From 78d14e388a4cdc0ac25ddb1aa131f0871fafa04d Mon Sep 17 00:00:00 2001 From: Brian Wellington Date: Wed, 7 Jun 2000 17:22:31 +0000 Subject: [PATCH] Use MD5/SHA1 from libisc instead of dst/openssl --- lib/dns/Makefile.in | 2 +- lib/dns/sec/dst/Makefile.in | 4 +- lib/dns/sec/dst/bsafe_link.c | 58 +++++++-------- lib/dns/sec/dst/dst_api.c | 31 +------- lib/dns/sec/dst/dst_internal.h | 1 - lib/dns/sec/dst/hmac_link.c | 109 +++++++++------------------- lib/dns/sec/dst/include/dst/dst.h | 29 ++------ lib/dns/sec/dst/openssl_link.c | 114 +++++++++++++----------------- lib/dns/sec/dst/openssldh_link.c | 3 +- lib/dns/sec/dst/opensslmd5_link.c | 109 ---------------------------- 10 files changed, 117 insertions(+), 343 deletions(-) delete mode 100644 lib/dns/sec/dst/opensslmd5_link.c diff --git a/lib/dns/Makefile.in b/lib/dns/Makefile.in index 18213ca3da..da21eef899 100644 --- a/lib/dns/Makefile.in +++ b/lib/dns/Makefile.in @@ -43,7 +43,7 @@ CONFOBJS = config/confacl.@O@ config/confcache.@O@ config/confcommon.@O@ \ DSTOBJS = sec/dst/bsafe_link.@O@ sec/dst/dst_api.@O@ \ sec/dst/dst_parse.@O@ sec/dst/hmac_link.@O@ \ sec/dst/openssl_link.@O@ sec/dst/openssldh_link.@O@ \ - sec/dst/opensslmd5_link.@O@ sec/dst/dst_result.@O@ \ + sec/dst/dst_result.@O@ \ sec/dst/dst_support.@O@ sec/dst/dst_lib.@O@ OPENSSLOBJS = sec/openssl/bn_add.@O@ sec/openssl/bn_asm.@O@ \ diff --git a/lib/dns/sec/dst/Makefile.in b/lib/dns/sec/dst/Makefile.in index 9c00156fc7..1023db2f9d 100644 --- a/lib/dns/sec/dst/Makefile.in +++ b/lib/dns/sec/dst/Makefile.in @@ -31,11 +31,11 @@ LIBS = @LIBS@ # Alphabetically OBJS = bsafe_link.@O@ dst_api.@O@ dst_parse.@O@ hmac_link.@O@ \ - openssl_link.@O@ openssldh_link.@O@ opensslmd5_link.@O@ \ + openssl_link.@O@ openssldh_link.@O@ \ dst_result.@O@ dst_support.@O@ dst_lib.@O@ SRCS = bsafe_link.c dst_api.c dst_parse.c hmac_link.c \ - openssl_link.c openssldh_link.c opensslmd5_link.c \ + openssl_link.c openssldh_link.c \ dst_result.c dst_support.c dst_lib.c SUBDIRS = include diff --git a/lib/dns/sec/dst/bsafe_link.c b/lib/dns/sec/dst/bsafe_link.c index 12498fc6f4..5a55ff7baf 100644 --- a/lib/dns/sec/dst/bsafe_link.c +++ b/lib/dns/sec/dst/bsafe_link.c @@ -19,13 +19,14 @@ /* * Principal Author: Brian Wellington - * $Id: bsafe_link.c,v 1.26 2000/06/06 21:58:03 bwelling Exp $ + * $Id: bsafe_link.c,v 1.27 2000/06/07 17:22:22 bwelling Exp $ */ #if defined(DNSSAFE) #include +#include #include #include #include @@ -75,50 +76,46 @@ static isc_boolean_t dnssafersa_isprivate(const dst_key_t *key); static isc_result_t dnssafersa_createctx(dst_key_t *key, dst_context_t *dctx) { - dst_context_t *md5ctx = NULL; - isc_result_t result; + isc_md5_t *md5ctx; UNUSED(key); - result = dst_context_create(DST_KEY_MD5, dctx->mctx, &md5ctx); - if (result != ISC_R_SUCCESS) - return (result); - + md5ctx = isc_mem_get(dctx->mctx, sizeof(isc_md5_t)); + isc_md5_init(md5ctx); dctx->opaque = md5ctx; return (ISC_R_SUCCESS); } static void dnssafersa_destroyctx(dst_context_t *dctx) { - dst_context_t *md5ctx = dctx->opaque; + isc_md5_t *md5ctx = dctx->opaque; - if (md5ctx != NULL) - dst_context_destroy(&md5ctx); + if (md5ctx != NULL) { + isc_md5_invalidate(md5ctx); + isc_mem_put(dctx->mctx, md5ctx, sizeof(isc_md5_t)); + dctx->opaque = NULL; + } } static isc_result_t dnssafersa_adddata(dst_context_t *dctx, const isc_region_t *data) { - dst_context_t *md5ctx = dctx->opaque; + isc_md5_t *md5ctx = dctx->opaque; - return (dst_context_adddata(md5ctx, data)); + isc_md5_update(md5ctx, data->base, data->length); + return (ISC_R_SUCCESS); } static isc_result_t dnssafersa_sign(dst_context_t *dctx, isc_buffer_t *sig) { - dst_context_t *md5ctx = dctx->opaque; - unsigned char digest_array[DNS_SIG_RSAMAXSIZE]; - isc_buffer_t digestbuf; + isc_md5_t *md5ctx = dctx->opaque; + unsigned char digest[ISC_MD5_DIGESTLENGTH]; isc_region_t sig_region; dst_key_t *key = dctx->key; RSA_Key *rkey = key->opaque; B_ALGORITHM_OBJ rsaEncryptor = (B_ALGORITHM_OBJ)NULL_PTR; unsigned int written = 0; - isc_result_t result; - isc_buffer_init(&digestbuf, digest_array, sizeof(digest_array)); - result = dst_context_digest(md5ctx, &digestbuf); - if (result != ISC_R_SUCCESS) - return (result); + isc_md5_final(md5ctx, digest); isc_buffer_availableregion(sig, &sig_region); if (sig_region.length * 8 < (unsigned int) key->key_size) @@ -150,9 +147,8 @@ dnssafersa_sign(dst_context_t *dctx, isc_buffer_t *sig) { } if (B_EncryptUpdate(rsaEncryptor, sig_region.base, &written, - sig_region.length, isc_buffer_base(&digestbuf), - isc_buffer_usedlength(&digestbuf), NULL_PTR, - NULL_SURRENDER) != 0) + sig_region.length, digest, sizeof(digest), + NULL_PTR, NULL_SURRENDER) != 0) goto finalfail; if (written > 0) { @@ -179,9 +175,8 @@ dnssafersa_sign(dst_context_t *dctx, isc_buffer_t *sig) { static isc_result_t dnssafersa_verify(dst_context_t *dctx, const isc_region_t *sig) { - dst_context_t *md5ctx = dctx->opaque; - unsigned char digest_array[DST_HASH_SIZE]; - isc_buffer_t digestbuf; + isc_md5_t *md5ctx = dctx->opaque; + unsigned char digest[ISC_MD5_DIGESTLENGTH]; unsigned char work_area[DST_HASH_SIZE + sizeof(pkcs1)]; isc_buffer_t work; isc_region_t work_region; @@ -189,12 +184,8 @@ dnssafersa_verify(dst_context_t *dctx, const isc_region_t *sig) { RSA_Key *rkey = key->opaque; B_ALGORITHM_OBJ rsaEncryptor = (B_ALGORITHM_OBJ) NULL_PTR; unsigned int written = 0; - isc_result_t result; - isc_buffer_init(&digestbuf, digest_array, sizeof(digest_array)); - result = dst_context_digest(md5ctx, &digestbuf); - if (result != ISC_R_SUCCESS) - return (result); + isc_md5_final(md5ctx, digest); if (B_CreateAlgorithmObject(&rsaEncryptor) != 0) return (ISC_R_NOMEMORY); @@ -229,9 +220,9 @@ dnssafersa_verify(dst_context_t *dctx, const isc_region_t *sig) { /* * Skip PKCS#1 header in output from Decrypt function. */ - if (memcmp(isc_buffer_base(&digestbuf), + if (memcmp(digest, (char *)isc_buffer_base(&work) + sizeof(pkcs1), - isc_buffer_usedlength(&digestbuf)) == 0) + sizeof(digest)) == 0) return (ISC_R_SUCCESS); else return (DST_R_VERIFYFAILURE); @@ -797,7 +788,6 @@ static dst_func_t dnssafersa_functions = { dnssafersa_adddata, dnssafersa_sign, dnssafersa_verify, - NULL, /* digest */ NULL, /* computesecret */ dnssafersa_compare, NULL, /* paramcompare */ diff --git a/lib/dns/sec/dst/dst_api.c b/lib/dns/sec/dst/dst_api.c index 88167ecd82..0d9a122ce7 100644 --- a/lib/dns/sec/dst/dst_api.c +++ b/lib/dns/sec/dst/dst_api.c @@ -19,7 +19,7 @@ /* * Principal Author: Brian Wellington - * $Id: dst_api.c,v 1.47 2000/06/06 21:58:04 bwelling Exp $ + * $Id: dst_api.c,v 1.48 2000/06/07 17:22:23 bwelling Exp $ */ #include @@ -54,9 +54,6 @@ #define VALID_KEY(x) ISC_MAGIC_VALID(x, KEY_MAGIC) #define VALID_CTX(x) ISC_MAGIC_VALID(x, CTX_MAGIC) -static dst_key_t md5key; -dst_key_t *dst_key_md5 = NULL; - static dst_func_t *dst_t_func[DST_MAX_ALGS]; static isc_mem_t *dst_memory_pool = NULL; static isc_boolean_t dst_initialized = ISC_FALSE; @@ -100,7 +97,6 @@ dst_lib_destroy() { #ifdef OPENSSL dst__openssldsa_destroy(); dst__openssldh_destroy(); - dst__opensslmd5_destroy(); #endif isc_mem_detach(&dst_memory_pool); @@ -195,19 +191,6 @@ dst_context_verify(dst_context_t *dctx, isc_region_t *sig) { return (dctx->key->func->verify(dctx, sig)); } -isc_result_t -dst_context_digest(dst_context_t *dctx, isc_buffer_t *digest) { - REQUIRE(VALID_CTX(dctx)); - REQUIRE(digest != NULL); - - if (dst_algorithm_supported(dctx->key->key_alg) == ISC_FALSE) - return (DST_R_UNSUPPORTEDALG); - if (dctx->key->func->digest == NULL) - return (DST_R_UNSUPPORTEDALG); - - return (dctx->key->func->digest(dctx, digest)); -} - isc_result_t dst_key_computesecret(const dst_key_t *pub, const dst_key_t *priv, isc_buffer_t *secret) @@ -670,7 +653,6 @@ dst_key_sigsize(const dst_key_t *key, unsigned int *n) { *n = 16; break; case DST_ALG_DH: - case DST_ALG_MD5: default: return (DST_R_UNSUPPORTEDALG); } @@ -690,7 +672,6 @@ dst_key_secretsize(const dst_key_t *key, unsigned int *n) { case DST_ALG_RSA: case DST_ALG_DSA: case DST_ALG_HMACMD5: - case DST_ALG_MD5: default: return (DST_R_UNSUPPORTEDALG); } @@ -775,16 +756,6 @@ initialize(isc_mem_t *mctx) { #ifdef OPENSSL RETERR(dst__openssldsa_init(&dst_t_func[DST_ALG_DSA])); RETERR(dst__openssldh_init(&dst_t_func[DST_ALG_DH])); - RETERR(dst__opensslmd5_init(&dst_t_func[DST_ALG_MD5])); - - memset(&md5key, 0, sizeof(dst_key_t)); - md5key.magic = KEY_MAGIC; - md5key.key_name = NULL; - md5key.key_alg = DST_ALG_MD5; - md5key.mctx = dst_memory_pool; - md5key.opaque = NULL; - md5key.func = dst_t_func[DST_ALG_MD5]; - dst_key_md5 = &md5key; /* * Seed the random number generator, if necessary. diff --git a/lib/dns/sec/dst/dst_internal.h b/lib/dns/sec/dst/dst_internal.h index 9283965a17..fa724bebb4 100644 --- a/lib/dns/sec/dst/dst_internal.h +++ b/lib/dns/sec/dst/dst_internal.h @@ -78,7 +78,6 @@ struct dst_func { */ isc_result_t (*sign)(dst_context_t *dctx, isc_buffer_t *sig); isc_result_t (*verify)(dst_context_t *dctx, const isc_region_t *sig); - isc_result_t (*digest)(dst_context_t *dctx, isc_buffer_t *digest); isc_result_t (*computesecret)(const dst_key_t *pub, const dst_key_t *priv, isc_buffer_t *secret); diff --git a/lib/dns/sec/dst/hmac_link.c b/lib/dns/sec/dst/hmac_link.c index 431dcc780d..450aab9e9d 100644 --- a/lib/dns/sec/dst/hmac_link.c +++ b/lib/dns/sec/dst/hmac_link.c @@ -19,11 +19,12 @@ /* * Principal Author: Brian Wellington - * $Id: hmac_link.c,v 1.32 2000/06/06 21:58:10 bwelling Exp $ + * $Id: hmac_link.c,v 1.33 2000/06/07 17:22:26 bwelling Exp $ */ #include +#include #include #include #include @@ -33,8 +34,6 @@ #include "dst_internal.h" #include "dst_parse.h" -#include - #define HMAC_LEN 64 #define HMAC_IPAD 0x36 #define HMAC_OPAD 0x5c @@ -47,95 +46,72 @@ typedef struct hmackey { static isc_result_t hmacmd5_createctx(dst_key_t *key, dst_context_t *dctx) { - dst_context_t *md5ctx = NULL; + isc_md5_t *md5ctx; HMAC_Key *hkey = key->opaque; unsigned char ipad[HMAC_LEN]; - isc_region_t r; - isc_result_t result; int i; - result = dst_context_create(DST_KEY_MD5, dctx->mctx, &md5ctx); - if (result != ISC_R_SUCCESS) - return (result); + md5ctx = isc_mem_get(dctx->mctx, sizeof(isc_md5_t)); + if (md5ctx == NULL) + return (ISC_R_NOMEMORY); + isc_md5_init(md5ctx); memset(ipad, HMAC_IPAD, sizeof