Commit 4dc6a937 authored by Brian Wellington's avatar Brian Wellington
Browse files

DST_SIG_MODE -> DST_SIGMODE

parent 5e3bbdb3
......@@ -51,13 +51,13 @@ use(dst_key_t *key) {
isc_buffer_add(&databuf, strlen(data));
isc_buffer_used(&databuf, &datareg);
ret = dst_sign(DST_SIG_MODE_ALL, key, NULL, &datareg, &sigbuf);
ret = dst_sign(DST_SIGMODE_ALL, key, NULL, &datareg, &sigbuf);
printf("sign(%d) returned: %s\n", dst_key_alg(key),
dst_result_totext(ret));
isc_buffer_forward(&sigbuf, 1);
isc_buffer_remaining(&sigbuf, &sigreg);
ret = dst_verify(DST_SIG_MODE_ALL, key, NULL, &datareg, &sigreg);
ret = dst_verify(DST_SIGMODE_ALL, key, NULL, &datareg, &sigreg);
printf("verify(%d) returned: %s\n", dst_key_alg(key),
dst_result_totext(ret));
}
......
......@@ -92,7 +92,7 @@ use(dst_key_t *key, dst_result_t exp_result, int *nfails) {
isc_buffer_add(&databuf, strlen(data));
isc_buffer_used(&databuf, &datareg);
ret = dst_sign(DST_SIG_MODE_ALL, key, NULL, &datareg, &sigbuf);
ret = dst_sign(DST_SIGMODE_ALL, key, NULL, &datareg, &sigbuf);
if (ret != exp_result) {
t_info("dst_sign(%d) returned (%s) expected (%s)\n",
dst_key_alg(key), dst_result_totext(ret),
......@@ -103,7 +103,7 @@ use(dst_key_t *key, dst_result_t exp_result, int *nfails) {
isc_buffer_remaining(&sigbuf, &sigreg);
ret = dst_verify(DST_SIG_MODE_ALL, key, NULL, &datareg, &sigreg);
ret = dst_verify(DST_SIGMODE_ALL, key, NULL, &datareg, &sigreg);
if (ret != exp_result) {
t_info("dst_verify(%d) returned (%s) expected (%s)\n",
dst_key_alg(key), dst_result_totext(ret),
......
......@@ -19,7 +19,7 @@
/*
* Principal Author: Brian Wellington
* $Id: bsafe_link.c,v 1.1 1999/07/12 20:08:28 bwelling Exp $
* $Id: bsafe_link.c,v 1.2 1999/08/26 20:41:54 bwelling Exp $
*/
#include <config.h>
......@@ -136,7 +136,7 @@ dst_s_bsafe_init()
* UPDATE (hash (more) data), FINAL (generate a signature). This
* routine performs one or more of these steps.
* Parameters
* mode DST_SIG_MODE_{INIT_UPDATE_FINAL|ALL}
* mode DST_SIGMODE_{INIT_UPDATE_FINAL|ALL}
* key key to use for signing
* context the context to use for this computation
* data data to be signed
......@@ -157,7 +157,7 @@ dst_bsafe_sign(const int mode, dst_key_t *key, void **context,
isc_region_t sig_region, digest_region;
dst_result_t ret;
if (mode & DST_SIG_MODE_INIT) {
if (mode & DST_SIGMODE_INIT) {
md5_ctx = (B_ALGORITHM_OBJ *) isc_mem_get(mctx,
sizeof(*md5_ctx));
if (md5_ctx == NULL)
......@@ -174,7 +174,7 @@ dst_bsafe_sign(const int mode, dst_key_t *key, void **context,
isc_buffer_init(&digest, digest_array, sizeof(digest_array),
ISC_BUFFERTYPE_BINARY);
ret = dst_bsafe_md5digest(mode, md5_ctx, data, &digest);
if (ret != DST_R_SUCCESS || (mode & DST_SIG_MODE_FINAL)) {
if (ret != DST_R_SUCCESS || (mode & DST_SIGMODE_FINAL)) {
B_DestroyAlgorithmObject(md5_ctx);
memset(md5_ctx, 0, sizeof(*md5_ctx));
isc_mem_put(mctx, md5_ctx, sizeof(*md5_ctx));
......@@ -182,7 +182,7 @@ dst_bsafe_sign(const int mode, dst_key_t *key, void **context,
return (ret);
}
if (mode & DST_SIG_MODE_FINAL) {
if (mode & DST_SIGMODE_FINAL) {
RSA_Key *rkey;
B_ALGORITHM_OBJ rsaEncryptor = (B_ALGORITHM_OBJ) NULL_PTR;
unsigned int written = 0;
......@@ -261,7 +261,7 @@ dst_bsafe_sign(const int mode, dst_key_t *key, void **context,
* FINAL (generate a signature). This routine performs one or more of
* these steps.
* Parameters
* mode DST_SIG_MODE_{INIT_UPDATE_FINAL|ALL}
* mode DST_SIGMODE_{INIT_UPDATE_FINAL|ALL}
* key key to use for verifying
* context the context to use for this computation
* data signed data
......@@ -283,7 +283,7 @@ dst_bsafe_verify(const int mode, dst_key_t *key, void **context,
dst_result_t ret;
int status = 0;
if (mode & DST_SIG_MODE_INIT) {
if (mode & DST_SIGMODE_INIT) {
md5_ctx = (B_ALGORITHM_OBJ *) isc_mem_get(mctx,
sizeof(*md5_ctx));
if (md5_ctx == NULL)
......@@ -300,7 +300,7 @@ dst_bsafe_verify(const int mode, dst_key_t *key, void **context,
isc_buffer_init(&digest, digest_array, sizeof(digest_array),
ISC_BUFFERTYPE_BINARY);
ret = dst_bsafe_md5digest(mode, md5_ctx, data, &digest);
if (ret != DST_R_SUCCESS || (mode & DST_SIG_MODE_FINAL)) {
if (ret != DST_R_SUCCESS || (mode & DST_SIGMODE_FINAL)) {
B_DestroyAlgorithmObject(md5_ctx);
memset(md5_ctx, 0, sizeof(*md5_ctx));
isc_mem_put(mctx, md5_ctx, sizeof(*md5_ctx));
......@@ -308,7 +308,7 @@ dst_bsafe_verify(const int mode, dst_key_t *key, void **context,
return (ret);
}
if (mode & DST_SIG_MODE_FINAL) {
if (mode & DST_SIGMODE_FINAL) {
RSA_Key *rkey;
B_ALGORITHM_OBJ rsaEncryptor = (B_ALGORITHM_OBJ) NULL_PTR;
unsigned int written = 0;
......@@ -1004,18 +1004,18 @@ dst_bsafe_md5digest(const int mode, B_ALGORITHM_OBJ *digest_obj,
REQUIRE(digest != NULL);
REQUIRE(digest_obj != NULL);
if ((mode & DST_SIG_MODE_INIT) &&
if ((mode & DST_SIGMODE_INIT) &&
(status = B_DigestInit(*digest_obj, (B_KEY_OBJ) NULL,
CHOOSER, NULL_SURRENDER)) != 0)
return (DST_R_SIGN_INIT_FAILURE);
if ((mode & DST_SIG_MODE_UPDATE) &&
if ((mode & DST_SIGMODE_UPDATE) &&
(status = B_DigestUpdate(*digest_obj, data->base, data->length,
NULL_SURRENDER)) != 0)
return (DST_R_SIGN_UPDATE_FAILURE);
isc_buffer_available(digest, &r);
if (mode & DST_SIG_MODE_FINAL) {
if (mode & DST_SIGMODE_FINAL) {
if (digest == NULL ||
(status = B_DigestFinal(*digest_obj, r.base, &written,
r.length, NULL_SURRENDER)) != 0)
......
