Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
BIND
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
635
Issues
635
List
Boards
Labels
Service Desk
Milestones
Merge Requests
105
Merge Requests
105
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Packages & Registries
Packages & Registries
Container Registry
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
ISC Open Source Projects
BIND
Commits
4fe87554
Commit
4fe87554
authored
Jun 02, 2000
by
Brian Wellington
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Use the new DST API
parent
011463c3
Changes
11
Hide whitespace changes
Inline
Side-by-side
Showing
11 changed files
with
282 additions
and
222 deletions
+282
-222
bin/tests/dst/dst_test.c
bin/tests/dst/dst_test.c
+24
-5
bin/tests/dst/t_dst.c
bin/tests/dst/t_dst.c
+75
-12
lib/dns/dnssec.c
lib/dns/dnssec.c
+52
-66
lib/dns/include/dns/message.h
lib/dns/include/dns/message.h
+1
-1
lib/dns/tkey.c
lib/dns/tkey.c
+21
-23
lib/dns/tsig.c
lib/dns/tsig.c
+85
-93
lib/dns/xfrin.c
lib/dns/xfrin.c
+4
-2
lib/omapi/connection.c
lib/omapi/connection.c
+4
-8
lib/omapi/include/omapi/private.h
lib/omapi/include/omapi/private.h
+1
-1
lib/omapi/message.c
lib/omapi/message.c
+11
-9
lib/omapi/protocol.c
lib/omapi/protocol.c
+4
-2
No files found.
bin/tests/dst/dst_test.c
View file @
4fe87554
...
...
@@ -37,12 +37,13 @@ char *current;
const
char
*
tmp
=
"/tmp"
;
static
void
use
(
dst_key_t
*
key
)
{
use
(
dst_key_t
*
key
,
isc_mem_t
*
mctx
)
{
isc_result_t
ret
;
const
char
*
data
=
"This is some data"
;
unsigned
char
sig
[
512
];
isc_buffer_t
databuf
,
sigbuf
;
isc_region_t
datareg
,
sigreg
;
dst_context_t
*
ctx
=
NULL
;
isc_buffer_init
(
&
sigbuf
,
sig
,
sizeof
(
sig
));
/*
...
...
@@ -54,15 +55,33 @@ use(dst_key_t *key) {
isc_buffer_add
(
&
databuf
,
strlen
(
data
));
isc_buffer_usedregion
(
&
databuf
,
&
datareg
);
ret
=
dst_key_sign
(
DST_SIGMODE_ALL
,
key
,
NULL
,
&
datareg
,
&
sigbuf
);
ret
=
dst_context_create
(
key
,
mctx
,
&
ctx
);
if
(
ret
!=
ISC_R_SUCCESS
)
printf
(
"contextcreate(%d) returned: %s
\n
"
,
dst_key_alg
(
key
),
isc_result_totext
(
ret
));
ret
=
dst_context_adddata
(
ctx
,
&
datareg
);
if
(
ret
!=
ISC_R_SUCCESS
)
printf
(
"adddata(%d) returned: %s
\n
"
,
dst_key_alg
(
key
),
isc_result_totext
(
ret
));
ret
=
dst_context_sign
(
ctx
,
&
sigbuf
);
printf
(
"sign(%d) returned: %s
\n
"
,
dst_key_alg
(
key
),
isc_result_totext
(
ret
));
dst_context_destroy
(
&
ctx
);
isc_buffer_forward
(
&
sigbuf
,
1
);
isc_buffer_remainingregion
(
&
sigbuf
,
&
sigreg
);
ret
=
dst_key_verify
(
DST_SIGMODE_ALL
,
key
,
NULL
,
&
datareg
,
&
sigreg
);
ret
=
dst_context_create
(
key
,
mctx
,
&
ctx
);
if
(
ret
!=
ISC_R_SUCCESS
)
printf
(
"contextcreate(%d) returned: %s
\n
"
,
dst_key_alg
(
key
),
isc_result_totext
(
ret
));
ret
=
dst_context_adddata
(
ctx
,
&
datareg
);
if
(
ret
!=
ISC_R_SUCCESS
)
printf
(
"adddata(%d) returned: %s
\n
"
,
dst_key_alg
(
key
),
isc_result_totext
(
ret
));
ret
=
dst_context_verify
(
ctx
,
&
sigreg
);
printf
(
"verify(%d) returned: %s
\n
"
,
dst_key_alg
(
key
),
isc_result_totext
(
ret
));
dst_context_destroy
(
&
ctx
);
}
static
void
...
