You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

316 lines
8.4 KiB

  1. From 8a12d9183271b2b16f399c3fe867f149dbf753d7 Mon Sep 17 00:00:00 2001
  2. From: Rosen Penev <rosenp@gmail.com>
  3. Date: Thu, 20 Feb 2020 18:58:52 -0800
  4. Subject: [PATCH] Fix compilation without DSA and deprecated APIs
  5. Signed-off-by: Rosen Penev <rosenp@gmail.com>
  6. ---
  7. dnssec.c | 2 ++
  8. examples/ldns-dane.c | 2 ++
  9. examples/ldns-keygen.c | 2 ++
  10. examples/ldns-signzone.c | 16 ++++++++++++++++
  11. examples/ldns-verify-zone.c | 2 ++
  12. host2str.c | 8 ++++++++
  13. keys.c | 10 +++++++---
  14. ldns/keys.h | 8 ++++++++
  15. rr_functions.c | 4 ++++
  16. 9 files changed, 51 insertions(+), 3 deletions(-)
  17. --- a/dnssec.c
  18. +++ b/dnssec.c
  19. @@ -332,6 +332,7 @@ uint16_t ldns_calc_keytag_raw(const uint
  20. }
  21. #ifdef HAVE_SSL
  22. +#ifdef USE_DSA
  23. DSA *
  24. ldns_key_buf2dsa(const ldns_buffer *key)
  25. {
  26. @@ -407,6 +408,7 @@ ldns_key_buf2dsa_raw(const unsigned char
  27. #endif /* OPENSSL_VERSION_NUMBER */
  28. return dsa;
  29. }
  30. +#endif /* USE_DSA */
  31. RSA *
  32. ldns_key_buf2rsa(const ldns_buffer *key)
  33. --- a/examples/ldns-dane.c
  34. +++ b/examples/ldns-dane.c
  35. @@ -1680,9 +1680,11 @@ main(int argc, char* const* argv)
  36. assert(0);
  37. }
  38. +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
  39. /* ssl inititalize */
  40. SSL_load_error_strings();
  41. SSL_library_init();
  42. +#endif
  43. /* ssl load validation store */
  44. if (! assume_pkix_validity || CAfile || CApath) {
  45. --- a/examples/ldns-keygen.c
  46. +++ b/examples/ldns-keygen.c
  47. @@ -148,6 +148,7 @@ main(int argc, char *argv[])
  48. exit(1);
  49. }
  50. break;
  51. +#ifdef USE_DSA
  52. case LDNS_SIGN_DSA:
  53. case LDNS_SIGN_DSA_NSEC3:
  54. if (bits < 512 || bits > 1024) {
  55. @@ -156,6 +157,7 @@ main(int argc, char *argv[])
  56. exit(1);
  57. }
  58. break;
  59. +#endif /* USE_DSA */
  60. #ifdef USE_GOST
  61. case LDNS_SIGN_ECC_GOST:
  62. if(!ldns_key_EVP_load_gost_id()) {
  63. --- a/examples/ldns-signzone.c
  64. +++ b/examples/ldns-signzone.c
  65. @@ -72,10 +72,14 @@ usage(FILE *fp, const char *prog) {
  66. fprintf ( fp, "\n " );
  67. __LIST ( RSAMD5 );
  68. +#ifdef USE_DSA
  69. __LIST ( DSA );
  70. +#endif
  71. __LIST ( RSASHA1 );
  72. fprintf ( fp, "\n " );
  73. +#ifdef USE_DSA
  74. __LIST ( DSA_NSEC3 );
  75. +#endif
  76. __LIST ( RSASHA1_NSEC3 );
  77. __LIST ( RSASHA256 );
  78. fprintf ( fp, "\n " );
  79. @@ -350,11 +354,15 @@ parse_algspec ( const char * const p )
  80. __MATCH ( RSAMD5 );
  81. __MATCH ( RSASHA1 );
  82. +#ifdef USE_DSA
  83. __MATCH ( DSA );
  84. +#endif
  85. __MATCH ( RSASHA1_NSEC3 );
  86. __MATCH ( RSASHA256 );
  87. __MATCH ( RSASHA512 );
  88. +#ifdef USE_DSA
  89. __MATCH ( DSA_NSEC3 );
  90. +#endif
  91. __MATCH ( ECC_GOST );
  92. __MATCH ( ECDSAP256SHA256 );
  93. __MATCH ( ECDSAP384SHA384 );
  94. @@ -419,8 +427,10 @@ load_key ( const char * const p, ENGINE
  95. case LDNS_SIGN_RSASHA1_NSEC3:
  96. case LDNS_SIGN_RSASHA256:
  97. case LDNS_SIGN_RSASHA512:
  98. +#ifdef USE_DSA
  99. case LDNS_SIGN_DSA:
  100. case LDNS_SIGN_DSA_NSEC3:
