mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-01 23:25:38 +00:00
Code Issues Releases Wiki Activity

Clear OpenSSL errors on EVP_PKEY_get0_EC_KEY failures

Browse Source
This commit is contained in:
Mark Andrews
2023-07-11 13:44:55 +10:00
parent d8a9adc821
commit abd8c03592
1 changed files with 17 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
lib/dns/opensslecdsa_link.c
View File

@@ -345,11 +345,17 @@ opensslecdsa_extract_public_key_legacy(const dst_key_t *key, unsigned char *dst,
size_t dstlen) { size_t dstlen) {
EVP_PKEY *pkey = key->keydata.pkeypair.pub; EVP_PKEY *pkey = key->keydata.pkeypair.pub;
const EC_KEY *eckey = EVP_PKEY_get0_EC_KEY(pkey); const EC_KEY *eckey = EVP_PKEY_get0_EC_KEY(pkey);
const EC_GROUP *group = EC_KEY_get0_group(eckey); const EC_GROUP *group = (eckey == NULL) ? NULL
const EC_POINT *pub = EC_KEY_get0_public_key(eckey); : EC_KEY_get0_group(eckey);
const EC_POINT *pub = (eckey == NULL) ? NULL
: EC_KEY_get0_public_key(eckey);
unsigned char buf[MAX_PUBKEY_SIZE + 1]; unsigned char buf[MAX_PUBKEY_SIZE + 1];
size_t len; size_t len;
if (group == NULL || pub == NULL) {
return (false);
}
len = EC_POINT_point2oct(group, pub, POINT_CONVERSION_UNCOMPRESSED, buf, len = EC_POINT_point2oct(group, pub, POINT_CONVERSION_UNCOMPRESSED, buf,
sizeof(buf), NULL); sizeof(buf), NULL);
if (len == dstlen + 1) { if (len == dstlen + 1) {
@@ -528,7 +534,13 @@ err:
static isc_result_t static isc_result_t
opensslecdsa_validate_pkey_group(unsigned int key_alg, EVP_PKEY *pkey) { opensslecdsa_validate_pkey_group(unsigned int key_alg, EVP_PKEY *pkey) {
const EC_KEY *eckey = EVP_PKEY_get0_EC_KEY(pkey); const EC_KEY *eckey = EVP_PKEY_get0_EC_KEY(pkey);
int group_nid = opensslecdsa_key_alg_to_group_nid(key_alg); int group_nid;
if (eckey == NULL) {
return (dst__openssl_toresult(DST_R_INVALIDPRIVATEKEY));
}
group_nid = opensslecdsa_key_alg_to_group_nid(key_alg);
if (EC_GROUP_get_curve_name(EC_KEY_get0_group(eckey)) != group_nid) { if (EC_GROUP_get_curve_name(EC_KEY_get0_group(eckey)) != group_nid) {
return (DST_R_INVALIDPRIVATEKEY); return (DST_R_INVALIDPRIVATEKEY);
@@ -545,6 +557,7 @@ opensslecdsa_extract_private_key(const dst_key_t *key, unsigned char *buf,
eckey = EVP_PKEY_get0_EC_KEY(key->keydata.pkeypair.priv); eckey = EVP_PKEY_get0_EC_KEY(key->keydata.pkeypair.priv);
if (eckey == NULL) { if (eckey == NULL) {
ERR_clear_error();
return (false); return (false);
} }
@@ -825,7 +838,7 @@ opensslecdsa_todns(const dst_key_t *key, isc_buffer_t *data) {
DST_RET(ISC_R_NOSPACE); DST_RET(ISC_R_NOSPACE);
} }
if (!opensslecdsa_extract_public_key(key, r.base, keysize)) { if (!opensslecdsa_extract_public_key(key, r.base, keysize)) {
DST_RET(DST_R_OPENSSLFAILURE); DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
} }
isc_buffer_add(data, keysize); isc_buffer_add(data, keysize);