diff --git a/lib/dns/openssldh_link.c b/lib/dns/openssldh_link.c index 3703057b17..40a61a492c 100644 --- a/lib/dns/openssldh_link.c +++ b/lib/dns/openssldh_link.c @@ -1116,8 +1116,6 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) { DST_RET(ISC_R_NOMEMORY); } DH_clear_flags(dh, DH_FLAG_CACHE_MONT_P); - key->keydata.dh = dh; - dh = NULL; #else bld = OSSL_PARAM_BLD_new(); if (bld == NULL) { @@ -1155,11 +1153,11 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) { } #if OPENSSL_VERSION_NUMBER < 0x30000000L - if (DH_set0_key(key->keydata.dh, pub_key, priv_key) != 1) { + if (DH_set0_key(dh, pub_key, priv_key) != 1) { DST_RET(dst__openssl_toresult2("DH_set0_key", DST_R_OPENSSLFAILURE)); } - if (DH_set0_pqg(key->keydata.dh, p, NULL, g) != 1) { + if (DH_set0_pqg(dh, p, NULL, g) != 1) { DST_RET(dst__openssl_toresult2("DH_set0_pqg", DST_R_OPENSSLFAILURE)); } @@ -1169,6 +1167,9 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) { priv_key = NULL; p = NULL; g = NULL; + + key->keydata.dh = dh; + dh = NULL; #else if (OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub_key) != 1 || diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c index 7ac50e765b..2edf0c98c3 100644 --- a/lib/dns/opensslrsa_link.c +++ b/lib/dns/opensslrsa_link.c @@ -811,7 +811,7 @@ opensslrsa_tofile(const dst_key_t *key, const char *directory) { if (key->external) { priv.nelements = 0; - DST_RET(dst__privstruct_writefile(key, &priv, directory)); + return (dst__privstruct_writefile(key, &priv, directory)); } pkey = key->keydata.pkey; @@ -855,6 +855,7 @@ opensslrsa_tofile(const dst_key_t *key, const char *directory) { if (d != NULL) { priv.elements[i].tag = TAG_RSA_PRIVATEEXPONENT; priv.elements[i].length = BN_num_bytes(d); + INSIST(i < ARRAY_SIZE(bufs)); bufs[i] = isc_mem_get(key->mctx, priv.elements[i].length); BN_bn2bin(d, bufs[i]); priv.elements[i].data = bufs[i]; @@ -864,6 +865,7 @@ opensslrsa_tofile(const dst_key_t *key, const char *directory) { if (p != NULL) { priv.elements[i].tag = TAG_RSA_PRIME1; priv.elements[i].length = BN_num_bytes(p); + INSIST(i < ARRAY_SIZE(bufs)); bufs[i] = isc_mem_get(key->mctx, priv.elements[i].length); BN_bn2bin(p, bufs[i]); priv.elements[i].data = bufs[i]; @@ -873,6 +875,7 @@ opensslrsa_tofile(const dst_key_t *key, const char *directory) { if (q != NULL) { priv.elements[i].tag = TAG_RSA_PRIME2; priv.elements[i].length = BN_num_bytes(q); + INSIST(i < ARRAY_SIZE(bufs)); bufs[i] = isc_mem_get(key->mctx, priv.elements[i].length); BN_bn2bin(q, bufs[i]); priv.elements[i].data = bufs[i]; @@ -882,6 +885,7 @@ opensslrsa_tofile(const dst_key_t *key, const char *directory) { if (dmp1 != NULL) { priv.elements[i].tag = TAG_RSA_EXPONENT1; priv.elements[i].length = BN_num_bytes(dmp1); + INSIST(i < ARRAY_SIZE(bufs)); bufs[i] = isc_mem_get(key->mctx, priv.elements[i].length); BN_bn2bin(dmp1, bufs[i]); priv.elements[i].data = bufs[i]; @@ -891,6 +895,7 @@ opensslrsa_tofile(const dst_key_t *key, const char *directory) { if (dmq1 != NULL) { priv.elements[i].tag = TAG_RSA_EXPONENT2; priv.elements[i].length = BN_num_bytes(dmq1); + INSIST(i < ARRAY_SIZE(bufs)); bufs[i] = isc_mem_get(key->mctx, priv.elements[i].length); BN_bn2bin(dmq1, bufs[i]); priv.elements[i].data = bufs[i]; @@ -900,6 +905,7 @@ opensslrsa_tofile(const dst_key_t *key, const char *directory) { if (iqmp != NULL) { priv.elements[i].tag = TAG_RSA_COEFFICIENT; priv.elements[i].length = BN_num_bytes(iqmp); + INSIST(i < ARRAY_SIZE(bufs)); bufs[i] = isc_mem_get(key->mctx, priv.elements[i].length); BN_bn2bin(iqmp, bufs[i]); priv.elements[i].data = bufs[i]; @@ -926,7 +932,7 @@ opensslrsa_tofile(const dst_key_t *key, const char *directory) { ret = dst__privstruct_writefile(key, &priv, directory); err: - while (i--) { + for (i = 0; i < ARRAY_SIZE(bufs); i++) { if (bufs[i] != NULL) { isc_mem_put(key->mctx, bufs[i], priv.elements[i].length);