mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-01 15:05:23 +00:00
Code Issues Releases Wiki Activity

Merge branch 'tt-ecdsa-fixes' into 'main'

Browse Source 
Fixes to provider/engine based ECDSA key handling

See merge request isc-projects/bind9!8152
This commit is contained in:
Matthijs Mekking
2023-08-08 14:13:21 +00:00
parent 349fa71a0d 1b47385f58
commit 222f2bd11c
2 changed files with 15 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@@ -1,3 +1,5 @@
6222. [func] Fixes to provider/engine based ECDSA key handling. [GL !8152]
6221. [cleanup] Refactor dns_rdataset internals, move rdatasetheader 6221. [cleanup] Refactor dns_rdataset internals, move rdatasetheader
declarations out of rbtdb.c so they can be used by other declarations out of rbtdb.c so they can be used by other
databases in the future, and split the zone and cache databases in the future, and split the zone and cache

28
lib/dns/opensslecdsa_link.c
View File

@@ -119,15 +119,15 @@ BN_bn2bin_fixed(const BIGNUM *bn, unsigned char *buf, int size) {
return (size); return (size);
} }
#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
static const char * static const char *
opensslecdsa_key_alg_to_group_name(unsigned int key_alg) { opensslecdsa_key_alg_to_group_name(unsigned int key_alg) {
switch (key_alg) { switch (key_alg) {
case DST_ALG_ECDSA256: case DST_ALG_ECDSA256:
return ("P-256"); return ("prime256v1");
case DST_ALG_ECDSA384: case DST_ALG_ECDSA384:
return ("P-384"); return ("secp384r1");
default: default:
UNREACHABLE(); UNREACHABLE();
} }
@@ -846,16 +846,14 @@ opensslecdsa_tofile(const dst_key_t *key, const char *directory) {
keylen = opensslecdsa_key_alg_to_publickey_size(key->key_alg) / 2; keylen = opensslecdsa_key_alg_to_publickey_size(key->key_alg) / 2;
INSIST(keylen <= sizeof(buf)); INSIST(keylen <= sizeof(buf));
if (!opensslecdsa_extract_private_key(key, buf, keylen)) {
DST_RET(DST_R_OPENSSLFAILURE);
}
i = 0; i = 0;
priv.elements[i].tag = TAG_ECDSA_PRIVATEKEY; if (opensslecdsa_extract_private_key(key, buf, keylen)) {
priv.elements[i].length = keylen; priv.elements[i].tag = TAG_ECDSA_PRIVATEKEY;
priv.elements[i].data = buf; priv.elements[i].length = keylen;
i++; priv.elements[i].data = buf;
i++;
}
if (key->engine != NULL) { if (key->engine != NULL) {
priv.elements[i].tag = TAG_ECDSA_ENGINE; priv.elements[i].tag = TAG_ECDSA_ENGINE;
priv.elements[i].length = (unsigned short)strlen(key->engine) + priv.elements[i].length = (unsigned short)strlen(key->engine) +
@@ -929,10 +927,6 @@ opensslecdsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
} }
} }
if (privkey_index < 0) {
DST_RET(dst__openssl_toresult(DST_R_INVALIDPRIVATEKEY));
}
if (label != NULL) { if (label != NULL) {
ret = opensslecdsa_fromlabel(key, engine, label, NULL); ret = opensslecdsa_fromlabel(key, engine, label, NULL);
if (ret != ISC_R_SUCCESS) { if (ret != ISC_R_SUCCESS) {
@@ -947,6 +941,10 @@ opensslecdsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
DST_RET(ISC_R_SUCCESS); DST_RET(ISC_R_SUCCESS);
} }
if (privkey_index < 0) {
DST_RET(dst__openssl_toresult(DST_R_INVALIDPRIVATEKEY));
}
ret = opensslecdsa_create_pkey( ret = opensslecdsa_create_pkey(
key->key_alg, true, priv.elements[privkey_index].data, key->key_alg, true, priv.elements[privkey_index].data,
priv.elements[privkey_index].length, &pkey); priv.elements[privkey_index].length, &pkey);