From: Timo Teräs Date: Wed, 28 Dec 2022 15:11:21 +0000 (+0200) Subject: Make OpenSSL keypair comparation a generic helper function X-Git-Tag: v9.19.9~21^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=02efa591ef0c6665b40a26657ab50620c4edc27a;p=thirdparty%2Fbind9.git Make OpenSSL keypair comparation a generic helper function --- diff --git a/lib/dns/dst_openssl.h b/lib/dns/dst_openssl.h index 188e72cd160..4380d36364c 100644 --- a/lib/dns/dst_openssl.h +++ b/lib/dns/dst_openssl.h @@ -45,4 +45,7 @@ isc_result_t dst__openssl_fromlabel(int key_base_id, const char *engine, const char *label, const char *pin, EVP_PKEY **ppub, EVP_PKEY **ppriv); +bool +dst__openssl_compare_keypair(const dst_key_t *key1, const dst_key_t *key2); + ISC_LANG_ENDDECLS diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c index f23f86443ec..c10a978cefc 100644 --- a/lib/dns/openssl_link.c +++ b/lib/dns/openssl_link.c @@ -353,4 +353,28 @@ dst__openssl_fromlabel(int key_base_id, const char *engine, const char *label, ppub, ppriv)); } +bool +dst__openssl_compare_keypair(const dst_key_t *key1, const dst_key_t *key2) { + EVP_PKEY *pkey1 = key1->keydata.pkeypair.pub; + EVP_PKEY *pkey2 = key2->keydata.pkeypair.pub; + + if (pkey1 == NULL && pkey2 == NULL) { + return (true); + } else if (pkey1 == NULL || pkey2 == NULL) { + return (false); + } + + /* `EVP_PKEY_eq` checks only the public components and parameters. */ + if (EVP_PKEY_eq(pkey1, pkey2) != 1) { + return (false); + } + /* The private key presence must be same for keys to match. */ + if ((key1->keydata.pkeypair.priv != NULL) != + (key2->keydata.pkeypair.priv != NULL)) + { + return (false); + } + return (true); +} + /*! \file */ diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c index efef7fe14a9..2d657993f76 100644 --- a/lib/dns/opensslrsa_link.c +++ b/lib/dns/opensslrsa_link.c @@ -343,30 +343,6 @@ opensslrsa_verify(dst_context_t *dctx, const isc_region_t *sig) { return (opensslrsa_verify2(dctx, 0, sig)); } -static bool -opensslrsa_compare(const dst_key_t *key1, const dst_key_t *key2) { - EVP_PKEY *pkey1 = key1->keydata.pkeypair.pub; - EVP_PKEY *pkey2 = key2->keydata.pkeypair.pub; - - if (pkey1 == NULL && pkey2 == NULL) { - return (true); - } else if (pkey1 == NULL || pkey2 == NULL) { - return (false); - } - - /* `EVP_PKEY_eq` checks only the public components and parameters. */ - if (EVP_PKEY_eq(pkey1, pkey2) != 1) { - return (false); - } - /* The private key presence must be same for keys to match. */ - if ((key1->keydata.pkeypair.priv != NULL) != - (key2->keydata.pkeypair.priv != NULL)) - { - return (false); - } - return (true); -} - #if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 static int progress_cb(int p, int n, BN_GENCB *cb) { @@ -1139,7 +1115,7 @@ static dst_func_t opensslrsa_functions = { opensslrsa_verify, opensslrsa_verify2, NULL, /*%< computesecret */ - opensslrsa_compare, + dst__openssl_compare_keypair, NULL, /*%< paramcompare */ opensslrsa_generate, opensslrsa_isprivate,