...
@@ -116,7 +135,7 @@ io(dns_name_t *name, int id, int alg, int type, isc_mem_t *mctx) {
printf
(
"write(%d) returned: %s
\n
"
,
alg
,
isc_result_totext
(
ret
));
if
(
ret
!=
0
)
return
;
use
(
key
);
use
(
key
,
mctx
);
dns
(
key
,
mctx
);
dst_key_free
(
&
key
);
}
...
...
@@ -192,7 +211,7 @@ generate(int alg, isc_mem_t *mctx) {
printf
(
"generate(%d) returned: %s
\n
"
,
alg
,
isc_result_totext
(
ret
));
if
(
alg
!=
DST_ALG_DH
)
use
(
key
);
use
(
key
,
mctx
);
dst_key_free
(
&
key
);
}
...
...
bin/tests/dst/t_dst.c
View file @
4fe87554
...
...
@@ -78,37 +78,68 @@ cleandir(char *path) {
}
static
void
use
(
dst_key_t
*
key
,
isc_result_t
exp_result
,
int
*
nfails
)
{
use
(
dst_key_t
*
key
,
isc_
mem_t
*
mctx
,
isc_
result_t
exp_result
,
int
*
nfails
)
{
isc_result_t
ret
;
const
char
*
data
=
"This is some data"
;
unsigned
char
sig
[
512
];
isc_buffer_t
databuf
,
sigbuf
;
isc_region_t
datareg
,
sigreg
;
dst_context_t
*
ctx
=
NULL
;
isc_buffer_init
(
&
sigbuf
,
sig
,
sizeof
(
sig
));
isc_buffer_init
(
&
databuf
,
data
,
strlen
(
data
));
isc_buffer_add
(
&
databuf
,
strlen
(
data
));
isc_buffer_usedregion
(
&
databuf
,
&
datareg
);
ret
=
dst_key_sign
(
DST_SIGMODE_ALL
,
key
,
NULL
,
&
datareg
,
&
sigbuf
);
ret
=
dst_context_create
(
key
,
mctx
,
&
ctx
);
if
(
ret
!=
ISC_R_SUCCESS
)
{
t_info
(
"dst_context_create(%d) returned (%s)
\n
"
,
dst_key_alg
(
key
),
dst_result_totext
(
ret
));
++*
nfails
;
return
;
}
ret
=
dst_context_adddata
(
ctx
,
&
datareg
);
if
(
ret
!=
ISC_R_SUCCESS
)
{
t_info
(
"dst_context_adddata(%d) returned (%s)
\n
"
,
dst_key_alg
(
key
),
dst_result_totext
(
ret
));
++*
nfails
;
return
;
}
ret
=
dst_context_sign
(
ctx
,
&
sigbuf
);
if
(
ret
!=
exp_result
)
{
t_info
(
"dst_sign(%d) returned (%s) expected (%s)
\n
"
,
t_info
(
"dst_
context_
sign(%d) returned (%s) expected (%s)
\n
"
,
dst_key_alg
(
key
),
dst_result_totext
(
ret
),
dst_result_totext
(
exp_result
));
++*
nfails
;
return
;
}
dst_context_destroy
(
&
ctx
);
isc_buffer_remainingregion
(
&
sigbuf
,
&
sigreg
);
ret
=
dst_key_verify
(
DST_SIGMODE_ALL
,
key
,
NULL
,
&
datareg
,
&
sigreg
);
ret
=
dst_context_create
(
key
,
mctx
,
&
ctx
);
if
(
ret
!=
ISC_R_SUCCESS
)
{
t_info
(
"dst_context_create(%d) returned (%s)
\n
"
,
dst_key_alg
(
key
),
dst_result_totext
(
ret
));
++*
nfails
;
return
;
}
ret
=
dst_context_adddata
(
ctx
,
&
datareg
);
if
(
ret
!=
ISC_R_SUCCESS
)
{
t_info
(
"dst_context_adddata(%d) returned (%s)
\n
"
,
dst_key_alg
(
key
),
dst_result_totext
(
ret
));
++*
nfails
;
return
;
}
ret
=
dst_context_verify
(
ctx
,
&
sigreg
);
if
(
ret
!=
exp_result
)
{
t_info
(
"dst_verify(%d) returned (%s) expected (%s)
\n
"
,
t_info
(
"dst_
context_
verify(%d) returned (%s) expected (%s)
\n
"
,
dst_key_alg
(
key
),
dst_result_totext
(
ret
),
dst_result_totext
(
exp_result
));
++*
nfails
;
return
;
}
dst_context_destroy
(
&
ctx
);
}
static
void
...