......@@ -17,7 +17,7 @@
/*
* Principal Author: Brian Wellington
* $Id: dst_api.c,v 1.4 1999/08/20 17:03:30 bwelling Exp $
* $Id: dst_api.c,v 1.5 1999/08/26 20:41:54 bwelling Exp $
*/
#include <config.h>
......@@ -85,17 +85,17 @@ dst_supported_algorithm(const int alg) {
/*
* dst_sign
* An incremental signing function. Data is signed in steps.
* First the context must be initialized (DST_SIG_MODE_INIT).
* Then data is hashed (DST_SIG_MODE_UPDATE). Finally the signature
* itself is created (DST_SIG_MODE_FINAL). This function can be called
* once with DST_SIG_MODE_ALL set, or it can be called separately
* First the context must be initialized (DST_SIGMODE_INIT).
* Then data is hashed (DST_SIGMODE_UPDATE). Finally the signature
* itself is created (DST_SIGMODE_FINAL). This function can be called
* once with DST_SIGMODE_ALL set, or it can be called separately
* for each step. The UPDATE step may be repeated.
* Parameters
* mode A bit mask specifying operation(s) to be performed.
* DST_SIG_MODE_INIT Initialize digest
* DST_SIG_MODE_UPDATE Add data to digest
* DST_SIG_MODE_FINAL Generate signature
* DST_SIG_MODE_ALL Perform all operations
* DST_SIGMODE_INIT Initialize digest
* DST_SIGMODE_UPDATE Add data to digest
* DST_SIGMODE_FINAL Generate signature
* DST_SIGMODE_ALL Perform all operations
* key The private key used to sign the data
* context The state of the operation
* data The data to be signed.
......@@ -110,12 +110,12 @@ dst_sign(const int mode, dst_key_t *key, dst_context_t *context,
{
RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
REQUIRE(VALID_KEY(key));
REQUIRE((mode & DST_SIG_MODE_ALL) != 0);
REQUIRE((mode & DST_SIGMODE_ALL) != 0);
if ((mode & DST_SIG_MODE_UPDATE) != 0)
if ((mode & DST_SIGMODE_UPDATE) != 0)
REQUIRE(data != NULL && data->base != NULL);
if ((mode & DST_SIG_MODE_FINAL) != 0)
if ((mode & DST_SIGMODE_FINAL) != 0)
REQUIRE(sig != NULL);
if (dst_supported_algorithm(key->key_alg) == ISC_FALSE)
......@@ -131,17 +131,17 @@ dst_sign(const int mode, dst_key_t *key, dst_context_t *context,
/*
* dst_verify
* An incremental verify function. Data is verified in steps.
* First the context must be initialized (DST_SIG_MODE_INIT).
* Then data is hashed (DST_SIG_MODE_UPDATE). Finally the signature
* is verified (DST_SIG_MODE_FINAL). This function can be called
* once with DST_SIG_MODE_ALL set, or it can be called separately
* First the context must be initialized (DST_SIGMODE_INIT).
* Then data is hashed (DST_SIGMODE_UPDATE). Finally the signature
* is verified (DST_SIGMODE_FINAL). This function can be called
* once with DST_SIGMODE_ALL set, or it can be called separately
* for each step. The UPDATE step may be repeated.
* Parameters
* mode A bit mask specifying operation(s) to be performed.
* DST_SIG_MODE_INIT Initialize digest
* DST_SIG_MODE_UPDATE Add data to digest
* DST_SIG_MODE_FINAL Verify signature
* DST_SIG_MODE_ALL Perform all operations
* DST_SIGMODE_INIT Initialize digest
* DST_SIGMODE_UPDATE Add data to digest
* DST_SIGMODE_FINAL Verify signature
* DST_SIGMODE_ALL Perform all operations
* key The public key used to verify the signature.
* context The state of the operation
* data The data to be digested.
