mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-01 15:05:23 +00:00
Code Issues Releases Wiki Activity

Ignore the extra EVP_PKEY_get_bn_param() failures

Browse Source 
In opensslrsa_components_get(), ignore the extra EVP_PKEY_get_bn_param()
return codes as RSA key might not have all those components.
This commit is contained in:
Ondřej Surý
2023-01-09 21:50:01 +01:00
parent 51093a834b
commit 504f3282e3
2 changed files with 16 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/dns/openssl_link.c
View File

@@ -290,8 +290,7 @@ dst__openssl_fromlabel_provider(int key_base_id, const char *engine,
ctx = OSSL_STORE_open(label, NULL, NULL, NULL, NULL); ctx = OSSL_STORE_open(label, NULL, NULL, NULL, NULL);
if (!ctx) { if (!ctx) {
DST_RET(dst__openssl_toresult2("OSSL_STORE_open_ex", DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
DST_R_OPENSSLFAILURE));
} }
while (!OSSL_STORE_eof(ctx)) { while (!OSSL_STORE_eof(ctx)) {

53
lib/dns/opensslrsa_link.c
View File

@@ -65,51 +65,26 @@ opensslrsa_components_get(const dst_key_t *key, rsa_components_t *c,
if (EVP_PKEY_get_bn_param(pub, OSSL_PKEY_PARAM_RSA_E, if (EVP_PKEY_get_bn_param(pub, OSSL_PKEY_PARAM_RSA_E,
(BIGNUM **)&c->e) == 1) (BIGNUM **)&c->e) == 1)
{ {
isc_result_t ret = ISC_R_UNSET;
c->bnfree = true; c->bnfree = true;
if (EVP_PKEY_get_bn_param(pub, OSSL_PKEY_PARAM_RSA_N, (void)EVP_PKEY_get_bn_param(pub, OSSL_PKEY_PARAM_RSA_N,
(BIGNUM **)&c->n) != 1) (BIGNUM **)&c->n);
{
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
}
if (!private) { if (!private) {
return (ISC_R_SUCCESS); return (ISC_R_SUCCESS);
} }
if (EVP_PKEY_get_bn_param(priv, OSSL_PKEY_PARAM_RSA_D, (void)EVP_PKEY_get_bn_param(priv, OSSL_PKEY_PARAM_RSA_D,
(BIGNUM **)&c->d) != 1) (BIGNUM **)&c->d);
{ (void)EVP_PKEY_get_bn_param(priv, OSSL_PKEY_PARAM_RSA_FACTOR1,
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE)); (BIGNUM **)&c->p);
} (void)EVP_PKEY_get_bn_param(priv, OSSL_PKEY_PARAM_RSA_FACTOR2,
if (EVP_PKEY_get_bn_param(priv, OSSL_PKEY_PARAM_RSA_FACTOR1, (BIGNUM **)&c->q);
(BIGNUM **)&c->p) != 1) (void)EVP_PKEY_get_bn_param(priv, OSSL_PKEY_PARAM_RSA_EXPONENT1,
{ (BIGNUM **)&c->dmp1);
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE)); (void)EVP_PKEY_get_bn_param(priv, OSSL_PKEY_PARAM_RSA_EXPONENT2,
} (BIGNUM **)&c->dmq1);
if (EVP_PKEY_get_bn_param(priv, OSSL_PKEY_PARAM_RSA_FACTOR2, (void)EVP_PKEY_get_bn_param(priv,
(BIGNUM **)&c->q) != 1)
{
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
}
if (EVP_PKEY_get_bn_param(priv, OSSL_PKEY_PARAM_RSA_EXPONENT1,
(BIGNUM **)&c->dmp1) != 1)
{
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
}
if (EVP_PKEY_get_bn_param(priv, OSSL_PKEY_PARAM_RSA_EXPONENT2,
(BIGNUM **)&c->dmq1) != 1)
{
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
}
if (EVP_PKEY_get_bn_param(priv,
OSSL_PKEY_PARAM_RSA_COEFFICIENT1, OSSL_PKEY_PARAM_RSA_COEFFICIENT1,
(BIGNUM **)&c->iqmp) != 1) (BIGNUM **)&c->iqmp);
{
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
}
return (ISC_R_SUCCESS); return (ISC_R_SUCCESS);
err:
return (ret);
} }
#endif #endif
#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 #if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000