upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-04-28 17:46:40 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

802. [bug] DNSSEC key tags were computed incorrectly in almost

Browse source 
all cases. [RT #1146]
This commit is contained in:
Brian Wellington 2001-04-04 02:02:58 +00:00
parent 2901eed986
commit daad43e5a4
19 changed files with 152 additions and 137 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
CHANGES
View file

@ -1,3 +1,6 @@
802. [bug] DNSSEC key tags were computed incorrectly in almost
all cases. [RT #1146]
801. [bug] nsupdate should treat lines beginning with ';' as
comments. [RT #1139]

0
bin/tests/dst/Kdh.+002+18088.key → bin/tests/dst/Kdh.+002+18602.key
View file

0
bin/tests/dst/Kdh.+002+18088.private → bin/tests/dst/Kdh.+002+18602.private
View file

0
bin/tests/dst/Kdh.+002+48443.key → bin/tests/dst/Kdh.+002+48957.key
View file

0
bin/tests/dst/Kdh.+002+48443.private → bin/tests/dst/Kdh.+002+48957.private
View file

0
bin/tests/dst/Ktest.+001+00000.key → bin/tests/dst/Ktest.+001+00002.key
View file

0
bin/tests/dst/Ktest.+003+06204.key → bin/tests/dst/Ktest.+003+23616.key
View file

7
bin/tests/dst/Ktest.+003+23616.private Normal file
View file

@ -0,0 +1,7 @@
Private-key-format: v1.2
Algorithm: 3 (DSA)
Prime(p): 73V/K7fSDvkA0eDYcGg/kSvEjAEO/oLWCERltkuC55ZcM/mSv17WF1d/wR6kww/pLI9eXwkjftAYqs5sNxk+mQ==
Subprime(q): 2nX/+WoOUR9Nq9wUj5zK501+ATM=
Base(g): sQaXrPC973CrnPsihNjn8niXtcsIp+2D/Aa+vNdCGCAiRG8SHebKHF36i4gtyl+9Mi2FaVMqIfn21ImmaCaJIw==
Private_value(x): Nky4tvIwg6xlcyeHXr4k2DEZg0E=
Public_value(y): ExO5w2Gn9dIlUVjegzEqa4Ho4h9Of36ZsmQLeOLcgIeJtcF0ubuLWptT1wyWCaM5+xH0PHtsHiL9cgvrejx0sQ==

0
bin/tests/dst/Ktest.+003+00000.key → bin/tests/dst/Ktest.+003+49667.key
View file

4
bin/tests/dst/Makefile.in
View file

@ -13,7 +13,7 @@
# NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
# WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.28 2001/02/01 23:41:43 sjacob Exp $
# $Id: Makefile.in,v 1.29 2001/04/04 02:02:47 bwelling Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@ -51,7 +51,7 @@ t_dst: t_dst.@O@ ${DEPLIBS} ${TLIB}
${LIBTOOL} ${PURIFY} ${CC} -o $@ t_dst.@O@ ${TLIB} ${LIBS}
test: t_dst
../genrandom 50 randomfile
../genrandom 100 randomfile
-@ ./t_dst -b @srcdir@ -q 1800 -a
clean distclean::

6
bin/tests/dst/dst_2_data
View file

@ -4,13 +4,13 @@
# format:
# datafile, sigpath, keyname, keyid, alg, exp_result
#
t2_data_1 t2_dsasig test. 6204 DST_ALG_DSA ISC_R_SUCCESS
t2_data_1 t2_dsasig test. 23616 DST_ALG_DSA ISC_R_SUCCESS
t2_data_1 t2_rsasig test. 54622 DST_ALG_RSAMD5 ISC_R_SUCCESS
# wrong sig
t2_data_1 t2_dsasig test. 54622 DST_ALG_RSAMD5 !ISC_R_SUCCESS
# wrong key
#t2_data_1 t2_dsasig test. 54622 DST_ALG_DSA !ISC_R_SUCCESS
# wrong alg
#t2_data_1 t2_dsasig test. 6204 DST_ALG_RSAMD5 !ISC_R_SUCCESS
#t2_data_1 t2_dsasig test. 23616 DST_ALG_RSAMD5 !ISC_R_SUCCESS
# wrong data
t2_data_2 t2_dsasig test. 6204 DST_ALG_DSA !ISC_R_SUCCESS
t2_data_2 t2_dsasig test. 23616 DST_ALG_DSA !ISC_R_SUCCESS