......@@ -157,12 +157,12 @@ dst_verify(const int mode, dst_key_t *key, dst_context_t *context,
{
RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
REQUIRE(VALID_KEY(key));
REQUIRE((mode & DST_SIG_MODE_ALL) != 0);
REQUIRE((mode & DST_SIGMODE_ALL) != 0);
if ((mode & DST_SIG_MODE_UPDATE) != 0)
if ((mode & DST_SIGMODE_UPDATE) != 0)
REQUIRE(data != NULL && data->base != NULL);
if ((mode & DST_SIG_MODE_FINAL) != 0)
if ((mode & DST_SIGMODE_FINAL) != 0)
REQUIRE(sig != NULL && sig->base != NULL);
if (dst_supported_algorithm(key->key_alg) == ISC_FALSE)
......
......@@ -17,7 +17,7 @@
/*
* Principal Author: Brian Wellington
* $Id: hmac_link.c,v 1.2 1999/07/29 17:21:23 bwelling Exp $
* $Id: hmac_link.c,v 1.3 1999/08/26 20:41:54 bwelling Exp $
*/
#include <config.h>
......@@ -100,7 +100,7 @@ dst_s_hmacmd5_init()
* UPDATE (hash (more) data), FINAL (generate a signature). This
* routine performs one or more of these steps.
* Parameters
* mode DST_SIG_MODE_{INIT_UPDATE_FINAL|ALL}
* mode DST_SIGMODE_{INIT_UPDATE_FINAL|ALL}
* key key to use for signing
* context the context to use for this computation
* data data to be signed
......@@ -117,7 +117,7 @@ dst_hmacmd5_sign(const int mode, dst_key_t *key, void **context,
isc_region_t r;
MD5_CTX *ctx = NULL;
if (mode & DST_SIG_MODE_INIT) {
if (mode & DST_SIGMODE_INIT) {
ctx = (MD5_CTX *) isc_mem_get(mctx, sizeof(MD5_CTX));
if (ctx == NULL)
return (DST_R_NOMEMORY);
......@@ -126,17 +126,17 @@ dst_hmacmd5_sign(const int mode, dst_key_t *key, void **context,
ctx = (MD5_CTX *) *context;
REQUIRE (ctx != NULL);
if (mode & DST_SIG_MODE_INIT) {
if (mode & DST_SIGMODE_INIT) {
HMAC_Key *hkey = key->opaque;
MD5Init(ctx);
MD5Update(ctx, hkey->ipad, HMAC_LEN);
}
if ((mode & DST_SIG_MODE_UPDATE))
if ((mode & DST_SIGMODE_UPDATE))
MD5Update(ctx, data->base, data->length);
if (mode & DST_SIG_MODE_FINAL) {
if (mode & DST_SIGMODE_FINAL) {
HMAC_Key *hkey = key->opaque;
isc_buffer_available(sig, &r);
......@@ -168,7 +168,7 @@ dst_hmacmd5_sign(const int mode, dst_key_t *key, void **context,
* FINAL (generate a signature). This routine performs one or more of
* these steps.
* Parameters
* mode DST_SIG_MODE_{INIT_UPDATE_FINAL|ALL}
* mode DST_SIGMODE_{INIT_UPDATE_FINAL|ALL}
* key key to use for verifying
* context the context to use for this computation
* data signed data
......@@ -184,7 +184,7 @@ dst_hmacmd5_verify(const int mode, dst_key_t *key, void **context,
{
MD5_CTX *ctx = NULL;
if (mode & DST_SIG_MODE_INIT) {
if (mode & DST_SIGMODE_INIT) {
ctx = (MD5_CTX *) isc_mem_get(mctx, sizeof(MD5_CTX));
if (ctx == NULL)
return (DST_R_NOMEMORY);
......@@ -193,17 +193,17 @@ dst_hmacmd5_verify(const int mode, dst_key_t *key, void **context,
ctx = (MD5_CTX *) *context;
REQUIRE (ctx != NULL);
if (mode & DST_SIG_MODE_INIT) {
if (mode & DST_SIGMODE_INIT) {
HMAC_Key *hkey = key->opaque;
MD5Init(ctx);
MD5Update(ctx, hkey->ipad, HMAC_LEN);
}
if ((mode & DST_SIG_MODE_UPDATE))
if ((mode & DST_SIGMODE_UPDATE))
MD5Update(ctx, data->base, data->length);
if (mode & DST_SIG_MODE_FINAL) {
if (mode & DST_SIGMODE_FINAL) {
u_char digest[MD5_LEN];
HMAC_Key *hkey = key->opaque;
......
