From: Fred Morcos <fred.morcos@open-xchange.com>
Date: Mon, 5 Dec 2022 15:28:29 +0000 (+0100)
Subject: OpenSSL 3.0: Use PKCS#8 for ECDSA-SHA256 PEM testdata
X-Git-Tag: dnsdist-1.8.0-rc1~51^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3319f4c8dd9bdc2c92c8398e8e85e83c11b91bfd;p=thirdparty%2Fpdns.git

OpenSSL 3.0: Use PKCS#8 for ECDSA-SHA256 PEM testdata
---

diff --git a/pdns/test-signers.cc b/pdns/test-signers.cc
index 541d7f34a2..0ba6f5914e 100644
--- a/pdns/test-signers.cc
+++ b/pdns/test-signers.cc
@@ -114,7 +114,8 @@ static const SignerParams rsaSha256SignerParams = SignerParams
 /* ECDSA-P256-SHA256 from
  * https://github.com/CZ-NIC/knot/blob/master/src/dnssec/tests/sample_keys.h
  */
-static const SignerParams ecdsaSha256 = SignerParams{
+static const SignerParams ecdsaSha256 = SignerParams
+{
   .iscMap = "Algorithm: 13\n"
             "PrivateKey: iyLIPdk3DOIxVmmSYlmTstbtUPiVlEyDX46psyCwNVQ=\n",
 
@@ -155,11 +156,21 @@ static const SignerParams ecdsaSha256 = SignerParams{
   .algorithm = DNSSECKeeper::ECDSA256,
   .isDeterministic = false,
 
+#if OPENSSL_VERSION_MAJOR >= 3
+  // OpenSSL 3.0.0 uses a generic key interface which stores the key PKCS#8-encoded.
+  .pem = "-----BEGIN PRIVATE KEY-----\n"
+         "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgiyLIPdk3DOIxVmmS\n"
+         "YlmTstbtUPiVlEyDX46psyCwNVShRANCAATy4PsLhMdMz/Du6GvJFJOh4T+MpPvz\n"
+         "+nzndFfQvkTCtmtIsG5ss+IHDuBu9Q/pKwiBrllDgJIDE2ZgD+Bmy5fM\n"
+         "-----END PRIVATE KEY-----\n"
+#else
   .pem = "-----BEGIN EC PRIVATE KEY-----\n"
          "MHcCAQEEIIsiyD3ZNwziMVZpkmJZk7LW7VD4lZRMg1+OqbMgsDVUoAoGCCqGSM49\n"
          "AwEHoUQDQgAE8uD7C4THTM/w7uhryRSToeE/jKT78/p853RX0L5EwrZrSLBubLPi\n"
          "Bw7gbvUP6SsIga5ZQ4CSAxNmYA/gZsuXzA==\n"
-         "-----END EC PRIVATE KEY-----\n"};
+         "-----END EC PRIVATE KEY-----\n"
+#endif
+};
 
 /* Ed25519 from https://github.com/CZ-NIC/knot/blob/master/src/dnssec/tests/sample_keys.h,
  * also from rfc8080 section 6.1