10
bin/tests/dst/dst_test.c
View file

@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dst_test.c,v 1.36 2001/01/09 21:41:54 bwelling Exp $ */
/* $Id: dst_test.c,v 1.37 2001/04/04 02:02:50 bwelling Exp $ */
#include <config.h>
@ -253,17 +253,17 @@ main(void) {
isc_buffer_init(&b, "test.", 5);
isc_buffer_add(&b, 5);
dns_name_fromtext(name, &b, NULL, ISC_FALSE, NULL);
io(name, 6204, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx);
io(name, 23616, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx);
io(name, 54622, DST_ALG_RSAMD5, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
mctx);
io(name, 0, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx);
io(name, 0, DST_ALG_RSAMD5, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx);
io(name, 49667, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx);
io(name, 2, DST_ALG_RSAMD5, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx);
isc_buffer_init(&b, "dh.", 3);
isc_buffer_add(&b, 3);
dns_name_fromtext(name, &b, NULL, ISC_FALSE, NULL);
dh(name, 18088, name, 48443, mctx);
dh(name, 18602, name, 48957, mctx);
generate(DST_ALG_RSAMD5, mctx);
generate(DST_ALG_DH, mctx);

10
bin/tests/dst/t_dst.c
View file

@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: t_dst.c,v 1.43 2001/01/09 21:41:55 bwelling Exp $ */
/* $Id: t_dst.c,v 1.44 2001/04/04 02:02:51 bwelling Exp $ */
#include <config.h>
@ -395,24 +395,24 @@ t1(void) {
isc_buffer_init(&b, "test.", 5);
isc_buffer_add(&b, 5);
dns_name_fromtext(name, &b, NULL, ISC_FALSE, NULL);
io(name, 6204, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
io(name, 23616, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
mctx, ISC_R_SUCCESS, &nfails, &nprobs);
t_info("testing use of stored keys [2]\n");
io(name, 54622, DST_ALG_RSAMD5, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
mctx, ISC_R_SUCCESS, &nfails, &nprobs);
t_info("testing use of stored keys [3]\n");
io(name, 0, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
io(name, 49667, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
mctx, DST_R_NULLKEY, &nfails, &nprobs);
t_info("testing use of stored keys [4]\n");
io(name, 0, DST_ALG_RSAMD5, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
io(name, 2, DST_ALG_RSAMD5, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
mctx, DST_R_NULLKEY, &nfails, &nprobs);
isc_buffer_init(&b, "dh.", 3);
isc_buffer_add(&b, 3);
dns_name_fromtext(name, &b, NULL, ISC_FALSE, NULL);
dh(name, 18088, name, 48443, mctx, ISC_R_SUCCESS, &nfails, &nprobs);
dh(name, 18602, name, 48957, mctx, ISC_R_SUCCESS, &nfails, &nprobs);
t_info("testing use of generated keys\n");
generate(DST_ALG_RSAMD5, mctx, 512, &nfails);

