From: Peter van Dijk <peter.van.dijk@powerdns.com>
Date: Thu, 11 Jun 2020 17:01:19 +0000 (+0200)
Subject: pkcs11 create key: error for unknown algos
X-Git-Tag: dnsdist-1.5.0-rc3~5^2~3
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=389a6742b7d9445fb357e3e1d9efb84d10daf16b;p=thirdparty%2Fpdns.git

pkcs11 create key: error for unknown algos
---

diff --git a/pdns/pkcs11signers.cc b/pdns/pkcs11signers.cc
index 23278b21c5..95fe5654b4 100644
--- a/pdns/pkcs11signers.cc
+++ b/pdns/pkcs11signers.cc
@@ -804,7 +804,12 @@ void PKCS11DNSCryptoKeyEngine::create(unsigned int bits) {
 
   std::string pubExp("\000\001\000\001", 4); // 65537
 
-  mech.mechanism = dnssec2cmech[d_algorithm];
+  try {
+    mech.mechanism = dnssec2cmech.at(d_algorithm);
+  } catch (std::out_of_range& e) {
+    throw PDNSException("pkcs11: unsupported algorithm "+std::to_string(d_algorithm)+ " for key pair generation");
+  }
+
   mech.pParameter = NULL;
   mech.ulParameterLen = 0;
 
@@ -839,7 +844,7 @@ void PKCS11DNSCryptoKeyEngine::create(unsigned int bits) {
     pubAttr.push_back(P11KitAttribute(CKA_LABEL, d_pub_label));
     if (d_algorithm == 13) pubAttr.push_back(P11KitAttribute(CKA_ECDSA_PARAMS, ECDSA256_PARAMS));
     else if (d_algorithm == 14) pubAttr.push_back(P11KitAttribute(CKA_ECDSA_PARAMS, ECDSA384_PARAMS));
-    else throw PDNSException("pkcs11: unknown algorithm "+std::to_string(d_algorithm)+" for ECDSA key pair gen");
+    else throw PDNSException("pkcs11: unknown algorithm "+std::to_string(d_algorithm)+" for ECDSA key pair generation");
 
     privAttr.push_back(P11KitAttribute(CKA_CLASS, (unsigned long)CKO_PRIVATE_KEY));
     privAttr.push_back(P11KitAttribute(CKA_KEY_TYPE, (unsigned long)CKK_ECDSA));