upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Use MD5/SHA1 from libisc instead of dst/openssl

Browse source
This commit is contained in:
Brian Wellington 2000-06-07 17:22:31 +00:00
parent 80ee8ea28d
commit 78d14e388a
10 changed files with 117 additions and 343 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lib/dns/Makefile.in
View file

@ -43,7 +43,7 @@ CONFOBJS = config/confacl.@O@ config/confcache.@O@ config/confcommon.@O@ \
DSTOBJS = sec/dst/bsafe_link.@O@ sec/dst/dst_api.@O@ \
sec/dst/dst_parse.@O@ sec/dst/hmac_link.@O@ \
sec/dst/openssl_link.@O@ sec/dst/openssldh_link.@O@ \
sec/dst/opensslmd5_link.@O@ sec/dst/dst_result.@O@ \
sec/dst/dst_result.@O@ \
sec/dst/dst_support.@O@ sec/dst/dst_lib.@O@
OPENSSLOBJS = sec/openssl/bn_add.@O@ sec/openssl/bn_asm.@O@ \

4
lib/dns/sec/dst/Makefile.in
View file

@ -31,11 +31,11 @@ LIBS = @LIBS@
# Alphabetically
OBJS = bsafe_link.@O@ dst_api.@O@ dst_parse.@O@ hmac_link.@O@ \
openssl_link.@O@ openssldh_link.@O@ opensslmd5_link.@O@ \
openssl_link.@O@ openssldh_link.@O@ \
dst_result.@O@ dst_support.@O@ dst_lib.@O@
SRCS = bsafe_link.c dst_api.c dst_parse.c hmac_link.c \
openssl_link.c openssldh_link.c opensslmd5_link.c \
openssl_link.c openssldh_link.c \
dst_result.c dst_support.c dst_lib.c
SUBDIRS = include

