mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 05:28:00 +00:00
Code Issues Releases Wiki Activity

fix external key handling

Browse Source
This commit is contained in:
Francis Dupont 2014-01-17 17:12:20 +01:00
parent 1893156781
commit 6972eaffdb
4 changed files with 32 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/dns/opensslgost_link.c
View File

@ -398,6 +398,11 @@ opensslgost_tofile(const dst_key_t *key, const char *directory) {
if (key->keydata.pkey == NULL) if (key->keydata.pkey == NULL)
return (DST_R_NULLKEY); return (DST_R_NULLKEY);
if (key->external) {
priv.nelements = 0;
return (dst__privstruct_writefile(key, &priv, directory));
}
pkey = key->keydata.pkey; pkey = key->keydata.pkey;
eckey = EVP_PKEY_get0(pkey); eckey = EVP_PKEY_get0(pkey);
if (eckey == NULL) if (eckey == NULL)

9
lib/dns/pkcs11dsa_link.c
View File

@ -928,6 +928,12 @@ pkcs11dsa_tofile(const dst_key_t *key, const char *directory) {
(pub_key == NULL) || (priv_key ==NULL)) (pub_key == NULL) || (priv_key ==NULL))
return (DST_R_NULLKEY); return (DST_R_NULLKEY);
if (key->external) {
priv.nelements = 0;
result = dst__privstruct_writefile(key, &priv, directory);
goto fail;
}
priv.elements[cnt].tag = TAG_DSA_PRIME; priv.elements[cnt].tag = TAG_DSA_PRIME;
priv.elements[cnt].length = (unsigned short) prime->ulValueLen; priv.elements[cnt].length = (unsigned short) prime->ulValueLen;
memcpy(bufs[cnt], prime->pValue, prime->ulValueLen); memcpy(bufs[cnt], prime->pValue, prime->ulValueLen);
@ -977,6 +983,9 @@ pkcs11dsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
if (ret != ISC_R_SUCCESS) if (ret != ISC_R_SUCCESS)
return (ret); return (ret);
if (key->external && priv.nelements != 0)
DST_RET(DST_R_INVALIDPRIVATEKEY);
dsa = (iscpk11_object_t *) isc_mem_get(key->mctx, sizeof(*dsa)); dsa = (iscpk11_object_t *) isc_mem_get(key->mctx, sizeof(*dsa));
if (dsa == NULL) if (dsa == NULL)
DST_RET(ISC_R_NOMEMORY); DST_RET(ISC_R_NOMEMORY);

9
lib/dns/pkcs11ecdsa_link.c
View File

@ -755,6 +755,12 @@ pkcs11ecdsa_tofile(const dst_key_t *key, const char *directory) {
if (key->keydata.pkey == NULL) if (key->keydata.pkey == NULL)
return (DST_R_NULLKEY); return (DST_R_NULLKEY);
if (key->external) {
priv.nelements = 0;
result = dst__privstruct_writefile(key, &priv, directory);
goto fail;
}
ec = key->keydata.pkey; ec = key->keydata.pkey;
attr = pk11_attribute_bytype(ec, CKA_VALUE); attr = pk11_attribute_bytype(ec, CKA_VALUE);
if (attr != NULL) { if (attr != NULL) {
@ -924,6 +930,9 @@ pkcs11ecdsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
if (ret != ISC_R_SUCCESS) if (ret != ISC_R_SUCCESS)
return (ret); return (ret);
if (key->external && priv.nelements != 0)
DST_RET(DST_R_INVALIDPRIVATEKEY);
for (i = 0; i < priv.nelements; i++) { for (i = 0; i < priv.nelements; i++) {
switch (priv.elements[i].tag) { switch (priv.elements[i].tag) {
case TAG_ECDSA_ENGINE: case TAG_ECDSA_ENGINE:

9
lib/dns/pkcs11gost_link.c
View File

@ -720,6 +720,12 @@ pkcs11gost_tofile(const dst_key_t *key, const char *directory) {
if (key->keydata.pkey == NULL) if (key->keydata.pkey == NULL)
return (DST_R_NULLKEY); return (DST_R_NULLKEY);
if (key->external) {
priv.nelements = 0;
result = dst__privstruct_writefile(key, &priv, directory);
goto fail;
}
gost = key->keydata.pkey; gost = key->keydata.pkey;
attr = pk11_attribute_bytype(gost, CKA_VALUE2); attr = pk11_attribute_bytype(gost, CKA_VALUE2);
if (attr != NULL) { if (attr != NULL) {
@ -759,6 +765,9 @@ pkcs11gost_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
if (ret != ISC_R_SUCCESS) if (ret != ISC_R_SUCCESS)
return (ret); return (ret);
if (key->external && priv.nelements != 0)
DST_RET(DST_R_INVALIDPRIVATEKEY);
if (priv.elements[0].tag == TAG_GOST_PRIVASN1) { if (priv.elements[0].tag == TAG_GOST_PRIVASN1) {
dst__privstruct_free(&priv, mctx); dst__privstruct_free(&priv, mctx);
memset(&priv, 0, sizeof(priv)); memset(&priv, 0, sizeof(priv));