ main(int argc, char **argv) {
 }
 #endif
 
-#else /* OPENSSL || PKCS11CRYPTO */
-
-#include <stdio.h>
-#include <stdlib.h>
-
-#include <isc/util.h>
-
-int
-main(int argc, char **argv) {
-	UNUSED(argc);
-	UNUSED(argv);
-	fprintf(stderr, "Compiled without Crypto\n");
-	exit(1);
-}
-
-#endif /* OPENSSL || PKCS11CRYPTO */
 /*! \file */

bin/tests/system/tkey/Makefile.in

@@ -17,7 +17,7 @@ VERSION=@BIND9_VERSION@
 
 CINCLUDES =	${DNS_INCLUDES} ${ISC_INCLUDES} @DST_OPENSSL_INC@
 
-CDEFINES =	@CRYPTO@
+CDEFINES =
 CWARNINGS =
 
 DNSLIBS =	../../../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@

bin/tests/virtual-time/vtwrapper.c

@@ -9,6 +9,7 @@
  * information regarding copyright ownership.
  */
 
+#include <config.h>
 
 #define _GNU_SOURCE
 #include <sys/syscall.h>

bin/tools/Makefile.in

@@ -18,7 +18,7 @@ VERSION=@BIND9_VERSION@
 CINCLUDES =	${DNS_INCLUDES} ${ISC_INCLUDES} ${ISCCFG_INCLUDES} \
 		${BIND9_INCLUDES} @DST_OPENSSL_INC@
 
-CDEFINES =	@CRYPTO@ -DVERSION=\"${VERSION}\"
+CDEFINES =	-DVERSION=\"${VERSION}\"
 CWARNINGS =
 
 DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@

bin/win32/BINDInstall/BINDInstallDlg.cpp

@@ -137,7 +137,7 @@ const FileData installFiles[] =
 	{"libisccc.dll", FileData::BinDir, FileData::Critical, FALSE, TRUE},
 	{"libdns.dll", FileData::BinDir, FileData::Critical, FALSE, TRUE},
 	{"libirs.dll", FileData::BinDir, FileData::Critical, FALSE, TRUE},
-#ifdef OPENSSL
+#if HAVE_OPENSSL
 	{"libeay32.dll", FileData::BinDir, FileData::Critical, FALSE, TRUE},
 #endif
 #ifdef HAVE_LIBXML2

config.h.in

@@ -377,6 +377,9 @@ int sigwait(const unsigned int *set, int *sig);
 /* Define to 1 if you have the <net/route.h> header file. */
 #undef HAVE_NET_ROUTE_H
 
+/* Define if OpenSSL is used as cryptographic library provider. */
+#undef HAVE_OPENSSL
+
 /* Define if your OpenSSL version supports AES */
 #undef HAVE_OPENSSL_AES
 
@@ -395,6 +398,9 @@ int sigwait(const unsigned int *set, int *sig);
 /* Define if your OpenSSL version supports GOST. */
 #undef HAVE_OPENSSL_GOST
 
+/* Define if native PKCS#11 is used as cryptographic library provider */
+#undef HAVE_PKCS11
+
 /* Define if your PKCS11 provider supports ECDSA. */
 #undef HAVE_PKCS11_ECDSA
 

config.h.win32

@@ -330,6 +330,9 @@ typedef __int64 off_t;
 /* Define if your OpenSSL version supports GOST. */
 @HAVE_OPENSSL_GOST@
 
+/* Define if native PKCS#11 is used as cryptographic library provider */
+@HAVE_PKCS11@
+
 /* Define if your PKCS11 provider supports ECDSA. */
 @HAVE_PKCS11_ECDSA@
 
@@ -345,6 +348,9 @@ typedef __int64 off_t;
 /* Define if GOST private keys are encoded in ASN.1. */
 @PREFER_GOSTASN1@
 
+/* Define if OpenSSL is used as cryptographic library provider. */
+@HAVE_OPENSSL@
+
 /* Define if your OpenSSL version supports EVP AES */
 @HAVE_OPENSSL_EVP_AES@
 

configure

@@ -801,7 +801,6 @@ PKCS11_TEST
 PKCS11_ED25519
 PKCS11_GOST
 PKCS11_ECDSA
-CRYPTO
 PKCS11LINKSRCS
 PKCS11LINKOBJS
 PKCS11_PROVIDER
@@ -16174,7 +16173,7 @@ case "$use_openssl" in
 		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: disabled because of native PKCS11" >&5
 $as_echo "disabled because of native PKCS11" >&6; }
 		DST_OPENSSL_INC=""
-		CRYPTO="-DPKCS11CRYPTO"
+		CRYPTO="PKCS11"
 		CRYPTOLIB="pkcs11"
 		OPENSSLECDSALINKOBJS=""
 		OPENSSLECDSALINKSRCS=""
@@ -16184,6 +16183,9 @@ $as_echo "disabled because of native PKCS11" >&6; }
 		OPENSSLGOSTLINKSRCS=""
 		OPENSSLLINKOBJS=""
 		OPENSSLLINKSRCS=""
+
+$as_echo "#define HAVE_PKCS11 1" >>confdefs.h
+
 		;;
 	no)
 		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
@@ -16243,7 +16245,7 @@ $as_echo "not found" >&6; }
 		then
 			as_fn_error $? "\"$use_openssl/include/openssl/opensslv.h\" not found" "$LINENO" 5
 		fi
-		CRYPTO='-DOPENSSL'
+		CRYPTO='OPENSSL'
 		CRYPTOLIB="openssl"
 		if test "/usr" = "$use_openssl"
 		then
@@ -16287,6 +16289,8 @@ $as_echo "using OpenSSL from $use_openssl/lib and $use_openssl/include" >&6; }
 		CFLAGS="$DST_OPENSSL_INC $CFLAGS"
 		LIBS="$DST_OPENSSL_LIBS $LIBS"
 
+$as_echo "#define HAVE_OPENSSL 1" >>confdefs.h
+
 		{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL >= 1.0.0 or LibreSSL" >&5
 $as_echo_n "checking for OpenSSL >= 1.0.0 or LibreSSL... " >&6; }
 		cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -16928,7 +16932,7 @@ $as_echo_n "checking for using OpenSSL for hash functions... " >&6; }
 ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH"
 if test "whenossl" = "$want_openssl_hash"
 then
-	if test "X$CRYPTO" = "X-DOPENSSL"
+	if test "$CRYPTO" = "OPENSSL"
 	then
 		want_openssl_hash="yes"
 	else
@@ -16937,7 +16941,7 @@ then
 fi
 case $want_openssl_hash in
 	yes)
-		if test "X$CRYPTO" != "X-DOPENSSL"
+		if test "$CRYPTO" != "OPENSSL"
 		then
 			as_fn_error $? "No OpenSSL for hash functions" "$LINENO" 5
 		fi
@@ -16999,7 +17003,7 @@ $as_echo "yes" >&6; }
 		if ! $use_threads; then
 			as_fn_error $? "PKCS11 requires thread support" "$LINENO" 5
 		fi
-		if test "X$CRYPTO" = "X-DOPENSSL"
+		if test "$CRYPTO" = "OPENSSL"
 		then
 			{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL with PKCS11 support" >&5
 $as_echo_n "checking for OpenSSL with PKCS11 support... " >&6; }
@@ -17245,7 +17249,6 @@ esac
 
