From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Tue, 3 May 2016 12:41:23 +0000 (+0200)
Subject: Add key check on `pdnsutils hsm assign`
X-Git-Tag: rec-4.0.0-alpha3~14^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F3806%2Fhead;p=thirdparty%2Fpdns.git

Add key check on `pdnsutils hsm assign`
---

diff --git a/pdns/pdnsutil.cc b/pdns/pdnsutil.cc
index 96c32eef15..cd6952e409 100644
--- a/pdns/pdnsutil.cc
+++ b/pdns/pdnsutil.cc
@@ -2949,8 +2949,14 @@ loadMainConfig(g_vm["config-dir"].as<string>());
      DNSKEYRecordContent drc; 
      DNSSECPrivateKey dpk;
      dpk.d_flags = (keyOrZone ? 257 : 256);
-     dpk.setKey(shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::makeFromISCString(drc, iscString.str())));
- 
+
+     shared_ptr<DNSCryptoKeyEngine> dke(DNSCryptoKeyEngine::makeFromISCString(drc, iscString.str()));
+     if(!dke->checkKey()) {
+       cerr << "Invalid DNS Private Key in engine " << module << " slot " << slot << std::endl;
+       return 1;
+     }
+     dpk.setKey(dke);
+
      // make sure this key isn't being reused.
      B.getDomainKeys(zone, 0, keys);
      id = -1;