diff --git a/bin/dnssec/Makefile.am b/bin/dnssec/Makefile.am index 0017705a0d..3f7aed488e 100644 --- a/bin/dnssec/Makefile.am +++ b/bin/dnssec/Makefile.am @@ -49,3 +49,13 @@ dnssec_signzone_LDADD = \ $(LDADD) \ $(LIBISCCFG_LIBS) \ $(OPENSSL_LIBS) + +dnssec_dsfromkey_CPPFLAGS = \ + $(AM_CPPFLAGS) \ + $(LIBISCCFG_CFLAGS) \ + $(OPENSSL_CFLAGS) + +dnssec_dsfromkey_LDADD = \ + $(LDADD) \ + $(LIBISCCFG_LIBS) \ + $(OPENSSL_LIBS) diff --git a/bin/dnssec/dnssec-dsfromkey.c b/bin/dnssec/dnssec-dsfromkey.c index f8f221ff5a..f9a8e1c69b 100644 --- a/bin/dnssec/dnssec-dsfromkey.c +++ b/bin/dnssec/dnssec-dsfromkey.c @@ -17,6 +17,8 @@ #include #include +#include + #include #include #include @@ -41,6 +43,10 @@ #include #include #include +#if OPENSSL_VERSION_NUMBER >= 0x30200000L && OPENSSL_API_LEVEL >= 30200 +#include +#include +#endif #include @@ -369,6 +375,9 @@ main(int argc, char **argv) { isc_log_t *log = NULL; dns_rdataset_t rdataset; dns_rdata_t rdata; +#if OPENSSL_VERSION_NUMBER >= 0x30200000L && OPENSSL_API_LEVEL >= 30200 + OSSL_PROVIDER *oqs = NULL, *default_provider = NULL; +#endif dns_rdata_init(&rdata); @@ -455,6 +464,21 @@ main(int argc, char **argv) { exit(1); } } +#if OPENSSL_VERSION_NUMBER >= 0x30200000L && OPENSSL_API_LEVEL >= 30200 + oqs = OSSL_PROVIDER_load(OSSL_LIB_CTX_get0_global_default(), "oqsprovider"); + if (oqs == NULL) { + ERR_print_errors_fp(stderr); + ERR_clear_error(); + fatal("Failed to load oqsprovider"); + } + default_provider = OSSL_PROVIDER_load(OSSL_LIB_CTX_get0_global_default(), "default"); + if (default_provider == NULL) { + OSSL_PROVIDER_unload(oqs); + ERR_print_errors_fp(stderr); + ERR_clear_error(); + fatal("Failed to load default provider"); + } +#endif rdclass = strtoclass(classname); @@ -540,6 +564,14 @@ main(int argc, char **argv) { emits(showall, cds, &rdata); } +#if OPENSSL_VERSION_NUMBER >= 0x30200000L && OPENSSL_API_LEVEL >= 30200 + if (oqs != NULL) { + OSSL_PROVIDER_unload(oqs); + } + if (default_provider != NULL) { + OSSL_PROVIDER_unload(default_provider); + } +#endif if (dns_rdataset_isassociated(&rdataset)) { dns_rdataset_disassociate(&rdataset); } diff --git a/bin/dnssec/dnssec-keygen.c b/bin/dnssec/dnssec-keygen.c index 72384d9c87..2be48dce98 100644 --- a/bin/dnssec/dnssec-keygen.c +++ b/bin/dnssec/dnssec-keygen.c @@ -1176,7 +1176,7 @@ main(int argc, char **argv) { } } #if OPENSSL_VERSION_NUMBER >= 0x30200000L && OPENSSL_API_LEVEL >= 30200 - oqs = OSSL_PROVIDER_load(NULL, "oqsprovider"); + oqs = OSSL_PROVIDER_load(OSSL_LIB_CTX_get0_global_default(), "oqsprovider"); if (oqs == NULL) { if (fips != NULL) { OSSL_PROVIDER_unload(fips); @@ -1188,7 +1188,7 @@ main(int argc, char **argv) { ERR_clear_error(); fatal("Failed to load oqsprovider"); } - default_provider = OSSL_PROVIDER_load(NULL, "default"); + default_provider = OSSL_PROVIDER_load(OSSL_LIB_CTX_get0_global_default(), "default"); if (default_provider == NULL) { OSSL_PROVIDER_unload(oqs); ERR_clear_error(); diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c index 0e1c6428dc..3f864b193c 100644 --- a/bin/dnssec/dnssec-signzone.c +++ b/bin/dnssec/dnssec-signzone.c @@ -3739,12 +3739,12 @@ main(int argc, char *argv[]) { if (set_fips_mode) { #if OPENSSL_VERSION_NUMBER >= 0x30200000L && OPENSSL_API_LEVEL >= 30200 - fips = OSSL_PROVIDER_load(NULL, "fips"); + fips = OSSL_PROVIDER_load(OSSL_LIB_CTX_get0_global_default(), "fips"); if (fips == NULL) { ERR_clear_error(); fatal("Failed to load FIPS provider"); } - base = OSSL_PROVIDER_load(NULL, "base"); + base = OSSL_PROVIDER_load(OSSL_LIB_CTX_get0_global_default(), "base"); if (base == NULL) { OSSL_PROVIDER_unload(fips); ERR_clear_error(); @@ -3758,7 +3758,7 @@ main(int argc, char *argv[]) { } } #if OPENSSL_VERSION_NUMBER >= 0x30200000L && OPENSSL_API_LEVEL >= 30200 - oqs = OSSL_PROVIDER_load(NULL, "oqsprovider"); + oqs = OSSL_PROVIDER_load(OSSL_LIB_CTX_get0_global_default(), "oqsprovider"); if (oqs == NULL) { if (fips != NULL) { OSSL_PROVIDER_unload(fips); diff --git a/lib/dns/openssloqs_link.c b/lib/dns/openssloqs_link.c index ce646e2556..4269e864ff 100644 --- a/lib/dns/openssloqs_link.c +++ b/lib/dns/openssloqs_link.c @@ -118,14 +118,16 @@ raw_pub_key_to_ossl(const oqs_alginfo_t *alginfo, const unsigned char *pub_key, return (ret); } *pkey = EVP_PKEY_new_raw_public_key_ex( - NULL, alg_name, NULL, pub_key, *pub_key_len); + OSSL_LIB_CTX_get0_global_default(), + alg_name, NULL, pub_key, *pub_key_len); } if (*pkey == NULL) { + ERR_print_errors_fp(stderr); return (dst__openssl_toresult(ret)); } - *pub_key_len = alginfo->key_size; return (ISC_R_SUCCESS); } + static isc_result_t raw_priv_key_to_ossl(const oqs_alginfo_t *alginfo, const unsigned char *priv_key, size_t *priv_key_len,