  101. +#endif
  102. case LDNS_SIGN_ECC_GOST:
  103. #ifdef USE_ECDSA
  104. case LDNS_SIGN_ECDSAP256SHA256:
  105. @@ -995,9 +1005,13 @@ main(int argc, char *argv[])
  106. #ifdef HAVE_SSL
  107. if (ERR_peek_error()) {
  108. +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(HAVE_LIBRESSL)
  109. ERR_load_crypto_strings();
  110. +#endif
  111. ERR_print_errors_fp(stderr);
  112. +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(HAVE_LIBRESSL)
  113. ERR_free_strings();
  114. +#endif
  115. }
  116. #endif
  117. exit(EXIT_FAILURE);
  118. @@ -1018,8 +1032,10 @@ main(int argc, char *argv[])
  119. #ifndef OPENSSL_NO_ENGINE
  120. shutdown_openssl ( engine );
  121. #else
  122. +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
  123. CRYPTO_cleanup_all_ex_data();
  124. #endif
  125. +#endif
  126. free(prog);
  127. exit(EXIT_SUCCESS);
  128. --- a/examples/ldns-verify-zone.c
  129. +++ b/examples/ldns-verify-zone.c
  130. @@ -113,7 +113,9 @@ print_rr_status_error(FILE* stream, ldns
  131. if (status != LDNS_STATUS_OK) {
  132. print_rr_error(stream, rr, ldns_get_errorstr_by_id(status));
  133. if (verbosity > 0 && status == LDNS_STATUS_SSL_ERR) {
  134. +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
  135. ERR_load_crypto_strings();
  136. +#endif
  137. ERR_print_errors_fp(stream);
  138. }
  139. }
  140. --- a/host2str.c
  141. +++ b/host2str.c
  142. @@ -49,10 +49,14 @@
  143. ldns_lookup_table ldns_algorithms[] = {
  144. { LDNS_RSAMD5, "RSAMD5" },
  145. { LDNS_DH, "DH" },
  146. +#ifdef USE_DSA
  147. { LDNS_DSA, "DSA" },
  148. +#endif /* USE_DSA */
  149. { LDNS_ECC, "ECC" },
  150. { LDNS_RSASHA1, "RSASHA1" },
  151. +#ifdef USE_DSA
  152. { LDNS_DSA_NSEC3, "DSA-NSEC3-SHA1" },
  153. +#endif /* USE_DSA */
  154. { LDNS_RSASHA1_NSEC3, "RSASHA1-NSEC3-SHA1" },
  155. #ifdef USE_SHA2
  156. { LDNS_RSASHA256, "RSASHA256"},
  157. @@ -2133,7 +2137,9 @@ ldns_key2buffer_str(ldns_buffer *output,
  158. unsigned char *bignum;
  159. #ifdef HAVE_SSL
  160. RSA *rsa;
  161. +#ifdef USE_DSA
  162. DSA *dsa;
  163. +#endif /* USE_DSA */
  164. #endif /* HAVE_SSL */
  165. if (!k) {
  166. @@ -2243,6 +2249,7 @@ ldns_key2buffer_str(ldns_buffer *output,
  167. RSA_free(rsa);
  168. break;
  169. +#ifdef USE_DSA
  170. case LDNS_SIGN_DSA:
  171. case LDNS_SIGN_DSA_NSEC3:
  172. dsa = ldns_key_dsa_key(k);
  173. @@ -2283,6 +2290,7 @@ ldns_key2buffer_str(ldns_buffer *output,
  174. goto error;
  175. }
  176. break;
  177. +#endif /* USE_DSA */
  178. case LDNS_SIGN_ECC_GOST:
  179. /* no format defined, use blob */
  180. #if defined(HAVE_SSL) && defined(USE_GOST)
  181. --- a/keys.c
  182. +++ b/keys.c
  183. @@ -905,6 +905,7 @@ error:
  184. return NULL;
  185. }
  186. +#ifdef USE_DSA
  187. DSA *
  188. ldns_key_new_frm_fp_dsa(FILE *f)
  189. {
  190. @@ -1015,6 +1016,7 @@ error:
  191. BN_free(pub_key);
  192. return NULL;
  193. }
  194. +#endif /* USE_DSA */
  195. unsigned char *
  196. ldns_key_new_frm_fp_hmac(FILE *f, size_t *hmac_size)
  197. @@ -1149,9 +1151,9 @@ ldns_key_new_frm_algorithm(ldns_signing_
  198. #endif /* HAVE_EVP_PKEY_KEYGEN */
  199. #endif /* HAVE_SSL */
  200. break;
  201. +#ifdef USE_DSA
  202. case LDNS_SIGN_DSA:
