Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix named's verify #14

Merged
merged 19 commits into from
Dec 15, 2023
Merged

Fix named's verify #14

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
550feff
Add logging to see if providers are loaded
jgoertzen-sb Dec 14, 2023
ae6e7a8
More debugging
jgoertzen-sb Dec 14, 2023
ba12a73
added some missing semicolons
jgoertzen-sb Dec 14, 2023
8cadb3d
more debugging
jgoertzen-sb Dec 14, 2023
8fc70bc
more debugging
jgoertzen-sb Dec 14, 2023
ebe604b
more debugging
jgoertzen-sb Dec 14, 2023
e8309d3
More debugging
jgoertzen-sb Dec 14, 2023
84ba043
changed to using NULL context like it originally was
jgoertzen-sb Dec 14, 2023
f5f8802
Another fix attempt
jgoertzen-sb Dec 15, 2023
5061ea1
Some debugging cleanup
jgoertzen-sb Dec 15, 2023
a35167a
Fixed an out of order issue
jgoertzen-sb Dec 15, 2023
d9ce4e8
More debugging...
jgoertzen-sb Dec 15, 2023
66bb687
debugging :')
jgoertzen-sb Dec 15, 2023
84bc234
even more...
jgoertzen-sb Dec 15, 2023
e72e275
more...
jgoertzen-sb Dec 15, 2023
7e50b66
more debugging
jgoertzen-sb Dec 15, 2023
31b0d19
more debugging
jgoertzen-sb Dec 15, 2023
613d837
Fixed a typo in version checking
jgoertzen-sb Dec 15, 2023
7a4ea56
remove debug statements
jgoertzen-sb Dec 15, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions bin/dnssec/dnssec-dsfromkey.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -465,13 +465,13 @@ main(int argc, char **argv) {
}
}
#if OPENSSL_VERSION_NUMBER >= 0x30200000L && OPENSSL_API_LEVEL >= 30200
oqs = OSSL_PROVIDER_load(OSSL_LIB_CTX_get0_global_default(), "oqsprovider");
oqs = OSSL_PROVIDER_load(NULL, "oqsprovider");
if (oqs == NULL) {
ERR_print_errors_fp(stderr);
ERR_clear_error();
fatal("Failed to load oqsprovider");
}
default_provider = OSSL_PROVIDER_load(OSSL_LIB_CTX_get0_global_default(), "default");
default_provider = OSSL_PROVIDER_load(NULL, "default");
if (default_provider == NULL) {
OSSL_PROVIDER_unload(oqs);
ERR_print_errors_fp(stderr);
Expand Down
8 changes: 4 additions & 4 deletions bin/dnssec/dnssec-keygen.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1160,12 +1160,12 @@ main(int argc, char **argv) {

if (set_fips_mode) {
#if OPENSSL_VERSION_NUMBER >= 0x30200000L && OPENSSL_API_LEVEL >= 30200
fips = OSSL_PROVIDER_load(OSSL_LIB_CTX_get0_global_default(), "fips");
fips = OSSL_PROVIDER_load(NULL, "fips");
if (fips == NULL) {
ERR_clear_error();
fatal("Failed to load FIPS provider");
}
base = OSSL_PROVIDER_load(OSSL_LIB_CTX_get0_global_default(), "base");
base = OSSL_PROVIDER_load(NULL, "base");
if (base == NULL) {
OSSL_PROVIDER_unload(fips);
ERR_clear_error();
Expand All @@ -1179,7 +1179,7 @@ main(int argc, char **argv) {
}
}
#if OPENSSL_VERSION_NUMBER >= 0x30200000L && OPENSSL_API_LEVEL >= 30200
oqs = OSSL_PROVIDER_load(OSSL_LIB_CTX_get0_global_default(), "oqsprovider");
oqs = OSSL_PROVIDER_load(NULL, "oqsprovider");
if (oqs == NULL) {
if (fips != NULL) {
OSSL_PROVIDER_unload(fips);
Expand All @@ -1191,7 +1191,7 @@ main(int argc, char **argv) {
ERR_clear_error();
fatal("Failed to load oqsprovider");
}
default_provider = OSSL_PROVIDER_load(OSSL_LIB_CTX_get0_global_default(), "default");
default_provider = OSSL_PROVIDER_load(NULL, "default");
if (default_provider == NULL) {
OSSL_PROVIDER_unload(oqs);
ERR_clear_error();
Expand Down
6 changes: 3 additions & 3 deletions bin/dnssec/dnssec-signzone.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3739,12 +3739,12 @@ main(int argc, char *argv[]) {