......@@ -37,12 +37,12 @@ typedef void * dst_context_t;
#define DST_MAX_ALGS DST_ALG_HMAC_SHA1
/* 'Mode' passed into dst_sign() and dst_verify() */
#define DST_SIG_MODE_INIT 1 /* initialize digest */
#define DST_SIG_MODE_UPDATE 2 /* add data to digest */
#define DST_SIG_MODE_FINAL 4 /* generate/verify signature */
#define DST_SIG_MODE_ALL (DST_SIG_MODE_INIT | \
DST_SIG_MODE_UPDATE | \
DST_SIG_MODE_FINAL)
#define DST_SIGMODE_INIT 1 /* initialize digest */
#define DST_SIGMODE_UPDATE 2 /* add data to digest */
#define DST_SIGMODE_FINAL 4 /* generate/verify signature */
#define DST_SIGMODE_ALL (DST_SIGMODE_INIT | \
DST_SIGMODE_UPDATE | \
DST_SIGMODE_FINAL)
/* A buffer of this size is large enough to hold any key */
#define DST_MAX_KEY_SIZE 1024
......@@ -64,8 +64,8 @@ dst_supported_algorithm(const int alg);
/* Sign a block of data.
*
* Requires:
* "mode" is some combination of DST_SIG_MODE_INIT, DST_SIG_MODE_UPDATE,
* and DST_SIG_MODE_FINAL.
* "mode" is some combination of DST_SIGMODE_INIT, DST_SIGMODE_UPDATE,
* and DST_SIGMODE_FINAL.
* "key" is a valid key.
* "context" contains a value appropriate for the value of "mode".
* "data" is a valid region.
......@@ -82,8 +82,8 @@ dst_sign(const int mode, dst_key_t *key, dst_context_t *context,
/* Verify a signature on a block of data.
*
* Requires:
* "mode" is some combination of DST_SIG_MODE_INIT, DST_SIG_MODE_UPDATE,
* and DST_SIG_MODE_FINAL.
* "mode" is some combination of DST_SIGMODE_INIT, DST_SIGMODE_UPDATE,
* and DST_SIGMODE_FINAL.
* "key" is a valid key.
* "context" contains a value appropriate for the value of "mode".
* "data" is a valid region.
......
......@@ -19,7 +19,7 @@
/*
* Principal Author: Brian Wellington
* $Id: openssl_link.c,v 1.1 1999/07/12 20:08:29 bwelling Exp $
* $Id: openssl_link.c,v 1.2 1999/08/26 20:41:54 bwelling Exp $
*/
#include <config.h>
......@@ -97,7 +97,7 @@ dst_s_openssl_init()
* UPDATE (hash (more) data), FINAL (generate a signature). This
* routine performs one or more of these steps.
* Parameters
* mode DST_SIG_MODE_{INIT_UPDATE_FINAL|ALL}
* mode DST_SIGMODE_{INIT_UPDATE_FINAL|ALL}
* key key to use for signing
* context the context to use for this computation
* data data to be signed
......@@ -114,7 +114,7 @@ dst_openssl_sign(const int mode, dst_key_t *key, void **context,
isc_region_t r;
SHA_CTX *ctx = NULL;
if (mode & DST_SIG_MODE_INIT) {
if (mode & DST_SIGMODE_INIT) {
ctx = (SHA_CTX *) isc_mem_get(mctx, sizeof(SHA_CTX));
if (ctx == NULL)
return (DST_R_NOMEMORY);
......@@ -123,13 +123,13 @@ dst_openssl_sign(const int mode, dst_key_t *key, void **context,
ctx = (SHA_CTX *) *context;
REQUIRE (ctx != NULL);
if (mode & DST_SIG_MODE_INIT)
if (mode & DST_SIGMODE_INIT)
SHA1_Init(ctx);
if ((mode & DST_SIG_MODE_UPDATE))
if ((mode & DST_SIGMODE_UPDATE))
SHA1_Update(ctx, data->base, data->length);
if (mode & DST_SIG_MODE_FINAL) {
if (mode & DST_SIGMODE_FINAL) {
DSA *dsa;
DSA_SIG *dsasig;
unsigned char digest[SHA_DIGEST_LENGTH];
......@@ -169,7 +169,7 @@ dst_openssl_sign(const int mode, dst_key_t *key, void **context,
* FINAL (generate a signature). This routine performs one or more of
* these steps.
