From: Willem Toorop Date: Wed, 31 Aug 2011 13:15:06 +0000 (+0000) Subject: Fix EVP_PKEY_assign_DSA and consorts. Bugfix #406 X-Git-Tag: release-1.6.11rc1~27 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2f0f09e70ad4bcee914aeedf7b2d78ddc891c8d9;p=thirdparty%2Fldns.git Fix EVP_PKEY_assign_DSA and consorts. Bugfix #406 --- diff --git a/dnssec_verify.c b/dnssec_verify.c index 18f8efc3..90aa719d 100644 --- a/dnssec_verify.c +++ b/dnssec_verify.c @@ -1629,7 +1629,11 @@ ldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo) EC_KEY_free(ec); return NULL; } - EVP_PKEY_assign_EC_KEY(evp_key, ec); + if (!EVP_PKEY_assign_EC_KEY(evp_key, ec)) { + EVP_PKEY_free(evp_key); + EC_KEY_free(ec); + return NULL; + } return evp_key; } @@ -2257,12 +2261,15 @@ ldns_verify_rrsig_dsa_raw(unsigned char* sig, size_t siglen, ldns_status result; evp_key = EVP_PKEY_new(); - EVP_PKEY_assign_DSA(evp_key, ldns_key_buf2dsa_raw(key, keylen)); - result = ldns_verify_rrsig_evp_raw(sig, + if (EVP_PKEY_assign_DSA(evp_key, ldns_key_buf2dsa_raw(key, keylen))) { + result = ldns_verify_rrsig_evp_raw(sig, siglen, rrset, evp_key, EVP_dss1()); + } else { + result = LDNS_STATUS_SSL_ERR; + } EVP_PKEY_free(evp_key); return result; @@ -2276,12 +2283,15 @@ ldns_verify_rrsig_rsasha1_raw(unsigned char* sig, size_t siglen, ldns_status result; evp_key = EVP_PKEY_new(); - EVP_PKEY_assign_RSA(evp_key, ldns_key_buf2rsa_raw(key, keylen)); - result = ldns_verify_rrsig_evp_raw(sig, + if (EVP_PKEY_assign_RSA(evp_key, ldns_key_buf2rsa_raw(key, keylen))) { + result = ldns_verify_rrsig_evp_raw(sig, siglen, rrset, evp_key, EVP_sha1()); + } else { + result = LDNS_STATUS_SSL_ERR; + } EVP_PKEY_free(evp_key); return result; @@ -2299,12 +2309,15 @@ ldns_verify_rrsig_rsasha256_raw(unsigned char* sig, ldns_status result; evp_key = EVP_PKEY_new(); - EVP_PKEY_assign_RSA(evp_key, ldns_key_buf2rsa_raw(key, keylen)); - result = ldns_verify_rrsig_evp_raw(sig, + if (EVP_PKEY_assign_RSA(evp_key, ldns_key_buf2rsa_raw(key, keylen))) { + result = ldns_verify_rrsig_evp_raw(sig, siglen, rrset, evp_key, EVP_sha256()); + } else { + result = LDNS_STATUS_SSL_ERR; + } EVP_PKEY_free(evp_key); return result; @@ -2331,12 +2344,15 @@ ldns_verify_rrsig_rsasha512_raw(unsigned char* sig, ldns_status result; evp_key = EVP_PKEY_new(); - EVP_PKEY_assign_RSA(evp_key, ldns_key_buf2rsa_raw(key, keylen)); - result = ldns_verify_rrsig_evp_raw(sig, + if (EVP_PKEY_assign_RSA(evp_key, ldns_key_buf2rsa_raw(key, keylen))) { + result = ldns_verify_rrsig_evp_raw(sig, siglen, rrset, evp_key, EVP_sha512()); + } else { + result = LDNS_STATUS_SSL_ERR; + } EVP_PKEY_free(evp_key); return result; @@ -2363,12 +2379,15 @@ ldns_verify_rrsig_rsamd5_raw(unsigned char* sig, ldns_status result; evp_key = EVP_PKEY_new(); - EVP_PKEY_assign_RSA(evp_key, ldns_key_buf2rsa_raw(key, keylen)); - result = ldns_verify_rrsig_evp_raw(sig, + if (EVP_PKEY_assign_RSA(evp_key, ldns_key_buf2rsa_raw(key, keylen))) { + result = ldns_verify_rrsig_evp_raw(sig, siglen, rrset, evp_key, EVP_md5()); + } else { + result = LDNS_STATUS_SSL_ERR; + } EVP_PKEY_free(evp_key); return result; diff --git a/keys.c b/keys.c index c224cd6f..2d7f62ab 100644 --- a/keys.c +++ b/keys.c @@ -278,8 +278,11 @@ ldns_key_new_frm_fp_ecdsa_l(FILE* fp, ldns_algorithm alg, int* line_nr) EC_KEY_free(ec); return NULL; } - EVP_PKEY_assign_EC_KEY(evp_key, ec); - + if (!EVP_PKEY_assign_EC_KEY(evp_key, ec)) { + EVP_PKEY_free(evp_key); + EC_KEY_free(ec); + return NULL; + } return evp_key; } #endif @@ -839,7 +842,6 @@ ldns_key_new_frm_algorithm(ldns_signing_algorithm alg, uint16_t size) ldns_key_free(k); return NULL; } - ldns_key_set_rsa_key(k, r); #endif /* HAVE_SSL */ break; @@ -929,7 +931,11 @@ ldns_key_new_frm_algorithm(ldns_signing_algorithm alg, uint16_t size) EC_KEY_free(ec); return NULL; } - EVP_PKEY_assign_EC_KEY(k->_key.key, ec); + if (!EVP_PKEY_assign_EC_KEY(k->_key.key, ec)) { + ldns_key_free(k); + EC_KEY_free(ec); + return NULL; + } #endif /* splint */ break; #endif