...
@@ -287,7 +318,7 @@ io(dns_name_t *name, int id, int alg, int type, isc_mem_t *mctx,
}
if
(
dst_key_alg
(
key
)
!=
DST_ALG_DH
)
use
(
key
,
exp_result
,
nfails
);
use
(
key
,
mctx
,
exp_result
,
nfails
);
if
(
chdir
(
current
))
{
t_info
(
"chdir failed %d
\n
"
,
errno
);
...
...
@@ -314,7 +345,7 @@ generate(int alg, isc_mem_t *mctx, int size, int *nfails) {
}
if
(
alg
!=
DST_ALG_DH
)
use
(
key
,
ISC_R_SUCCESS
,
nfails
);
use
(
key
,
mctx
,
ISC_R_SUCCESS
,
nfails
);
dst_key_free
(
&
key
);
}
...
...
@@ -618,6 +649,7 @@ t2_sigchk(char *datapath, char *sigpath, char *keyname,
dns_fixedname_t
fname
;
dns_name_t
*
name
;
isc_buffer_t
b
;
dst_context_t
*
ctx
=
NULL
;
/*
* Read data from file in a form usable by dst_verify.
...
...
@@ -686,7 +718,25 @@ t2_sigchk(char *datapath, char *sigpath, char *keyname,
memset
(
sig
,
0
,
sizeof
(
sig
));
isc_buffer_init
(
&
sigbuf
,
sig
,
sizeof
(
sig
));
isc_result
=
dst_sign
(
DST_SIGMODE_ALL
,
key
,
NULL
,
&
datareg
,
&
sigbuf
);
isc_result
=
dst_context_create
(
key
,
mctx
,
&
ctx
);
if
(
isc_result
!=
ISC_R_SUCCESS
)
{
t_info
(
"dst_context_create(%d) failed %s
\n
"
,
dst_result_totext
(
isc_result
));
(
void
)
free
(
data
);
dst_key_free
(
&
key
);
++*
nprobs
;
return
;
}
isc_result
=
dst_context_adddata
(
ctx
,
&
datareg
);
if
(
isc_result
!=
ISC_R_SUCCESS
)
{
t_info
(
"dst_context_adddata(%d) failed %s
\n
"
,
dst_result_totext
(
isc_result
));
(
void
)
free
(
data
);
dst_key_free
(
&
key
);
++*
nprobs
;
return
;
}
isc_result
=
dst_context_sign
(
ctx
,
&
sigbuf
);
if
(
isc_result
!=
ISC_R_SUCCESS
)
{
t_info
(
"dst_sign(%d) failed %s
\n
"
,
dst_result_totext
(
isc_result
));
...
...
@@ -695,6 +745,7 @@ t2_sigchk(char *datapath, char *sigpath, char *keyname,
++*
nprobs
;
return
;
}
dst_context_destroy
(
&
ctx
);
rval
=
sig_tofile
(
sigpath
,
&
sigbuf
);
if
(
rval
!=
0
)
{
...
...
@@ -731,18 +782,30 @@ t2_sigchk(char *datapath, char *sigpath, char *keyname,
if
(
strstr
(
expected_result
,
"!"