* Parameters
* mode DST_SIG_MODE_{INIT_UPDATE_FINAL|ALL}
* mode DST_SIGMODE_{INIT_UPDATE_FINAL|ALL}
* key key to use for verifying
* context the context to use for this computation
* data signed data
......@@ -186,7 +186,7 @@ dst_openssl_verify(const int mode, dst_key_t *key, void **context,
int status = 0;
SHA_CTX *ctx = NULL;
if (mode & DST_SIG_MODE_INIT) {
if (mode & DST_SIGMODE_INIT) {
ctx = (SHA_CTX *) isc_mem_get(mctx, sizeof(SHA_CTX));
if (ctx == NULL)
return (DST_R_NOMEMORY);
......@@ -195,13 +195,13 @@ dst_openssl_verify(const int mode, dst_key_t *key, void **context,
ctx = (SHA_CTX *) *context;
REQUIRE (ctx != NULL);
if (mode & DST_SIG_MODE_INIT)
if (mode & DST_SIGMODE_INIT)
SHA1_Init(ctx);
if ((mode & DST_SIG_MODE_UPDATE))
if ((mode & DST_SIGMODE_UPDATE))
SHA1_Update(ctx, data->base, data->length);
if (mode & DST_SIG_MODE_FINAL) {
if (mode & DST_SIGMODE_FINAL) {
DSA *dsa;
DSA_SIG *dsasig;
unsigned char digest[SHA_DIGEST_LENGTH];
......
......@@ -16,7 +16,7 @@
*/
/*
* $Id: tsig.c,v 1.2 1999/08/25 14:43:45 bwelling Exp $
* $Id: tsig.c,v 1.3 1999/08/26 20:41:53 bwelling Exp $
* Principal Author: Brian Wellington
*/
......@@ -217,7 +217,7 @@ dns_tsig_sign(dns_message_t *msg) {
isc_buffer_init(&databuf, data, sizeof(data), ISC_BUFFERTYPE_BINARY);
if (!dns_tsig_emptykey(key)) {
ret = dst_sign(DST_SIG_MODE_INIT, key->key, &ctx, NULL, NULL);
ret = dst_sign(DST_SIGMODE_INIT, key->key, &ctx, NULL, NULL);
if (ret != ISC_R_SUCCESS)
goto cleanup_algorithm;
}
......@@ -232,7 +232,7 @@ dns_tsig_sign(dns_message_t *msg) {
msg->querytsig->siglen);
isc_buffer_add(&databuf, msg->querytsig->siglen);
isc_buffer_used(&databuf, &r);
ret = dst_sign(DST_SIG_MODE_UPDATE, key->key, &ctx, &r,
ret = dst_sign(DST_SIGMODE_UPDATE, key->key, &ctx, &r,
NULL);
if (ret != ISC_R_SUCCESS)
goto cleanup_algorithm;
......@@ -268,18 +268,18 @@ dns_tsig_sign(dns_message_t *msg) {
ISC_BUFFERTYPE_BINARY);
dns_message_renderheader(msg, &headerbuf);
isc_buffer_used(&headerbuf, &r);
ret = dst_sign(DST_SIG_MODE_UPDATE, key->key, &ctx, &r, NULL);
ret = dst_sign(DST_SIGMODE_UPDATE, key->key, &ctx, &r, NULL);
if (ret != ISC_R_SUCCESS)
goto cleanup_other;
isc_buffer_used(msg->buffer, &r);
isc_region_consume(&r, DNS_MESSAGE_HEADERLEN);
ret = dst_sign(DST_SIG_MODE_UPDATE, key->key, &ctx, &r, NULL);
ret = dst_sign(DST_SIGMODE_UPDATE, key->key, &ctx, &r, NULL);
if (ret != ISC_R_SUCCESS)
goto cleanup_other;
/* Digest the name, class, ttl, alg */
dns_name_toregion(&key->name, &r);
