upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-09 11:32:05 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch '2315-bind-9-11-22-9-11-25-fails-to-build-for-aep-hsm-native-pkcs11' into 'main'

Browse source 
Resolve "BIND 9.11.22 - 9.11.25 fails to build for AEP HSM native pkcs11"

Closes #2315

See merge request isc-projects/bind9!4441
This commit is contained in:
Mark Andrews 2020-12-01 12:15:57 +00:00
commit 1d11013a18
3 changed files with 12 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
CHANGES
View file

@ -1,3 +1,6 @@
5540. [port] Fix building with native PKCS#11 support for AEP Keyper.
[GL #2315]
5539. [bug] Tighten handling of missing DNS COOKIE responses over
UDP by falling back to TCP. [GL #2275]

3
doc/notes/notes-current.rst
View file

@ -49,3 +49,6 @@ Bug Fixes
- Tighten handling of missing DNS COOKIE responses over UDP by
falling back to TCP. [GL #2275]
- Building with native PKCS#11 support for AEP Keyper has been broken
since BIND 9.17.4. This has been fixed. [GL #2315]

8
lib/dns/pkcs11rsa_link.c
View file

@ -336,6 +336,8 @@ pkcs11rsa_createctx_verify(dst_key_t *key, unsigned int maxbits,
for (attr = pk11_attribute_first(rsa); attr != NULL;
attr = pk11_attribute_next(rsa, attr))
{
unsigned int bits;
switch (attr->type) {
case CKA_MODULUS:
INSIST(keyTemplate[5].type == attr->type);
@ -352,7 +354,6 @@ pkcs11rsa_createctx_verify(dst_key_t *key, unsigned int maxbits,
memmove(keyTemplate[6].pValue, attr->pValue,
attr->ulValueLen);
keyTemplate[6].ulValueLen = attr->ulValueLen;
unsigned int bits;
ret = pk11_numbits(attr->pValue, attr->ulValueLen,
&bits);
if (ret != ISC_R_SUCCESS ||
@ -952,6 +953,9 @@ pkcs11rsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
for (attr = pk11_attribute_first(rsa); attr != NULL;
attr = pk11_attribute_next(rsa, attr))
{
unsigned int bits;
switch (attr->type) {
case CKA_MODULUS:
INSIST(keyTemplate[5].type == attr->type);
@ -962,7 +966,6 @@ pkcs11rsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
keyTemplate[5].ulValueLen = attr->ulValueLen;
break;
case CKA_PUBLIC_EXPONENT:
unsigned int bits;
INSIST(keyTemplate[6].type == attr->type);
keyTemplate[6].pValue = isc_mem_get(dctx->mctx,
attr->ulValueLen);
@ -977,6 +980,7 @@ pkcs11rsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
}
break;
}
}
pk11_ctx->object = CK_INVALID_HANDLE;
pk11_ctx->ontoken = false;
PK11_RET(pkcs_C_CreateObject,