diff options
Diffstat (limited to 'lib/dns/opensslrsa_link.c')
| -rw-r--r-- | lib/dns/opensslrsa_link.c | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c index fa7412cb..8421c640 100644 --- a/lib/dns/opensslrsa_link.c +++ b/lib/dns/opensslrsa_link.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009, 2011-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -481,7 +481,7 @@ opensslrsa_sign(dst_context_t *dctx, isc_buffer_t *sig) { INSIST(prefixlen + digestlen <= sizeof(digest)); memmove(digest + prefixlen, digest, digestlen); - memcpy(digest, prefix, prefixlen); + memmove(digest, prefix, prefixlen); status = RSA_private_encrypt(digestlen + prefixlen, digest, r.base, rsa, RSA_PKCS1_PADDING); @@ -1048,8 +1048,14 @@ opensslrsa_tofile(const dst_key_t *key, const char *directory) { return (DST_R_NULLKEY); rsa = key->keydata.rsa; #endif - memset(bufs, 0, sizeof(bufs)); + + if (key->external) { + priv.nelements = 0; + result = dst__privstruct_writefile(key, &priv, directory); + goto fail; + } + for (i = 0; i < 8; i++) { bufs[i] = isc_mem_get(key->mctx, BN_num_bytes(rsa->n)); if (bufs[i] == NULL) { @@ -1205,6 +1211,9 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) { if (ret != ISC_R_SUCCESS) goto err; + if (key->external && priv.nelements != 0) + DST_RET(DST_R_INVALIDPRIVATEKEY); + for (i = 0; i < priv.nelements; i++) { switch (priv.elements[i].tag) { case TAG_RSA_ENGINE: @@ -1217,6 +1226,7 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) { break; } } + /* * Is this key is stored in a HSM? * See if we can fetch it. @@ -1328,8 +1338,10 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) { if (rsa_check(rsa, pubrsa) != ISC_R_SUCCESS) DST_RET(DST_R_INVALIDPRIVATEKEY); - if (BN_num_bits(rsa->e) > RSA_MAX_PUBEXP_BITS) - DST_RET(ISC_R_RANGE); + if (!key->external) { + if (BN_num_bits(rsa->e) > RSA_MAX_PUBEXP_BITS) + DST_RET(ISC_R_RANGE); + } key->key_size = BN_num_bits(rsa->n); if (pubrsa != NULL) RSA_free(pubrsa); |