mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 14:35:26 +00:00
Code Issues Releases Wiki Activity

Merge branch 'tt-ecdsa-fixes' into 'main'

Browse Source 
Fixes to provider/engine based ECDSA key handling

See merge request isc-projects/bind9!8152
This commit is contained in:
Matthijs Mekking
2023-08-08 14:13:21 +00:00
parent 349fa71a0d 1b47385f58
commit 222f2bd11c
2 changed files with 15 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@@ -1,3 +1,5 @@
6222. [func] Fixes to provider/engine based ECDSA key handling. [GL !8152]
6221. [cleanup] Refactor dns_rdataset internals, move rdatasetheader
declarations out of rbtdb.c so they can be used by other
databases in the future, and split the zone and cache

28
lib/dns/opensslecdsa_link.c
View File

@@ -119,15 +119,15 @@ BN_bn2bin_fixed(const BIGNUM *bn, unsigned char *buf, int size) {
return (size);
}
#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
static const char *
opensslecdsa_key_alg_to_group_name(unsigned int key_alg) {
switch (key_alg) {
case DST_ALG_ECDSA256:
return ("P-256");
return ("prime256v1");
case DST_ALG_ECDSA384:
return ("P-384");
return ("secp384r1");
default:
UNREACHABLE();
}
@@ -846,16 +846,14 @@ opensslecdsa_tofile(const dst_key_t *key, const char *directory) {
keylen = opensslecdsa_key_alg_to_publickey_size(key->key_alg) / 2;
INSIST(keylen <= sizeof(buf));
if (!opensslecdsa_extract_private_key(key, buf, keylen)) {
DST_RET(DST_R_OPENSSLFAILURE);
}
i = 0;
priv.elements[i].tag = TAG_ECDSA_PRIVATEKEY;
priv.elements[i].length = keylen;
priv.elements[i].data = buf;
i++;
if (opensslecdsa_extract_private_key(key, buf, keylen)) {
priv.elements[i].tag = TAG_ECDSA_PRIVATEKEY;
priv.elements[i].length = keylen;
priv.elements[i].data = buf;
i++;
}
if (key->engine != NULL) {
priv.elements[i].tag = TAG_ECDSA_ENGINE;
priv.elements[i].length = (unsigned short)strlen(key->engine) +
@@ -929,10 +927,6 @@ opensslecdsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
}
}
if (privkey_index < 0) {
DST_RET(dst__openssl_toresult(DST_R_INVALIDPRIVATEKEY));
}
if (label != NULL) {
ret = opensslecdsa_fromlabel(key, engine, label, NULL);
if (ret != ISC_R_SUCCESS) {
@@ -947,6 +941,10 @@ opensslecdsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
DST_RET(ISC_R_SUCCESS);
}
if (privkey_index < 0) {
DST_RET(dst__openssl_toresult(DST_R_INVALIDPRIVATEKEY));
}
ret = opensslecdsa_create_pkey(
key->key_alg, true, priv.elements[privkey_index].data,
priv.elements[privkey_index].length, &pkey);