 
 
-
 if test "X$CRYPTO" = "X"; then
 #        cat << \EOF
 as_fn_error $? "No cryptography library has been found or provided.

configure.in

@@ -1471,7 +1471,7 @@ case "$use_openssl" in
 	native_pkcs11)
 		AC_MSG_RESULT(disabled because of native PKCS11)
 		DST_OPENSSL_INC=""
-		CRYPTO="-DPKCS11CRYPTO"
+		CRYPTO="PKCS11"
 		CRYPTOLIB="pkcs11"
 		OPENSSLECDSALINKOBJS=""
 		OPENSSLECDSALINKSRCS=""
@@ -1481,6 +1481,7 @@ case "$use_openssl" in
 		OPENSSLGOSTLINKSRCS=""
 		OPENSSLLINKOBJS=""
 		OPENSSLLINKSRCS=""
+		AC_DEFINE([HAVE_PKCS11],[1],[Define if native PKCS#11 is used as cryptographic library provider])
 		;;
 	no)
 		AC_MSG_RESULT(no)
@@ -1539,7 +1540,7 @@ If you do not want OpenSSL, use --without-openssl])
 		then
 			AC_MSG_ERROR(["$use_openssl/include/openssl/opensslv.h" not found])
 		fi
-		CRYPTO='-DOPENSSL'
+		CRYPTO='OPENSSL'
 		CRYPTOLIB="openssl"
 		if test "/usr" = "$use_openssl"
 		then
@@ -1581,7 +1582,7 @@ If you do not want OpenSSL, use --without-openssl])
 		saved_libs="$LIBS"
 		CFLAGS="$DST_OPENSSL_INC $CFLAGS"
 		LIBS="$DST_OPENSSL_LIBS $LIBS"
-
+		AC_DEFINE([HAVE_OPENSSL],[1],[Define if OpenSSL is used as cryptographic library provider.])
 		AC_MSG_CHECKING(for OpenSSL >= 1.0.0 or LibreSSL)
 		AC_TRY_COMPILE([
 #include <openssl/opensslv.h>
@@ -2014,7 +2015,7 @@ AC_MSG_CHECKING(for using OpenSSL for hash functions)
 ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH"
 if test "whenossl" = "$want_openssl_hash"
 then
-	if test "X$CRYPTO" = "X-DOPENSSL"
+	if test "$CRYPTO" = "OPENSSL"
 	then
 		want_openssl_hash="yes"
 	else
@@ -2023,7 +2024,7 @@ then
 fi
 case $want_openssl_hash in
 	yes)
-		if test "X$CRYPTO" != "X-DOPENSSL"
+		if test "$CRYPTO" != "OPENSSL"
 		then
 			AC_MSG_ERROR([No OpenSSL for hash functions])
 		fi
@@ -2080,7 +2081,7 @@ case "$use_pkcs11" in
 		if ! $use_threads; then
 			AC_MSG_ERROR([PKCS11 requires thread support])
 		fi
-		if test "X$CRYPTO" = "X-DOPENSSL"
+		if test "$CRYPTO" = "OPENSSL"
 		then
 			AC_MSG_CHECKING(for OpenSSL with PKCS11 support)
 			saved_cc="$CC"
@@ -2269,7 +2270,6 @@ esac
 
 AC_SUBST(PKCS11LINKOBJS)
 AC_SUBST(PKCS11LINKSRCS)
-AC_SUBST(CRYPTO)
 AC_SUBST(PKCS11_ECDSA)
 AC_SUBST(PKCS11_GOST)
 AC_SUBST(PKCS11_ED25519)

contrib/dlz/bin/dlzbdb/Makefile.in

@@ -17,7 +17,7 @@ DLZINCLUDES =	@DLZ_DRIVER_INCLUDES@
 CINCLUDES =	-I${srcdir}/include -I${srcdir}/unix/include \
                 ${ISC_INCLUDES} ${DLZINCLUDES}
 
-CDEFINES =      @CONTRIB_DLZ@ @CRYPTO@
+CDEFINES =      @CONTRIB_DLZ@
 CWARNINGS =
 
 DLZLIBS = 	@DLZ_DRIVER_LIBS@

lib/bind9/Makefile.in

@@ -20,7 +20,7 @@ VERSION=@BIND9_VERSION@
 CINCLUDES =	-I. ${BIND9_INCLUDES} ${DNS_INCLUDES} ${ISC_INCLUDES} \
 		${ISCCFG_INCLUDES} @ISC_OPENSSL_INC@
 
-CDEFINES =	@CRYPTO@
+CDEFINES =
 CWARNINGS =
 
 ISCLIBS =	../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@

lib/bind9/version.c

@@ -11,6 +11,7 @@
 
 
 /*! \file */
+#include <config.h>
 
 #include <bind9/version.h>
 

lib/bind9/win32/DLLMain.c

@@ -9,6 +9,7 @@
  * information regarding copyright ownership.
  */
 
+#include <config.h>
 
 #include <windows.h>
 #include <signal.h>

lib/bind9/win32/version.c

@@ -9,6 +9,7 @@
  * information regarding copyright ownership.
  */
 
+#include <config.h>
 
 #include <versions.h>
 

lib/dns/Makefile.in

@@ -29,7 +29,7 @@ USE_ISC_SPNEGO = @USE_ISC_SPNEGO@
 CINCLUDES =	-I. -I${top_srcdir}/lib/dns -Iinclude ${DNS_INCLUDES} \
 		${ISC_INCLUDES} @DST_OPENSSL_INC@ @DST_GSSAPI_INC@
 
