Fix openssleddsa_isprivate

openssleddsa_isprivate failed to properly determine if a buffer was
private or not. Pass in a buffer so that EVP_PKEY_get_raw_private_key
fails when there is not a private key.

diff --git a/lib/dns/openssleddsa_link.c b/lib/dns/openssleddsa_link.c
index 0fddfd45172fcf1addcad695c375e4e6f0712b8f..1fc6edfea28d197a97f52ff46afd0abf6e02cc1f 100644 (file)
--- a/lib/dns/openssleddsa_link.c
+++ b/lib/dns/openssleddsa_link.c
@@ -349,13 +349,20 @@ err:
 static bool
 openssleddsa_isprivate(const dst_key_t *key) {
        EVP_PKEY *pkey = key->keydata.pkey;
-       size_t len;
+       unsigned char buf[DNS_KEY_ED448SIZE];
+       size_t len = sizeof(buf);
+
+       STATIC_ASSERT(sizeof(buf) >= DNS_KEY_ED448SIZE,
+                     "increase size of 'buf'");
+       STATIC_ASSERT(sizeof(buf) >= DNS_KEY_ED25519SIZE,
+                     "increase size of 'buf'");
 
        if (pkey == NULL) {
                return (false);
        }
 
-       if (EVP_PKEY_get_raw_private_key(pkey, NULL, &len) == 1 && len > 0) {
+       /* Must have a buffer to actually check if there is a private key. */
+       if (EVP_PKEY_get_raw_private_key(pkey, buf, &len) == 1) {
                return (true);
        }
        /* can check if first error is EC_R_INVALID_PRIVATE_KEY */