diff --git a/lib/dns/dst_openssl.h b/lib/dns/dst_openssl.h index 4380d36364..ad13770632 100644 --- a/lib/dns/dst_openssl.h +++ b/lib/dns/dst_openssl.h @@ -46,6 +46,12 @@ dst__openssl_fromlabel(int key_base_id, const char *engine, const char *label, const char *pin, EVP_PKEY **ppub, EVP_PKEY **ppriv); bool -dst__openssl_compare_keypair(const dst_key_t *key1, const dst_key_t *key2); +dst__openssl_keypair_compare(const dst_key_t *key1, const dst_key_t *key2); + +bool +dst__openssl_keypair_isprivate(const dst_key_t *key); + +void +dst__openssl_keypair_destroy(dst_key_t *key); ISC_LANG_ENDDECLS diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c index 017e5d6977..cafc747825 100644 --- a/lib/dns/openssl_link.c +++ b/lib/dns/openssl_link.c @@ -357,11 +357,11 @@ dst__openssl_fromlabel(int key_base_id, const char *engine, const char *label, } bool -dst__openssl_compare_keypair(const dst_key_t *key1, const dst_key_t *key2) { +dst__openssl_keypair_compare(const dst_key_t *key1, const dst_key_t *key2) { EVP_PKEY *pkey1 = key1->keydata.pkeypair.pub; EVP_PKEY *pkey2 = key2->keydata.pkeypair.pub; - if (pkey1 == NULL && pkey2 == NULL) { + if (pkey1 == pkey2) { return (true); } else if (pkey1 == NULL || pkey2 == NULL) { return (false); @@ -380,4 +380,19 @@ dst__openssl_compare_keypair(const dst_key_t *key1, const dst_key_t *key2) { return (true); } +bool +dst__openssl_keypair_isprivate(const dst_key_t *key) { + return (key->keydata.pkeypair.priv != NULL); +} + +void +dst__openssl_keypair_destroy(dst_key_t *key) { + if (key->keydata.pkeypair.priv != key->keydata.pkeypair.pub) { + EVP_PKEY_free(key->keydata.pkeypair.priv); + } + EVP_PKEY_free(key->keydata.pkeypair.pub); + key->keydata.pkeypair.pub = NULL; + key->keydata.pkeypair.priv = NULL; +} + /*! \file */ diff --git a/lib/dns/opensslecdsa_link.c b/lib/dns/opensslecdsa_link.c index 0482e72d11..04bd67deac 100644 --- a/lib/dns/opensslecdsa_link.c +++ b/lib/dns/opensslecdsa_link.c @@ -766,23 +766,6 @@ opensslecdsa_generate(dst_key_t *key, int unused, void (*callback)(int)) { return (ret); } -static bool -opensslecdsa_isprivate(const dst_key_t *key) { - REQUIRE(opensslecdsa_valid_key_alg(key->key_alg)); - - return (key->keydata.pkeypair.priv != NULL); -} - -static void -opensslecdsa_destroy(dst_key_t *key) { - if (key->keydata.pkeypair.priv != key->keydata.pkeypair.pub) { - EVP_PKEY_free(key->keydata.pkeypair.priv); - } - EVP_PKEY_free(key->keydata.pkeypair.pub); - key->keydata.pkeypair.pub = NULL; - key->keydata.pkeypair.priv = NULL; -} - static isc_result_t opensslecdsa_todns(const dst_key_t *key, isc_buffer_t *data) { isc_result_t ret; @@ -1039,11 +1022,11 @@ static dst_func_t opensslecdsa_functions = { opensslecdsa_verify, NULL, /*%< verify2 */ NULL, /*%< computesecret */ - dst__openssl_compare_keypair, + dst__openssl_keypair_compare, NULL, /*%< paramcompare */ opensslecdsa_generate, - opensslecdsa_isprivate, - opensslecdsa_destroy, + dst__openssl_keypair_isprivate, + dst__openssl_keypair_destroy, opensslecdsa_todns, opensslecdsa_fromdns, opensslecdsa_tofile, diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c index 0a254cb738..f5017b65f7 100644 --- a/lib/dns/opensslrsa_link.c +++ b/lib/dns/opensslrsa_link.c @@ -677,23 +677,6 @@ err: return (ret); } -static bool -opensslrsa_isprivate(const dst_key_t *key) { - REQUIRE(opensslrsa_valid_key_alg(key->key_alg)); - - return (key->keydata.pkeypair.priv != NULL); -} - -static void -opensslrsa_destroy(dst_key_t *key) { - if (key->keydata.pkeypair.pub != key->keydata.pkeypair.priv) { - EVP_PKEY_free(key->keydata.pkeypair.priv); - } - EVP_PKEY_free(key->keydata.pkeypair.pub); - key->keydata.pkeypair.pub = NULL; - key->keydata.pkeypair.priv = NULL; -} - static isc_result_t opensslrsa_todns(const dst_key_t *key, isc_buffer_t *data) { isc_region_t r; @@ -1103,11 +1086,11 @@ static dst_func_t opensslrsa_functions = { opensslrsa_verify, opensslrsa_verify2, NULL, /*%< computesecret */ - dst__openssl_compare_keypair, + dst__openssl_keypair_compare, NULL, /*%< paramcompare */ opensslrsa_generate, - opensslrsa_isprivate, - opensslrsa_destroy, + dst__openssl_keypair_isprivate, + dst__openssl_keypair_destroy, opensslrsa_todns, opensslrsa_fromdns, opensslrsa_tofile,