-CDEFINES =	-DUSE_MD5 @CRYPTO@ @USE_GSSAPI@ ${USE_ISC_SPNEGO}
+CDEFINES =	-DUSE_MD5 @USE_GSSAPI@ ${USE_ISC_SPNEGO}
 
 CWARNINGS =
 

lib/dns/compress.c

@@ -9,12 +9,12 @@
  * information regarding copyright ownership.
  */
 
+#include <config.h>
+
 /*! \file */
 
 #define DNS_NAME_USEINLINE 1
 
-#include <config.h>
-
 #include <isc/mem.h>
 #include <isc/string.h>
 #include <isc/util.h>

lib/dns/dst_api.c

@@ -123,7 +123,7 @@ static isc_result_t	addsuffix(char *filename, int len,
 			return (_r);		\
 	} while (0);				\
 
-#if defined(OPENSSL)
+#if HAVE_OPENSSL
 static void *
 default_memalloc(void *arg, size_t size) {
 	UNUSED(arg);
@@ -146,13 +146,11 @@ dst_lib_init(isc_mem_t *mctx, const char *engine) {
 	REQUIRE(mctx != NULL);
 	REQUIRE(dst_initialized == ISC_FALSE);
 
-#if !defined(OPENSSL) && !defined(PKCS11CRYPTO)
 	UNUSED(engine);
-#endif
 
 	dst__memory_pool = NULL;
 
-#if defined(OPENSSL)
+#if HAVE_OPENSSL
 	UNUSED(mctx);
 	/*
 	 * When using --with-openssl, there seems to be no good way of not
@@ -170,9 +168,9 @@ dst_lib_init(isc_mem_t *mctx, const char *engine) {
 #ifndef OPENSSL_LEAKS
 	isc_mem_setdestroycheck(dst__memory_pool, ISC_FALSE);
 #endif
-#else /* OPENSSL */
+#else /* HAVE_OPENSSL */
 	isc_mem_attach(mctx, &dst__memory_pool);
-#endif /* OPENSSL */
+#endif /* HAVE_OPENSSL */
 
 	dst_result_register();
 
@@ -185,7 +183,7 @@ dst_lib_init(isc_mem_t *mctx, const char *engine) {
 	RETERR(dst__hmacsha256_init(&dst_t_func[DST_ALG_HMACSHA256]));
 	RETERR(dst__hmacsha384_init(&dst_t_func[DST_ALG_HMACSHA384]));
 	RETERR(dst__hmacsha512_init(&dst_t_func[DST_ALG_HMACSHA512]));
-#ifdef OPENSSL
+#if HAVE_OPENSSL
 	RETERR(dst__openssl_init(engine));
 #ifndef PK11_MD5_DISABLE
 	RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSAMD5],
@@ -219,7 +217,7 @@ dst_lib_init(isc_mem_t *mctx, const char *engine) {
 #ifdef HAVE_OPENSSL_ED448
 	RETERR(dst__openssleddsa_init(&dst_t_func[DST_ALG_ED448]));
 #endif
-#elif PKCS11CRYPTO
+#elif HAVE_PKCS11
 	RETERR(dst__pkcs11_init(mctx, engine));
 #ifndef PK11_MD5_DISABLE
 	RETERR(dst__pkcs11rsa_init(&dst_t_func[DST_ALG_RSAMD5]));
@@ -248,14 +246,11 @@ dst_lib_init(isc_mem_t *mctx, const char *engine) {
 #ifdef HAVE_PKCS11_GOST
 	RETERR(dst__pkcs11gost_init(&dst_t_func[DST_ALG_ECCGOST]));
 #endif
-#endif /* if OPENSSL, elif PKCS11CRYPTO */
+#endif /* if HAVE_OPENSSL, elif HAVE_PKCS11 */
 #ifdef GSSAPI
 	RETERR(dst__gssapi_init(&dst_t_func[DST_ALG_GSSAPI]));
 #endif
 
-#if !defined(OPENSSL) && !defined(PKCS11CRYPTO)
-#error Either OpenSSL or PKCS#11 cryptographic provider needed.
-#endif /* !defined(OPENSSL) && !defined(PKCS11CRYPTO) */
 	dst_initialized = ISC_TRUE;
 	return (ISC_R_SUCCESS);
 
@@ -275,13 +270,13 @@ dst_lib_destroy(void) {
 	for (i = 0; i < DST_MAX_ALGS; i++)
 		if (dst_t_func[i] != NULL && dst_t_func[i]->cleanup != NULL)
 			dst_t_func[i]->cleanup();
-#if defined(OPENSSL) || defined(PKCS11CRYPTO)
-#ifdef OPENSSL
+#if HAVE_OPENSSL
 	dst__openssl_destroy();
-#elif PKCS11CRYPTO
+#elif HAVE_PKCS11
 	(void) dst__pkcs11_destroy();
-#endif /* if OPENSSL, elif PKCS11CRYPTO */
-#endif /* defined(OPENSSL) || defined(PKCS11CRYPTO) */
+#else
+#error Either OpenSSL or PKCS#11 cryptographic provider needed.
+#endif /* if HAVE_OPENSSL, elif HAVE_PKCS11 */
 	if (dst__memory_pool != NULL)
 		isc_mem_detach(&dst__memory_pool);
 }
@@ -1880,19 +1875,9 @@ static isc_result_t
 algorithm_status(unsigned int alg) {
 	REQUIRE(dst_initialized == ISC_TRUE);
 
-	if (dst_algorithm_supported(alg))
+	if (dst_algorithm_supported(alg)) {		
 		return (ISC_R_SUCCESS);
-#if !defined(OPENSSL) && !defined(PKCS11CRYPTO)
-	if (alg == DST_ALG_RSAMD5 || alg == DST_ALG_RSASHA1 ||
-	    alg == DST_ALG_DSA || alg == DST_ALG_DH ||
-	    alg == DST_ALG_HMACMD5 || alg == DST_ALG_NSEC3DSA ||
-	    alg == DST_ALG_NSEC3RSASHA1 ||
-	    alg == DST_ALG_RSASHA256 || alg == DST_ALG_RSASHA512 ||
-	    alg == DST_ALG_ECCGOST ||
-	    alg == DST_ALG_ECDSA256 || alg == DST_ALG_ECDSA384 ||
-	    alg == DST_ALG_ED25519 || alg == DST_ALG_ED448)
-		return (DST_R_NOCRYPTO);
-#endif
+	}
 	return (DST_R_UNSUPPORTEDALG);
 }
 