148
lib/dns/sec/dst/dst_api.c
View file

@ -19,7 +19,7 @@
/*
* Principal Author: Brian Wellington
* $Id: dst_api.c,v 1.76 2001/03/27 23:43:15 bwelling Exp $
* $Id: dst_api.c,v 1.77 2001/04/04 02:02:52 bwelling Exp $
*/
#include <config.h>
@ -78,6 +78,15 @@ static isc_result_t buildfilename(dns_name_t *name,
const unsigned int type,
const char *directory,
isc_buffer_t *out);
static isc_result_t computeid(dst_key_t *key);
static isc_result_t frombuffer(dns_name_t *name,
const unsigned int alg,
const unsigned int flags,
const unsigned int protocol,
dns_rdataclass_t rdclass,
isc_buffer_t *source,
isc_mem_t *mctx,
dst_key_t **keyp);
#define RETERR(x) do { \
result = (x); \
@ -326,13 +335,20 @@ dst_key_fromfile(dns_name_t *name, const dns_keytag_t id,
if (result != ISC_R_SUCCESS)
return (result);
result = computeid(key);
if (result != ISC_R_SUCCESS) {
dst_key_free(&key);
return (result);
}
if (!dns_name_equal(name, key->key_name) ||
id != key->key_id ||
alg != key->key_alg)
{
dst_key_free(&key);
return (DST_R_INVALIDPUBLICKEY);
return (DST_R_INVALIDPRIVATEKEY);
}
*keyp = key;
return (ISC_R_SUCCESS);
}
@ -358,6 +374,12 @@ dst_key_fromnamedfile(const char *filename, const int type, isc_mem_t *mctx,
if (type == DST_TYPE_PUBLIC ||
(pubkey->key_flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY)
{
result = computeid(pubkey);
if (result != ISC_R_SUCCESS) {
dst_key_free(&pubkey);
return (result);
}
*keyp = pubkey;
return (ISC_R_SUCCESS);
}
@ -382,6 +404,17 @@ dst_key_fromnamedfile(const char *filename, const int type, isc_mem_t *mctx,
return (result);
}
result = computeid(key);
if (result != ISC_R_SUCCESS) {
dst_key_free(&key);
return (result);
}
if (id != key->key_id) {
dst_key_free(&key);
return (DST_R_INVALIDPRIVATEKEY);
}
*keyp = key;
return (ISC_R_SUCCESS);
}
@ -424,12 +457,14 @@ dst_key_fromdns(dns_name_t *name, dns_rdataclass_t rdclass,
{
isc_uint8_t alg, proto;
isc_uint32_t flags, extflags;
dst_key_t *key = NULL;
dns_keytag_t id;
isc_region_t r;
isc_result_t result;
REQUIRE(dst_initialized == ISC_TRUE);
REQUIRE(dns_name_isabsolute(name));
REQUIRE(source != NULL);
REQUIRE(mctx != NULL);
REQUIRE(keyp != NULL && *keyp == NULL);
REQUIRE(dst_initialized);
isc_buffer_remainingregion(source, &r);
if (isc_buffer_remaininglength(source) < 4)
return (DST_R_INVALIDPUBLICKEY);
@ -440,6 +475,8 @@ dst_key_fromdns(dns_name_t *name, dns_rdataclass_t rdclass,
if (!dst_algorithm_supported(alg))
return (DST_R_UNSUPPORTEDALG);
id = dst_region_computeid(&r, alg);
if (flags & DNS_KEYFLAG_EXTENDED) {
if (isc_buffer_remaininglength(source) < 2)
return (DST_R_INVALIDPUBLICKEY);
@ -447,8 +484,14 @@ dst_key_fromdns(dns_name_t *name, dns_rdataclass_t rdclass,
flags |= (extflags << 16);
}
return (dst_key_frombuffer(name, alg, flags, proto, rdclass,
