Fix EdDSA key sizes (key_size is in bits).

(cherry picked from commit 9b87fe10518ea0b0b5d254d61ee95a8db4360f49)

diff --git a/lib/dns/openssleddsa_link.c b/lib/dns/openssleddsa_link.c
index 524d6473bfcb1dbf840f37ce0c7a2816f8c018e1..acc0b00e7414f3cc633227d7105da4e93f80a5a8 100644 (file)
--- a/lib/dns/openssleddsa_link.c
+++ b/lib/dns/openssleddsa_link.c
@@ -472,13 +472,13 @@ openssleddsa_generate(dst_key_t *key, int unused, void (*callback)(int)) {
 #if HAVE_OPENSSL_ED25519
        if (key->key_alg == DST_ALG_ED25519) {
                nid = NID_ED25519;
-               key->key_size = DNS_KEY_ED25519SIZE;
+               key->key_size = DNS_KEY_ED25519SIZE * 8;
        }
 #endif /* if HAVE_OPENSSL_ED25519 */
 #if HAVE_OPENSSL_ED448
        if (key->key_alg == DST_ALG_ED448) {
                nid = NID_ED448;
-               key->key_size = DNS_KEY_ED448SIZE;
+               key->key_size = DNS_KEY_ED448SIZE * 8;
        }
 #endif /* if HAVE_OPENSSL_ED448 */
        if (nid == 0) {
@@ -607,7 +607,7 @@ openssleddsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
        }
        isc_buffer_forward(data, len);
        key->keydata.pkey = pkey;
-       key->key_size = len;
+       key->key_size = len * 8;
        return (ISC_R_SUCCESS);
 }
 
@@ -734,7 +734,7 @@ openssleddsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
                DST_RET(DST_R_INVALIDPRIVATEKEY);
        }
        key->keydata.pkey = pkey;
-       key->key_size = len;
+       key->key_size = len * 8;
        ret = ISC_R_SUCCESS;
 
 err:

diff --git a/lib/dns/pkcs11eddsa_link.c b/lib/dns/pkcs11eddsa_link.c
index 17941287324466b65828ad23900536de8024fca1..63542f5d4009347a6755856092f8c350e653b88e 100644 (file)
--- a/lib/dns/pkcs11eddsa_link.c
+++ b/lib/dns/pkcs11eddsa_link.c
@@ -521,10 +521,10 @@ pkcs11eddsa_generate(dst_key_t *key, int unused, void (*callback)(int)) {
 
        switch (key->key_alg) {
        case DST_ALG_ED25519:
-               key->key_size = DNS_KEY_ED25519SIZE;
+               key->key_size = DNS_KEY_ED25519SIZE * 8;
                break;
        case DST_ALG_ED448:
-               key->key_size = DNS_KEY_ED448SIZE;
+               key->key_size = DNS_KEY_ED448SIZE * 8;
                break;
        default:
                INSIST(0);
@@ -675,7 +675,7 @@ pkcs11eddsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
 
        isc_buffer_forward(data, len);
        key->keydata.pkey = ec;
-       key->key_size = len;
+       key->key_size = len * 8;
 
        return (ISC_R_SUCCESS);
 }
@@ -931,10 +931,10 @@ pkcs11eddsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
        memset(&priv, 0, sizeof(priv));
        switch (key->key_alg) {
        case DST_ALG_ED25519:
-               key->key_size = DNS_KEY_ED25519SIZE;
+               key->key_size = DNS_KEY_ED25519SIZE * 8;
                break;
        case DST_ALG_ED448:
-               key->key_size = DNS_KEY_ED448SIZE;
+               key->key_size = DNS_KEY_ED448SIZE * 8;
                break;
        default:
                INSIST(0);
@@ -1054,10 +1054,10 @@ pkcs11eddsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
        key->label = isc_mem_strdup(key->mctx, label);
        switch (key->key_alg) {
        case DST_ALG_ED25519:
-               key->key_size = DNS_KEY_ED25519SIZE;
+               key->key_size = DNS_KEY_ED25519SIZE * 8;
                break;
        case DST_ALG_ED448:
-               key->key_size = DNS_KEY_ED448SIZE;
+               key->key_size = DNS_KEY_ED448SIZE * 8;
                break;
        default:
                INSIST(0);