lib/dns/dst_internal.h

@@ -47,7 +47,7 @@
 
 #include <dst/dst.h>
 
-#ifdef OPENSSL
+#if HAVE_OPENSSL
 #ifndef PK11_DH_DISABLE
 #include <openssl/dh.h>
 #endif
@@ -112,7 +112,7 @@ struct dst_key {
 	union {
 		void *generic;
 		gss_ctx_id_t gssctx;
-#ifdef OPENSSL
+#if HAVE_OPENSSL
 #ifndef PK11_DSA_DISABLE
 		DSA *dsa;
 #endif
@@ -120,7 +120,7 @@ struct dst_key {
 		DH *dh;
 #endif
 		EVP_PKEY *pkey;
-#elif PKCS11CRYPTO
+#elif HAVE_PKCS11
 		pk11_object_t *pkey;
 #endif
 #ifndef PK11_MD5_DISABLE
@@ -172,9 +172,9 @@ struct dst_context {
 		isc_hmacsha256_t *hmacsha256ctx;
 		isc_hmacsha384_t *hmacsha384ctx;
 		isc_hmacsha512_t *hmacsha512ctx;
-#ifdef OPENSSL
+#if HAVE_OPENSSL
 		EVP_MD_CTX *evp_md_ctx;
-#elif PKCS11CRYPTO
+#elif HAVE_PKCS11
 		pk11_context_t *pk11_ctx;
 #endif
 	} ctxdata;

lib/dns/openssl_link.c

@@ -23,10 +23,10 @@
  * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-#ifdef OPENSSL
-
 #include <config.h>
 
+#if HAVE_OPENSSL
+
 #include <isc/mem.h>
 #include <isc/mutex.h>
 #include <isc/mutexblock.h>
@@ -367,5 +367,5 @@ dst__openssl_getengine(const char *engine) {
 }
 #endif
 
-#endif /* OPENSSL */
+#endif /* HAVE_OPENSSL */
 /*! \file */

lib/dns/openssldh_link.c

@@ -23,10 +23,10 @@
  * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-#ifdef OPENSSL
-
 #include <config.h>
 
+#if HAVE_OPENSSL
+
 #include <pk11/site.h>
 
 #ifndef PK11_DH_DISABLE
@@ -765,11 +765,11 @@ dst__openssldh_init(dst_func_t **funcp) {
 }
 #endif /* !PK11_DH_DISABLE */
 
-#else /* OPENSSL */
+#else /* HAVE_OPENSSL */
 
 #include <isc/util.h>
 
 EMPTY_TRANSLATION_UNIT
 
-#endif /* OPENSSL */
+#endif /* HAVE_OPENSSL */
 /*! \file */

lib/dns/openssldsa_link.c

@@ -23,10 +23,10 @@
  * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-#ifdef OPENSSL
-
 #include <config.h>
 
+#if HAVE_OPENSSL
+
 #include <pk11/site.h>
 
 #ifndef PK11_DSA_DISABLE
@@ -689,11 +689,11 @@ dst__openssldsa_init(dst_func_t **funcp) {
 }
 #endif /* !PK11_DSA_DISABLE */
 
-#else /* OPENSSL */
+#else /* HAVE_OPENSSL */
 
 #include <isc/util.h>
 
 EMPTY_TRANSLATION_UNIT
 
-#endif /* OPENSSL */
+#endif /* HAVE_OPENSSL */
 /*! \file */

lib/dns/opensslecdsa_link.c

@@ -11,7 +11,7 @@
 
 #include <config.h>
 
-#if defined(OPENSSL) && defined(HAVE_OPENSSL_ECDSA)
+#if HAVE_OPENSSL && HAVE_OPENSSL_ECDSA
 
 #include <isc/mem.h>
 #include <isc/safe.h>
@@ -639,11 +639,11 @@ dst__opensslecdsa_init(dst_func_t **funcp) {
 	return (ISC_R_SUCCESS);
 }
 
-#else /* HAVE_OPENSSL_ECDSA */
+#else /* HAVE_OPENSSL && HAVE_OPENSSL_ECDSA */
 
 #include <isc/util.h>
 
 EMPTY_TRANSLATION_UNIT
 
-#endif /* HAVE_OPENSSL_ECDSA */
+#endif /* HAVE_OPENSSL && HAVE_OPENSSL_ECDSA */
 /*! \file */

lib/dns/openssleddsa_link.c

@@ -11,8 +11,7 @@
 
 #include <config.h>
 
-#if defined(OPENSSL) && \
-    (defined(HAVE_OPENSSL_ED25519) || defined(HAVE_OPENSSL_ED448))
+#if HAVE_OPENSSL && (HAVE_OPENSSL_ED25519 || HAVE_OPENSSL_ED448)
 
 #include <isc/mem.h>
 #include <isc/safe.h>
@@ -663,11 +662,11 @@ dst__openssleddsa_init(dst_func_t **funcp) {
 	return (ISC_R_SUCCESS);
 }
 
-#else /* HAVE_OPENSSL_EDxxx */
+#else /* HAVE_OPENSSL && (HAVE_OPENSSL_ED25519 || HAVE_OPENSSL_ED448) */
 
 #include <isc/util.h>
 
 EMPTY_TRANSLATION_UNIT
 
-#endif /* HAVE_OPENSSL_EDxxx */
+#endif /* HAVE_OPENSSL && (HAVE_OPENSSL_ED25519 || HAVE_OPENSSL_ED448) */
 /*! \file */

lib/dns/opensslgost_link.c

@@ -11,7 +11,7 @@
 
 #include <config.h>
 
-#if defined(OPENSSL) && defined(HAVE_OPENSSL_GOST)
+#if HAVE_OPENSSL && HAVE_OPENSSL_GOST
 
 #include <isc/mem.h>
 #include <isc/safe.h>
@@ -617,11 +617,11 @@ dst__opensslgost_init(dst_func_t **funcp) {
 	return (ret);
 }
 
-#else /* HAVE_OPENSSL_GOST */
+#else /* HAVE_OPENSSL && HAVE_OPENSSL_GOST */
 
 #include <isc/util.h>
 
 EMPTY_TRANSLATION_UNIT
 
-#endif /* HAVE_OPENSSL_GOST */
+#endif /* HAVE_OPENSSL && HAVE_OPENSSL_GOST */
 /*! \file */

lib/dns/opensslrsa_link.c

@@ -9,9 +9,10 @@
  * information regarding copyright ownership.
  */
 
-#ifdef OPENSSL
 #include <config.h>
 
+#if HAVE_OPENSSL
+
 #include <isc/md5.h>
 #include <isc/mem.h>
 #include <isc/safe.h>
@@ -1188,11 +1189,11 @@ dst__opensslrsa_init(dst_func_t **funcp, unsigned char algorithm) {
 	return (ISC_R_SUCCESS);
 }
 
-#else /* OPENSSL */
+#else /* HAVE_OPENSSL */
 
 #include <isc/util.h>
 
 EMPTY_TRANSLATION_UNIT
 
-#endif /* OPENSSL */
+#endif /* HAVE_OPENSSL */
 /*! \file */

lib/dns/pkcs11.c

@@ -9,10 +9,10 @@
  * information regarding copyright ownership.
  */
 
-#ifdef PKCS11CRYPTO
-
 #include <config.h>
 
+#if HAVE_PKCS11
+
 #include <isc/util.h>
 
 #include <dns/log.h>
@@ -37,5 +37,5 @@ dst__pkcs11_toresult(const char *funcname, const char *file, int line,
 	return (fallback);
 }
 