  203. case LDNS_SIGN_DSA_NSEC3:
  204. -#ifdef USE_DSA
  205. #ifdef HAVE_SSL
  206. # if OPENSSL_VERSION_NUMBER < 0x00908000L
  207. d = DSA_generate_parameters((int)size, NULL, 0, NULL, NULL, NULL, NULL);
  208. @@ -1878,10 +1880,10 @@ ldns_key2rr(const ldns_key *k)
  209. #endif
  210. size++;
  211. break;
  212. +#ifdef USE_DSA
  213. case LDNS_SIGN_DSA:
  214. ldns_rr_push_rdf(pubkey,
  215. ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, LDNS_DSA));
  216. -#ifdef USE_DSA
  217. #ifdef HAVE_SSL
  218. dsa = ldns_key_dsa_key(k);
  219. if (dsa) {
  220. @@ -1901,10 +1903,10 @@ ldns_key2rr(const ldns_key *k)
  221. #endif /* HAVE_SSL */
  222. #endif /* USE_DSA */
  223. break;
  224. +#ifdef USE_DSA
  225. case LDNS_SIGN_DSA_NSEC3:
  226. ldns_rr_push_rdf(pubkey,
  227. ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, LDNS_DSA_NSEC3));
  228. -#ifdef USE_DSA
  229. #ifdef HAVE_SSL
  230. dsa = ldns_key_dsa_key(k);
  231. if (dsa) {
  232. @@ -2165,7 +2167,9 @@ ldns_signing_algorithm ldns_get_signing_
  233. ldns_lookup_table aliases[] = {
  234. /* from bind dnssec-keygen */
  235. {LDNS_SIGN_HMACMD5, "HMAC-MD5"},
  236. +#ifdef USE_DSA
  237. {LDNS_SIGN_DSA_NSEC3, "NSEC3DSA"},
  238. +#endif /* USE_DSA */
  239. {LDNS_SIGN_RSASHA1_NSEC3, "NSEC3RSASHA1"},
  240. /* old ldns usage, now RFC names */
  241. #ifdef USE_DSA
  242. --- a/ldns/keys.h
  243. +++ b/ldns/keys.h
  244. @@ -45,10 +45,14 @@ enum ldns_enum_algorithm
  245. {
  246. LDNS_RSAMD5 = 1, /* RFC 4034,4035 */
  247. LDNS_DH = 2,
  248. +#ifdef USE_DSA
  249. LDNS_DSA = 3,
  250. +#endif /* USE_DSA */
  251. LDNS_ECC = 4,
  252. LDNS_RSASHA1 = 5,
  253. +#ifdef USE_DSA
  254. LDNS_DSA_NSEC3 = 6,
  255. +#endif /* USE_DSA */
  256. LDNS_RSASHA1_NSEC3 = 7,
  257. LDNS_RSASHA256 = 8, /* RFC 5702 */
  258. LDNS_RSASHA512 = 10, /* RFC 5702 */
  259. @@ -90,11 +94,15 @@ enum ldns_enum_signing_algorithm
  260. {
  261. LDNS_SIGN_RSAMD5 = LDNS_RSAMD5,
  262. LDNS_SIGN_RSASHA1 = LDNS_RSASHA1,
  263. +#ifdef USE_DSA
  264. LDNS_SIGN_DSA = LDNS_DSA,
  265. +#endif /* USE_DSA */
  266. LDNS_SIGN_RSASHA1_NSEC3 = LDNS_RSASHA1_NSEC3,
  267. LDNS_SIGN_RSASHA256 = LDNS_RSASHA256,
  268. LDNS_SIGN_RSASHA512 = LDNS_RSASHA512,
  269. +#ifdef USE_DSA
  270. LDNS_SIGN_DSA_NSEC3 = LDNS_DSA_NSEC3,
  271. +#endif /* USE_DSA */
  272. LDNS_SIGN_ECC_GOST = LDNS_ECC_GOST,
  273. LDNS_SIGN_ECDSAP256SHA256 = LDNS_ECDSAP256SHA256,
  274. LDNS_SIGN_ECDSAP384SHA384 = LDNS_ECDSAP384SHA384,
  275. --- a/rr_functions.c
  276. +++ b/rr_functions.c
  277. @@ -269,14 +269,17 @@ ldns_rr_dnskey_key_size_raw(const unsign
  278. const size_t len,
  279. const ldns_algorithm alg)
  280. {
  281. +#ifdef USE_DSA
  282. /* for DSA keys */
  283. uint8_t t;
  284. +#endif /* USE_DSA */
  285. /* for RSA keys */
  286. uint16_t exp;
  287. uint16_t int16;
  288. switch ((ldns_signing_algorithm)alg) {
  289. +#ifdef USE_DSA
  290. case LDNS_SIGN_DSA:
  291. case LDNS_SIGN_DSA_NSEC3:
  292. if (len > 0) {
  293. @@ -286,6 +289,7 @@ ldns_rr_dnskey_key_size_raw(const unsign
  294. return 0;
  295. }
  296. break;
  297. +#endif /* USE_DSA */
  298. case LDNS_SIGN_RSAMD5:
  299. case LDNS_SIGN_RSASHA1:
  300. case LDNS_SIGN_RSASHA1_NSEC3: