summaryrefslogtreecommitdiffstats
path: root/contrib/bind9/lib/dns/opensslrsa_link.c
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/bind9/lib/dns/opensslrsa_link.c')
-rw-r--r--contrib/bind9/lib/dns/opensslrsa_link.c52
1 files changed, 28 insertions, 24 deletions
diff --git a/contrib/bind9/lib/dns/opensslrsa_link.c b/contrib/bind9/lib/dns/opensslrsa_link.c
index a245618..80c3f57 100644
--- a/contrib/bind9/lib/dns/opensslrsa_link.c
+++ b/contrib/bind9/lib/dns/opensslrsa_link.c
@@ -156,7 +156,8 @@ opensslrsa_createctx(dst_key_t *key, dst_context_t *dctx) {
if (!EVP_DigestInit_ex(evp_md_ctx, type, NULL)) {
EVP_MD_CTX_destroy(evp_md_ctx);
- return (ISC_R_FAILURE);
+ return (dst__openssl_toresult2("EVP_DigestInit_ex",
+ ISC_R_FAILURE));
}
dctx->ctxdata.evp_md_ctx = evp_md_ctx;
#else
@@ -304,7 +305,8 @@ opensslrsa_adddata(dst_context_t *dctx, const isc_region_t *data) {
#if USE_EVP
if (!EVP_DigestUpdate(evp_md_ctx, data->base, data->length)) {
- return (ISC_R_FAILURE);
+ return (dst__openssl_toresult2("EVP_DigestUpdate",
+ ISC_R_FAILURE));
}
#else
switch (dctx->key->key_alg) {
@@ -374,10 +376,6 @@ opensslrsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
int status;
int type = 0;
unsigned int digestlen = 0;
- char *message;
- unsigned long err;
- const char* file;
- int line;
#if OPENSSL_VERSION_NUMBER < 0x00908000L
unsigned int prefixlen = 0;
const unsigned char *prefix = NULL;
@@ -397,7 +395,8 @@ opensslrsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
return (ISC_R_NOSPACE);
if (!EVP_SignFinal(evp_md_ctx, r.base, &siglen, pkey)) {
- return (ISC_R_FAILURE);
+ return (dst__openssl_toresult2("EVP_SignFinal",
+ ISC_R_FAILURE));
}
#else
if (r.length < (unsigned int) RSA_size(rsa))
@@ -489,13 +488,9 @@ opensslrsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
INSIST(type != 0);
status = RSA_sign(type, digest, digestlen, r.base, &siglen, rsa);
#endif
- if (status == 0) {
- err = ERR_peek_error_line(&file, &line);
- if (err != 0U) {
- message = ERR_error_string(err, NULL);
- }
- return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
- }
+ if (status == 0)
+ return (dst__openssl_toresult2("RSA_sign",
+ DST_R_OPENSSLFAILURE));
#endif
isc_buffer_add(sig, siglen);
@@ -615,7 +610,9 @@ opensslrsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
original, rsa,
RSA_PKCS1_PADDING);
if (status <= 0)
- return (DST_R_VERIFYFAILURE);
+ return (dst__openssl_toresult2(
+ "RSA_public_decrypt",
+ DST_R_VERIFYFAILURE));
if (status != (int)(prefixlen + digestlen))
return (DST_R_VERIFYFAILURE);
if (memcmp(original, prefix, prefixlen))
@@ -636,7 +633,8 @@ opensslrsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
#endif
#endif
if (status != 1)
- return (dst__openssl_toresult(DST_R_VERIFYFAILURE));
+ return (dst__openssl_toresult2("RSA_verify",
+ DST_R_VERIFYFAILURE));
return (ISC_R_SUCCESS);
}
@@ -727,6 +725,7 @@ progress_cb(int p, int n, BN_GENCB *cb)
static isc_result_t
opensslrsa_generate(dst_key_t *key, int exp, void (*callback)(int)) {
#if OPENSSL_VERSION_NUMBER > 0x00908000L
+ isc_result_t ret = DST_R_OPENSSLFAILURE;
BN_GENCB cb;
union {
void *dptr;
@@ -776,6 +775,8 @@ opensslrsa_generate(dst_key_t *key, int exp, void (*callback)(int)) {
#endif
return (ISC_R_SUCCESS);
}
+ ret = dst__openssl_toresult2("RSA_generate_key_ex",
+ DST_R_OPENSSLFAILURE);
err:
#if USE_EVP
@@ -786,7 +787,7 @@ err:
BN_free(e);
if (rsa != NULL)
RSA_free(rsa);
- return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
+ return (dst__openssl_toresult(ret));
#else
RSA *rsa;
unsigned long e;
@@ -810,7 +811,8 @@ err:
#if USE_EVP
EVP_PKEY_free(pkey);
#endif
- return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
+ return (dst__openssl_toresult2("RSA_generate_key",
+ DST_R_OPENSSLFAILURE));
}
SET_FLAGS(rsa);
#if USE_EVP
@@ -1009,6 +1011,7 @@ opensslrsa_tofile(const dst_key_t *key, const char *directory) {
rsa = key->keydata.rsa;
#endif
+ memset(bufs, 0, sizeof(bufs));
for (i = 0; i < 8; i++) {
bufs[i] = isc_mem_get(key->mctx, BN_num_bytes(rsa->n));
if (bufs[i] == NULL) {
@@ -1162,7 +1165,7 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
/* read private key file */
ret = dst__privstruct_parse(key, DST_ALG_RSA, lexer, mctx, &priv);
if (ret != ISC_R_SUCCESS)
- return (ret);
+ goto err;
for (i = 0; i < priv.nelements; i++) {
switch (priv.elements[i].tag) {
@@ -1188,10 +1191,10 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
if (e == NULL)
DST_RET(DST_R_NOENGINE);
pkey = ENGINE_load_private_key(e, label, NULL, NULL);
- if (pkey == NULL) {
- /* ERR_print_errors_fp(stderr); */
- DST_RET(ISC_R_NOTFOUND);
- }
+ if (pkey == NULL)
+ DST_RET(dst__openssl_toresult2(
+ "ENGINE_load_private_key",
+ ISC_R_NOTFOUND));
key->engine = isc_mem_strdup(key->mctx, engine);
if (key->engine == NULL)
DST_RET(ISC_R_NOMEMORY);
@@ -1336,7 +1339,8 @@ opensslrsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
}
pkey = ENGINE_load_private_key(e, label, NULL, NULL);
if (pkey == NULL)
- DST_RET(ISC_R_NOTFOUND);
+ DST_RET(dst__openssl_toresult2("ENGINE_load_private_key",
+ ISC_R_NOTFOUND));
if (engine != NULL) {
key->engine = isc_mem_strdup(key->mctx, engine);
if (key->engine == NULL)
OpenPOWER on IntegriCloud