Commit 1d11013a authored by Mark Andrews's avatar Mark Andrews
Browse files

Merge branch '2315-bind-9-11-22-9-11-25-fails-to-build-for-aep-hsm-native-pkcs11' into 'main'

Resolve "BIND 9.11.22 - 9.11.25 fails to build for AEP HSM native pkcs11"

Closes #2315

See merge request !4441
parents 90298dfc 356243aa
Pipeline #58204 passed with stages
in 1 minute and 59 seconds
5540. [port] Fix building with native PKCS#11 support for AEP Keyper.
[GL #2315]
5539. [bug] Tighten handling of missing DNS COOKIE responses over
UDP by falling back to TCP. [GL #2275]
......
......@@ -49,3 +49,6 @@ Bug Fixes
- Tighten handling of missing DNS COOKIE responses over UDP by
falling back to TCP. [GL #2275]
- Building with native PKCS#11 support for AEP Keyper has been broken
since BIND 9.17.4. This has been fixed. [GL #2315]
......@@ -336,6 +336,8 @@ pkcs11rsa_createctx_verify(dst_key_t *key, unsigned int maxbits,
for (attr = pk11_attribute_first(rsa); attr != NULL;
attr = pk11_attribute_next(rsa, attr))
{
unsigned int bits;
switch (attr->type) {
case CKA_MODULUS:
INSIST(keyTemplate[5].type == attr->type);
......@@ -352,7 +354,6 @@ pkcs11rsa_createctx_verify(dst_key_t *key, unsigned int maxbits,
memmove(keyTemplate[6].pValue, attr->pValue,
attr->ulValueLen);
keyTemplate[6].ulValueLen = attr->ulValueLen;
unsigned int bits;
ret = pk11_numbits(attr->pValue, attr->ulValueLen,
&bits);
if (ret != ISC_R_SUCCESS ||
......@@ -952,6 +953,9 @@ pkcs11rsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
for (attr = pk11_attribute_first(rsa); attr != NULL;
attr = pk11_attribute_next(rsa, attr))
{
unsigned int bits;
switch (attr->type) {
case CKA_MODULUS:
INSIST(keyTemplate[5].type == attr->type);
......@@ -962,7 +966,6 @@ pkcs11rsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
keyTemplate[5].ulValueLen = attr->ulValueLen;
break;
case CKA_PUBLIC_EXPONENT:
unsigned int bits;
INSIST(keyTemplate[6].type == attr->type);
keyTemplate[6].pValue = isc_mem_get(dctx->mctx,
attr->ulValueLen);
......@@ -977,6 +980,7 @@ pkcs11rsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
}
break;
}
}
pk11_ctx->object = CK_INVALID_HANDLE;
pk11_ctx->ontoken = false;
PK11_RET(pkcs_C_CreateObject,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment