OpenSSL config() and small memory leak. No more ENGINE_load_gost().

git-svn-id: file:///svn/unbound/trunk@1750 be551aaa-1e26-0410-a405-d3ace91eadb9
2025-12-20 23:00:56 -05:00 · 2009-08-07 15:23:35 +00:00 · 2009-08-07 15:23:35 +00:00 · 538ca28828
commit 538ca28828
parent b6076e3b6d
12 changed files with 159 additions and 54 deletions
--- a/acx_nlnetlabs.m4
+++ b/acx_nlnetlabs.m4
@ -2,8 +2,9 @@
 # Copyright 2009, Wouter Wijngaards, NLnet Labs.   
 # BSD licensed.
 #
-# Version 4
+# Version 5
 # Changelog
+# 2009-08-07 Added openssl/conf.h header detection.
 # 2009-07-14 U_CHAR detection improved for windows crosscompile.
 #            added ACX_FUNC_MALLOC
 #            fixup some #if to #ifdef
@ -651,6 +652,7 @@ AC_DEFUN([ACX_SSL_CHECKS], [
 AC_CHECK_HEADERS([openssl/ssl.h],,, [AC_INCLUDES_DEFAULT])
 AC_CHECK_HEADERS([openssl/err.h],,, [AC_INCLUDES_DEFAULT])
 AC_CHECK_HEADERS([openssl/rand.h],,, [AC_INCLUDES_DEFAULT])
+AC_CHECK_HEADERS([openssl/conf.h],,, [AC_INCLUDES_DEFAULT])
 ])dnl End of ACX_SSL_CHECKS

 dnl Check for SSL, where SSL is mandatory
--- a/config.h.in
+++ b/config.h.in
@ -37,9 +37,6 @@
 /* Define to 1 if you have the <dlfcn.h> header file. */
 #undef HAVE_DLFCN_H

-/* Define to 1 if you have the `ENGINE_load_gost' function. */
-#undef HAVE_ENGINE_LOAD_GOST
-
 /* Define to 1 if you have the `event_base_free' function. */
 #undef HAVE_EVENT_BASE_FREE

@ -149,6 +146,12 @@
 /* Define to 1 if you have the <netinet/in.h> header file. */
 #undef HAVE_NETINET_IN_H

+/* Define to 1 if you have the `OPENSSL_config' function. */
+#undef HAVE_OPENSSL_CONFIG
+
+/* Define to 1 if you have the <openssl/conf.h> header file. */
+#undef HAVE_OPENSSL_CONF_H
+
 /* Define to 1 if you have the <openssl/err.h> header file. */
 #undef HAVE_OPENSSL_ERR_H

@ -634,6 +637,10 @@
 #include <openssl/rand.h>
 #endif

+#ifdef HAVE_OPENSSL_CONF_H
+#include <openssl/conf.h>
+#endif
+

 
 #ifdef HAVE_ATTR_FORMAT
--- a/64
+++ b/64
@ -17412,6 +17412,68 @@ fi
 done


+for ac_header in openssl/conf.h
+do
+as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+{ $as_echo "$as_me:$LINENO: checking for $ac_header" >&5
+$as_echo_n "checking for $ac_header... " >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  $as_echo_n "(cached) " >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  eval "$as_ac_Header=yes"
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	eval "$as_ac_Header=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+ac_res=`eval 'as_val=${'$as_ac_Header'}
+		 $as_echo "$as_val"'`
+	       { $as_echo "$as_me:$LINENO: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+as_val=`eval 'as_val=${'$as_ac_Header'}
+		 $as_echo "$as_val"'`
+   if test "x$as_val" = x""yes; then
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+


 # check if libssl needs libdl
@ -17572,7 +17634,7 @@ rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \



-for ac_func in EVP_sha1 EVP_sha256 EVP_sha512 ENGINE_load_gost
+for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512
 do
 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
 { $as_echo "$as_me:$LINENO: checking for $ac_func" >&5
--- a/configure.ac
+++ b/configure.ac
@ -351,7 +351,7 @@ fi
 # Checks for libraries.
 ACX_WITH_SSL
 ACX_LIB_SSL
-AC_CHECK_FUNCS([EVP_sha1 EVP_sha256 EVP_sha512 ENGINE_load_gost])
+AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512])

 AC_ARG_ENABLE(sha2, AC_HELP_STRING([--enable-sha2], [Enable SHA256 and SHA512 RRSIG support]))
 case "$enable_sha2" in
@ -649,6 +649,10 @@ dnl includes
 #ifdef HAVE_OPENSSL_RAND_H
 #include <openssl/rand.h>
 #endif
+
+#ifdef HAVE_OPENSSL_CONF_H
+#include <openssl/conf.h>
+#endif
 ]

 AHX_CONFIG_FORMAT_ATTRIBUTE
--- a/daemon/daemon.c
+++ b/daemon/daemon.c
@ -165,7 +165,10 @@ daemon_init()
 	checklock_start();
 	ERR_load_crypto_strings();
 	ERR_load_SSL_strings();
-#if defined(HAVE_ENGINE_LOAD_GOST) && defined(USE_GOST)
+#ifdef HAVE_OPENSSL_CONFIG
+	OPENSSL_config("unbound");
+#endif
+#ifdef USE_GOST
 	(void)ldns_key_EVP_load_gost_id();
 #endif
 	OpenSSL_add_all_algorithms();
@ -496,9 +499,11 @@ daemon_delete(struct daemon* daemon)
 	free(daemon->env);
 	free(daemon);
 	/* libcrypto cleanup */
-	/* CONF_modules_unload(1); */
+#ifdef HAVE_OPENSSL_CONFIG
 	EVP_cleanup();
 	/*ENGINE_cleanup();*/
+	CONF_modules_free();
+#endif
 	CRYPTO_cleanup_all_ex_data(); /* safe, no more threads right now */
 	ERR_remove_state(0);
 	ERR_free_strings();
--- a/doc/Changelog
+++ b/doc/Changelog
@ -1,3 +1,8 @@
+7 August 2009: Wouter
+	- call OPENSSL_config() in unbound and unit test so that the
+	  operator can use openssl.cnf for configuration options.
+	- removed small memory leak from config file reader.
+
 6 August 2009: Wouter
 	- configure --enable-gost for GOST support, experimental
 	  implementation of draft-dolmatov-dnsext-dnssec-gost-01.
--- a/testcode/testbound.c
+++ b/testcode/testbound.c
@ -237,9 +237,14 @@ main(int argc, char* argv[])
 #endif
 			break;
 		case 'g':
-#if defined(HAVE_ENGINE_LOAD_GOST) && defined(USE_GOST)
+#ifdef USE_GOST
+			if(ldns_key_EVP_load_gost_id()) {
 				printf("GOST supported\n");
 				exit(0);
+			} else {
+				printf("GOST not supported\n");
+				exit(1);
+			}
 #else
 			printf("GOST not supported\n");
 			exit(1);
--- a/testcode/unitmain.c
+++ b/testcode/unitmain.c
@ -432,7 +432,10 @@ main(int argc, char* argv[])
 	}
 	printf("Start of %s unit test.\n", PACKAGE_STRING);
 	ERR_load_crypto_strings();
-#if defined(HAVE_ENGINE_LOAD_GOST) && defined(USE_GOST)
+#ifdef HAVE_OPENSSL_CONFIG
+	OPENSSL_config("unbound");
+#endif
+#ifdef USE_GOST
 	(void)ldns_key_EVP_load_gost_id();
 #endif
 	checklock_start();
@ -451,9 +454,14 @@ main(int argc, char* argv[])
 	msgparse_test();
 	checklock_stop();
 	printf("%d checks ok.\n", testcount);
+#ifdef HAVE_OPENSSL_CONFIG
 	EVP_cleanup();
+	/*ENGINE_cleanup();*/
+	CONF_modules_free();
+#endif
 	CRYPTO_cleanup_all_ex_data();
 	ERR_remove_state(0);
 	ERR_free_strings();
+	RAND_cleanup();
 	return 0;
 }
--- a/testcode/unitverify.c
+++ b/testcode/unitverify.c
@ -484,7 +484,8 @@ verify_test()
 #endif
 	verifytest_file("testdata/test_signatures.12", "20090107100022");
 	verifytest_file("testdata/test_signatures.13", "20080414005004");
-#if defined(HAVE_ENGINE_LOAD_GOST) && defined(USE_GOST)
+#ifdef USE_GOST
+	if(ldns_key_EVP_load_gost_id()) /* and gost can be loaded */
 	  verifytest_file("testdata/test_signatures.15", "20090807060504");
 #endif
 	dstest_file("testdata/test_ds_sig.1");
--- a/util/configparser.c
+++ b/util/configparser.c
@ -749,11 +749,11 @@ static const yytype_uint16 yyrline[] =
     503,   510,   521,   529,   542,   551,   560,   568,   581,   590,
     599,   608,   617,   630,   637,   647,   657,   667,   677,   687,
     697,   704,   711,   720,   727,   737,   751,   758,   776,   789,
-     802,   811,   820,   829,   839,   849,   857,   864,   872,   885,
-     893,   913,   920,   935,   942,   949,   956,   966,   973,   980,
-     987,   992,   993,   994,   994,   994,   995,   995,   995,   996,
-     998,  1008,  1017,  1024,  1031,  1038,  1045,  1052,  1057,  1058,
-    1059,  1061
+     802,   811,   820,   829,   839,   849,   858,   865,   873,   886,
+     894,   914,   921,   936,   943,   950,   957,   967,   974,   981,
+     988,   993,   994,   995,   995,   995,   996,   996,   996,   997,
+     999,  1009,  1018,  1025,  1032,  1039,  1046,  1053,  1058,  1059,
+    1060,  1062
 };
 #endif