58
lib/dns/sec/dst/bsafe_link.c
View file

@ -19,13 +19,14 @@
/*
* Principal Author: Brian Wellington
* $Id: bsafe_link.c,v 1.26 2000/06/06 21:58:03 bwelling Exp $
* $Id: bsafe_link.c,v 1.27 2000/06/07 17:22:22 bwelling Exp $
*/
#if defined(DNSSAFE)
#include <config.h>
#include <isc/md5.h>
#include <isc/mem.h>
#include <isc/string.h>
#include <isc/util.h>
@ -75,50 +76,46 @@ static isc_boolean_t dnssafersa_isprivate(const dst_key_t *key);
static isc_result_t
dnssafersa_createctx(dst_key_t *key, dst_context_t *dctx) {
dst_context_t *md5ctx = NULL;
isc_result_t result;
isc_md5_t *md5ctx;
UNUSED(key);
result = dst_context_create(DST_KEY_MD5, dctx->mctx, &md5ctx);
if (result != ISC_R_SUCCESS)
return (result);
md5ctx = isc_mem_get(dctx->mctx, sizeof(isc_md5_t));
isc_md5_init(md5ctx);
dctx->opaque = md5ctx;
return (ISC_R_SUCCESS);
}
static void
dnssafersa_destroyctx(dst_context_t *dctx) {
dst_context_t *md5ctx = dctx->opaque;
isc_md5_t *md5ctx = dctx->opaque;
if (md5ctx != NULL)
dst_context_destroy(&md5ctx);
if (md5ctx != NULL) {
isc_md5_invalidate(md5ctx);
isc_mem_put(dctx->mctx, md5ctx, sizeof(isc_md5_t));
dctx->opaque = NULL;
}
}
static isc_result_t
dnssafersa_adddata(dst_context_t *dctx, const isc_region_t *data) {
dst_context_t *md5ctx = dctx->opaque;
isc_md5_t *md5ctx = dctx->opaque;
return (dst_context_adddata(md5ctx, data));
isc_md5_update(md5ctx, data->base, data->length);
return (ISC_R_SUCCESS);
}
static isc_result_t
dnssafersa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
dst_context_t *md5ctx = dctx->opaque;
unsigned char digest_array[DNS_SIG_RSAMAXSIZE];
isc_buffer_t digestbuf;
isc_md5_t *md5ctx = dctx->opaque;
unsigned char digest[ISC_MD5_DIGESTLENGTH];
isc_region_t sig_region;
dst_key_t *key = dctx->key;
RSA_Key *rkey = key->opaque;
B_ALGORITHM_OBJ rsaEncryptor = (B_ALGORITHM_OBJ)NULL_PTR;
unsigned int written = 0;
isc_result_t result;
isc_buffer_init(&digestbuf, digest_array, sizeof(digest_array));
result = dst_context_digest(md5ctx, &digestbuf);
if (result != ISC_R_SUCCESS)
return (result);
isc_md5_final(md5ctx, digest);
isc_buffer_availableregion(sig, &sig_region);
if (sig_region.length * 8 < (unsigned int) key->key_size)
@ -150,9 +147,8 @@ dnssafersa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
}
if (B_EncryptUpdate(rsaEncryptor, sig_region.base, &written,
sig_region.length, isc_buffer_base(&digestbuf),
isc_buffer_usedlength(&digestbuf), NULL_PTR,
NULL_SURRENDER) != 0)
sig_region.length, digest, sizeof(digest),
NULL_PTR, NULL_SURRENDER) != 0)
goto finalfail;
if (written > 0) {
@ -179,9 +175,8 @@ dnssafersa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
static isc_result_t
dnssafersa_verify(dst_context_t *dctx, const isc_region_t *sig) {
dst_context_t *md5ctx = dctx->opaque;
unsigned char digest_array[DST_HASH_SIZE];
isc_buffer_t digestbuf;
isc_md5_t *md5ctx = dctx->opaque;
unsigned char digest[ISC_MD5_DIGESTLENGTH];
unsigned char work_area[DST_HASH_SIZE + sizeof(pkcs1)];
isc_buffer_t work;
isc_region_t work_region;
@ -189,12 +184,8 @@ dnssafersa_verify(dst_context_t *dctx, const isc_region_t *sig) {
RSA_Key *rkey = key->opaque;
B_ALGORITHM_OBJ rsaEncryptor = (B_ALGORITHM_OBJ) NULL_PTR;
unsigned int written = 0;
isc_result_t result;
isc_buffer_init(&digestbuf, digest_array, sizeof(digest_array));
result = dst_context_digest(md5ctx, &digestbuf);
if (result != ISC_R_SUCCESS)
return (result);
isc_md5_final(md5ctx, digest);
if (B_CreateAlgorithmObject(&rsaEncryptor) != 0)
return (ISC_R_NOMEMORY);
@ -229,9 +220,9 @@ dnssafersa_verify(dst_context_t *dctx, const isc_region_t *sig) {
/*
* Skip PKCS#1 header in output from Decrypt function.
*/
if (memcmp(isc_buffer_base(&digestbuf),
if (memcmp(digest,
(char *)isc_buffer_base(&work) + sizeof(pkcs1),
isc_buffer_usedlength(&digestbuf)) == 0)
sizeof(digest)) == 0)
return (ISC_R_SUCCESS);
else
return (DST_R_VERIFYFAILURE);
@ -797,7 +788,6 @@ static dst_func_t dnssafersa_functions = {
dnssafersa_adddata,
dnssafersa_sign,
dnssafersa_verify,
NULL, /* digest */
NULL, /* computesecret */
dnssafersa_compare,
NULL, /* paramcompare */

31
lib/dns/sec/dst/dst_api.c
View file

@ -19,7 +19,7 @@
/*
* Principal Author: Brian Wellington
* $Id: dst_api.c,v 1.47 2000/06/06 21:58:04 bwelling Exp $
* $Id: dst_api.c,v 1.48 2000/06/07 17:22:23 bwelling Exp $
*/
#include <config.h>
@ -54,9 +54,6 @@
#define VALID_KEY(x) ISC_MAGIC_VALID(x, KEY_MAGIC)
#define VALID_CTX(x) ISC_MAGIC_VALID(x, CTX_MAGIC)
static dst_key_t md5key;
dst_key_t *dst_key_md5 = NULL;
static dst_func_t *dst_t_func[DST_MAX_ALGS];
static isc_mem_t *dst_memory_pool = NULL;
static isc_boolean_t dst_initialized = ISC_FALSE;
@ -100,7 +97,6 @@ dst_lib_destroy() {
#ifdef OPENSSL
dst__openssldsa_destroy();
dst__openssldh_destroy();
dst__opensslmd5_destroy();
#endif
isc_mem_detach(&dst_memory_pool);
@ -195,19 +191,6 @@ dst_context_verify(dst_context_t *dctx, isc_region_t *sig) {
return (dctx->key->func->verify(dctx, sig));
}
isc_result_t
dst_context_digest(dst_context_t *dctx, isc_buffer_t *digest) {
REQUIRE(VALID_CTX(dctx));
REQUIRE(digest != NULL);
if (dst_algorithm_supported(dctx->key->key_alg) == ISC_FALSE)
return (DST_R_UNSUPPORTEDALG);
if (dctx->key->func->digest == NULL)
return (DST_R_UNSUPPORTEDALG);
return (dctx->key->func->digest(dctx, digest));
}
isc_result_t
dst_key_computesecret(const dst_key_t *pub, const dst_key_t *priv,
isc_buffer_t *secret)
@ -670,7 +653,6 @@ dst_key_sigsize(const dst_key_t *key, unsigned int *n) {
*n = 16;
break;
case DST_ALG_DH:
case DST_ALG_MD5:
default:
return (DST_R_UNSUPPORTEDALG);
}
@ -690,7 +672,6 @@ dst_key_secretsize(const dst_key_t *key, unsigned int *n) {
case DST_ALG_RSA:
case DST_ALG_DSA:
case DST_ALG_HMACMD5:
case DST_ALG_MD5:
default:
return (DST_R_UNSUPPORTEDALG);
}
@ -775,16 +756,6 @@ initialize(isc_mem_t *mctx) {
#ifdef OPENSSL
RETERR(dst__openssldsa_init(&dst_t_func[DST_ALG_DSA]));
RETERR(dst__openssldh_init(&dst_t_func[DST_ALG_DH]));
RETERR(dst__opensslmd5_init(&dst_t_func[DST_ALG_MD5]));
memset(&md5key, 0, sizeof(dst_key_t));
md5key.magic = KEY_MAGIC;
md5key.key_name = NULL;
md5key.key_alg = DST_ALG_MD5;
md5key.mctx = dst_memory_pool;
md5key.opaque = NULL;
md5key.func = dst_t_func[DST_ALG_MD5];
dst_key_md5 = &md5key;
/*
* Seed the random number generator, if necessary.

1
lib/dns/sec/dst/dst_internal.h
View file

@ -78,7 +78,6 @@ struct dst_func {
*/
isc_result_t (*sign)(dst_context_t *dctx, isc_buffer_t *sig);
isc_result_t (*verify)(dst_context_t *dctx, const isc_region_t *sig);
isc_result_t (*digest)(dst_context_t *dctx, isc_buffer_t *digest);
isc_result_t (*computesecret)(const dst_key_t *pub,
const dst_key_t *priv,
isc_buffer_t *secret);

109
lib/dns/sec/dst/hmac_link.c
View file

@ -19,11 +19,12 @@
/*
* Principal Author: Brian Wellington
* $Id: hmac_link.c,v 1.32 2000/06/06 21:58:10 bwelling Exp $
* $Id: hmac_link.c,v 1.33 2000/06/07 17:22:26 bwelling Exp $
*/
#include <config.h>
#include <isc/md5.h>
#include <isc/mem.h>
#include <isc/string.h>
#include <isc/util.h>
@ -33,8 +34,6 @@
#include "dst_internal.h"
#include "dst_parse.h"
#include <openssl/md5.h>
#define HMAC_LEN 64
#define HMAC_IPAD 0x36
#define HMAC_OPAD 0x5c
@ -47,95 +46,72 @@ typedef struct hmackey {
static isc_result_t
hmacmd5_createctx(dst_key_t *key, dst_context_t *dctx) {
dst_context_t *md5ctx = NULL;
isc_md5_t *md5ctx;
HMAC_Key *hkey = key->opaque;
unsigned char ipad[HMAC_LEN];
isc_region_t r;
isc_result_t result;
int i;
result = dst_context_create(DST_KEY_MD5, dctx->mctx, &md5ctx);
if (result != ISC_R_SUCCESS)
return (result);
md5ctx = isc_mem_get(dctx->mctx, sizeof(isc_md5_t));
if (md5ctx == NULL)
return (ISC_R_NOMEMORY);
isc_md5_init(md5ctx);
memset(ipad, HMAC_IPAD, sizeof ipad);
for (i = 0; i < HMAC_LEN; i++)
ipad[i] ^= hkey->key[i];
r.base = ipad;
r.length = HMAC_LEN;
result = dst_context_adddata(md5ctx, &r);
if (result != ISC_R_SUCCESS) {
dst_context_destroy(&md5ctx);
return (result);
}
isc_md5_update(md5ctx, ipad, HMAC_LEN);
dctx->opaque = md5ctx;
return (ISC_R_SUCCESS);
}
static void
hmacmd5_destroyctx(dst_context_t *dctx) {
dst_context_t *md5ctx = dctx->opaque;
isc_md5_t *md5ctx = dctx->opaque;
if (md5ctx != NULL)
dst_context_destroy(&md5ctx);
if (md5ctx != NULL) {
isc_md5_invalidate(md5ctx);
isc_mem_put(dctx->mctx, md5ctx, sizeof(isc_md5_t));
dctx->opaque = NULL;
}
}
static isc_result_t
hmacmd5_adddata(dst_context_t *dctx, const isc_region_t *data) {
dst_context_t *md5ctx = dctx->opaque;
isc_md5_t *md5ctx = dctx->opaque;
return (dst_context_adddata(md5ctx, data));
isc_md5_update(md5ctx, data->base, data->length);
return (ISC_R_SUCCESS);
}
static isc_result_t
hmacmd5_sign(dst_context_t *dctx, isc_buffer_t *sig) {
dst_context_t *md5ctx = dctx->opaque;
isc_md5_t *md5ctx = dctx->opaque;
dst_key_t *key = dctx->key;
HMAC_Key *hkey = key->opaque;
unsigned char opad[HMAC_LEN];
unsigned char digest[MD5_DIGEST_LENGTH];
isc_buffer_t b;
isc_region_t r;
isc_result_t result;
unsigned char digest[ISC_MD5_DIGESTLENGTH];
int i;
isc_buffer_init(&b, digest, sizeof(digest));
result = dst_context_digest(md5ctx, &b);
if (result != ISC_R_SUCCESS)
return (result);
dst_context_destroy(&md5ctx);
dctx->opaque = NULL;
result = dst_context_create(DST_KEY_MD5, dctx->mctx, &md5ctx);
if (result != ISC_R_SUCCESS)
return (result);
dctx->opaque = md5ctx;
isc_md5_final(md5ctx, digest);
memset(opad, HMAC_OPAD, sizeof opad);
for (i = 0; i < HMAC_LEN; i++)
opad[i] ^= hkey->key[i];
r.base = opad;
r.length = HMAC_LEN;
result = dst_context_adddata(md5ctx, &r);
if (result != ISC_R_SUCCESS)
return (result);
isc_md5_init(md5ctx);
isc_md5_update(md5ctx, opad, HMAC_LEN);
isc_md5_update(md5ctx, digest, ISC_MD5_DIGESTLENGTH);
isc_md5_final(md5ctx, isc_buffer_base(sig));
isc_buffer_add(sig, ISC_MD5_DIGESTLENGTH);
isc_buffer_usedregion(&b, &r);
result = dst_context_adddata(md5ctx, &r);
if (result != ISC_R_SUCCESS)
return (result);
result = dst_context_digest(md5ctx, sig);
return (result);
return (ISC_R_SUCCESS);
}
static isc_result_t
hmacmd5_verify(dst_context_t *dctx, const isc_region_t *sig) {
isc_result_t result;
unsigned char digest[MD5_DIGEST_LENGTH];
unsigned char digest[ISC_MD5_DIGESTLENGTH];
isc_buffer_t b;
if (sig->length < MD5_DIGEST_LENGTH)
if (sig->length < ISC_MD5_DIGESTLENGTH)
return (DST_R_VERIFYFAILURE);
isc_buffer_init(&b, digest, sizeof(digest));
@ -143,7 +119,7 @@ hmacmd5_verify(dst_context_t *dctx, const isc_region_t *sig) {
if (result != ISC_R_SUCCESS)
return (result);
if (memcmp(digest, sig->base, MD5_DIGEST_LENGTH) != 0)
if (memcmp(digest, sig->base, ISC_MD5_DIGESTLENGTH) != 0)
return (DST_R_VERIFYFAILURE);
return (ISC_R_SUCCESS);
@ -228,10 +204,8 @@ static isc_result_t
hmacmd5_fromdns(dst_key_t *key, isc_buffer_t *data) {
HMAC_Key *hkey;
int keylen;
isc_buffer_t b;
isc_region_t r;
isc_result_t result;
dst_context_t *md5ctx = NULL;
isc_md5_t md5ctx;
isc_buffer_remainingregion(data, &r);
if (r.length == 0)
@ -244,18 +218,10 @@ hmacmd5_fromdns(dst_key_t *key, isc_buffer_t *data) {
memset(hkey->key, 0, sizeof(hkey->key));
if (r.length > HMAC_LEN) {
isc_buffer_init(&b, hkey->key, HMAC_LEN);
result = dst_context_create(DST_KEY_MD5, key->mctx, &md5ctx);
if (result != ISC_R_SUCCESS)
goto fail;
result = dst_context_adddata(md5ctx, &r);
if (result != ISC_R_SUCCESS)
goto fail;
result = dst_context_digest(md5ctx, &b);
if (result != ISC_R_SUCCESS)
goto fail;
dst_context_destroy(&md5ctx);
keylen = MD5_DIGEST_LENGTH;
isc_md5_init(&md5ctx);
isc_md5_update(&md5ctx, r.base, r.length);
isc_md5_final(&md5ctx, hkey->key);
keylen = ISC_MD5_DIGESTLENGTH;
}
else {
memcpy(hkey->key, r.base, r.length);
@ -267,12 +233,6 @@ hmacmd5_fromdns(dst_key_t *key, isc_buffer_t *data) {
key->opaque = hkey;
return (ISC_R_SUCCESS);
fail:
if (md5ctx != NULL)
dst_context_destroy(&md5ctx);
isc_mem_put(key->mctx, hkey, sizeof(HMAC_Key));
return (result);
}
static isc_result_t
@ -320,7 +280,6 @@ static dst_func_t hmacmd5_functions = {
hmacmd5_adddata,
hmacmd5_sign,
hmacmd5_verify,
NULL, /* digest */
NULL, /* computesecret */
hmacmd5_compare,
NULL, /* paramcompare */

29
lib/dns/sec/dst/include/dst/dst.h
View file

@ -27,10 +27,9 @@ typedef struct dst_context dst_context_t;
#define DST_ALG_DH 2
#define DST_ALG_DSA 3
#define DST_ALG_HMACMD5 157
#define DST_ALG_MD5 158
#define DST_ALG_PRIVATE 254
#define DST_ALG_EXPAND 255
#define DST_MAX_ALGS (DST_ALG_MD5 + 1)
#define DST_MAX_ALGS (DST_ALG_HMACMD5 + 1)
/* A buffer of this size is large enough to hold any key */
#define DST_KEY_MAXSIZE 1024
@ -39,9 +38,6 @@ typedef struct dst_context dst_context_t;
#define DST_TYPE_PRIVATE 0x2000000
#define DST_TYPE_PUBLIC 0x4000000
extern dst_key_t *dst_key_md5;
#define DST_KEY_MD5 dst_key_md5
/***
*** Functions
***/
@ -83,7 +79,7 @@ dst_algorithm_supported(const unsigned int alg);
isc_result_t
dst_context_create(dst_key_t *key, isc_mem_t *mctx, dst_context_t **dctxp);
/*
* Creates a context to be used for a sign, verify, or digest operation.
* Creates a context to be used for a sign or verify operation.
*
* Requires:
* "key" is a valid key.
@ -113,8 +109,8 @@ dst_context_destroy(dst_context_t **dctxp);
isc_result_t
dst_context_adddata(dst_context_t *dctx, const isc_region_t *data);
/*
* Incrementally adds data to the context to be used in a sign, verify, or
* digest operation.
* Incrementally adds data to the context to be used in a sign or verify
* operation.
*
* Requires:
* "dctx" is a valid context
@ -161,23 +157,6 @@ dst_context_verify(dst_context_t *dctx, isc_region_t *sig);
* "sig" will contain the signature
*/
isc_result_t
dst_context_digest(dst_context_t *dctx, isc_buffer_t *digest);
/*
* Digests the data stored in the context.
*
* Requires:
* "dctx" is a valid context.
* "sig" is a valid buffer.
*
* Returns:
* ISC_R_SUCCESS
* all other errors indicate failure
*
* Ensures:
* "digest" will contain the digest
*/
isc_result_t
dst_key_computesecret(const dst_key_t *pub, const dst_key_t *priv,
isc_buffer_t *secret);

