diff --git a/CHANGES b/CHANGES index 9bdd9a7776..2dc43056c7 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,8 @@ OpenSSL Provider API will now require engine to not be set. [GL #8153] -6222. [func] Fixes to provider/engine based ECDSA key handling. [GL !8152] +6222. [func] Fixes to provider/engine based ECDSA key handling. + [GL !8152] 6221. [cleanup] Refactor dns_rdataset internals, move rdatasetheader declarations out of rbtdb.c so they can be used by other diff --git a/lib/dns/dst_parse.c b/lib/dns/dst_parse.c index 4998879248..0778d90795 100644 --- a/lib/dns/dst_parse.c +++ b/lib/dns/dst_parse.c @@ -233,8 +233,7 @@ check_ecdsa(const dst_private_t *priv, bool external) { mask = (1ULL << TAG_SHIFT) - 1; - ok = have[TAG_ECDSA_LABEL & mask] || - have[TAG_ECDSA_PRIVATEKEY & mask]; + ok = have[TAG_ECDSA_LABEL & mask] || have[TAG_ECDSA_PRIVATEKEY & mask]; return (ok ? 0 : -1); } @@ -267,8 +266,7 @@ check_eddsa(const dst_private_t *priv, bool external) { mask = (1ULL << TAG_SHIFT) - 1; - ok = have[TAG_EDDSA_LABEL & mask] || - have[TAG_EDDSA_PRIVATEKEY & mask]; + ok = have[TAG_EDDSA_LABEL & mask] || have[TAG_EDDSA_PRIVATEKEY & mask]; return (ok ? 0 : -1); } diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c index 2aef28b930..005e7832d3 100644 --- a/lib/dns/openssl_link.c +++ b/lib/dns/openssl_link.c @@ -272,8 +272,9 @@ err: } static isc_result_t -dst__openssl_fromlabel_provider(int key_base_id, const char *label, const char *pin, - EVP_PKEY **ppub, EVP_PKEY **ppriv) { +dst__openssl_fromlabel_provider(int key_base_id, const char *label, + const char *pin, EVP_PKEY **ppub, + EVP_PKEY **ppriv) { #if OPENSSL_VERSION_NUMBER >= 0x30000000L isc_result_t ret = DST_R_OPENSSLFAILURE; OSSL_STORE_CTX *ctx = NULL; @@ -336,8 +337,8 @@ isc_result_t dst__openssl_fromlabel(int key_base_id, const char *engine, const char *label, const char *pin, EVP_PKEY **ppub, EVP_PKEY **ppriv) { if (engine == NULL) { - return (dst__openssl_fromlabel_provider(key_base_id, label, - pin, ppub, ppriv)); + return (dst__openssl_fromlabel_provider(key_base_id, label, pin, + ppub, ppriv)); } return (dst__openssl_fromlabel_engine(key_base_id, engine, label, pin, diff --git a/lib/dns/opensslecdsa_link.c b/lib/dns/opensslecdsa_link.c index f133fe64e8..d63ff1642c 100644 --- a/lib/dns/opensslecdsa_link.c +++ b/lib/dns/opensslecdsa_link.c @@ -119,7 +119,7 @@ BN_bn2bin_fixed(const BIGNUM *bn, unsigned char *buf, int size) { return (size); } -#if OPENSSL_VERSION_NUMBER >= 0x30000000L +#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000 static const char * opensslecdsa_key_alg_to_group_name(unsigned int key_alg) { diff --git a/lib/dns/openssleddsa_link.c b/lib/dns/openssleddsa_link.c index f6d1fa3a14..7e976a7756 100644 --- a/lib/dns/openssleddsa_link.c +++ b/lib/dns/openssleddsa_link.c @@ -527,7 +527,7 @@ openssleddsa_fromlabel(dst_key_t *key, const char *engine, const char *label, goto err; } - if (key->engine != NULL) { + if (engine != NULL) { key->engine = isc_mem_strdup(key->mctx, engine); } key->label = isc_mem_strdup(key->mctx, label); diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c index 54ab04dcf7..79cae64add 100644 --- a/lib/dns/opensslrsa_link.c +++ b/lib/dns/opensslrsa_link.c @@ -1051,7 +1051,7 @@ opensslrsa_fromlabel(dst_key_t *key, const char *engine, const char *label, DST_RET(ISC_R_RANGE); } - if (key->engine != NULL) { + if (engine != NULL) { key->engine = isc_mem_strdup(key->mctx, engine); } key->label = isc_mem_strdup(key->mctx, label);