@ -2923,13 +2923,14 @@ yyreduce:
 		if(atoi((yyvsp[(2) - (2)].str)) == 0 && strcmp((yyvsp[(2) - (2)].str), "0") != 0)
 			yyerror("number expected");
 		else cfg_parser->cfg->val_log_level = atoi((yyvsp[(2) - (2)].str));
+		free((yyvsp[(2) - (2)].str));
 	}
    break;

  case 176:

 /* Line 1455 of yacc.c  */
-#line 858 "util/configparser.y"
+#line 859 "util/configparser.y"
    {
 		OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", (yyvsp[(2) - (2)].str)));
 		free(cfg_parser->cfg->val_nsec3_key_iterations);
@ -2940,7 +2941,7 @@ yyreduce:
  case 177:

 /* Line 1455 of yacc.c  */
-#line 865 "util/configparser.y"
+#line 866 "util/configparser.y"
    {
 		OUTYY(("P(server_key_cache_size:%s)\n", (yyvsp[(2) - (2)].str)));
 		if(!cfg_parse_memsize((yyvsp[(2) - (2)].str), &cfg_parser->cfg->key_cache_size))
@ -2952,7 +2953,7 @@ yyreduce:
  case 178:

 /* Line 1455 of yacc.c  */
-#line 873 "util/configparser.y"
+#line 874 "util/configparser.y"
    {
 		OUTYY(("P(server_key_cache_slabs:%s)\n", (yyvsp[(2) - (2)].str)));
 		if(atoi((yyvsp[(2) - (2)].str)) == 0)
@ -2969,7 +2970,7 @@ yyreduce:
  case 179:

 /* Line 1455 of yacc.c  */
-#line 886 "util/configparser.y"
+#line 887 "util/configparser.y"
    {
 		OUTYY(("P(server_neg_cache_size:%s)\n", (yyvsp[(2) - (2)].str)));
 		if(!cfg_parse_memsize((yyvsp[(2) - (2)].str), &cfg_parser->cfg->neg_cache_size))
@ -2981,7 +2982,7 @@ yyreduce:
  case 180:

 /* Line 1455 of yacc.c  */
-#line 894 "util/configparser.y"
+#line 895 "util/configparser.y"
    {
 		OUTYY(("P(server_local_zone:%s %s)\n", (yyvsp[(2) - (3)].str), (yyvsp[(3) - (3)].str)));
 		if(strcmp((yyvsp[(3) - (3)].str), "static")!=0 && strcmp((yyvsp[(3) - (3)].str), "deny")!=0 &&
@ -3005,7 +3006,7 @@ yyreduce:
  case 181:

 /* Line 1455 of yacc.c  */
-#line 914 "util/configparser.y"
+#line 915 "util/configparser.y"
    {
 		OUTYY(("P(server_local_data:%s)\n", (yyvsp[(2) - (2)].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, (yyvsp[(2) - (2)].str)))
@ -3016,7 +3017,7 @@ yyreduce:
  case 182:

 /* Line 1455 of yacc.c  */
-#line 921 "util/configparser.y"
+#line 922 "util/configparser.y"
    {
 		char* ptr;
 		OUTYY(("P(server_local_data_ptr:%s)\n", (yyvsp[(2) - (2)].str)));
@ -3035,7 +3036,7 @@ yyreduce:
  case 183:

 /* Line 1455 of yacc.c  */
-#line 936 "util/configparser.y"
+#line 937 "util/configparser.y"
    {
 		OUTYY(("P(name:%s)\n", (yyvsp[(2) - (2)].str)));
 		free(cfg_parser->cfg->stubs->name);
@ -3046,7 +3047,7 @@ yyreduce:
  case 184:

 /* Line 1455 of yacc.c  */
-#line 943 "util/configparser.y"
+#line 944 "util/configparser.y"
    {
 		OUTYY(("P(stub-host:%s)\n", (yyvsp[(2) - (2)].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, (yyvsp[(2) - (2)].str)))
@ -3057,7 +3058,7 @@ yyreduce:
  case 185:

 /* Line 1455 of yacc.c  */
-#line 950 "util/configparser.y"
+#line 951 "util/configparser.y"
    {
 		OUTYY(("P(stub-addr:%s)\n", (yyvsp[(2) - (2)].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, (yyvsp[(2) - (2)].str)))
@ -3068,7 +3069,7 @@ yyreduce:
  case 186:

 /* Line 1455 of yacc.c  */
-#line 957 "util/configparser.y"
+#line 958 "util/configparser.y"
    {
 		OUTYY(("P(stub-prime:%s)\n", (yyvsp[(2) - (2)].str)));
 		if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)
@ -3082,7 +3083,7 @@ yyreduce:
  case 187:

 /* Line 1455 of yacc.c  */
-#line 967 "util/configparser.y"
+#line 968 "util/configparser.y"
    {
 		OUTYY(("P(name:%s)\n", (yyvsp[(2) - (2)].str)));
 		free(cfg_parser->cfg->forwards->name);
@ -3093,7 +3094,7 @@ yyreduce:
  case 188:

 /* Line 1455 of yacc.c  */
-#line 974 "util/configparser.y"
+#line 975 "util/configparser.y"
    {
 		OUTYY(("P(forward-host:%s)\n", (yyvsp[(2) - (2)].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, (yyvsp[(2) - (2)].str)))
@ -3104,7 +3105,7 @@ yyreduce:
  case 189:

 /* Line 1455 of yacc.c  */
-#line 981 "util/configparser.y"
+#line 982 "util/configparser.y"
    {
 		OUTYY(("P(forward-addr:%s)\n", (yyvsp[(2) - (2)].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, (yyvsp[(2) - (2)].str)))
@ -3115,7 +3116,7 @@ yyreduce:
  case 190:

 /* Line 1455 of yacc.c  */
-#line 988 "util/configparser.y"
+#line 989 "util/configparser.y"
    { 
 		OUTYY(("\nP(remote-control:)\n")); 
 	}
@ -3124,7 +3125,7 @@ yyreduce:
  case 200:

 /* Line 1455 of yacc.c  */
-#line 999 "util/configparser.y"
+#line 1000 "util/configparser.y"
    {
 		OUTYY(("P(control_enable:%s)\n", (yyvsp[(2) - (2)].str)));
 		if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)
@ -3138,7 +3139,7 @@ yyreduce:
  case 201:

 /* Line 1455 of yacc.c  */
-#line 1009 "util/configparser.y"
+#line 1010 "util/configparser.y"
    {
 		OUTYY(("P(control_port:%s)\n", (yyvsp[(2) - (2)].str)));
 		if(atoi((yyvsp[(2) - (2)].str)) == 0)
@ -3151,7 +3152,7 @@ yyreduce:
  case 202:

 /* Line 1455 of yacc.c  */
-#line 1018 "util/configparser.y"
+#line 1019 "util/configparser.y"
    {
 		OUTYY(("P(control_interface:%s)\n", (yyvsp[(2) - (2)].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->control_ifs, (yyvsp[(2) - (2)].str)))
@ -3162,7 +3163,7 @@ yyreduce:
  case 203:

 /* Line 1455 of yacc.c  */
-#line 1025 "util/configparser.y"
+#line 1026 "util/configparser.y"
    {
 		OUTYY(("P(rc_server_key_file:%s)\n", (yyvsp[(2) - (2)].str)));
 		free(cfg_parser->cfg->server_key_file);
@ -3173,7 +3174,7 @@ yyreduce:
  case 204:

 /* Line 1455 of yacc.c  */
-#line 1032 "util/configparser.y"
+#line 1033 "util/configparser.y"
    {
 		OUTYY(("P(rc_server_cert_file:%s)\n", (yyvsp[(2) - (2)].str)));
 		free(cfg_parser->cfg->server_cert_file);
@ -3184,7 +3185,7 @@ yyreduce:
  case 205:

 /* Line 1455 of yacc.c  */
-#line 1039 "util/configparser.y"
+#line 1040 "util/configparser.y"
    {
 		OUTYY(("P(rc_control_key_file:%s)\n", (yyvsp[(2) - (2)].str)));
 		free(cfg_parser->cfg->control_key_file);
@ -3195,7 +3196,7 @@ yyreduce:
  case 206:

 /* Line 1455 of yacc.c  */
-#line 1046 "util/configparser.y"
+#line 1047 "util/configparser.y"
    {
 		OUTYY(("P(rc_control_cert_file:%s)\n", (yyvsp[(2) - (2)].str)));
 		free(cfg_parser->cfg->control_cert_file);
@ -3206,7 +3207,7 @@ yyreduce:
  case 207:

 /* Line 1455 of yacc.c  */
-#line 1053 "util/configparser.y"
+#line 1054 "util/configparser.y"
    { 
 		OUTYY(("\nP(python:)\n")); 
 	}
@ -3215,7 +3216,7 @@ yyreduce:
  case 211:

 /* Line 1455 of yacc.c  */
-#line 1062 "util/configparser.y"
+#line 1063 "util/configparser.y"
    {
 		OUTYY(("P(python-script:%s)\n", (yyvsp[(2) - (2)].str)));
 		free(cfg_parser->cfg->python_script);
@ -3226,7 +3227,7 @@ yyreduce:


 /* Line 1455 of yacc.c  */
-#line 3230 "util/configparser.c"
+#line 3231 "util/configparser.c"
      default: break;
    }
  YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc);
@ -3438,7 +3439,7 @@ yyreturn:


 /* Line 1675 of yacc.c  */
-#line 1067 "util/configparser.y"
+#line 1068 "util/configparser.y"


 /* parse helper routines could be here */
--- a/util/configparser.y
+++ b/util/configparser.y
@ -852,6 +852,7 @@ server_val_log_level: VAR_VAL_LOG_LEVEL STRING_ARG
 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
 			yyerror("number expected");
 		else cfg_parser->cfg->val_log_level = atoi($2);
+		free($2);
 	}
 	;
 server_val_nsec3_keysize_iterations: VAR_VAL_NSEC3_KEYSIZE_ITERATIONS STRING_ARG
--- a/validator/val_sigcrypt.c
+++ b/validator/val_sigcrypt.c
@ -256,16 +256,18 @@ ds_digest_size_algo(struct ub_packed_rrset_key* k, size_t idx)
 		case LDNS_SHA256:
 			return SHA256_DIGEST_LENGTH;
 #endif
-#if defined(HAVE_ENGINE_LOAD_GOST) && defined(USE_GOST)
+#ifdef USE_GOST
 		case LDNS_HASH_GOST94:
+			if(EVP_get_digestbyname("md_gost94"))
 				return 32;
+			else	return 0;
 #endif
 		default: break;
 	}
 	return 0;
 }

-#if defined(HAVE_ENGINE_LOAD_GOST) && defined(USE_GOST)
+#ifdef USE_GOST
 /** Perform GOST94 hash */
 static int
 do_gost94(unsigned char* data, size_t len, unsigned char* dest)
@ -322,7 +324,7 @@ ds_create_dnskey_digest(struct module_env* env,
 				ldns_buffer_limit(b), (unsigned char*)digest);
 			return 1;
 #endif
-#if defined(HAVE_ENGINE_LOAD_GOST) && defined(USE_GOST)
+#ifdef USE_GOST
 		case LDNS_HASH_GOST94:
 			if(do_gost94((unsigned char*)ldns_buffer_begin(b), 
 				ldns_buffer_limit(b), (unsigned char*)digest))
@ -397,11 +399,13 @@ dnskey_algo_id_is_supported(int id)
 #endif
 #if defined(HAVE_EVP_SHA512) && defined(USE_SHA2)
 	case LDNS_RSASHA512:
-#endif
-#if defined(HAVE_ENGINE_LOAD_GOST) && defined(USE_GOST)
-	case LDNS_GOST:
 #endif
 		return 1;
+#ifdef USE_GOST
+	case LDNS_GOST:
+		/* we support GOST if it can be loaded */
+		return ldns_key_EVP_load_gost_id();
+#endif
 	default:
 		return 0;
 	}
@ -1321,7 +1325,7 @@ setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type,
 			*digest_type = EVP_md5();

 			break;
-#if defined(HAVE_ENGINE_LOAD_GOST) && defined(USE_GOST)
+#ifdef USE_GOST
 		case LDNS_GOST:
 			*evp_key = ldns_gost2pkey_raw(key, keylen);
 			if(!*evp_key) {