source, mctx, keyp));
result = frombuffer(name, alg, flags, proto, rdclass, source,
mctx, &key);
if (result != ISC_R_SUCCESS)
return (result);
key->key_id = id;
*keyp = key;
return (ISC_R_SUCCESS);
}
isc_result_t
@ -457,31 +500,23 @@ dst_key_frombuffer(dns_name_t *name, const unsigned int alg,
dns_rdataclass_t rdclass,
isc_buffer_t *source, isc_mem_t *mctx, dst_key_t **keyp)
{
dst_key_t *key;
isc_result_t ret;
dst_key_t *key = NULL;
isc_result_t result;
REQUIRE(dst_initialized == ISC_TRUE);
REQUIRE(dns_name_isabsolute(name));
REQUIRE(source != NULL);
REQUIRE(mctx != NULL);
REQUIRE(keyp != NULL && *keyp == NULL);
REQUIRE(dst_initialized);
if (dst_algorithm_supported(alg) == ISC_FALSE)
if (!dst_algorithm_supported(alg))
return (DST_R_UNSUPPORTEDALG);
key = get_key_struct(name, alg, flags, protocol, 0, rdclass, mctx);
if (key == NULL)
return (ISC_R_NOMEMORY);
result = frombuffer(name, alg, flags, protocol, rdclass, source,
mctx, &key);
if (result != ISC_R_SUCCESS)
return (result);
if (key->func->fromdns == NULL) {
result = computeid(key);
if (result != ISC_R_SUCCESS) {
dst_key_free(&key);
return (DST_R_UNSUPPORTEDALG);
}
ret = key->func->fromdns(key, source);
if (ret != ISC_R_SUCCESS) {
dst_key_free(&key);
return (ret);
return (result);
}
*keyp = key;
@ -560,6 +595,12 @@ dst_key_generate(dns_name_t *name, const unsigned int alg,
return (ret);
}
ret = computeid(key);
if (ret != ISC_R_SUCCESS) {
dst_key_free(&key);
return (ret);
}
*keyp = key;
return (ISC_R_SUCCESS);
}
@ -965,6 +1006,57 @@ buildfilename(dns_name_t *name, const dns_keytag_t id,
return (ISC_R_SUCCESS);
}
static isc_result_t
computeid(dst_key_t *key) {
isc_buffer_t dnsbuf;
unsigned char dns_array[DST_KEY_MAXSIZE];
isc_region_t r;
isc_result_t ret;
isc_buffer_init(&dnsbuf, dns_array, sizeof(dns_array));
ret = dst_key_todns(key, &dnsbuf);
if (ret != ISC_R_SUCCESS) {
dst_key_free(&key);
return (ret);
}
isc_buffer_usedregion(&dnsbuf, &r);
key->key_id = dst_region_computeid(&r, key->key_alg);
return (ISC_R_SUCCESS);
}
isc_result_t
frombuffer(dns_name_t *name, const unsigned int alg, const unsigned int flags,
const unsigned int protocol, dns_rdataclass_t rdclass,
isc_buffer_t *source, isc_mem_t *mctx, dst_key_t **keyp)
{
dst_key_t *key;
isc_result_t ret;
REQUIRE(dns_name_isabsolute(name));
REQUIRE(source != NULL);
REQUIRE(mctx != NULL);
REQUIRE(keyp != NULL && *keyp == NULL);
key = get_key_struct(name, alg, flags, protocol, 0, rdclass, mctx);
if (key == NULL)
return (ISC_R_NOMEMORY);
if (key->func->fromdns == NULL) {
dst_key_free(&key);
return (DST_R_UNSUPPORTEDALG);
}
ret = key->func->fromdns(key, source);
if (ret != ISC_R_SUCCESS) {
dst_key_free(&key);
return (ret);
}
*keyp = key;
return (ISC_R_SUCCESS);
}
void *
dst__mem_alloc(size_t size) {
INSIST(dst_memory_pool != NULL);

