]> granicus.if.org Git - pdns/commitdiff
Add key check on `pdnsutils hsm assign`
authorRemi Gacogne <remi.gacogne@powerdns.com>
Tue, 3 May 2016 12:41:23 +0000 (14:41 +0200)
committerRemi Gacogne <remi.gacogne@powerdns.com>
Tue, 3 May 2016 12:41:23 +0000 (14:41 +0200)
pdns/pdnsutil.cc

index 96c32eef15736818c49d1a96ed47b1c03c20f7cf..cd6952e409fe0888a883d853bcd245c524349395 100644 (file)
@@ -2949,8 +2949,14 @@ loadMainConfig(g_vm["config-dir"].as<string>());
      DNSKEYRecordContent drc; 
      DNSSECPrivateKey dpk;
      dpk.d_flags = (keyOrZone ? 257 : 256);
-     dpk.setKey(shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::makeFromISCString(drc, iscString.str())));
+
+     shared_ptr<DNSCryptoKeyEngine> dke(DNSCryptoKeyEngine::makeFromISCString(drc, iscString.str()));
+     if(!dke->checkKey()) {
+       cerr << "Invalid DNS Private Key in engine " << module << " slot " << slot << std::endl;
+       return 1;
+     }
+     dpk.setKey(dke);
+
      // make sure this key isn't being reused.
      B.getDomainKeys(zone, 0, keys);
      id = -1;