-#endif /* PKCS11CRYPTO */
+#endif /* HAVE_PKCS11 */
 /*! \file */

lib/dns/pkcs11dh_link.c

@@ -9,10 +9,10 @@
  * information regarding copyright ownership.
  */
 
-#ifdef PKCS11CRYPTO
-
 #include <config.h>
 
+#if HAVE_PKCS11
+
 #include <pk11/site.h>
 
 #ifndef PK11_DH_DISABLE
@@ -1125,11 +1125,11 @@ dst__pkcs11dh_init(dst_func_t **funcp) {
 }
 #endif /* !PK11_DH_DISABLE */
 
-#else /* PKCS11CRYPTO */
+#else /* HAVE_PKCS11 */
 
 #include <isc/util.h>
 
 EMPTY_TRANSLATION_UNIT
 
-#endif /* PKCS11CRYPTO */
+#endif /* HAVE_PKCS11 */
 /*! \file */

lib/dns/pkcs11dsa_link.c

@@ -9,10 +9,10 @@
  * information regarding copyright ownership.
  */
 
-#ifdef PKCS11CRYPTO
-
 #include <config.h>
 
+#if HAVE_PKCS11
+
 #include <pk11/site.h>
 
 #ifndef PK11_DSA_DISABLE
@@ -1114,11 +1114,11 @@ dst__pkcs11dsa_init(dst_func_t **funcp) {
 }
 #endif /* !PK11_DSA_DISABLE */
 
-#else /* PKCS11CRYPTO */
+#else /* HAVE_PKCS11 */
 
 #include <isc/util.h>
 
 EMPTY_TRANSLATION_UNIT
 
-#endif /* PKCS11CRYPTO */
+#endif /* HAVE_PKCS11 */
 /*! \file */

lib/dns/pkcs11ecdsa_link.c

@@ -11,7 +11,7 @@
 
 #include <config.h>
 
-#if defined(PKCS11CRYPTO) && defined(HAVE_PKCS11_ECDSA)
+#if HAVE_PKCS11 && defined(HAVE_PKCS11_ECDSA)
 
 #include <isc/mem.h>
 #include <isc/safe.h>
@@ -1185,11 +1185,11 @@ dst__pkcs11ecdsa_init(dst_func_t **funcp) {
 	return (ISC_R_SUCCESS);
 }
 
-#else /* PKCS11CRYPTO && HAVE_PKCS11_ECDSA */
+#else /* HAVE_PKCS11 && HAVE_PKCS11_ECDSA */
 
 #include <isc/util.h>
 
 EMPTY_TRANSLATION_UNIT
 
-#endif /* PKCS11CRYPTO && HAVE_PKCS11_ECDSA */
+#endif /* HAVE_PKCS11 && HAVE_PKCS11_ECDSA */
 /*! \file */

lib/dns/pkcs11eddsa_link.c

@@ -11,7 +11,7 @@
 
 #include <config.h>
 
-#if defined(PKCS11CRYPTO) && \
+#if HAVE_PKCS11 && \
     defined(HAVE_PKCS11_ED25519) || defined(HAVE_PKCS11_ED448)
 
 #include <isc/mem.h>
@@ -1172,11 +1172,11 @@ dst__pkcs11eddsa_init(dst_func_t **funcp) {
 	return (ISC_R_SUCCESS);
 }
 
-#else /* PKCS11CRYPTO && HAVE_PKCS11_EDxxx */
+#else /* HAVE_PKCS11 && HAVE_PKCS11_EDxxx */
 
 #include <isc/util.h>
 
 EMPTY_TRANSLATION_UNIT
 
-#endif /* PKCS11CRYPTO && HAVE_PKCS11_EDxxx */
+#endif /* HAVE_PKCS11 && HAVE_PKCS11_EDxxx */
 /*! \file */

lib/dns/pkcs11gost_link.c

@@ -11,7 +11,7 @@
 
 #include <config.h>
 
-#if defined(PKCS11CRYPTO) && defined(HAVE_PKCS11_GOST)
+#if HAVE_PKCS11 && defined(HAVE_PKCS11_GOST)
 
 #include <isc/mem.h>
 #include <isc/safe.h>
@@ -944,11 +944,11 @@ dst__pkcs11gost_init(dst_func_t **funcp) {
 	return (ISC_R_SUCCESS);
 }
 
-#else /* PKCS11CRYPTO && HAVE_PKCS11_GOST */
+#else /* HAVE_PKCS11 && HAVE_PKCS11_GOST */
 
 #include <isc/util.h>
 
 EMPTY_TRANSLATION_UNIT
 
-#endif /* PKCS11CRYPTO && HAVE_PKCS11_GOST */
+#endif /* HAVE_PKCS11 && HAVE_PKCS11_GOST */
 /*! \file */

lib/dns/pkcs11rsa_link.c

@@ -9,11 +9,10 @@
  * information regarding copyright ownership.
  */
 
-
-#ifdef PKCS11CRYPTO
-
 #include <config.h>
 
+#if HAVE_PKCS11
+
 #include <isc/md5.h>
 #include <isc/sha1.h>
 #include <isc/sha2.h>
@@ -2225,11 +2224,11 @@ dst__pkcs11rsa_init(dst_func_t **funcp) {
 	return (ISC_R_SUCCESS);
 }
 
-#else /* PKCS11CRYPTO */
+#else /* HAVE_PKCS11 */
 
 #include <isc/util.h>
 
 EMPTY_TRANSLATION_UNIT
 
-#endif /* PKCS11CRYPTO */
+#endif /* HAVE_PKCS11 */
 /*! \file */

lib/dns/spnego.c

@@ -9,6 +9,8 @@
  * information regarding copyright ownership.
  */
 
+#include <config.h>
+
 /*! \file
  * \brief
  * Portable SPNEGO implementation.
@@ -127,8 +129,6 @@
  * harmless in any case.
  */
 
-#include <config.h>
-
 #include <stdlib.h>
 #include <errno.h>
 

lib/dns/spnego_asn1.c

@@ -9,6 +9,7 @@
  * information regarding copyright ownership.
  */
 
+#include <config.h>
 
 /*! \file
  * \brief Method routines generated from SPNEGO ASN.1 module.