))
exp_res
=
1
;
isc_result
=
dst_key_verify
(
DST_SIGMODE_ALL
,
key
,
NULL
,
&
datareg
,
&
sigreg
);
isc_result
=
dst_context_create
(
key
,
mctx
,
&
ctx
);
if
(
isc_result
!=
ISC_R_SUCCESS
)
{
t_info
(
"dst_context_create returned %s
\n
"
,
isc_result_totext
(
isc_result
));
++*
nfails
;
}
isc_result
=
dst_context_adddata
(
ctx
,
&
datareg
);
if
(
isc_result
!=
ISC_R_SUCCESS
)
{
t_info
(
"dst_context_adddata returned %s
\n
"
,
isc_result_totext
(
isc_result
));
++*
nfails
;
}
isc_result
=
dst_context_verify
(
ctx
,
&
sigreg
);
if
(
((
exp_res
==
0
)
&&
(
isc_result
!=
ISC_R_SUCCESS
))
||
((
exp_res
!=
0
)
&&
(
isc_result
==
ISC_R_SUCCESS
)))
{
t_info
(
"dst_verify returned %s, expected %s
\n
"
,
t_info
(
"dst_
context_
verify returned %s, expected %s
\n
"
,
isc_result_totext
(
isc_result
),
expected_result
);
++*
nfails
;
}
(
void
)
free
(
data
);
dst_context_destroy
(
&
ctx
);
dst_key_free
(
&
key
);
return
;
}
...
...
lib/dns/dnssec.c
View file @
4fe87554
...
...
@@ -16,7 +16,7 @@
*/
/*
* $Id: dnssec.c,v 1.4
1 2000/06/01 18:25:29 tale
Exp $
* $Id: dnssec.c,v 1.4
2 2000/06/02 18:59:12 bwelling
Exp $
* Principal Author: Brian Wellington
*/
...
...
@@ -55,12 +55,6 @@
#define TYPE_SIGN 0
#define TYPE_VERIFY 1
typedef
struct
digestctx
{
dst_key_t
*
key
;
dst_context_t
context
;
isc_uint8_t
type
;
}
digestctx_t
;
static
isc_result_t
digest_callback
(
void
*
arg
,
isc_region_t
*
data
);
...
...
@@ -73,18 +67,9 @@ rdataset_to_sortedarray(dns_rdataset_t *set, isc_mem_t *mctx,
static
isc_result_t
digest_callback
(
void
*
arg
,
isc_region_t
*
data
)
{
digestctx_t
*
ctx
=
arg
;
isc_result_t
result
;
REQUIRE
(
ctx
->
type
==
TYPE_SIGN
||
ctx
->
type
==
TYPE_VERIFY
);
dst_context_t
*
ctx
=
arg
;
if
(
ctx
->
type
==
TYPE_SIGN
)
result
=
dst_key_sign
(
DST_SIGMODE_UPDATE
,
ctx
->
key
,
&
ctx
->
context
,
data
,
NULL
);
else
result
=
dst_key_verify
(
DST_SIGMODE_UPDATE
,
ctx
->
key
,
&
ctx
->
context
,
data
,
NULL
);
return
(
result
);
return
(
dst_context_adddata
(
ctx
,
data
));
}
/*
...
...
@@ -169,10 +154,9 @@ dns_dnssec_sign(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
int
nrdatas
,
i
;
isc_buffer_t
b
,
sigbuf
,
envbuf
;
isc_region_t
r
;
dst_context_t
ctx
=
NULL
;
dst_context_t
*
ctx
=
NULL
;
isc_result_t
ret
;
unsigned
char
data
[
300
];
digestctx_t
dctx
;
isc_uint32_t
flags
;
unsigned
int
sigsize
;
...
...
@@ -230,15 +214,17 @@ dns_dnssec_sign(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
isc_buffer_usedregion
(
&
b
,
&
r
);
ret
=
dst_context_create
(
key
,
mctx
,
&
ctx
);
if
(
ret
!=
ISC_R_SUCCESS
)
goto
cleanup_signature
;
/*
* Digest the SIG rdata.
*/
r
.
length
-=
sig
.
siglen
;
ret
=
dst_key_sign
(
DST_SIGMODE_INIT
|
DST_SIGMODE_UPDATE
,
key
,
&
ctx
,
&
r
,
NULL
);
ret
=
dst_context_adddata
(
ctx
,
&
r
);
if
(
ret
!=
ISC_R_SUCCESS
)
goto
cleanup_
signature
;
goto
cleanup_
context
;
dns_name_toregion
(
name
,
&
r
);
...
...
@@ -252,14 +238,9 @@ dns_dnssec_sign(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
isc_buffer_putuint16
(
&
envbuf
,
set
->
rdclass
);
isc_buffer_putuint32
(
&
envbuf
,
set
->
ttl
);
memset
(
&
dctx
,
0
,
sizeof
(
dctx
));
dctx
.
key
=
key
;
dctx
.
context
=
ctx
;
dctx
.
type
=
TYPE_SIGN
;
ret
=
rdataset_to_sortedarray
(
set
,
mctx
,
&
rdatas
,
&
nrdatas
);
if
(
ret
!=
ISC_R_SUCCESS
)
goto
cleanup_
signature
;
goto
cleanup_
context
;
isc_buffer_usedregion
(
&
envbuf
,
&
r
);
for
(
i
=
0
;
i
<
nrdatas
;
i
++
)
{
...
...
@@ -270,7 +251,7 @@ dns_dnssec_sign(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
/*
* Digest the envelope.
*/
ret
=
dst_
key_sign
(
DST_SIGMODE_UPDATE
,
key
,
&
ctx
,
&
r
,
NULL
);
ret
=
dst_
context_adddata
(
ctx
,
&
r
);
if
(
ret
!=
ISC_R_SUCCESS
)
goto
cleanup_array
;
...
...
@@ -281,20 +262,20 @@ dns_dnssec_sign(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
INSIST
(
rdatas
[
i
].
length
<
65536
);
isc_buffer_putuint16
(
&
lenbuf
,
(
isc_uint16_t
)
rdatas
[
i
].
length
);
isc_buffer_usedregion
(
&
lenbuf
,
&
lenr
);
ret
=
dst_
key_sign
(
DST_SIGMODE_UPDATE
,
key
,
&
ctx
,
&
lenr
,
NULL
);
ret
=
dst_
context_adddata
(
ctx
,
&
lenr
);
if
(
ret
!=
ISC_R_SUCCESS
)
goto
cleanup_array
;
/*
* Digest the rdata.
*/
ret
=
dns_rdata_digest
(
&
rdatas
[
i
],
digest_callback
,
&
d
ctx
);
ret
=
dns_rdata_digest
(
&
rdatas
[
i
],
digest_callback
,
ctx
);
if
(
ret
!=
ISC_R_SUCCESS
)
goto
cleanup_array
;
}
isc_buffer_init
(
&
sigbuf
,
sig
.
signature
,
sig
.
siglen
);
ret
=
dst_
key_sign
(
DST_SIGMODE_FINAL
,
key
,
&
ctx
,
NULL
,
&
sigbuf
);
ret
=
dst_
context_sign
(
ctx
,
&
sigbuf
);
if
(
ret
!=
ISC_R_SUCCESS
)
goto
cleanup_array
;
isc_buffer_usedregion
(
&
sigbuf
,
&
r
);
...
...
@@ -309,6 +290,8 @@ dns_dnssec_sign(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
cleanup_array:
isc_mem_put
(
mctx
,
rdatas
,
nrdatas
*
sizeof
(
dns_rdata_t
));
cleanup_context:
dst_context_destroy
(
&
ctx
);
cleanup_signature:
isc_mem_put
(
mctx
,
sig
.
signature
,
sig
.
siglen
);
...
...
@@ -329,8 +312,7 @@ dns_dnssec_verify(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
isc_stdtime_t
now
;
isc_result_t
ret
;
unsigned
char
data
[
300
];
dst_context_t
ctx
;
digestctx_t
dctx
;
dst_context_t
*
ctx
=
NULL
;
int
labels
;
isc_uint32_t
flags
;
...
...
@@ -372,8 +354,13 @@ dns_dnssec_verify(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
r
.
length
-=
sig
.
siglen
;
RUNTIME_CHECK
(
r
.
length
>=
19
);
ret
=
dst_key_verify
(
DST_SIGMODE_INIT
|
DST_SIGMODE_UPDATE
,
key
,
&
ctx
,
&
r
,
NULL
);
ret
=
dst_context_create
(
key
,
mctx
,
&
ctx
);
if
(
ret
!=
ISC_R_SUCCESS
)
goto
cleanup_struct
;
ret
=
dst_context_adddata
(
ctx
,
&
r
);
if
(
ret
!=
ISC_R_SUCCESS
)
goto
cleanup_struct
;
/*
* If the name is an expanded wildcard, use the wildcard name.
...
...
