mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 14:07:59 +00:00
Code Issues Releases Wiki Activity

Refactor OpenSSL RSA type check to opensslrsa_valid_key_alg helper

Browse Source 
Move the repetetive code into a small opensslrsa_valid_key_alg() helper
function.
This commit is contained in:
Timo Teräs
2022-12-26 13:40:38 +02:00
committed by Ondřej Surý
parent df2b767d45
commit 8bc52f836c
1 changed files with 21 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
lib/dns/opensslrsa_link.c
View File

@@ -48,16 +48,26 @@
goto err; \ goto err; \
} }
static bool
opensslrsa_valid_key_alg(unsigned int key_alg) {
switch (key_alg) {
case DST_ALG_RSASHA1:
case DST_ALG_NSEC3RSASHA1:
case DST_ALG_RSASHA256:
case DST_ALG_RSASHA512:
return (true);
default:
return (false);
}
}
static isc_result_t static isc_result_t
opensslrsa_createctx(dst_key_t *key, dst_context_t *dctx) { opensslrsa_createctx(dst_key_t *key, dst_context_t *dctx) {
EVP_MD_CTX *evp_md_ctx; EVP_MD_CTX *evp_md_ctx;
const EVP_MD *type = NULL; const EVP_MD *type = NULL;
UNUSED(key); UNUSED(key);
REQUIRE(dctx->key->key_alg == DST_ALG_RSASHA1 || REQUIRE(opensslrsa_valid_key_alg(dctx->key->key_alg));
dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 ||
dctx->key->key_alg == DST_ALG_RSASHA256 ||
dctx->key->key_alg == DST_ALG_RSASHA512);
/* /*
* Reject incorrect RSA key lengths. * Reject incorrect RSA key lengths.
@@ -120,10 +130,7 @@ static void
opensslrsa_destroyctx(dst_context_t *dctx) { opensslrsa_destroyctx(dst_context_t *dctx) {
EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx; EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
REQUIRE(dctx->key->key_alg == DST_ALG_RSASHA1 || REQUIRE(opensslrsa_valid_key_alg(dctx->key->key_alg));
dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 ||
dctx->key->key_alg == DST_ALG_RSASHA256 ||
dctx->key->key_alg == DST_ALG_RSASHA512);
if (evp_md_ctx != NULL) { if (evp_md_ctx != NULL) {
EVP_MD_CTX_destroy(evp_md_ctx); EVP_MD_CTX_destroy(evp_md_ctx);
@@ -135,10 +142,7 @@ static isc_result_t
opensslrsa_adddata(dst_context_t *dctx, const isc_region_t *data) { opensslrsa_adddata(dst_context_t *dctx, const isc_region_t *data) {
EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx; EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
REQUIRE(dctx->key->key_alg == DST_ALG_RSASHA1 || REQUIRE(opensslrsa_valid_key_alg(dctx->key->key_alg));
dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 ||
dctx->key->key_alg == DST_ALG_RSASHA256 ||
dctx->key->key_alg == DST_ALG_RSASHA512);
if (!EVP_DigestUpdate(evp_md_ctx, data->base, data->length)) { if (!EVP_DigestUpdate(evp_md_ctx, data->base, data->length)) {
return (dst__openssl_toresult3( return (dst__openssl_toresult3(
@@ -155,10 +159,7 @@ opensslrsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx; EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
EVP_PKEY *pkey = key->keydata.pkey; EVP_PKEY *pkey = key->keydata.pkey;
REQUIRE(dctx->key->key_alg == DST_ALG_RSASHA1 || REQUIRE(opensslrsa_valid_key_alg(dctx->key->key_alg));
dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 ||
dctx->key->key_alg == DST_ALG_RSASHA256 ||
dctx->key->key_alg == DST_ALG_RSASHA512);
isc_buffer_availableregion(sig, &r); isc_buffer_availableregion(sig, &r);
@@ -190,10 +191,7 @@ opensslrsa_verify2(dst_context_t *dctx, int maxbits, const isc_region_t *sig) {
EVP_PKEY *pkey = key->keydata.pkey; EVP_PKEY *pkey = key->keydata.pkey;
int bits; int bits;
REQUIRE(dctx->key->key_alg == DST_ALG_RSASHA1 || REQUIRE(opensslrsa_valid_key_alg(dctx->key->key_alg));
dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 ||
dctx->key->key_alg == DST_ALG_RSASHA256 ||
dctx->key->key_alg == DST_ALG_RSASHA512);
#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 #if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
rsa = EVP_PKEY_get1_RSA(pkey); rsa = EVP_PKEY_get1_RSA(pkey);
@@ -522,10 +520,7 @@ opensslrsa_isprivate(const dst_key_t *key) {
BIGNUM *d = NULL; BIGNUM *d = NULL;
#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ #endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */
REQUIRE(key->key_alg == DST_ALG_RSASHA1 || REQUIRE(opensslrsa_valid_key_alg(key->key_alg));
key->key_alg == DST_ALG_NSEC3RSASHA1 ||
key->key_alg == DST_ALG_RSASHA256 ||
key->key_alg == DST_ALG_RSASHA512);
pkey = key->keydata.pkey; pkey = key->keydata.pkey;
if (pkey == NULL) { if (pkey == NULL) {
@@ -660,10 +655,7 @@ opensslrsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
EVP_PKEY *pkey = NULL; EVP_PKEY *pkey = NULL;
BIGNUM *e = NULL, *n = NULL; BIGNUM *e = NULL, *n = NULL;
REQUIRE(key->key_alg == DST_ALG_RSASHA1 || REQUIRE(opensslrsa_valid_key_alg(key->key_alg));
key->key_alg == DST_ALG_NSEC3RSASHA1 ||
key->key_alg == DST_ALG_RSASHA256 ||
key->key_alg == DST_ALG_RSASHA512);
isc_buffer_remainingregion(data, &r); isc_buffer_remainingregion(data, &r);
if (r.length == 0) { if (r.length == 0) {
@@ -1127,10 +1119,7 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
BIGNUM *p = NULL, *q = NULL; BIGNUM *p = NULL, *q = NULL;
BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL; BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
REQUIRE(key->key_alg == DST_ALG_RSASHA1 || REQUIRE(opensslrsa_valid_key_alg(key->key_alg));
key->key_alg == DST_ALG_NSEC3RSASHA1 ||
key->key_alg == DST_ALG_RSASHA256 ||
key->key_alg == DST_ALG_RSASHA512);
/* read private key file */ /* read private key file */
ret = dst__privstruct_parse(key, DST_ALG_RSA, lexer, mctx, &priv); ret = dst__privstruct_parse(key, DST_ALG_RSA, lexer, mctx, &priv);