aboutsummaryrefslogtreecommitdiffstats
path: root/lib/dns/opensslrsa_link.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/dns/opensslrsa_link.c')
-rw-r--r--lib/dns/opensslrsa_link.c52
1 files changed, 28 insertions, 24 deletions
diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c
index 02923978fddc..fb35ce8813d9 100644
--- a/lib/dns/opensslrsa_link.c
+++ b/lib/dns/opensslrsa_link.c
@@ -155,7 +155,8 @@ opensslrsa_createctx(dst_key_t *key, dst_context_t *dctx) {
if (!EVP_DigestInit_ex(evp_md_ctx, type, NULL)) {
EVP_MD_CTX_destroy(evp_md_ctx);
- return (ISC_R_FAILURE);
+ return (dst__openssl_toresult2("EVP_DigestInit_ex",
+ ISC_R_FAILURE));
}
dctx->ctxdata.evp_md_ctx = evp_md_ctx;
#else
@@ -303,7 +304,8 @@ opensslrsa_adddata(dst_context_t *dctx, const isc_region_t *data) {
#if USE_EVP
if (!EVP_DigestUpdate(evp_md_ctx, data->base, data->length)) {
- return (ISC_R_FAILURE);
+ return (dst__openssl_toresult2("EVP_DigestUpdate",
+ ISC_R_FAILURE));
}
#else
switch (dctx->key->key_alg) {
@@ -373,10 +375,6 @@ opensslrsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
int status = 0;
int type = 0;
unsigned int digestlen = 0;
- char *message;
- unsigned long err;
- const char* file;
- int line;
#if OPENSSL_VERSION_NUMBER < 0x00908000L
unsigned int prefixlen = 0;
const unsigned char *prefix = NULL;
@@ -396,7 +394,8 @@ opensslrsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
return (ISC_R_NOSPACE);
if (!EVP_SignFinal(evp_md_ctx, r.base, &siglen, pkey)) {
- return (ISC_R_FAILURE);
+ return (dst__openssl_toresult2("EVP_SignFinal",
+ ISC_R_FAILURE));
}
#else
if (r.length < (unsigned int) RSA_size(rsa))
@@ -488,13 +487,9 @@ opensslrsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
INSIST(type != 0);
status = RSA_sign(type, digest, digestlen, r.base, &siglen, rsa);
#endif
- if (status == 0) {
- err = ERR_peek_error_line(&file, &line);
- if (err != 0U) {
- message = ERR_error_string(err, NULL);
- }
- return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
- }
+ if (status == 0)
+ return (dst__openssl_toresult2("RSA_sign",
+ DST_R_OPENSSLFAILURE));
#endif
isc_buffer_add(sig, siglen);
@@ -614,7 +609,9 @@ opensslrsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
original, rsa,
RSA_PKCS1_PADDING);
if (status <= 0)
- return (DST_R_VERIFYFAILURE);
+ return (dst__openssl_toresult2(
+ "RSA_public_decrypt",
+ DST_R_VERIFYFAILURE));
if (status != (int)(prefixlen + digestlen))
return (DST_R_VERIFYFAILURE);
if (memcmp(original, prefix, prefixlen))
@@ -635,7 +632,8 @@ opensslrsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
#endif
#endif
if (status != 1)
- return (dst__openssl_toresult(DST_R_VERIFYFAILURE));
+ return (dst__openssl_toresult2("RSA_verify",
+ DST_R_VERIFYFAILURE));
return (ISC_R_SUCCESS);
}
@@ -708,6 +706,7 @@ opensslrsa_compare(const dst_key_t *key1, const dst_key_t *key2) {
static isc_result_t
opensslrsa_generate(dst_key_t *key, int exp) {
#if OPENSSL_VERSION_NUMBER > 0x00908000L
+ isc_result_t ret = DST_R_OPENSSLFAILURE;
BN_GENCB cb;
RSA *rsa = RSA_new();
BIGNUM *e = BN_new();
@@ -748,6 +747,8 @@ opensslrsa_generate(dst_key_t *key, int exp) {
#endif
return (ISC_R_SUCCESS);
}
+ ret = dst__openssl_toresult2("RSA_generate_key_ex",
+ DST_R_OPENSSLFAILURE);
err:
#if USE_EVP
@@ -758,7 +759,7 @@ err:
BN_free(e);
if (rsa != NULL)
RSA_free(rsa);
- return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
+ return (dst__openssl_toresult(ret));
#else
RSA *rsa;
unsigned long e;
@@ -778,7 +779,8 @@ err:
#if USE_EVP
EVP_PKEY_free(pkey);
#endif
- return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
+ return (dst__openssl_toresult2("RSA_generate_key",
+ DST_R_OPENSSLFAILURE));
}
SET_FLAGS(rsa);
#if USE_EVP
@@ -977,6 +979,7 @@ opensslrsa_tofile(const dst_key_t *key, const char *directory) {
rsa = key->keydata.rsa;
#endif
+ memset(bufs, 0, sizeof(bufs));
for (i = 0; i < 8; i++) {
bufs[i] = isc_mem_get(key->mctx, BN_num_bytes(rsa->n));
if (bufs[i] == NULL) {
@@ -1093,7 +1096,7 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer) {
/* read private key file */
ret = dst__privstruct_parse(key, DST_ALG_RSA, lexer, mctx, &priv);
if (ret != ISC_R_SUCCESS)
- return (ret);
+ goto err;
for (i = 0; i < priv.nelements; i++) {
switch (priv.elements[i].tag) {
@@ -1119,10 +1122,10 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer) {
if (e == NULL)
DST_RET(DST_R_NOENGINE);
pkey = ENGINE_load_private_key(e, label, NULL, NULL);
- if (pkey == NULL) {
- /* ERR_print_errors_fp(stderr); */
- DST_RET(ISC_R_NOTFOUND);
- }
+ if (pkey == NULL)
+ DST_RET(dst__openssl_toresult2(
+ "ENGINE_load_private_key",
+ ISC_R_NOTFOUND));
key->engine = isc_mem_strdup(key->mctx, name);
if (key->engine == NULL)
DST_RET(ISC_R_NOMEMORY);
@@ -1243,7 +1246,8 @@ opensslrsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
DST_RET(DST_R_NOENGINE);
pkey = ENGINE_load_private_key(e, label, NULL, NULL);
if (pkey == NULL)
- DST_RET(ISC_R_NOTFOUND);
+ DST_RET(dst__openssl_toresult2("ENGINE_load_private_key",
+ ISC_R_NOTFOUND));
key->engine = isc_mem_strdup(key->mctx, label);
if (key->engine == NULL)
DST_RET(ISC_R_NOMEMORY);