5
lib/dns/sec/dst/hmac_link.c
View file

@ -19,7 +19,7 @@
/*
* Principal Author: Brian Wellington
* $Id: hmac_link.c,v 1.48 2001/01/24 02:22:56 bwelling Exp $
* $Id: hmac_link.c,v 1.49 2001/04/04 02:02:53 bwelling Exp $
*/
#include <config.h>
@ -215,9 +215,6 @@ hmacmd5_fromdns(dst_key_t *key, isc_buffer_t *data) {
keylen = r.length;
}
r.base = hkey->key;
r.length = keylen;
key->key_id = dst_region_computeid(&r, key->key_alg);
key->key_size = keylen * 8;
key->opaque = hkey;

6
lib/dns/sec/dst/key.c
View file

@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: key.c,v 1.4 2001/03/04 18:38:13 bwelling Exp $ */
/* $Id: key.c,v 1.5 2001/04/04 02:02:54 bwelling Exp $ */
#include <config.h>
@ -37,9 +37,7 @@ dst_region_computeid(const isc_region_t *source, const unsigned int alg) {
int size;
REQUIRE(source != NULL);
if (source->length < 4)
return (0);
REQUIRE(source->length >= 4);
p = source->base;
size = source->length;

32
lib/dns/sec/dst/openssldh_link.c
View file

@ -19,7 +19,7 @@
/*
* Principal Author: Brian Wellington
* $Id: openssldh_link.c,v 1.35 2001/01/24 02:22:59 bwelling Exp $
* $Id: openssldh_link.c,v 1.36 2001/04/04 02:02:56 bwelling Exp $
*/
#if defined(OPENSSL)
@ -130,10 +130,6 @@ openssldh_paramcompare(const dst_key_t *key1, const dst_key_t *key2) {
static isc_result_t
openssldh_generate(dst_key_t *key, int generator) {
DH *dh = NULL;
unsigned char dns_array[DST_KEY_MAXSIZE];
isc_buffer_t dns;
isc_region_t r;
isc_result_t result;
if (generator == 0) {
if (key->key_size == 768 || key->key_size == 1024) {
@ -165,15 +161,6 @@ openssldh_generate(dst_key_t *key, int generator) {
key->opaque = dh;
isc_buffer_init(&dns, dns_array, sizeof(dns_array));
result = openssldh_todns(key, &dns);
if (result != ISC_R_SUCCESS) {
DH_free(dh);
return (result);
}
isc_buffer_usedregion(&dns, &r);
key->key_id = dst_region_computeid(&r, key->key_alg);
return (ISC_R_SUCCESS);
}
@ -376,9 +363,6 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
dh->pub_key = BN_bin2bn(r.base, publen, NULL);
r.base += publen;
isc_buffer_remainingregion(data, &r);
r.length = plen + glen + publen + 6;
key->key_id = dst_region_computeid(&r, key->key_alg);
key->key_size = BN_num_bits(dh->p);
isc_buffer_forward(data, plen + glen + publen + 6);
@ -433,9 +417,6 @@ openssldh_fromfile(dst_key_t *key, const dns_keytag_t id, const char *filename)
{
dst_private_t priv;
isc_result_t ret;
isc_buffer_t dns;
isc_region_t r;
unsigned char dns_array[1024];
int i;
DH *dh = NULL;
isc_mem_t *mctx;
@ -454,7 +435,7 @@ openssldh_fromfile(dst_key_t *key, const dns_keytag_t id, const char *filename)
dh->flags &= ~DH_FLAG_CACHE_MONT_P;
key->opaque = dh;
for (i=0; i < priv.nelements; i++) {
for (i = 0; i < priv.nelements; i++) {
BIGNUM *bn;
bn = BN_bin2bn(priv.elements[i].data,
priv.elements[i].length, NULL);
@ -496,15 +477,6 @@ openssldh_fromfile(dst_key_t *key, const dns_keytag_t id, const char *filename)
dh->g = &bn2;
}
}
isc_buffer_init(&dns, dns_array, sizeof(dns_array));
ret = openssldh_todns(key, &dns);
if (ret != ISC_R_SUCCESS)
DST_RET(ret);
isc_buffer_usedregion(&dns, &r);
key->key_id = dst_region_computeid(&r, key->key_alg);
if (key->key_id != id)
DST_RET(DST_R_INVALIDPRIVATEKEY);
return (ISC_R_SUCCESS);