@@ -404,14 +391,10 @@ dns_dnssec_verify(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
isc_buffer_putuint16
(
&
envbuf
,
set
->
rdclass
);
isc_buffer_putuint32
(
&
envbuf
,
sig
.
originalttl
);
memset
(
&
dctx
,
0
,
sizeof
(
dctx
));
dctx
.
key
=
key
;
dctx
.
context
=
ctx
;
dctx
.
type
=
TYPE_VERIFY
;
ret
=
rdataset_to_sortedarray
(
set
,
mctx
,
&
rdatas
,
&
nrdatas
);
if
(
ret
!=
ISC_R_SUCCESS
)
goto
cleanup_struct
;
goto
cleanup_context
;
isc_buffer_usedregion
(
&
envbuf
,
&
r
);
for
(
i
=
0
;
i
<
nrdatas
;
i
++
)
{
...
...
@@ -422,7 +405,7 @@ dns_dnssec_verify(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
/*
* Digest the envelope.
*/
ret
=
dst_
key_verify
(
DST_SIGMODE_UPDATE
,
key
,
&
ctx
,
&
r
,
NULL
);
ret
=
dst_
context_adddata
(
ctx
,
&
r
);
if
(
ret
!=
ISC_R_SUCCESS
)
goto
cleanup_array
;
...
...
@@ -437,23 +420,24 @@ dns_dnssec_verify(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
/*
* Digest the rdata.
*/
ret
=
dst_key_verify
(
DST_SIGMODE_UPDATE
,
key
,
&
ctx
,
&
lenr
,
NULL
);
ret
=
dst_context_adddata
(
ctx
,
&
lenr
);
if
(
ret
!=
ISC_R_SUCCESS
)
goto
cleanup_array
;
ret
=
dns_rdata_digest
(
&
rdatas
[
i
],
digest_callback
,
&
d
ctx
);
ret
=
dns_rdata_digest
(
&
rdatas
[
i
],
digest_callback
,
ctx
);
if
(
ret
!=
ISC_R_SUCCESS
)
goto
cleanup_array
;
}
r
.
base
=
sig
.
signature
;
r
.
length
=
sig
.
siglen
;
ret
=
dst_
key_verify
(
DST_SIGMODE_FINAL
,
key
,
&
ctx
,
NULL
,
&
r
);
if
(
ret
==
DST_R_VERIFYF
INALF
AILURE
)
ret
=
dst_
context_verify
(
ctx
,
&
r
);
if
(
ret
==
DST_R_VERIFYFAILURE
)
ret
=
DNS_R_SIGINVALID
;
cleanup_array:
isc_mem_put
(
mctx
,
rdatas
,
nrdatas
*
sizeof
(
dns_rdata_t
));
cleanup_context:
dst_context_destroy
(
&
ctx
);
cleanup_struct:
dns_rdata_freestruct
(
&
sig
);
...
...
@@ -534,7 +518,7 @@ dns_dnssec_signmessage(dns_message_t *msg, dst_key_t *key) {
dns_rdataset_t
*
dataset
;
isc_region_t
r
;
isc_stdtime_t
now
;
dst_context_t
ctx
;
dst_context_t
*
ctx
=
NULL
;
isc_mem_t
*
mctx
;
isc_result_t
result
;
isc_boolean_t
signeedsfree
=
ISC_TRUE
;
...
...
@@ -573,11 +557,10 @@ dns_dnssec_signmessage(dns_message_t *msg, dst_key_t *key) {
isc_buffer_init
(
&
databuf
,
data
,
sizeof
(
data
));
RETERR
(
dst_
key_sign
(
DST_SIGMODE_INIT
,
key
,
&
ctx
,
NULL
,
NULL
));
RETERR
(
dst_
context_create
(
key
,
mctx
,
&
ctx
));
if
(
is_response
(
msg
))
RETERR
(
dst_key_sign
(
DST_SIGMODE_UPDATE
,
key
,
&
ctx
,
msg
->
query
,
NULL
));
RETERR
(
dst_context_adddata
(
ctx
,
msg
->
query
));
/*
* Digest the header.
...
...
@@ -585,14 +568,14 @@ dns_dnssec_signmessage(dns_message_t *msg, dst_key_t *key) {
isc_buffer_init
(
&
headerbuf
,
header
,
sizeof
(
header
));
dns_message_renderheader
(
msg
,
&
headerbuf
);
isc_buffer_usedregion
(
&
headerbuf
,
&
r
);
RETERR
(
dst_
key_sign
(
DST_SIGMODE_UPDATE
,
key
,
&
ctx
,
&
r
,
NULL
));
RETERR
(
dst_
context_adddata
(
ctx
,
&
r
));
/*
* Digest the remainder of the message.
*/
isc_buffer_usedregion
(
msg
->
buffer
,
&
r
);
isc_region_consume
(
&
r
,
DNS_MESSAGE_HEADERLEN
);
RETERR
(
dst_
key_sign
(
DST_SIGMODE_UPDATE
,
key
,
&
ctx
,
&
r
,
NULL
));
RETERR
(
dst_
context_adddata
(
ctx
,
&
r
));
/*
* Digest the fields of the SIG - we can cheat and use
...
...
@@ -603,7 +586,7 @@ dns_dnssec_signmessage(dns_message_t *msg, dst_key_t *key) {
dns_rdatatype_sig
,
&
sig
,
&
databuf
));
isc_buffer_usedregion
(
&
databuf
,
&
r
);
r
.
length
-=
2
;
RETERR
(
dst_
key_sign
(
DST_SIGMODE_UPDATE
,
key
,
&
ctx
,
&
r
,
NULL
));
RETERR
(
dst_
context_adddata
(
ctx
,
&
r
));
RETERR
(
dst_key_sigsize
(
key
,
&
sigsize
));
sig
.
siglen
=
sigsize
;
...
...
@@ -614,7 +597,7 @@ dns_dnssec_signmessage(dns_message_t *msg, dst_key_t *key) {
}
isc_buffer_init
(
&
sigbuf
,
sig
.
signature
,
sig
.
siglen
);
RETERR
(
dst_
key_sign
(
DST_SIGMODE_FINAL
,
key
,
&
ctx
,
NULL
,
&
sigbuf
));
RETERR
(
dst_
context_sign
(
ctx
,
&
sigbuf
));
rdata
=
NULL
;
RETERR
(
dns_message_gettemprdata
(
msg
,
&
rdata
));
...
...
@@ -649,6 +632,8 @@ failure:
isc_buffer_free
(
&
dynbuf
);
if
(
signeedsfree
)
isc_mem_put
(
mctx
,
sig
.
signature
,
sig
.
siglen
);
if
(
ctx
!=
NULL
)
dst_context_destroy
(
&
ctx
);
return
(
result
);
}
...
...
@@ -663,7 +648,7 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg,
dns_name_t
tname
;
isc_region_t
r
,
r2
,
source_r
,
sig_r
,
header_r
;
isc_stdtime_t
now
;
dst_context_t
ctx
;
dst_context_t
*
ctx
=
NULL
;
isc_mem_t
*
mctx
;
isc_result_t
result
;
isc_uint16_t
addcount
;
...
...
@@ -707,14 +692,13 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg,
/* XXXBEW ensure that sig.signer refers to this key */
RETERR
(
dst_
key_verify
(
DST_SIGMODE_INIT
,
key
,
&
ctx
,
NULL
,
NULL
));
RETERR
(
dst_
context_create
(
key
,
mctx
,
&
ctx
));
/*
* If this is a response, digest the query.
*/
if
(
is_response
(
msg
))
RETERR
(
dst_key_verify
(
DST_SIGMODE_UPDATE
,
key
,
&
ctx
,
msg
->
query
,
NULL
));
RETERR
(
dst_context_adddata
(
ctx
,
msg
->
query
));
/*
* Extract the header.
...
...
@@ -733,14 +717,14 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg,
*/
header_r
.
base
=
(
unsigned
char
*
)
header
;
header_r
.
length
=
DNS_MESSAGE_HEADERLEN
;
RETERR
(
dst_
key_verify
(
DST_SIGMODE_UPDATE
,
key
,
&
ctx
,
&
header_r
,
NULL
));
RETERR
(
dst_
context_adddata
(
ctx
,
&
header_r
));
/*
* Digest all non-SIG(0) records.
*/
r
.
base
=
source_r
.
base
+
DNS_MESSAGE_HEADERLEN
;
r
.
length
=
msg
->
sigstart
-
DNS_MESSAGE_HEADERLEN
;
RETERR
(
dst_
key_verify
(
DST_SIGMODE_UPDATE
,
key
,
&
ctx
,
&
r
,
NULL
));
RETERR
(
dst_
context_adddata
(
ctx
,
&
r
));
/*
* Digest the SIG(0) record . Find the start of the record, skip
...
...
@@ -754,11 +738,11 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg,
dns_name_toregion
(
&
tname
,
&
r2
);
isc_region_consume
(
&
r
,
r2
.
length
+
10
);
r
.
length
-=
(
sig
.
siglen
+
2
);
RETERR
(
dst_
key_verify
(
DST_SIGMODE_UPDATE
,
key
,
&
ctx
,
&
r
,
NULL
));
RETERR
(
dst_
context_adddata
(
ctx
,
&
r
));
sig_r
.
base
=
sig
.
signature
;
sig_r
.
length
=
sig
.
siglen
;
result
=
dst_
key_verify
(
DST_SIGMODE_FINAL
,
key
,
&
ctx
,
NULL
,
&
sig_r
);
result
=
dst_
context_verify
(
ctx
,
&
sig_r
);
if
(
result
!=
ISC_R_SUCCESS
)
{
msg
->
sig0status
=
dns_tsigerror_badsig
;
goto
failure
;
...
...
@@ -773,6 +757,8 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg,
failure:
if
(
signeedsfree
)
dns_rdata_freestruct
(
&
sig
);
if
(
ctx
!=
NULL
)
dst_context_destroy
(
&
ctx
);
return
(
result
);
}
lib/dns/include/dns/message.h
View file @
4fe87554
...
...
@@ -201,7 +201,7 @@ struct dns_message {
dns_name_t
*
tsigname
;
dns_rdataset_t
*
querytsig
;
dns_tsigkey_t
*
tsigkey
;
void
*
tsigctx
;
dst_context_t
*
tsigctx
;
int
sigstart
;
dns_name_t
*
sig0name
;
...
...
lib/dns/tkey.c
View file @
4fe87554
...
...
@@ -16,7 +16,7 @@
*/
/*
* $Id: tkey.c,v 1.4
1 2000/05/30 22:28:37
bwelling Exp $
* $Id: tkey.c,v 1.4
2 2000/06/02 18:59:14
bwelling Exp $
* Principal Author: Brian Wellington
*/
...
...
@@ -148,9 +148,10 @@ add_rdata_to_list(dns_message_t *msg, dns_name_t *name, dns_rdata_t *rdata,
static
isc_result_t
compute_secret
(
isc_buffer_t
*
shared
,
isc_region_t
*
queryrandomness
,
isc_region_t
*
serverrandomness
,
isc_buffer_t
*
secret
)
isc_region_t
*
serverrandomness
,
isc_mem_t
*
mctx
,
isc_buffer_t
*
secret
)
{
dst_context_t
ctx
;
dst_context_t
*
ctx
=
NULL
;
isc_result_t
result
;
isc_region_t
r
,
r2
;
char
digests
[
32
];
...
...
@@ -163,26 +164,20 @@ compute_secret(isc_buffer_t *shared, isc_region_t *queryrandomness,
/*
* MD5 ( query data | DH value ).
*/
RETERR
(
dst_key_digest
(
DST_SIGMODE_INIT
,
DST_DIGEST_MD5
,
&
ctx
,
NULL
,
NULL
));
RETERR
(
dst_key_digest
(
DST_SIGMODE_UPDATE
,
DST_DIGEST_MD5
,
&
ctx
,
queryrandomness
,
NULL
));
RETERR
(
dst_key_digest
(
DST_SIGMODE_UPDATE
,
DST_DIGEST_MD5
,
&
ctx
,
&
r
,
NULL
));
RETERR
(
dst_key_digest
(
DST_SIGMODE_FINAL
,
DST_DIGEST_MD5
,
&
ctx
,
NULL
,
&
b
));
RETERR
(
dst_context_create
(
DST_KEY_MD5
,
mctx
,
&
ctx
));
RETERR
(
dst_context_adddata
(
ctx
,
queryrandomness
));
RETERR
(
dst_context_adddata
(
ctx
,
&
r
));
RETERR
(
dst_context_digest
(
ctx
,
&
b
));
dst_context_destroy
(
&
ctx
);