if (set_fips_mode) {
#if OPENSSL_VERSION_NUMBER >= 0x30200000L && OPENSSL_API_LEVEL >= 30200
fips = OSSL_PROVIDER_load(OSSL_LIB_CTX_get0_global_default(), "fips");
fips = OSSL_PROVIDER_load(NULL, "fips");
if (fips == NULL) {
ERR_clear_error();
fatal("Failed to load FIPS provider");
}
base = OSSL_PROVIDER_load(OSSL_LIB_CTX_get0_global_default(), "base");
base = OSSL_PROVIDER_load(NULL, "base");
if (base == NULL) {
OSSL_PROVIDER_unload(fips);
ERR_clear_error();
Expand All @@ -3758,7 +3758,7 @@ main(int argc, char *argv[]) {
}
}
#if OPENSSL_VERSION_NUMBER >= 0x30200000L && OPENSSL_API_LEVEL >= 30200
oqs = OSSL_PROVIDER_load(OSSL_LIB_CTX_get0_global_default(), "oqsprovider");
oqs = OSSL_PROVIDER_load(NULL, "oqsprovider");
if (oqs == NULL) {
if (fips != NULL) {
OSSL_PROVIDER_unload(fips);
Expand Down
65 changes: 34 additions & 31 deletions bin/named/main.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -973,13 +973,13 @@ parse_command_line(int argc, char *argv[]) {
break;
case 'F':
#if OPENSSL_VERSION_NUMBER >= 0x30200000L && OPENSSL_API_LEVEL >= 30200
fips = OSSL_PROVIDER_load(OSSL_LIB_CTX_get0_global_default(), "fips");
fips = OSSL_PROVIDER_load(NULL, "fips");
if (fips == NULL) {
ERR_clear_error();
named_main_earlyfatal(
"Failed to load FIPS provider");
}
base = OSSL_PROVIDER_load(OSSL_LIB_CTX_get0_global_default(), "base");
base = OSSL_PROVIDER_load(NULL, "base");
if (base == NULL) {
OSSL_PROVIDER_unload(fips);
ERR_clear_error();
Expand Down Expand Up @@ -1322,13 +1322,11 @@ setup(void) {
named_server_create(named_g_mctx, &named_g_server);
ENSURE(named_g_server != NULL);
sctx = named_g_server->sctx;

/*
* Report supported algorithms now that dst_lib_init() has
* been called via named_server_create().
*/
format_supported_algorithms(logit);

/*
* Modify server context according to command line options
*/
Expand Down Expand Up @@ -1501,7 +1499,6 @@ main(int argc, char *argv[]) {
#ifdef HAVE_GPERFTOOLS_PROFILER
(void)ProfilerStart(NULL);
#endif /* ifdef HAVE_GPERFTOOLS_PROFILER */

/*
* Technically, this call is superfluous because on startup of the main
* program, the portable "C" locale is selected by default. This
Expand Down Expand Up @@ -1539,32 +1536,6 @@ main(int argc, char *argv[]) {

parse_command_line(argc, argv);

/*
* Since providers may be loaded due to command line
* arguments, load oqs and default providers now.
* TODO: Maybe disable FIPS mode, or make oqs and FIPS
* mutually exclusive modes?
*/
#if OPENSSL_VERSION_NUMER >= 0x30200000L && OPENSSL_API_LEVEL >= 30200
oqs = OSSL_PROVIDER_load(OSSL_LIB_CTX_get0_global_default(), "oqsprovider");
if (oqs == NULL) {
if (fips != NULL) {
OSSL_PROVIDER_unload(fips);
}
if (base != NULL) {
OSSL_PROVIDER_unload(base);
}
ERR_clear_error();
named_main_earlyfatal("failed to load oqsprovider");
}
default_provider = OSSL_PROVIDER_load(OSSL_LIB_CTX_get0_global_default(), "default");
if (default_provider == NULL) {
OSSL_PROVIDER_unload(oqs);
ERR_clear_error();
named_main_earlyfatal("Failed to load default provider");
}
#endif /* if OPENSSL_VERSION_NUMER >= 0x30200000L && OPENSSL_API_LEVEL >= \
30200 */
#ifdef ENABLE_AFL
if (named_g_fuzz_type != isc_fuzz_none) {
named_fuzz_setup();
Expand All @@ -1591,6 +1562,38 @@ main(int argc, char *argv[]) {
named_g_chrootdir);
}
}
/*
* Since providers may be loaded due to command line
* arguments, load oqs and default providers now.
* TODO: Maybe disable FIPS mode, or make oqs and FIPS
* mutually exclusive modes?
*/
#if OPENSSL_VERSION_NUMBER >= 0x30200000L && OPENSSL_API_LEVEL >= 30200
oqs = OSSL_PROVIDER_load(NULL, "oqsprovider");
if (oqs == NULL) {
if (fips != NULL) {
OSSL_PROVIDER_unload(fips);
}
if (base != NULL) {
OSSL_PROVIDER_unload(base);
}
ERR_clear_error();
named_main_earlyfatal("failed to load oqsprovider");
}
default_provider = OSSL_PROVIDER_load(NULL, "default");
if (default_provider == NULL) {
OSSL_PROVIDER_unload(oqs);
if (fips != NULL) {
OSSL_PROVIDER_unload(fips);
}
if (base != NULL) {
OSSL_PROVIDER_unload(base);
}
ERR_clear_error();
named_main_earlyfatal("Failed to load default provider");
}
#endif /* if OPENSSL_VERSION_NUMBER >= 0x30200000L && OPENSSL_API_LEVEL >= \
30200 */

setup();
isc_mem_setname(named_g_mctx, "main");
Expand Down
10 changes: 5 additions & 5 deletions lib/dns/openssloqs_link.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -118,12 +118,12 @@ raw_pub_key_to_ossl(const oqs_alginfo_t *alginfo, const unsigned char *pub_key,
return (ret);
}
*pkey = EVP_PKEY_new_raw_public_key_ex(
OSSL_LIB_CTX_get0_global_default(),
NULL,
alg_name, NULL, pub_key, *pub_key_len);
}
if (*pkey == NULL) {
ERR_print_errors_fp(stderr);
return (dst__openssl_toresult(ret));
if (*pkey == NULL) {
ERR_print_errors_fp(stderr);
return (dst__openssl_toresult(ret));
}
}
return (ISC_R_SUCCESS);
}
Expand Down
Loading