lib/dns/tests/Makefile.in

@@ -21,7 +21,7 @@ VERSION=@BIND9_VERSION@
 
 CINCLUDES =	-I. -Iinclude ${DNS_INCLUDES} ${ISC_INCLUDES} \
 		@DST_OPENSSL_INC@
-CDEFINES =	@CRYPTO@ -DTESTS="\"${top_builddir}/lib/dns/tests/\""
+CDEFINES =	-DTESTS="\"${top_builddir}/lib/dns/tests/\""
 
 ISCLIBS =	../../isc/libisc.@A@ @ISC_OPENSSL_LIBS@
 ISCDEPLIBS =	../../isc/libisc.@A@

lib/dns/tests/dh_test.c

@@ -30,7 +30,7 @@
 
 #include "dnstest.h"
 
-#if defined(OPENSSL) && !defined(PK11_DH_DISABLE)
+#if HAVE_OPENSSL && !defined(PK11_DH_DISABLE)
 
 ATF_TC(isc_dh_computesecret);
 ATF_TC_HEAD(isc_dh_computesecret, tc) {
@@ -83,7 +83,7 @@ ATF_TC_BODY(untested, tc) {
  * Main
  */
 ATF_TP_ADD_TCS(tp) {
-#if defined(OPENSSL) && !defined(PK11_DH_DISABLE)
+#if HAVE_OPENSSL && !defined(PK11_DH_DISABLE)
 	ATF_TP_ADD_TC(tp, isc_dh_computesecret);
 #else
 	ATF_TP_ADD_TC(tp, untested);

lib/dns/tests/keytable_test.c

@@ -18,8 +18,6 @@
 #include <unistd.h>
 #include <stdio.h>
 
-#if defined(OPENSSL) || defined(PKCS11CRYPTO)
-
 #include <isc/base64.h>
 #include <isc/buffer.h>
 #include <isc/util.h>
@@ -698,24 +696,10 @@ ATF_TC_BODY(nta, tc) {
 	dns_test_end();
 }
 
-#else
-#include <isc/util.h>
-
-ATF_TC(untested);
-ATF_TC_HEAD(untested, tc) {
-	atf_tc_set_md_var(tc, "descr", "skipping keytable test");
-}
-ATF_TC_BODY(untested, tc) {
-	UNUSED(tc);
-	atf_tc_skip("DNSSEC not available");
-}
-#endif
-
 /*
  * Main
  */
 ATF_TP_ADD_TCS(tp) {
-#if defined(OPENSSL) || defined(PKCS11CRYPTO)
 	ATF_TP_ADD_TC(tp, add);
 	ATF_TP_ADD_TC(tp, delete);
 	ATF_TP_ADD_TC(tp, deletekeynode);
@@ -723,9 +707,6 @@ ATF_TP_ADD_TCS(tp) {
 	ATF_TP_ADD_TC(tp, issecuredomain);
 	ATF_TP_ADD_TC(tp, dump);
 	ATF_TP_ADD_TC(tp, nta);
-#else
-	ATF_TP_ADD_TC(tp, untested);
-#endif
 
 	return (atf_no_error());
 }

lib/dns/tests/nsec3_test.c

@@ -23,7 +23,6 @@
 
 #include "dnstest.h"
 
-#if defined(OPENSSL) || defined(PKCS11CRYPTO)
 /*
  * Helper functions
  */
@@ -180,27 +179,13 @@ ATF_TC_BODY(nsec3param_salttotext, tc) {
 
 	dns_test_end();
 }
-#else
-ATF_TC(untested);
-ATF_TC_HEAD(untested, tc) {
-	atf_tc_set_md_var(tc, "descr", "skipping nsec3 test");
-}
-ATF_TC_BODY(untested, tc) {
-	UNUSED(tc);
-	atf_tc_skip("DNSSEC not available");
-}
-#endif
 
 /*
  * Main
  */
 ATF_TP_ADD_TCS(tp) {
-#if defined(OPENSSL) || defined(PKCS11CRYPTO)
 	ATF_TP_ADD_TC(tp, max_iterations);
 	ATF_TP_ADD_TC(tp, nsec3param_salttotext);
-#else
-	ATF_TP_ADD_TC(tp, untested);
-#endif
 
 	return (atf_no_error());
 }

lib/dns/tests/rsa_test.c

@@ -28,8 +28,6 @@
 
 #include "../dst_internal.h"
 
-#if defined(OPENSSL) || defined(PKCS11CRYPTO)
-
 static unsigned char d[10] = {
 	0xa, 0x10, 0xbb, 0, 0xfe, 0x15, 0x1, 0x88, 0xcc, 0x7d
 };
@@ -288,25 +286,12 @@ ATF_TC_BODY(isc_rsa_verify, tc) {
 	dst_key_free(&key);
 	dns_test_end();
 }
-#else
-ATF_TC(untested);
-ATF_TC_HEAD(untested, tc) {
-	atf_tc_set_md_var(tc, "descr", "skipping RSA test");
-}
-ATF_TC_BODY(untested, tc) {
-	UNUSED(tc);
-	atf_tc_skip("RSA not available");
-}
-#endif
+
 /*
  * Main
  */
 ATF_TP_ADD_TCS(tp) {
-#if defined(OPENSSL) || defined(PKCS11CRYPTO)
 	ATF_TP_ADD_TC(tp, isc_rsa_verify);
-#else
-	ATF_TP_ADD_TC(tp, untested);
-#endif
 	return (atf_no_error());
 }
 

lib/dns/tests/sigs_test.c

@@ -17,7 +17,6 @@
 
 #include <isc/util.h>
 
-#if defined(OPENSSL) || defined(PKCS11CRYPTO)
 #include <string.h>
 
 #include <dns/db.h>
@@ -457,23 +456,9 @@ ATF_TC_BODY(updatesigs, tc) {
 
 	dns_test_end();
 }
-#else
-ATF_TC(untested);
-ATF_TC_HEAD(untested, tc) {
-        atf_tc_set_md_var(tc, "descr", "skipping dns__zone_updatesigs() test");
-}
-ATF_TC_BODY(untested, tc) {
-        UNUSED(tc);
-        atf_tc_skip("DNSSEC support not compiled in");
-}
-#endif
 