ipad); for (i = 0; i < HMAC_LEN; i++) ipad[i] ^= hkey->key[i]; - r.base = ipad; - r.length = HMAC_LEN; - result = dst_context_adddata(md5ctx, &r); - if (result != ISC_R_SUCCESS) { - dst_context_destroy(&md5ctx); - return (result); - } + isc_md5_update(md5ctx, ipad, HMAC_LEN); dctx->opaque = md5ctx; return (ISC_R_SUCCESS); } static void hmacmd5_destroyctx(dst_context_t *dctx) { - dst_context_t *md5ctx = dctx->opaque; + isc_md5_t *md5ctx = dctx->opaque; - if (md5ctx != NULL) - dst_context_destroy(&md5ctx); + if (md5ctx != NULL) { + isc_md5_invalidate(md5ctx); + isc_mem_put(dctx->mctx, md5ctx, sizeof(isc_md5_t)); + dctx->opaque = NULL; + } } static isc_result_t hmacmd5_adddata(dst_context_t *dctx, const isc_region_t *data) { - dst_context_t *md5ctx = dctx->opaque; + isc_md5_t *md5ctx = dctx->opaque; - return (dst_context_adddata(md5ctx, data)); + isc_md5_update(md5ctx, data->base, data->length); + return (ISC_R_SUCCESS); } static isc_result_t hmacmd5_sign(dst_context_t *dctx, isc_buffer_t *sig) { - dst_context_t *md5ctx = dctx->opaque; + isc_md5_t *md5ctx = dctx->opaque; dst_key_t *key = dctx->key; HMAC_Key *hkey = key->opaque; unsigned char opad[HMAC_LEN]; - unsigned char digest[MD5_DIGEST_LENGTH]; - isc_buffer_t b; - isc_region_t r; - isc_result_t result; + unsigned char digest[ISC_MD5_DIGESTLENGTH]; int i; - isc_buffer_init(&b, digest, sizeof(digest)); - - result = dst_context_digest(md5ctx, &b); - if (result != ISC_R_SUCCESS) - return (result); - dst_context_destroy(&md5ctx); - dctx->opaque = NULL; - - result = dst_context_create(DST_KEY_MD5, dctx->mctx, &md5ctx); - if (result != ISC_R_SUCCESS) - return (result); - dctx->opaque = md5ctx; + isc_md5_final(md5ctx, digest); memset(opad, HMAC_OPAD, sizeof opad); for (i = 0; i < HMAC_LEN; i++) opad[i] ^= hkey->key[i]; - r.base = opad; - r.length = HMAC_LEN; - result = dst_context_adddata(md5ctx, &r); - if (result != ISC_R_SUCCESS) - return (result); + isc_md5_init(md5ctx); + isc_md5_update(md5ctx, opad, HMAC_LEN); + isc_md5_update(md5ctx, digest, ISC_MD5_DIGESTLENGTH); + isc_md5_final(md5ctx, isc_buffer_base(sig)); + isc_buffer_add(sig, ISC_MD5_DIGESTLENGTH); - isc_buffer_usedregion(&b, &r); - result = dst_context_adddata(md5ctx, &r); - if (result != ISC_R_SUCCESS) - return (result); - - result = dst_context_digest(md5ctx, sig); - return (result); + return (ISC_R_SUCCESS); } static isc_result_t hmacmd5_verify(dst_context_t *dctx, const isc_region_t *sig) { isc_result_t result; - unsigned char digest[MD5_DIGEST_LENGTH]; + unsigned char digest[ISC_MD5_DIGESTLENGTH]; isc_buffer_t b; - if (sig->length < MD5_DIGEST_LENGTH) + if (sig->length < ISC_MD5_DIGESTLENGTH) return (DST_R_VERIFYFAILURE); isc_buffer_init(&b, digest, sizeof(digest)); @@ -143,7 +119,7 @@ hmacmd5_verify(dst_context_t *dctx, const isc_region_t *sig) { if (result != ISC_R_SUCCESS) return (result); - if (memcmp(digest, sig->base, MD5_DIGEST_LENGTH) != 0) + if (memcmp(digest, sig->base, ISC_MD5_DIGESTLENGTH) != 0) return (DST_R_VERIFYFAILURE); return (ISC_R_SUCCESS); @@ -228,10 +204,8 @@ static isc_result_t hmacmd5_fromdns(dst_key_t *key, isc_buffer_t *data) { HMAC_Key *hkey; int keylen; - isc_buffer_t b; isc_region_t r; - isc_result_t result; - dst_context_t *md5ctx = NULL; + isc_md5_t md5ctx; isc_buffer_remainingregion(data, &r); if (r.length == 0) @@ -244,18 +218,10 @@ hmacmd5_fromdns(dst_key_t *key, isc_buffer_t *data) { memset(hkey->key, 0, sizeof(hkey->key)); if (r.length > HMAC_LEN) { - isc_buffer_init(&b, hkey->key, HMAC_LEN); - result = dst_context_create(DST_KEY_MD5, key->mctx, &md5ctx); - if (result != ISC_R_SUCCESS) - goto fail; - result = dst_context_adddata(md5ctx, &r); - if (result != ISC_R_SUCCESS) - goto fail; - result = dst_context_digest(md5ctx, &b); - if (result != ISC_R_SUCCESS) - goto fail; - dst_context_destroy(&md5ctx); - keylen = MD5_DIGEST_LENGTH; + isc_md5_init(&md5ctx); + isc_md5_update(&md5ctx, r.base, r.length); + isc_md5_final(&md5ctx, hkey->key); + keylen = ISC_MD5_DIGESTLENGTH; } else { memcpy(hkey->key, r.base, r.length); @@ -267,12 +233,6 @@ hmacmd5_fromdns(dst_key_t *key, isc_buffer_t *data) { key->opaque = hkey; return (ISC_R_SUCCESS); - - fail: - if (md5ctx != NULL) - dst_context_destroy(&md5ctx); - isc_mem_put(key->mctx, hkey, sizeof(HMAC_Key)); - return (result); } static isc_result_t @@ -320,7 +280,6 @@ static dst_func_t hmacmd5_functions = { hmacmd5_adddata, hmacmd5_sign, hmacmd5_verify, - NULL, /* digest */ NULL, /* computesecret */ hmacmd5_compare, NULL, /* paramcompare */ diff --git a/lib/dns/sec/dst/include/dst/dst.h b/lib/dns/sec/dst/include/dst/dst.h index 7714432c62..3fe7db77bd 100644 --- a/lib/dns/sec/dst/include/dst/dst.h +++ b/lib/dns/sec/dst/include/dst/dst.h @@ -27,10 +27,9 @@ typedef struct dst_context dst_context_t; #define DST_ALG_DH 2 #define DST_ALG_DSA 3 #define DST_ALG_HMACMD5 157 -#define DST_ALG_MD5 158 #define DST_ALG_PRIVATE 254 #define DST_ALG_EXPAND 255 -#define DST_MAX_ALGS (DST_ALG_MD5 + 1) +#define DST_MAX_ALGS (DST_ALG_HMACMD5 + 1) /* A buffer of this size is large enough to hold any key */ #define DST_KEY_MAXSIZE 1024 @@ -39,9 +38,6 @@ typedef struct dst_context dst_context_t; #define DST_TYPE_PRIVATE 0x2000000 #define DST_TYPE_PUBLIC 0x4000000 -extern dst_key_t *dst_key_md5; -#define DST_KEY_MD5 dst_key_md5 - /*** *** Functions ***/ @@ -83,7 +79,7 @@ dst_algorithm_supported(const unsigned int alg); isc_result_t dst_context_create(dst_key_t *key, isc_mem_t *mctx, dst_context_t **dctxp); /* - * Creates a context to be used for a sign, verify, or digest operation. + * Creates a context to be used for a sign or verify operation. * * Requires: * "key" is a valid key. @@ -113,8 +109,8 @@ dst_context_destroy(dst_context_t **dctxp); isc_result_t dst_context_adddata(dst_context_t *dctx, const isc_region_t *data); /* - * Incrementally adds data to the context to be used in a sign, verify, or - * digest operation. + * Incrementally adds data to the context to be used in a sign or verify + * operation. * * Requires: * "dctx" is a valid context @@ -161,23 +157,6 @@ dst_context_verify(dst_context_t *dctx, isc_region_t *sig); * "sig" will contain the signature */ -isc_result_t -dst_context_digest(dst_context_t *dctx, isc_buffer_t *digest); -/* - * Digests the data stored in the context. - * - * Requires: - * "dctx" is a valid context. - * "sig" is a valid buffer. - * - * Returns: - * ISC_R_SUCCESS - * all other errors indicate failure - * - * Ensures: - * "digest" will contain the digest - */ - isc_result_t dst_key_computesecret(const dst_key_t *pub, const dst_key_t *priv, isc_buffer_t *secret); diff --git a/lib/dns/sec/dst/openssl_link.c b/lib/dns/sec/dst/openssl_link.c index 91087eaa73..6331259583 100644 --- a/lib/dns/sec/dst/openssl_link.c +++ b/lib/dns/sec/dst/openssl_link.c @@ -19,13 +19,14 @@ /* * Principal Author: Brian Wellington - * $Id: openssl_link.c,v 1.26 2000/06/06 21:58:11 bwelling Exp $ + * $Id: openssl_link.c,v 1.27 2000/06/07 17:22:27 bwelling Exp $ */ #if defined(OPENSSL) #include #include +#include #include #include @@ -35,40 +36,37 @@ #include "dst_parse.h" #include -#include static isc_result_t openssldsa_todns(const dst_key_t *key, isc_buffer_t *data); static isc_result_t openssldsa_createctx(dst_key_t *key, dst_context_t *dctx) { - SHA_CTX *ctx; + isc_sha1_t *sha1ctx; UNUSED(key); - ctx = isc_mem_get(dctx->mctx, sizeof(SHA_CTX)); - if (ctx == NULL) - return (ISC_R_NOMEMORY); - SHA1_Init(ctx); - dctx->opaque = ctx; + sha1ctx = isc_mem_get(dctx->mctx, sizeof(isc_sha1_t)); + isc_sha1_init(sha1ctx); + dctx->opaque = sha1ctx; return (ISC_R_SUCCESS); } static void openssldsa_destroyctx(dst_context_t *dctx) { - SHA_CTX *ctx = dctx->opaque; + isc_sha1_t *sha1ctx = dctx->opaque; - if (ctx != NULL) { - unsigned char digest[SHA_DIGEST_LENGTH]; - SHA1_Final(digest, ctx); - isc_mem_put(dctx->mctx, ctx, sizeof(SHA_CTX)); + if (sha1ctx != NULL) { + isc_sha1_invalidate(sha1ctx); + isc_mem_put(dctx->mctx, sha1ctx, sizeof(isc_sha1_t)); + dctx->opaque = NULL; } } static isc_result_t openssldsa_adddata(dst_context_t *dctx, const isc_region_t *data) { - SHA_CTX *ctx = dctx->opaque; + isc_sha1_t *sha1ctx = dctx->opaque; - SHA1_Update(ctx, data->base, data->length); + isc_sha1_update(sha1ctx, data->base, data->length); return (ISC_R_SUCCESS); } @@ -83,69 +81,57 @@ BN_bn2bin_fixed(BIGNUM *bn, unsigned char *buf, int size) { static isc_result_t openssldsa_sign(dst_context_t *dctx, isc_buffer_t *sig) { - isc_region_t r; - dst_key_t *key; - SHA_CTX *ctx; - DSA *dsa; + isc_sha1_t *sha1ctx = dctx->opaque; + dst_key_t *key = dctx->key; + DSA *dsa = key->opaque; DSA_SIG *dsasig; - unsigned char digest[SHA_DIGEST_LENGTH]; + isc_region_t r; + unsigned char digest[ISC_SHA1_DIGESTLENGTH]; isc_buffer_availableregion(sig, &r); - if (r.length < SHA_DIGEST_LENGTH * 2 + 1) + if (r.length < ISC_SHA1_DIGESTLENGTH * 2 + 1) return (ISC_R_NOSPACE); - ctx = dctx->opaque; - key = dctx->key; - dsa = key->opaque; + isc_sha1_final(sha1ctx, digest); - SHA1_Final(digest, ctx); - isc_mem_put(dctx->mctx, ctx, sizeof(SHA_CTX)); - dctx->opaque = NULL; - - dsasig = DSA_do_sign(digest, SHA_DIGEST_LENGTH, dsa); + dsasig = DSA_do_sign(digest, ISC_SHA1_DIGESTLENGTH, dsa); if (dsasig == NULL) return (DST_R_SIGNFAILURE); *r.base++ = (key->key_size - 512)/64; - BN_bn2bin_fixed(dsasig->r, r.base, SHA_DIGEST_LENGTH); - r.base += SHA_DIGEST_LENGTH; - BN_bn2bin_fixed(dsasig->s, r.base, SHA_DIGEST_LENGTH); - r.base += SHA_DIGEST_LENGTH; + BN_bn2bin_fixed(dsasig->r, r.base, ISC_SHA1_DIGESTLENGTH); + r.base += ISC_SHA1_DIGESTLENGTH; + BN_bn2bin_fixed(dsasig->s, r.base, ISC_SHA1_DIGESTLENGTH); + r.base += ISC_SHA1_DIGESTLENGTH; DSA_SIG_free(dsasig); - isc_buffer_add(sig, SHA_DIGEST_LENGTH * 2 + 1); + isc_buffer_add(sig, ISC_SHA1_DIGESTLENGTH * 2 + 1); return (ISC_R_SUCCESS); } static isc_result_t openssldsa_verify(dst_context_t *dctx, const isc_region_t *sig) { - int status = 0; - dst_key_t *key; - SHA_CTX *ctx; - DSA *dsa; + isc_sha1_t *sha1ctx = dctx->opaque; + dst_key_t *key = dctx->key; + DSA *dsa = key->opaque; DSA_SIG *dsasig; - unsigned char digest[SHA_DIGEST_LENGTH]; + int status = 0; + unsigned char digest[ISC_SHA1_DIGESTLENGTH]; unsigned char *cp = sig->base; - ctx = dctx->opaque; - key = dctx->key; - dsa = key->opaque; + isc_sha1_final(sha1ctx, digest); - SHA1_Final(digest, ctx); - isc_mem_put(dctx->mctx, ctx, sizeof(SHA_CTX)); - dctx->opaque = NULL; - - if (sig->length < 2 * SHA_DIGEST_LENGTH + 1) + if (sig->length < 2 * ISC_SHA1_DIGESTLENGTH + 1) return (DST_R_VERIFYFAILURE); cp++; /* Skip T */ dsasig = DSA_SIG_new(); - dsasig->r = BN_bin2bn(cp, SHA_DIGEST_LENGTH, NULL); - cp += SHA_DIGEST_LENGTH; - dsasig->s = BN_bin2bn(cp, SHA_DIGEST_LENGTH, NULL); - cp += SHA_DIGEST_LENGTH; + dsasig->r = BN_bin2bn(cp, ISC_SHA1_DIGESTLENGTH, NULL); + cp += ISC_SHA1_DIGESTLENGTH; + dsasig->s = BN_bin2bn(cp, ISC_SHA1_DIGESTLENGTH, NULL); + cp += ISC_SHA1_DIGESTLENGTH; - status = DSA_do_verify(digest, SHA_DIGEST_LENGTH, dsasig, dsa); + status = DSA_do_verify(digest, ISC_SHA1_DIGESTLENGTH, dsasig, dsa); DSA_SIG_free(dsasig); if (status == 0) return (DST_R_VERIFYFAILURE); @@ -187,7 +173,7 @@ static isc_result_t openssldsa_generate(dst_key_t *key, int unused) { DSA *dsa; unsigned char dns_array[DST_KEY_MAXSIZE]; - unsigned char rand_array[SHA_DIGEST_LENGTH]; + unsigned char rand_array[ISC_SHA1_DIGESTLENGTH]; isc_buffer_t dns, rand; isc_result_t result; isc_region_t r; @@ -195,12 +181,12 @@ openssldsa_generate(dst_key_t *key, int unused) { UNUSED(unused); isc_buffer_init(&rand, rand_array, sizeof(rand_array)); - result = dst_random_get(SHA_DIGEST_LENGTH, &rand); + result = dst_random_get(ISC_SHA1_DIGESTLENGTH, &rand); if (result != ISC_R_SUCCESS) return (result); dsa = DSA_generate_parameters(key->key_size, rand_array, - SHA_DIGEST_LENGTH, NULL, NULL, + ISC_SHA1_DIGESTLENGTH, NULL, NULL, NULL, NULL); if (dsa == NULL) @@ -256,13 +242,13 @@ openssldsa_todns(const dst_key_t *key, isc_buffer_t *data) { return (DST_R_INVALIDPUBLICKEY); p_bytes = 64 + 8 * t; - dnslen = 1 + (key->key_size * 3)/8 + SHA_DIGEST_LENGTH; + dnslen = 1 + (key->key_size * 3)/8 + ISC_SHA1_DIGESTLENGTH; if (r.length < (unsigned int) dnslen) return (ISC_R_NOSPACE); *r.base++ = t; - BN_bn2bin_fixed(dsa->q, r.base, SHA_DIGEST_LENGTH); - r.base += SHA_DIGEST_LENGTH; + BN_bn2bin_fixed(dsa->q, r.base, ISC_SHA1_DIGESTLENGTH); + r.base += ISC_SHA1_DIGESTLENGTH; BN_bn2bin_fixed(dsa->p, r.base, key->key_size/8); r.base += p_bytes; BN_bn2bin_fixed(dsa->g, r.base, key->key_size/8); @@ -299,13 +285,13 @@ openssldsa_fromdns(dst_key_t *key, isc_buffer_t *data) { } p_bytes = 64 + 8 * t; - if (r.length < 1 + SHA_DIGEST_LENGTH + 3 * p_bytes) { + if (r.length < 1 + ISC_SHA1_DIGESTLENGTH + 3 * p_bytes) { DSA_free(dsa); return (DST_R_INVALIDPUBLICKEY); } - dsa->q = BN_bin2bn(r.base, SHA_DIGEST_LENGTH, NULL); - r.base += SHA_DIGEST_LENGTH; + dsa->q = BN_bin2bn(r.base, ISC_SHA1_DIGESTLENGTH, NULL); + r.base += ISC_SHA1_DIGESTLENGTH; dsa->p = BN_bin2bn(r.base, p_bytes, NULL); r.base += p_bytes; @@ -317,10 +303,11 @@ openssldsa_fromdns(dst_key_t *key, isc_buffer_t *data) { r.base += p_bytes; isc_buffer_remainingregion(data, &r); - key->key_id = dst__id_calc(r.base, 1 + SHA_DIGEST_LENGTH + 3 * p_bytes); + key->key_id = dst__id_calc(r.base, 1 + ISC_SHA1_DIGESTLENGTH + + 3 * p_bytes); key->key_size = p_bytes * 8; - isc_buffer_forward(data, 1 + SHA_DIGEST_LENGTH + 3 * p_bytes); + isc_buffer_forward(data, 1 + ISC_SHA1_DIGESTLENGTH + 3 * p_bytes); key->opaque = (void *) dsa; @@ -450,7 +437,6 @@ static dst_func_t openssldsa_functions = { openssldsa_adddata, openssldsa_sign, openssldsa_verify, - NULL, /* digest */ NULL, /* computesecret */ openssldsa_compare, NULL, /* paramcompare */ diff --git a/lib/dns/sec/dst/openssldh_link.c b/lib/dns/sec/dst/openssldh_link.c index 7c41d6c46d..05969b0708 100644 --- a/lib/dns/sec/dst/openssldh_link.c +++ b/lib/dns/sec/dst/openssldh_link.c @@ -19,7 +19,7 @@ /* * Principal Author: Brian Wellington - * $Id: openssldh_link.c,v 1.20 2000/06/06 21:58:12 bwelling Exp $ + * $Id: openssldh_link.c,v 1.21 2000/06/07 17:22:29 bwelling Exp $ */ #if defined(OPENSSL) @@ -537,7 +537,6 @@ static dst_func_t openssldh_functions = { NULL, /* adddata */ NULL, /* openssldh_sign */ NULL, /* openssldh_verify */ - NULL, /* digest */ openssldh_computesecret, openssldh_compare, openssldh_paramcompare, diff --git a/lib/dns/sec/dst/opensslmd5_link.c b/lib/dns/sec/dst/opensslmd5_link.c deleted file mode 100644 index 4e1d5164b7..0000000000 --- a/lib/dns/sec/dst/opensslmd5_link.c +++ /dev/null @@ -1,109 +0,0 @@ -/* - * Portions Copyright (c) 1995-1998 by Network Associates, Inc. - * Portions Copyright (C) 1999, 2000 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM AND - * NETWORK ASSOCIATES DISCLAIM ALL WARRANTIES WITH REGARD TO THIS - * SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND - * FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE CONSORTIUM OR NETWORK - * ASSOCIATES BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR - * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF - * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR - * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -/* - * Principal Author: Brian Wellington - * $Id: opensslmd5_link.c,v 1.10 2000/06/06 21:58:13 bwelling Exp $ - */ - -#if defined(OPENSSL) - -#include - -#include -#include - -#include "dst_internal.h" - -#include - -static isc_result_t -opensslmd5_createctx(dst_key_t *key, dst_context_t *dctx) { - MD5_CTX *ctx; - - UNUSED(key); - - ctx = isc_mem_get(dctx->mctx, sizeof(MD5_CTX)); - if (ctx == NULL) - return (ISC_R_NOMEMORY); - MD5_Init(ctx); - dctx->opaque = ctx; - return (ISC_R_SUCCESS); -} - -static void -opensslmd5_destroyctx(dst_context_t *dctx) { - MD5_CTX *ctx = dctx->opaque; - isc_mem_put(dctx->mctx, ctx, sizeof(MD5_CTX)); -} - -static isc_result_t -opensslmd5_adddata(dst_context_t *dctx, const isc_region_t *data) { - MD5_CTX *ctx = dctx->opaque; - - MD5_Update(ctx, data->base, data->length); - return (ISC_R_SUCCESS); -} - -static isc_result_t -opensslmd5_digest(dst_context_t *dctx, isc_buffer_t *digest) { - MD5_CTX *ctx = dctx->opaque; - isc_region_t r; - - isc_buffer_availableregion(digest, &r); - if (r.length < MD5_DIGEST_LENGTH) - return (ISC_R_NOSPACE); - - MD5_Final(r.base, ctx); - isc_buffer_add(digest, MD5_DIGEST_LENGTH); - - return (ISC_R_SUCCESS); -} - -static dst_func_t opensslmd5_functions = { - opensslmd5_createctx, - opensslmd5_destroyctx, - opensslmd5_adddata, - NULL, /* openssldsa_sign */ - NULL, /* openssldsa_verify */ - opensslmd5_digest, - NULL, /* computesecret */ - NULL, /* compare */ - NULL, /* paramcompare */ - NULL, /* generate */ - NULL, /* isprivate */ - NULL, /* destroy */ - NULL, /* todns */ - NULL, /* fromdns */ - NULL, /* tofile */ - NULL, /* fromfile */ -}; - -isc_result_t -dst__opensslmd5_init(dst_func_t **funcp) { - REQUIRE(funcp != NULL && *funcp == NULL); - *funcp = &opensslmd5_functions; - return (ISC_R_SUCCESS); -} - -void -dst__opensslmd5_destroy(void) { -} - -#endif /* OPENSSL */