Merge pull request #12 from Martyrshot/fix-fromdns

Fix dsfromkey
Martyrshot · Dec 11, 2023 · 8dcd378 · 8dcd378
2 parents 40acd8b + 2b83f38
commit 8dcd378
Show file tree

Hide file tree

Showing 5 changed files with 51 additions and 7 deletions.
diff --git a/bin/dnssec/Makefile.am b/bin/dnssec/Makefile.am
@@ -49,3 +49,13 @@ dnssec_signzone_LDADD =		\
 	$(LDADD)		\
 	$(LIBISCCFG_LIBS)	\
 	$(OPENSSL_LIBS)
+
+dnssec_dsfromkey_CPPFLAGS =	\
+	$(AM_CPPFLAGS)		\
+	$(LIBISCCFG_CFLAGS)	\
+	$(OPENSSL_CFLAGS)
+
+dnssec_dsfromkey_LDADD =	\
+	$(LDADD)		\
+	$(LIBISCCFG_LIBS)	\
+	$(OPENSSL_LIBS)
diff --git a/bin/dnssec/dnssec-dsfromkey.c b/bin/dnssec/dnssec-dsfromkey.c
@@ -17,6 +17,8 @@
 #include <stdbool.h>
 #include <stdlib.h>
 
+#include <openssl/opensslv.h>
+
 #include <isc/attributes.h>
 #include <isc/buffer.h>
 #include <isc/commandline.h>
@@ -41,6 +43,10 @@
 #include <dns/rdataset.h>
 #include <dns/rdatasetiter.h>
 #include <dns/rdatatype.h>
+#if OPENSSL_VERSION_NUMBER >= 0x30200000L && OPENSSL_API_LEVEL >= 30200
+#include <openssl/err.h>
+#include <openssl/provider.h>
+#endif
 
 #include <dst/dst.h>
 
@@ -369,6 +375,9 @@ main(int argc, char **argv) {
 	isc_log_t *log = NULL;
 	dns_rdataset_t rdataset;
 	dns_rdata_t rdata;
+#if OPENSSL_VERSION_NUMBER >= 0x30200000L && OPENSSL_API_LEVEL >= 30200
+	OSSL_PROVIDER *oqs = NULL, *default_provider = NULL;
+#endif
 
 	dns_rdata_init(&rdata);
 
@@ -455,6 +464,21 @@ main(int argc, char **argv) {
 			exit(1);
 		}
 	}
+#if OPENSSL_VERSION_NUMBER >= 0x30200000L && OPENSSL_API_LEVEL >= 30200
+	oqs = OSSL_PROVIDER_load(OSSL_LIB_CTX_get0_global_default(), "oqsprovider");
+	if (oqs == NULL) {
+		ERR_print_errors_fp(stderr);
+		ERR_clear_error();
+		fatal("Failed to load oqsprovider");
+	}
+	default_provider = OSSL_PROVIDER_load(OSSL_LIB_CTX_get0_global_default(), "default");
+	if (default_provider == NULL) {
+		OSSL_PROVIDER_unload(oqs);
+		ERR_print_errors_fp(stderr);
+		ERR_clear_error();
+		fatal("Failed to load default provider");
+	}
+#endif
 
 	rdclass = strtoclass(classname);
 
@@ -540,6 +564,14 @@ main(int argc, char **argv) {
 		emits(showall, cds, &rdata);
 	}
 
+#if OPENSSL_VERSION_NUMBER >= 0x30200000L && OPENSSL_API_LEVEL >= 30200
+	if (oqs != NULL) {
+		OSSL_PROVIDER_unload(oqs);
+	}
+	if (default_provider != NULL) {
+		OSSL_PROVIDER_unload(default_provider);
+	}
+#endif
 	if (dns_rdataset_isassociated(&rdataset)) {
 		dns_rdataset_disassociate(&rdataset);
 	}

diff --git a/bin/dnssec/dnssec-keygen.c b/bin/dnssec/dnssec-keygen.c
@@ -1176,7 +1176,7 @@ main(int argc, char **argv) {
 		}
 	}
 #if OPENSSL_VERSION_NUMBER >= 0x30200000L && OPENSSL_API_LEVEL >= 30200
-	oqs = OSSL_PROVIDER_load(NULL, "oqsprovider");
+	oqs = OSSL_PROVIDER_load(OSSL_LIB_CTX_get0_global_default(), "oqsprovider");
 	if (oqs == NULL) {
 		if (fips != NULL) {
 			OSSL_PROVIDER_unload(fips);
@@ -1188,7 +1188,7 @@ main(int argc, char **argv) {
 		ERR_clear_error();
 		fatal("Failed to load oqsprovider");
 	}
-	default_provider = OSSL_PROVIDER_load(NULL, "default");
+	default_provider = OSSL_PROVIDER_load(OSSL_LIB_CTX_get0_global_default(), "default");
 	if (default_provider == NULL) {
 		OSSL_PROVIDER_unload(oqs);
 		ERR_clear_error();

diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c
@@ -3739,12 +3739,12 @@ main(int argc, char *argv[]) {
 
 	if (set_fips_mode) {
 #if OPENSSL_VERSION_NUMBER >= 0x30200000L && OPENSSL_API_LEVEL >= 30200
-		fips = OSSL_PROVIDER_load(NULL, "fips");
+		fips = OSSL_PROVIDER_load(OSSL_LIB_CTX_get0_global_default(), "fips");
 		if (fips == NULL) {
 			ERR_clear_error();
 			fatal("Failed to load FIPS provider");
 		}
-		base = OSSL_PROVIDER_load(NULL, "base");
+		base = OSSL_PROVIDER_load(OSSL_LIB_CTX_get0_global_default(), "base");
 		if (base == NULL) {
 			OSSL_PROVIDER_unload(fips);
 			ERR_clear_error();
@@ -3758,7 +3758,7 @@ main(int argc, char *argv[]) {
 		}
 	}
 #if OPENSSL_VERSION_NUMBER >= 0x30200000L && OPENSSL_API_LEVEL >= 30200
-	oqs = OSSL_PROVIDER_load(NULL, "oqsprovider");
+	oqs = OSSL_PROVIDER_load(OSSL_LIB_CTX_get0_global_default(), "oqsprovider");
 	if (oqs == NULL) {
 		if (fips != NULL) {
 			OSSL_PROVIDER_unload(fips);

diff --git a/lib/dns/openssloqs_link.c b/lib/dns/openssloqs_link.c
@@ -118,14 +118,16 @@ raw_pub_key_to_ossl(const oqs_alginfo_t *alginfo, const unsigned char *pub_key,
 			return (ret);
 		}
 		*pkey = EVP_PKEY_new_raw_public_key_ex(
-			NULL, alg_name, NULL, pub_key, *pub_key_len);
+			OSSL_LIB_CTX_get0_global_default(), 
+			alg_name, NULL, pub_key, *pub_key_len);
 	}
 	if (*pkey == NULL) {
+		ERR_print_errors_fp(stderr);
 		return (dst__openssl_toresult(ret));
 	}
-	*pub_key_len = alginfo->key_size;
 	return (ISC_R_SUCCESS);
 }
+
 static isc_result_t
 raw_priv_key_to_ossl(const oqs_alginfo_t *alginfo,
 		     const unsigned char *priv_key, size_t *priv_key_len,