29
lib/dns/sec/dst/openssldsa_link.c
View file

@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: openssldsa_link.c,v 1.1 2001/02/14 20:26:48 bwelling Exp $ */
/* $Id: openssldsa_link.c,v 1.2 2001/04/04 02:02:57 bwelling Exp $ */
#if defined(OPENSSL)
@ -172,11 +172,8 @@ openssldsa_compare(const dst_key_t *key1, const dst_key_t *key2) {
static isc_result_t
openssldsa_generate(dst_key_t *key, int unused) {
DSA *dsa;
unsigned char dns_array[DST_KEY_MAXSIZE];
unsigned char rand_array[ISC_SHA1_DIGESTLENGTH];
isc_buffer_t dns;
isc_result_t result;
isc_region_t r;
UNUSED(unused);
@ -200,15 +197,6 @@ openssldsa_generate(dst_key_t *key, int unused) {
key->opaque = dsa;
isc_buffer_init(&dns, dns_array, sizeof(dns_array));
result = openssldsa_todns(key, &dns);
if (result != ISC_R_SUCCESS) {
DSA_free(dsa);
return (result);
}
isc_buffer_usedregion(&dns, &r);
key->key_id = dst_region_computeid(&r, key->key_alg);
return (ISC_R_SUCCESS);
}
@ -310,9 +298,6 @@ openssldsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
dsa->pub_key = BN_bin2bn(r.base, p_bytes, NULL);
r.base += p_bytes;
isc_buffer_remainingregion(data, &r);
r.length = 1 + ISC_SHA1_DIGESTLENGTH + 3 * p_bytes;
key->key_id = dst_region_computeid(&r, key->key_alg);
key->key_size = p_bytes * 8;
isc_buffer_forward(data, 1 + ISC_SHA1_DIGESTLENGTH + 3 * p_bytes);
@ -374,9 +359,6 @@ openssldsa_fromfile(dst_key_t *key, const dns_keytag_t id, const char *filename)
{
dst_private_t priv;
isc_result_t ret;
isc_buffer_t dns;
isc_region_t r;
unsigned char dns_array[1024];
int i;
DSA *dsa = NULL;
isc_mem_t *mctx = key->mctx;
@ -421,15 +403,6 @@ openssldsa_fromfile(dst_key_t *key, const dns_keytag_t id, const char *filename)
dst__privstruct_free(&priv, mctx);
key->key_size = BN_num_bits(dsa->p);
isc_buffer_init(&dns, dns_array, sizeof(dns_array));
ret = openssldsa_todns(key, &dns);
if (ret != ISC_R_SUCCESS)
DST_RET(ret);
isc_buffer_usedregion(&dns, &r);
key->key_id = dst_region_computeid(&r, key->key_alg);
if (key->key_id != id)
DST_RET(DST_R_INVALIDPRIVATEKEY);
return (ISC_R_SUCCESS);

29
lib/dns/sec/dst/opensslrsa_link.c
View file

@ -17,7 +17,7 @@
/*
* Principal Author: Brian Wellington
* $Id: opensslrsa_link.c,v 1.9 2001/01/24 02:23:01 bwelling Exp $
* $Id: opensslrsa_link.c,v 1.10 2001/04/04 02:02:58 bwelling Exp $
*/
#if defined(OPENSSL)
@ -205,10 +205,6 @@ static isc_result_t
opensslrsa_generate(dst_key_t *key, int exp) {
RSA *rsa;
unsigned long e;
unsigned char dns_array[DST_KEY_MAXSIZE];
isc_buffer_t dns;
isc_result_t result;
isc_region_t r;
if (exp == 0)
e = RSA_3;
@ -224,15 +220,6 @@ opensslrsa_generate(dst_key_t *key, int exp) {
key->opaque = rsa;
isc_buffer_init(&dns, dns_array, sizeof(dns_array));
result = opensslrsa_todns(key, &dns);
if (result != ISC_R_SUCCESS) {
RSA_free(rsa);
return (result);
}
isc_buffer_usedregion(&dns, &r);
key->key_id = dst_region_computeid(&r, key->key_alg);
return (ISC_R_SUCCESS);
}
@ -331,8 +318,6 @@ opensslrsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
rsa->n = BN_bin2bn(r.base, r.length, NULL);
isc_buffer_remainingregion(data, &r);
key->key_id = dst_region_computeid(&r, key->key_alg);
key->key_size = BN_num_bits(rsa->n);
isc_buffer_forward(data, r.length);
@ -429,9 +414,6 @@ opensslrsa_fromfile(dst_key_t *key, const dns_keytag_t id,
{
dst_private_t priv;
isc_result_t ret;
isc_buffer_t dns;
isc_region_t r;
unsigned char dns_array[1024];
int i;
RSA *rsa = NULL;
isc_mem_t *mctx = key->mctx;
@ -485,15 +467,6 @@ opensslrsa_fromfile(dst_key_t *key, const dns_keytag_t id,
dst__privstruct_free(&priv, mctx);
key->key_size = BN_num_bits(rsa->n);
isc_buffer_init(&dns, dns_array, sizeof(dns_array));
ret = opensslrsa_todns(key, &dns);
if (ret != ISC_R_SUCCESS)
DST_RET(ret);
isc_buffer_usedregion(&dns, &r);
key->key_id = dst_region_computeid(&r, key->key_alg);
if (key->key_id != id)
DST_RET(DST_R_INVALIDPRIVATEKEY);
return (ISC_R_SUCCESS);