 ATF_TP_ADD_TCS(tp) {
-#if defined(OPENSSL) || defined(PKCS11CRYPTO)
 	ATF_TP_ADD_TC(tp, updatesigs);
-#else
-	ATF_TP_ADD_TC(tp, untested);
-#endif
 
 	return (atf_no_error());
 }

lib/dns/tkey.c

@@ -44,7 +44,7 @@
 #define TEMP_BUFFER_SZ 8192
 #define TKEY_RANDOM_AMOUNT 16
 
-#ifdef PKCS11CRYPTO
+#if HAVE_PKCS11
 #include <pk11/pk11.h>
 #endif
 

lib/dns/version.c

@@ -11,6 +11,7 @@
 
 
 /*! \file */
+#include <config.h>
 
 #include <dns/version.h>
 

lib/dns/win32/DLLMain.c

@@ -9,6 +9,7 @@
  * information regarding copyright ownership.
  */
 
+#include <config.h>
 
 #include <windows.h>
 #include <signal.h>

lib/dns/win32/version.c

@@ -9,6 +9,7 @@
  * information regarding copyright ownership.
  */
 
+#include <config.h>
 
 #include <versions.h>
 

lib/irs/Makefile.in

@@ -21,7 +21,7 @@ CINCLUDES =	-I. -I./include -I${srcdir}/include \
 		${DNS_INCLUDES} ${ISC_INCLUDES} \
 		${ISCCFG_INCLUDES} @ISC_OPENSSL_INC@
 
-CDEFINES =	@CRYPTO@
+CDEFINES =
 CWARNINGS =
 
 # Alphabetically

lib/irs/tests/Makefile.in

@@ -20,7 +20,7 @@ VERSION=@BIND9_VERSION@
 @BIND9_MAKE_INCLUDES@
 
 CINCLUDES =	-I. -Iinclude -I../include ${ISC_INCLUDES} ${IRS_INCLUDES}
-CDEFINES =	-DTESTS="\"${top_builddir}/lib/irs/tests/\"" @CRYPTO@
+CDEFINES =	-DTESTS="\"${top_builddir}/lib/irs/tests/\""
 
 CFGLIBS =	../../isccfg/libisccfg.@A@
 CFGDEPLIBS =	../../isccfg/libisccfg.@A@

lib/irs/version.c

@@ -9,6 +9,7 @@
  * information regarding copyright ownership.
  */
 
+#include <config.h>
 
 /*! \file */
 

lib/irs/win32/DLLMain.c

@@ -9,6 +9,7 @@
  * information regarding copyright ownership.
  */
 
+#include <config.h>
 
 #include <windows.h>
 #include <signal.h>

lib/irs/win32/version.c

@@ -9,6 +9,7 @@
  * information regarding copyright ownership.
  */
 
+#include <config.h>
 
 #include <versions.h>
 

lib/isc/Makefile.in

@@ -24,7 +24,7 @@ CINCLUDES =	-I${srcdir}/unix/include \
 		-I${srcdir}/@ISC_ARCH_DIR@/include \
 		-I./include \
 		-I${srcdir}/include ${DNS_INCLUDES} @ISC_OPENSSL_INC@
-CDEFINES =	@CRYPTO@ -DPK11_LIB_LOCATION=\"${PROVIDER}\"
+CDEFINES =	-DPK11_LIB_LOCATION=\"${PROVIDER}\"
 CWARNINGS =
 
 # Alphabetically

lib/isc/aes.c

@@ -126,7 +126,7 @@ isc_aes256_crypt(const unsigned char *key, const unsigned char *in,
 	AES_encrypt(in, out, &k);
 }
 
-#elif PKCS11CRYPTO
+#elif HAVE_PKCS11
 
 #include <pk11/pk11.h>
 #include <pk11/internal.h>

lib/isc/fsaccess.c

@@ -9,6 +9,7 @@
  * information regarding copyright ownership.
  */
 
+#include <config.h>
 
 /*! \file
  * \brief

lib/isc/hmacmd5.c

@@ -29,7 +29,7 @@
 #include <isc/types.h>
 #include <isc/util.h>
 
-#if PKCS11CRYPTO
+#if HAVE_PKCS11
 #include <pk11/internal.h>
 #include <pk11/pk11.h>
 #endif
@@ -72,7 +72,7 @@ isc_hmacmd5_sign(isc_hmacmd5_t *ctx, unsigned char *digest) {
 	ctx->ctx = NULL;
 }
 
-#elif PKCS11CRYPTO
+#elif HAVE_PKCS11
 
 #ifndef PK11_MD5_HMAC_REPLACE
 

lib/isc/hmacsha.c

@@ -27,7 +27,7 @@
 #include <isc/types.h>
 #include <isc/util.h>
 
-#if PKCS11CRYPTO
+#if HAVE_PKCS11
 #include <pk11/internal.h>
 #include <pk11/pk11.h>
 #endif
@@ -228,7 +228,7 @@ isc_hmacsha512_sign(isc_hmacsha512_t *ctx, unsigned char *digest, size_t len) {
 	isc_safe_memwipe(newdigest, sizeof(newdigest));
 }
 
-#elif PKCS11CRYPTO
+#elif HAVE_PKCS11
 
 #if defined(PK11_SHA_1_HMAC_REPLACE) || \
     defined(PK11_SHA224_HMAC_REPLACE) || \

lib/isc/include/isc/hmacmd5.h

@@ -40,7 +40,7 @@ typedef struct {
 #endif
 } isc_hmacmd5_t;
 
-#elif PKCS11CRYPTO
+#elif HAVE_PKCS11
 #include <pk11/pk11.h>
 
 typedef pk11_context_t isc_hmacmd5_t;

lib/isc/include/isc/hmacsha.h

@@ -47,7 +47,7 @@ typedef isc_hmacsha_t isc_hmacsha256_t;
 typedef isc_hmacsha_t isc_hmacsha384_t;
 typedef isc_hmacsha_t isc_hmacsha512_t;
 
-#elif PKCS11CRYPTO
+#elif HAVE_PKCS11
 #include <pk11/pk11.h>
 
 typedef pk11_context_t isc_hmacsha1_t;

lib/isc/include/isc/md5.h

@@ -58,7 +58,7 @@ typedef struct {
 #endif
 } isc_md5_t;
 
-#elif PKCS11CRYPTO
+#elif HAVE_PKCS11
 #include <pk11/pk11.h>
 
 typedef pk11_context_t isc_md5_t;

lib/isc/include/isc/platform.h.in

@@ -18,14 +18,6 @@
  ***** Platform-dependent defines.
  *****/
 
-/***
- *** Enforce OpenSSL or PKCS#11 cryptography
- ***/
-
-#if !defined(OPENSSL) && !defined(PKCS11CRYPTO)
-#error No cryptography library has been found or provided.
-#endif
-
 /***
  *** Network.
  ***/

lib/isc/include/isc/sha1.h

@@ -39,7 +39,7 @@ typedef struct {
 #endif
 } isc_sha1_t;
 
-#elif PKCS11CRYPTO
+#elif HAVE_PKCS11
 #include <pk11/pk11.h>
 
 typedef pk11_context_t isc_sha1_t;

lib/isc/include/isc/sha2.h

@@ -90,7 +90,7 @@ typedef struct {
 typedef isc_sha2_t isc_sha256_t;
 typedef isc_sha2_t isc_sha512_t;
 