114
lib/dns/sec/dst/openssl_link.c
View file

@ -19,13 +19,14 @@
/*
* Principal Author: Brian Wellington
* $Id: openssl_link.c,v 1.26 2000/06/06 21:58:11 bwelling Exp $
* $Id: openssl_link.c,v 1.27 2000/06/07 17:22:27 bwelling Exp $
*/
#if defined(OPENSSL)
#include <config.h>
#include <isc/mem.h>
#include <isc/sha1.h>
#include <isc/string.h>
#include <isc/util.h>
@ -35,40 +36,37 @@
#include "dst_parse.h"
#include <openssl/dsa.h>
#include <openssl/sha.h>
static isc_result_t openssldsa_todns(const dst_key_t *key, isc_buffer_t *data);
static isc_result_t
openssldsa_createctx(dst_key_t *key, dst_context_t *dctx) {
SHA_CTX *ctx;
isc_sha1_t *sha1ctx;
UNUSED(key);
ctx = isc_mem_get(dctx->mctx, sizeof(SHA_CTX));
if (ctx == NULL)
return (ISC_R_NOMEMORY);
SHA1_Init(ctx);
dctx->opaque = ctx;
sha1ctx = isc_mem_get(dctx->mctx, sizeof(isc_sha1_t));
isc_sha1_init(sha1ctx);
dctx->opaque = sha1ctx;
return (ISC_R_SUCCESS);
}
static void
openssldsa_destroyctx(dst_context_t *dctx) {
SHA_CTX *ctx = dctx->opaque;
isc_sha1_t *sha1ctx = dctx->opaque;
if (ctx != NULL) {
unsigned char digest[SHA_DIGEST_LENGTH];
SHA1_Final(digest, ctx);
isc_mem_put(dctx->mctx, ctx, sizeof(SHA_CTX));
if (sha1ctx != NULL) {
isc_sha1_invalidate(sha1ctx);
isc_mem_put(dctx->mctx, sha1ctx, sizeof(isc_sha1_t));
dctx->opaque = NULL;
}
}
static isc_result_t
openssldsa_adddata(dst_context_t *dctx, const isc_region_t *data) {
SHA_CTX *ctx = dctx->opaque;
isc_sha1_t *sha1ctx = dctx->opaque;
SHA1_Update(ctx, data->base, data->length);
isc_sha1_update(sha1ctx, data->base, data->length);
return (ISC_R_SUCCESS);
}
@ -83,69 +81,57 @@ BN_bn2bin_fixed(BIGNUM *bn, unsigned char *buf, int size) {
static isc_result_t
openssldsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
isc_region_t r;
dst_key_t *key;
SHA_CTX *ctx;
DSA *dsa;
isc_sha1_t *sha1ctx = dctx->opaque;
dst_key_t *key = dctx->key;
DSA *dsa = key->opaque;
DSA_SIG *dsasig;
unsigned char digest[SHA_DIGEST_LENGTH];
isc_region_t r;
unsigned char digest[ISC_SHA1_DIGESTLENGTH];
isc_buffer_availableregion(sig, &r);
if (r.length < SHA_DIGEST_LENGTH * 2 + 1)
if (r.length < ISC_SHA1_DIGESTLENGTH * 2 + 1)
return (ISC_R_NOSPACE);
ctx = dctx->opaque;
key = dctx->key;
dsa = key->opaque;
isc_sha1_final(sha1ctx, digest);
SHA1_Final(digest, ctx);
isc_mem_put(dctx->mctx, ctx, sizeof(SHA_CTX));
dctx->opaque = NULL;
dsasig = DSA_do_sign(digest, SHA_DIGEST_LENGTH, dsa);
dsasig = DSA_do_sign(digest, ISC_SHA1_DIGESTLENGTH, dsa);
if (dsasig == NULL)
return (DST_R_SIGNFAILURE);
*r.base++ = (key->key_size - 512)/64;
BN_bn2bin_fixed(dsasig->r, r.base, SHA_DIGEST_LENGTH);
r.base += SHA_DIGEST_LENGTH;
BN_bn2bin_fixed(dsasig->s, r.base, SHA_DIGEST_LENGTH);
r.base += SHA_DIGEST_LENGTH;
BN_bn2bin_fixed(dsasig->r, r.base, ISC_SHA1_DIGESTLENGTH);
r.base += ISC_SHA1_DIGESTLENGTH;
BN_bn2bin_fixed(dsasig->s, r.base, ISC_SHA1_DIGESTLENGTH);
r.base += ISC_SHA1_DIGESTLENGTH;
DSA_SIG_free(dsasig);
isc_buffer_add(sig, SHA_DIGEST_LENGTH * 2 + 1);
isc_buffer_add(sig, ISC_SHA1_DIGESTLENGTH * 2 + 1);
return (ISC_R_SUCCESS);
}
static isc_result_t
openssldsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
int status = 0;
dst_key_t *key;
SHA_CTX *ctx;
DSA *dsa;
isc_sha1_t *sha1ctx = dctx->opaque;
dst_key_t *key = dctx->key;
DSA *dsa = key->opaque;
DSA_SIG *dsasig;
unsigned char digest[SHA_DIGEST_LENGTH];
int status = 0;
unsigned char digest[ISC_SHA1_DIGESTLENGTH];
unsigned char *cp = sig->base;
ctx = dctx->opaque;
key = dctx->key;
dsa = key->opaque;
isc_sha1_final(sha1ctx, digest);
SHA1_Final(digest, ctx);
isc_mem_put(dctx->mctx, ctx, sizeof(SHA_CTX));
dctx->opaque = NULL;
if (sig->length < 2 * SHA_DIGEST_LENGTH + 1)
if (sig->length < 2 * ISC_SHA1_DIGESTLENGTH + 1)
return (DST_R_VERIFYFAILURE);
cp++; /* Skip T */
dsasig = DSA_SIG_new();
dsasig->r = BN_bin2bn(cp, SHA_DIGEST_LENGTH, NULL);
cp += SHA_DIGEST_LENGTH;
dsasig->s = BN_bin2bn(cp, SHA_DIGEST_LENGTH, NULL);
cp += SHA_DIGEST_LENGTH;
dsasig->r = BN_bin2bn(cp, ISC_SHA1_DIGESTLENGTH, NULL);
cp += ISC_SHA1_DIGESTLENGTH;
dsasig->s = BN_bin2bn(cp, ISC_SHA1_DIGESTLENGTH, NULL);
cp += ISC_SHA1_DIGESTLENGTH;
status = DSA_do_verify(digest, SHA_DIGEST_LENGTH, dsasig, dsa);
status = DSA_do_verify(digest, ISC_SHA1_DIGESTLENGTH, dsasig, dsa);
DSA_SIG_free(dsasig);
if (status == 0)
return (DST_R_VERIFYFAILURE);
@ -187,7 +173,7 @@ static isc_result_t
openssldsa_generate(dst_key_t *key, int unused) {
DSA *dsa;
unsigned char dns_array[DST_KEY_MAXSIZE];
unsigned char rand_array[SHA_DIGEST_LENGTH];
unsigned char rand_array[ISC_SHA1_DIGESTLENGTH];
isc_buffer_t dns, rand;
isc_result_t result;
isc_region_t r;
@ -195,12 +181,12 @@ openssldsa_generate(dst_key_t *key, int unused) {
UNUSED(unused);
isc_buffer_init(&rand, rand_array, sizeof(rand_array));
result = dst_random_get(SHA_DIGEST_LENGTH, &rand);
result = dst_random_get(ISC_SHA1_DIGESTLENGTH, &rand);
if (result != ISC_R_SUCCESS)
return (result);
dsa = DSA_generate_parameters(key->key_size, rand_array,
SHA_DIGEST_LENGTH, NULL, NULL,
ISC_SHA1_DIGESTLENGTH, NULL, NULL,
NULL, NULL);
if (dsa == NULL)
@ -256,13 +242,13 @@ openssldsa_todns(const dst_key_t *key, isc_buffer_t *data) {
return (DST_R_INVALIDPUBLICKEY);
p_bytes = 64 + 8 * t;
dnslen = 1 + (key->key_size * 3)/8 + SHA_DIGEST_LENGTH;
dnslen = 1 + (key->key_size * 3)/8 + ISC_SHA1_DIGESTLENGTH;
if (r.length < (unsigned int) dnslen)
return (ISC_R_NOSPACE);
*r.base++ = t;
BN_bn2bin_fixed(dsa->q, r.base, SHA_DIGEST_LENGTH);
r.base += SHA_DIGEST_LENGTH;
BN_bn2bin_fixed(dsa->q, r.base, ISC_SHA1_DIGESTLENGTH);
r.base += ISC_SHA1_DIGESTLENGTH;
BN_bn2bin_fixed(dsa->p, r.base, key->key_size/8);
r.base += p_bytes;
BN_bn2bin_fixed(dsa->g, r.base, key->key_size/8);
@ -299,13 +285,13 @@ openssldsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
}
p_bytes = 64 + 8 * t;
if (r.length < 1 + SHA_DIGEST_LENGTH + 3 * p_bytes) {
if (r.length < 1 + ISC_SHA1_DIGESTLENGTH + 3 * p_bytes) {
DSA_free(dsa);
return (DST_R_INVALIDPUBLICKEY);
}
dsa->q = BN_bin2bn(r.base, SHA_DIGEST_LENGTH, NULL);
r.base += SHA_DIGEST_LENGTH;
dsa->q = BN_bin2bn(r.base, ISC_SHA1_DIGESTLENGTH, NULL);
r.base += ISC_SHA1_DIGESTLENGTH;
dsa->p = BN_bin2bn(r.base, p_bytes, NULL);
r.base += p_bytes;
@ -317,10 +303,11 @@ openssldsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
r.base += p_bytes;
isc_buffer_remainingregion(data, &r);
key->key_id = dst__id_calc(r.base, 1 + SHA_DIGEST_LENGTH + 3 * p_bytes);
key->key_id = dst__id_calc(r.base, 1 + ISC_SHA1_DIGESTLENGTH +
3 * p_bytes);
key->key_size = p_bytes * 8;
isc_buffer_forward(data, 1 + SHA_DIGEST_LENGTH + 3 * p_bytes);
isc_buffer_forward(data, 1 + ISC_SHA1_DIGESTLENGTH + 3 * p_bytes);
key->opaque = (void *) dsa;
@ -450,7 +437,6 @@ static dst_func_t openssldsa_functions = {
openssldsa_adddata,
openssldsa_sign,
openssldsa_verify,
NULL, /* digest */
NULL, /* computesecret */
openssldsa_compare,
NULL, /* paramcompare */

3
lib/dns/sec/dst/openssldh_link.c
View file

@ -19,7 +19,7 @@
/*
* Principal Author: Brian Wellington
* $Id: openssldh_link.c,v 1.20 2000/06/06 21:58:12 bwelling Exp $
* $Id: openssldh_link.c,v 1.21 2000/06/07 17:22:29 bwelling Exp $
*/
#if defined(OPENSSL)
@ -537,7 +537,6 @@ static dst_func_t openssldh_functions = {
NULL, /* adddata */
NULL, /* openssldh_sign */
NULL, /* openssldh_verify */
NULL, /* digest */
openssldh_computesecret,
openssldh_compare,
openssldh_paramcompare,

109
lib/dns/sec/dst/opensslmd5_link.c
View file

@ -1,109 +0,0 @@
/*
* Portions Copyright (c) 1995-1998 by Network Associates, Inc.
* Portions Copyright (C) 1999, 2000 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM AND
* NETWORK ASSOCIATES DISCLAIM ALL WARRANTIES WITH REGARD TO THIS
* SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
* FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE CONSORTIUM OR NETWORK
* ASSOCIATES BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
* CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
* USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
* OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
/*
* Principal Author: Brian Wellington
* $Id: opensslmd5_link.c,v 1.10 2000/06/06 21:58:13 bwelling Exp $
*/
#if defined(OPENSSL)
#include <config.h>
#include <isc/mem.h>
#include <isc/util.h>
#include "dst_internal.h"
#include <openssl/md5.h>
static isc_result_t
opensslmd5_createctx(dst_key_t *key, dst_context_t *dctx) {
MD5_CTX *ctx;
UNUSED(key);
ctx = isc_mem_get(dctx->mctx, sizeof(MD5_CTX));
if (ctx == NULL)
return (ISC_R_NOMEMORY);
MD5_Init(ctx);
dctx->opaque = ctx;
return (ISC_R_SUCCESS);
}
static void
opensslmd5_destroyctx(dst_context_t *dctx) {
MD5_CTX *ctx = dctx->opaque;
isc_mem_put(dctx->mctx, ctx, sizeof(MD5_CTX));
}
static isc_result_t
opensslmd5_adddata(dst_context_t *dctx, const isc_region_t *data) {
MD5_CTX *ctx = dctx->opaque;
MD5_Update(ctx, data->base, data->length);
return (ISC_R_SUCCESS);
}
static isc_result_t
opensslmd5_digest(dst_context_t *dctx, isc_buffer_t *digest) {
MD5_CTX *ctx = dctx->opaque;
isc_region_t r;
isc_buffer_availableregion(digest, &r);
if (r.length < MD5_DIGEST_LENGTH)
return (ISC_R_NOSPACE);
MD5_Final(r.base, ctx);
isc_buffer_add(digest, MD5_DIGEST_LENGTH);
return (ISC_R_SUCCESS);
}
static dst_func_t opensslmd5_functions = {
opensslmd5_createctx,
opensslmd5_destroyctx,
opensslmd5_adddata,
NULL, /* openssldsa_sign */
NULL, /* openssldsa_verify */
opensslmd5_digest,
NULL, /* computesecret */
NULL, /* compare */
NULL, /* paramcompare */
NULL, /* generate */
NULL, /* isprivate */
NULL, /* destroy */
NULL, /* todns */
NULL, /* fromdns */
NULL, /* tofile */
NULL, /* fromfile */
};
isc_result_t
dst__opensslmd5_init(dst_func_t **funcp) {
REQUIRE(funcp != NULL && *funcp == NULL);
*funcp = &opensslmd5_functions;
return (ISC_R_SUCCESS);
}
void
dst__opensslmd5_destroy(void) {
}
#endif /* OPENSSL */