OpenSSL impl of EDDSA PEM import

diff --git a/pdns/opensslsigners.cc b/pdns/opensslsigners.cc
index b12094d4eb0c7b879a3ec604277ce34aa2ca72d2..c521e1558ffff9d380c0e12be142f89d55e2ed73 100644 (file)
--- a/pdns/opensslsigners.cc
+++ b/pdns/opensslsigners.cc
@@ -961,6 +961,25 @@ public:
 
   void create(unsigned int bits) override;
 
+  /**
+   * \brief Creates an EDDSA key engine from a PEM file.
+   *
+   * Receives an open file handle with PEM contents and creates an EDDSA
+   * key engine.
+   *
+   * \param[in] drc Key record contents to be populated.
+   *
+   * \param[in] filename Only used for providing filename information in
+   * error messages.
+   *
+   * \param[in] fp An open file handle to a file containing EDDSA PEM
+   * contents.
+   *
+   * \return An EDDSA key engine populated with the contents of the PEM
+   * file.
+   */
+  void createFromPEMFile(DNSKEYRecordContent& drc, const std::string& filename, std::FILE& fp) override;
+
   /**
    * \brief Writes this key's contents to a file.
    *
@@ -1015,6 +1034,15 @@ void OpenSSLEDDSADNSCryptoKeyEngine::create(unsigned int bits)
   d_edkey = std::unique_ptr<EVP_PKEY, void(*)(EVP_PKEY*)>(newKey, EVP_PKEY_free);
 }
 
+void OpenSSLEDDSADNSCryptoKeyEngine::createFromPEMFile(DNSKEYRecordContent& drc, const string& filename, std::FILE& fp)
+{
+  drc.d_algorithm = d_algorithm;
+  d_edkey = std::unique_ptr<EVP_PKEY, decltype(&EVP_PKEY_free)>(PEM_read_PrivateKey(&fp, nullptr, nullptr, nullptr), &EVP_PKEY_free);
+  if (d_edkey == nullptr) {
+    throw runtime_error(getName() + ": Failed to read private key from PEM file `" + filename + "`");
+  }
+}
+
 void OpenSSLEDDSADNSCryptoKeyEngine::convertToPEM(std::FILE& fp) const
 {
   auto ret = PEM_write_PrivateKey(&fp, d_edkey.get(), nullptr, nullptr, 0, nullptr, nullptr);