-#elif PKCS11CRYPTO
+#elif HAVE_PKCS11
 #include <pk11/pk11.h>
 
 typedef pk11_context_t isc_sha256_t;

lib/isc/md5.c

@@ -40,7 +40,7 @@
 #include <isc/string.h>
 #include <isc/types.h>
 
-#if PKCS11CRYPTO
+#if HAVE_PKCS11
 #include <pk11/internal.h>
 #include <pk11/pk11.h>
 #endif
@@ -84,7 +84,7 @@ isc_md5_final(isc_md5_t *ctx, unsigned char *digest) {
 	ctx->ctx = NULL;
 }
 
-#elif PKCS11CRYPTO
+#elif HAVE_PKCS11
 
 void
 isc_md5_init(isc_md5_t *ctx) {

lib/isc/nls/Makefile.in

@@ -16,7 +16,7 @@ CINCLUDES =	-I../unix/include \
 		-I../include \
 		-I${srcdir}/../include
 
-CDEFINES =	@CRYPTO@
+CDEFINES =
 CWARNINGS =
 
 OBJS =		msgcat.@O@

lib/isc/nothreads/Makefile.in

@@ -17,7 +17,7 @@ CINCLUDES =	-I${srcdir}/include \
 		-I${srcdir}/../include \
 		-I${srcdir}/..
 
-CDEFINES =	@CRYPTO@
+CDEFINES =
 CWARNINGS =
 
 THREADOPTOBJS = condition.@O@ mutex.@O@

lib/isc/pk11.c

@@ -221,7 +221,7 @@ pk11_initialize(isc_mem_t *mctx, const char *engine) {
 	}
 
 	scan_slots();
-#ifdef PKCS11CRYPTO
+#if HAVE_PKCS11
 	if (rand_token == NULL) {
 		result = PK11_R_NORANDOMSERVICE;
 		goto unlock;
@@ -236,7 +236,7 @@ pk11_initialize(isc_mem_t *mctx, const char *engine) {
 		goto unlock;
 	}
 #endif
-#endif /* PKCS11CRYPTO */
+#endif /* HAVE_PKCS11 */
 	result = ISC_R_SUCCESS;
  unlock:
 	UNLOCK(&sessionlock);
@@ -348,7 +348,7 @@ pk11_get_session(pk11_context_t *ctx, pk11_optype_t optype,
 	pk11_sessionlist_t *freelist;
 	pk11_session_t *sp;
 	isc_result_t ret;
-#ifdef PKCS11CRYPTO
+#if HAVE_PKCS11
 	isc_result_t service_ret = ISC_R_SUCCESS;
 #else
 	UNUSED(need_services);
@@ -359,7 +359,7 @@ pk11_get_session(pk11_context_t *ctx, pk11_optype_t optype,
 	ctx->session = CK_INVALID_HANDLE;
 
 	ret = pk11_initialize(NULL, NULL);
-#ifdef PKCS11CRYPTO
+#if HAVE_PKCS11
 	if (ret == PK11_R_NORANDOMSERVICE ||
 	    ret == PK11_R_NODIGESTSERVICE ||
 	    ret == PK11_R_NOAESSERVICE) {
@@ -368,7 +368,7 @@ pk11_get_session(pk11_context_t *ctx, pk11_optype_t optype,
 		service_ret = ret;
 	}
 	else
-#endif /* PKCS11CRYPTO */
+#endif /* HAVE_PKCS11 */
 	if (ret != ISC_R_SUCCESS)
 		return (ret);
 
@@ -377,7 +377,7 @@ pk11_get_session(pk11_context_t *ctx, pk11_optype_t optype,
 	UNLOCK(&sessionlock);
 
 	switch(optype) {
-#ifdef PKCS11CRYPTO
+#if HAVE_PKCS11
 	case OP_RAND:
 		token = rand_token;
 		break;
@@ -401,7 +401,7 @@ pk11_get_session(pk11_context_t *ctx, pk11_optype_t optype,
 		     token = ISC_LIST_NEXT(token, link))
 			if (token->slotid == slot)
 				break;
-#ifdef PKCS11CRYPTO
+#if HAVE_PKCS11
 		if ((token == NULL) ||
 		    ((token->operations & (1 << optype)) == 0))
 			return (ISC_R_NOTFOUND);
@@ -454,7 +454,7 @@ pk11_get_session(pk11_context_t *ctx, pk11_optype_t optype,
 	UNLOCK(&sessionlock);
 	ctx->handle = sp;
 	ctx->session = sp->session;
-#ifdef PKCS11CRYPTO
+#if HAVE_PKCS11
 	if (ret == ISC_R_SUCCESS)
 		ret = service_ret;
 #endif

lib/isc/pthreads/Makefile.in

@@ -17,7 +17,7 @@ CINCLUDES =	-I${srcdir}/include \
 		-I${srcdir}/../include \
 		-I${srcdir}/..
 
-CDEFINES =	@CRYPTO@
+CDEFINES =
 CWARNINGS =
 
 OBJS =		condition.@O@ mutex.@O@ thread.@O@

lib/isc/random.c

@@ -34,14 +34,14 @@
 #include <stdlib.h>
 #include <unistd.h>
 
-#ifdef OPENSSL
+#if HAVE_OPENSSL
 #include <openssl/rand.h>
 #include <openssl/err.h>
-#endif /* ifdef OPENSSL */
+#endif /* ifdef HAVE_OPENSSL */
 
-#ifdef PKCS11CRYPTO
+#if HAVE_PKCS11
 #include <pk11/pk11.h>
-#endif /* ifdef PKCS11CRYPTO */
+#endif /* if HAVE_PKCS11 */
 
 #if defined(__linux__)
 # include <errno.h>
@@ -164,11 +164,11 @@ isc_random_buf(void *buf, size_t buflen)
 # endif  /* defined(__linux__) */
 
 /* Use crypto library as fallback when no other CSPRNG is available */
-# if defined(OPENSSL)
+# if HAVE_OPENSSL
 	if (RAND_bytes(buf, buflen) < 1) {
 		FATAL_ERROR(__FILE__, __LINE__, "RAND_bytes(): %s", ERR_error_string(ERR_get_error(), NULL));
 	}
-# elif defined(PKCS11CRYPTO)
+# elif HAVE_PKCS11
 	RUNTIME_CHECK(pk11_rand_bytes(buf, buflen) == ISC_R_SUCCESS);
 # endif /* if defined(HAVE_ARC4RANDOM_BUF) */