diff options
| author | Jonathan Gray <jsg@cvs.openbsd.org> | 2014-10-13 12:05:05 +0000 |
|---|---|---|
| committer | Jonathan Gray <jsg@cvs.openbsd.org> | 2014-10-13 12:05:05 +0000 |
| commit | 21ee92711a8974815997aeca486b6c09c756aa22 (patch) | |
| tree | 6b38e7b8288da792718bb1c7dbfe483297998ced /usr.sbin | |
| parent | 18b15ad43e1c89c2285d902fa433f1812d746098 (diff) | |
Return failure not success in openssldh_computesecret() when
DH_compute_key() fails and returns -1.
ok guenther@
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/bind/lib/dns/openssldh_link.c | 46 |
1 files changed, 32 insertions, 14 deletions
diff --git a/usr.sbin/bind/lib/dns/openssldh_link.c b/usr.sbin/bind/lib/dns/openssldh_link.c index 55f678ee5a0..4b5f284f17e 100644 --- a/usr.sbin/bind/lib/dns/openssldh_link.c +++ b/usr.sbin/bind/lib/dns/openssldh_link.c @@ -1,9 +1,9 @@ /* - * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 1999-2002 Internet Software Consortium. * Portions Copyright (C) 1995-2000 by Network Associates, Inc. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -18,7 +18,7 @@ /* * Principal Author: Brian Wellington - * $ISC: openssldh_link.c,v 1.1.4.1 2004/12/09 04:07:18 marka Exp $ + * $ISC: openssldh_link.c,v 1.1.6.10 2007/08/28 07:20:04 tbox Exp $ */ #ifdef OPENSSL @@ -82,7 +82,7 @@ openssldh_computesecret(const dst_key_t *pub, const dst_key_t *priv, if (r.length < len) return (ISC_R_NOSPACE); ret = DH_compute_key(r.base, dhpub->pub_key, dhpriv); - if (ret == 0) + if (ret <= 0) return (dst__openssl_toresult(DST_R_COMPUTESECRETFAILURE)); isc_buffer_add(secret, len); return (ISC_R_SUCCESS); @@ -140,6 +140,9 @@ openssldh_paramcompare(const dst_key_t *key1, const dst_key_t *key2) { static isc_result_t openssldh_generate(dst_key_t *key, int generator) { +#if OPENSSL_VERSION_NUMBER > 0x00908000L + BN_GENCB cb; +#endif DH *dh = NULL; if (generator == 0) { @@ -149,7 +152,7 @@ openssldh_generate(dst_key_t *key, int generator) { { dh = DH_new(); if (dh == NULL) - return (ISC_R_NOMEMORY); + return (dst__openssl_toresult(ISC_R_NOMEMORY)); if (key->key_size == 768) dh->p = &bn768; else if (key->key_size == 1024) @@ -157,14 +160,28 @@ openssldh_generate(dst_key_t *key, int generator) { else dh->p = &bn1536; dh->g = &bn2; - } - else + } else generator = 2; } - if (generator != 0) + if (generator != 0) { +#if OPENSSL_VERSION_NUMBER > 0x00908000L + dh = DH_new(); + if (dh == NULL) + return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); + + BN_GENCB_set_old(&cb, NULL, NULL); + + if (!DH_generate_parameters_ex(dh, key->key_size, generator, + &cb)) { + DH_free(dh); + return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); + } +#else dh = DH_generate_parameters(key->key_size, generator, NULL, NULL); +#endif + } if (dh == NULL) return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); @@ -285,7 +302,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) { dh = DH_new(); if (dh == NULL) - return (ISC_R_NOMEMORY); + return (dst__openssl_toresult(ISC_R_NOMEMORY)); dh->flags &= ~DH_FLAG_CACHE_MONT_P; /* @@ -564,11 +581,11 @@ openssldh_cleanup(void) { } static dst_func_t openssldh_functions = { - NULL, /* createctx */ - NULL, /* destroyctx */ - NULL, /* adddata */ - NULL, /* openssldh_sign */ - NULL, /* openssldh_verify */ + NULL, /*%< createctx */ + NULL, /*%< destroyctx */ + NULL, /*%< adddata */ + NULL, /*%< openssldh_sign */ + NULL, /*%< openssldh_verify */ openssldh_computesecret, openssldh_compare, openssldh_paramcompare, @@ -606,3 +623,4 @@ dst__openssldh_init(dst_func_t **funcp) { EMPTY_TRANSLATION_UNIT #endif /* OPENSSL */ +/*! \file */ |