ret = dst_sign(DST_SIG_MODE_UPDATE, key->key, &ctx, &r, NULL);
ret = dst_sign(DST_SIGMODE_UPDATE, key->key, &ctx, &r, NULL);
if (ret != ISC_R_SUCCESS)
goto cleanup_other;
......@@ -287,12 +287,12 @@ dns_tsig_sign(dns_message_t *msg) {
isc_buffer_putuint16(&databuf, dns_rdataclass_any);
isc_buffer_putuint32(&databuf, 0); /* ttl */
isc_buffer_used(&databuf, &r);
ret = dst_sign(DST_SIG_MODE_UPDATE, key->key, &ctx, &r, NULL);
ret = dst_sign(DST_SIGMODE_UPDATE, key->key, &ctx, &r, NULL);
if (ret != ISC_R_SUCCESS)
goto cleanup_other;
dns_name_toregion(tsig->algorithm, &r);
ret = dst_sign(DST_SIG_MODE_UPDATE, key->key, &ctx, &r, NULL);
ret = dst_sign(DST_SIGMODE_UPDATE, key->key, &ctx, &r, NULL);
if (ret != ISC_R_SUCCESS)
goto cleanup_other;
......@@ -315,14 +315,14 @@ dns_tsig_sign(dns_message_t *msg) {
isc_buffer_putuint16(&databuf, tsig->otherlen);
isc_buffer_used(&databuf, &r);
ret = dst_sign(DST_SIG_MODE_UPDATE, key->key, &ctx, &r, NULL);
ret = dst_sign(DST_SIGMODE_UPDATE, key->key, &ctx, &r, NULL);
if (ret != ISC_R_SUCCESS)
goto cleanup_other;
if (tsig->otherlen > 0) {
r.length = tsig->otherlen;
r.base = tsig->other;
ret = dst_sign(DST_SIG_MODE_UPDATE, key->key, &ctx, &r,
ret = dst_sign(DST_SIGMODE_UPDATE, key->key, &ctx, &r,
NULL);
if (ret != ISC_R_SUCCESS)
goto cleanup_other;
......@@ -338,7 +338,7 @@ dns_tsig_sign(dns_message_t *msg) {
isc_buffer_init(&sigbuf, tsig->signature, tsig->siglen,
ISC_BUFFERTYPE_BINARY);
ret = dst_sign(DST_SIG_MODE_FINAL, key->key, &ctx, NULL,
ret = dst_sign(DST_SIGMODE_FINAL, key->key, &ctx, NULL,
&sigbuf);
if (ret != ISC_R_SUCCESS)
goto cleanup_signature;
......@@ -518,7 +518,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg) {
sig_r.base = tsig->signature;
sig_r.length = tsig->siglen;
ret = dst_verify(DST_SIG_MODE_INIT, key, &ctx, NULL, &sig_r);
ret = dst_verify(DST_SIGMODE_INIT, key, &ctx, NULL, &sig_r);
if (ret != ISC_R_SUCCESS)
goto cleanup_key;
......@@ -527,14 +527,14 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg) {
ISC_BUFFERTYPE_BINARY);
isc_buffer_putuint16(&databuf, msg->querytsig->siglen);
isc_buffer_used(&databuf, &r);
ret = dst_verify(DST_SIG_MODE_UPDATE, key, &ctx, &r,
ret = dst_verify(DST_SIGMODE_UPDATE, key, &ctx, &r,
NULL);
if (ret != ISC_R_SUCCESS)
goto cleanup_key;
if (msg->querytsig->siglen > 0) {
r.length = msg->querytsig->siglen;
r.base = msg->querytsig->signature;
ret = dst_verify(DST_SIG_MODE_UPDATE, key,
ret = dst_verify(DST_SIGMODE_UPDATE, key,
&ctx, &r, NULL);
if (ret != ISC_R_SUCCESS)
goto cleanup_key;
......@@ -553,7 +553,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg) {
/* Digest the modified header */
header_r.base = (unsigned char *) header;
header_r.length = DNS_MESSAGE_HEADERLEN;
ret = dst_verify(DST_SIG_MODE_UPDATE, key, &ctx, &header_r,
ret = dst_verify(DST_SIGMODE_UPDATE, key, &ctx, &header_r,
&sig_r);
if (ret != ISC_R_SUCCESS)
goto cleanup_key;
......@@ -562,13 +562,13 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg) {
isc_buffer_used(source, &source_r);
r.base = source_r.base + DNS_MESSAGE_HEADERLEN;
r.length = msg->tsigstart - DNS_MESSAGE_HEADERLEN;
ret = dst_verify(DST_SIG_MODE_UPDATE, key, &ctx, &r, &sig_r);
ret = dst_verify(DST_SIGMODE_UPDATE, key, &ctx, &r, &sig_r);
if (ret != ISC_R_SUCCESS)
goto cleanup_key;
/* Digest the key name */
dns_name_toregion(&tsigkey->name, &r);
ret = dst_verify(DST_SIG_MODE_UPDATE, key, &ctx, &r, &sig_r);
ret = dst_verify(DST_SIGMODE_UPDATE, key, &ctx, &r, &sig_r);
if (ret != ISC_R_SUCCESS)
goto cleanup_key;
......@@ -577,13 +577,13 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg) {
isc_buffer_putuint16(&databuf, tsig->common.rdclass);
isc_buffer_putuint32(&databuf, dataset->ttl);
isc_buffer_used(&databuf, &r);
ret = dst_verify(DST_SIG_MODE_UPDATE, key, &ctx, &r, &sig_r);
ret = dst_verify(DST_SIGMODE_UPDATE, key, &ctx, &r, &sig_r);
if (ret != ISC_R_SUCCESS)
goto cleanup_key;
/* Digest the key algorithm */
dns_name_toregion(&tsigkey->algorithm, &r);
ret = dst_verify(DST_SIG_MODE_UPDATE, key, &ctx, &r, &sig_r);
ret = dst_verify(DST_SIGMODE_UPDATE, key, &ctx, &r, &sig_r);
if (ret != ISC_R_SUCCESS)
goto cleanup_key;
......@@ -594,18 +594,18 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg) {
isc_buffer_putuint16(&databuf, tsig->error);
isc_buffer_putuint16(&databuf, tsig->otherlen);
isc_buffer_used(&databuf, &r);
ret = dst_verify(DST_SIG_MODE_UPDATE, key, &ctx, &r, &sig_r);
ret = dst_verify(DST_SIGMODE_UPDATE, key, &ctx, &r, &sig_r);
if (tsig->otherlen > 0) {
r.base = tsig->other;
r.length = tsig->otherlen;
ret = dst_verify(DST_SIG_MODE_UPDATE, key, &ctx, &r,
ret = dst_verify(DST_SIGMODE_UPDATE, key, &ctx, &r,
&sig_r);
if (ret != ISC_R_SUCCESS)
goto cleanup_key;
}
ret = dst_verify(DST_SIG_MODE_FINAL, key, &ctx, NULL, &sig_r);
ret = dst_verify(DST_SIGMODE_FINAL, key, &ctx, NULL, &sig_r);
if (ret == DST_R_VERIFY_FINAL_FAILURE) {
msg->tsigstatus = dns_tsigerror_badsig;
return (DNS_R_TSIGVERIFYFAILURE);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment