mirror of
https://github.com/NLnetLabs/unbound.git
synced 2026-02-01 11:19:27 -05:00
- Prepare for OpenSSL 3.0.0 provider API usage, move the sldns
keyraw functions to produce EVP_PKEY results.
This commit is contained in:
W.C.A. Wijngaards
parent
b6abcb1508
commit
ca00814e67
4 changed files with 66 additions and 44 deletions
|
|
@ -1,3 +1,7 @@
|
|||
2 August 2021: Wouter
|
||||
- Prepare for OpenSSL 3.0.0 provider API usage, move the sldns
|
||||
keyraw functions to produce EVP_PKEY results.
|
||||
|
||||
30 July 2021: Wouter
|
||||
- Fix #515: Compilation against openssl 3.0.0 beta2 is failing to
|
||||
build unbound.
|
||||
|
|
|
|||
|
|
@ -262,6 +262,26 @@ sldns_key_buf2dsa_raw(unsigned char* key, size_t len)
|
|||
return dsa;
|
||||
}
|
||||
|
||||
EVP_PKEY *sldns_key_dsa2pkey_raw(unsigned char* key, size_t len)
|
||||
{
|
||||
DSA* dsa;
|
||||
EVP_PKEY* evp_key = EVP_PKEY_new();
|
||||
if(!evp_key) {
|
||||
return 0;
|
||||
}
|
||||
dsa = sldns_key_buf2dsa_raw(key, len);
|
||||
if(!dsa) {
|
||||
EVP_PKEY_free(evp_key);
|
||||
return 0;
|
||||
}
|
||||
if(EVP_PKEY_assign_DSA(evp_key, dsa) == 0) {
|
||||
DSA_free(dsa);
|
||||
EVP_PKEY_free(evp_key);
|
||||
return 0;
|
||||
}
|
||||
return evp_key;
|
||||
}
|
||||
|
||||
RSA *
|
||||
sldns_key_buf2rsa_raw(unsigned char* key, size_t len)
|
||||
{
|
||||
|
|
@ -328,6 +348,26 @@ sldns_key_buf2rsa_raw(unsigned char* key, size_t len)
|
|||
return rsa;
|
||||
}
|
||||
|
||||
EVP_PKEY* sldns_key_rsa2pkey_raw(unsigned char* key, size_t len)
|
||||
{
|
||||
RSA* rsa;
|
||||
EVP_PKEY *evp_key = EVP_PKEY_new();
|
||||
if(!evp_key) {
|
||||
return 0;
|
||||
}
|
||||
rsa = sldns_key_buf2rsa_raw(key, len);
|
||||
if(!rsa) {
|
||||
EVP_PKEY_free(evp_key);
|
||||
return 0;
|
||||
}
|
||||
if(EVP_PKEY_assign_RSA(evp_key, rsa) == 0) {
|
||||
RSA_free(rsa);
|
||||
EVP_PKEY_free(evp_key);
|
||||
return 0;
|
||||
}
|
||||
return evp_key;
|
||||
}
|
||||
|
||||
#ifdef USE_GOST
|
||||
EVP_PKEY*
|
||||
sldns_gost2pkey_raw(unsigned char* key, size_t keylen)
|
||||
|
|
|
|||
|
|
@ -65,6 +65,14 @@ void sldns_key_EVP_unload_gost(void);
|
|||
*/
|
||||
DSA *sldns_key_buf2dsa_raw(unsigned char* key, size_t len);
|
||||
|
||||
/**
|
||||
* Converts a holding buffer with DSA key material to EVP PKEY in openssl.
|
||||
* \param[in] key the uncompressed wireformat of the key.
|
||||
* \param[in] len length of key data
|
||||
* \return the key or NULL on error.
|
||||
*/
|
||||
EVP_PKEY *sldns_key_dsa2pkey_raw(unsigned char* key, size_t len);
|
||||
|
||||
/**
|
||||
* Converts a holding buffer with key material to EVP PKEY in openssl.
|
||||
* Only available if ldns was compiled with GOST.
|
||||
|
|
@ -92,6 +100,14 @@ EVP_PKEY* sldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo);
|
|||
*/
|
||||
RSA *sldns_key_buf2rsa_raw(unsigned char* key, size_t len);
|
||||
|
||||
/**
|
||||
* Converts a holding buffer with RSA key material to EVP PKEY in openssl.
|
||||
* \param[in] key the uncompressed wireformat of the key.
|
||||
* \param[in] len length of key data
|
||||
* \return the key or NULL on error.
|
||||
*/
|
||||
EVP_PKEY* sldns_key_rsa2pkey_raw(unsigned char* key, size_t len);
|
||||
|
||||
/**
|
||||
* Converts a holding buffer with key material to EVP PKEY in openssl.
|
||||
* Only available if ldns was compiled with ED25519.
|
||||
|
|
|
|||
|
|
@ -513,29 +513,13 @@ static int
|
|||
setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type,
|
||||
unsigned char* key, size_t keylen)
|
||||
{
|
||||
#if defined(USE_DSA) && defined(USE_SHA1)
|
||||
DSA* dsa;
|
||||
#endif
|
||||
RSA* rsa;
|
||||
|
||||
switch(algo) {
|
||||
#if defined(USE_DSA) && defined(USE_SHA1)
|
||||
case LDNS_DSA:
|
||||
case LDNS_DSA_NSEC3:
|
||||
*evp_key = EVP_PKEY_new();
|
||||
*evp_key = sldns_key_dsa2pkey_raw(key, keylen);
|
||||
if(!*evp_key) {
|
||||
log_err("verify: malloc failure in crypto");
|
||||
return 0;
|
||||
}
|
||||
dsa = sldns_key_buf2dsa_raw(key, keylen);
|
||||
if(!dsa) {
|
||||
verbose(VERB_QUERY, "verify: "
|
||||
"sldns_key_buf2dsa_raw failed");
|
||||
return 0;
|
||||
}
|
||||
if(EVP_PKEY_assign_DSA(*evp_key, dsa) == 0) {
|
||||
verbose(VERB_QUERY, "verify: "
|
||||
"EVP_PKEY_assign_DSA failed");
|
||||
log_err("verify: sldns_key_dsa2pkey failed");
|
||||
return 0;
|
||||
}
|
||||
#ifdef HAVE_EVP_DSS1
|
||||
|
|
@ -558,20 +542,9 @@ setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type,
|
|||
#if defined(HAVE_EVP_SHA512) && defined(USE_SHA2)
|
||||
case LDNS_RSASHA512:
|
||||
#endif
|
||||
*evp_key = EVP_PKEY_new();
|
||||
*evp_key = sldns_key_rsa2pkey_raw(key, keylen);
|
||||
if(!*evp_key) {
|
||||
log_err("verify: malloc failure in crypto");
|
||||
return 0;
|
||||
}
|
||||
rsa = sldns_key_buf2rsa_raw(key, keylen);
|
||||
if(!rsa) {
|
||||
verbose(VERB_QUERY, "verify: "
|
||||
"sldns_key_buf2rsa_raw SHA failed");
|
||||
return 0;
|
||||
}
|
||||
if(EVP_PKEY_assign_RSA(*evp_key, rsa) == 0) {
|
||||
verbose(VERB_QUERY, "verify: "
|
||||
"EVP_PKEY_assign_RSA SHA failed");
|
||||
log_err("verify: sldns_key_rsa2pkey SHA failed");
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
@ -595,20 +568,9 @@ setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type,
|
|||
#endif /* defined(USE_SHA1) || (defined(HAVE_EVP_SHA256) && defined(USE_SHA2)) || (defined(HAVE_EVP_SHA512) && defined(USE_SHA2)) */
|
||||
|
||||
case LDNS_RSAMD5:
|
||||
*evp_key = EVP_PKEY_new();
|
||||
*evp_key = sldns_key_rsa2pkey_raw(key, keylen);
|
||||
if(!*evp_key) {
|
||||
log_err("verify: malloc failure in crypto");
|
||||
return 0;
|
||||
}
|
||||
rsa = sldns_key_buf2rsa_raw(key, keylen);
|
||||
if(!rsa) {
|
||||
verbose(VERB_QUERY, "verify: "
|
||||
"sldns_key_buf2rsa_raw MD5 failed");
|
||||
return 0;
|
||||
}
|
||||
if(EVP_PKEY_assign_RSA(*evp_key, rsa) == 0) {
|
||||
verbose(VERB_QUERY, "verify: "
|
||||
"EVP_PKEY_assign_RSA MD5 failed");
|
||||
log_err("verify: sldns_key_rsa2pkey MD5 failed");
|
||||
return 0;
|
||||
}
|
||||
*digest_type = EVP_md5();
|
||||
|
|
|
|||
Loading…
Reference in a new issue