upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-04-29 09:59:08 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'fix-eddsa-signatures-creation-and-validation' into 'master'

Browse source 
Fix EdDSA signatures creation and validation

Closes #579

See merge request isc-projects/bind9!844
This commit is contained in:
Michał Kępień 2018-10-04 06:54:03 -04:00
commit 739b74759d
2 changed files with 8 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
CHANGES
View file

@ -1,5 +1,7 @@
5043. [bug] Fix creating and validating EdDSA signatures. [GL #579]
5042. [test] Make the chained delegations in reclimit behave
like they would in a regular name server. [GL #578]
like they would in a regular name server. [GL #578]
5041. [test] The chain test contains a incomplete delegation.
[GL #568]

18
lib/dns/openssleddsa_link.c
View file

@ -355,16 +355,13 @@ openssleddsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
isc_buffer_usedregion(buf, &tbsreg);
if (EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey))
if (EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey) != 1) {
DST_RET(dst__openssl_toresult3(dctx->category,
"EVP_DigestSignInit",
ISC_R_FAILURE));
if (EVP_DigestSignUpdate(ctx, tbsreg.base, tbsreg.length) != 1) {
DST_RET(dst__openssl_toresult3(dctx->category,
"EVP_DigestSignUpdate",
DST_R_SIGNFAILURE));
}
if (EVP_DigestSignFinal(ctx, sigreg.base, &siglen) != 1) {
if (EVP_DigestSign(ctx, sigreg.base, &siglen,
tbsreg.base, tbsreg.length) != 1) {
DST_RET(dst__openssl_toresult3(dctx->category,
"EVP_DigestSign",
DST_R_SIGNFAILURE));
@ -423,13 +420,8 @@ openssleddsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
ISC_R_FAILURE));
}
if (EVP_DigestVerifyUpdate(ctx, tbsreg.base, tbsreg.length) != 1) {
DST_RET(dst__openssl_toresult3(dctx->category,
"EVP_DigestVerifyUpdate",
ISC_R_FAILURE));
}
status = EVP_DigestVerifyFinal(ctx, sig->base, siglen);
status = EVP_DigestVerify(ctx, sig->base, siglen,
tbsreg.base, tbsreg.length);
switch (status) {
case 1: