Commit 9e39bafd authored by Mark Andrews's avatar Mark Andrews
Browse files

adjust SIT computation

parent 02a5e3ed
--- 9.10.0b1 released ---
3755. [func] Add stats counters for known EDNS options + others.
[RT #35447]
--- 9.10.0b1 released ---
3754. [cleanup] win32: Installer now places files in the
Program Files area rather than system services.
[RT #35361]
......
......@@ -2073,7 +2073,7 @@ static void
compute_cookie(unsigned char *cookie, size_t len) {
/* XXXMPA need to fix, should be per server. */
INSIST(len >= 8U);
memcpy(cookie, cookie_secret, 8);
memmove(cookie, cookie_secret, 8);
}
#endif
......
......@@ -1560,29 +1560,25 @@ compute_sit(ns_client_t *client, isc_uint32_t when, isc_uint32_t nonce,
isc_buffer_putmem(buf, client->cookie, 8);
isc_buffer_putuint32(buf, nonce);
isc_buffer_putuint32(buf, when);
memcpy(input, cp, 8);
memmove(input, cp, 16);
isc_aes128_crypt(ns_g_server->secret, input, digest);
for (i = 0; i < 8; i++)
input[i] = digest[i] ^ digest[i + 8];
isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
switch (netaddr.family) {
case AF_INET:
memcpy(input + 8, (unsigned char *)&netaddr.type.in, 4);
memmove(input + 8, (unsigned char *)&netaddr.type.in, 4);
memset(input + 12, 0, 4);
isc_aes128_crypt(ns_g_server->secret, input, digest);
break;
case AF_INET6:
memcpy(input + 8, (unsigned char *)&netaddr.type.in6, 16);
memmove(input + 8, (unsigned char *)&netaddr.type.in6, 16);
isc_aes128_crypt(ns_g_server->secret, input, digest);
for (i = 0; i < 8; i++)
input[i + 8] = digest[i] ^ digest[i + 8];
isc_aes128_crypt(ns_g_server->secret, input + 8, digest);
break;
default:
isc_aes128_crypt(ns_g_server->secret, input, digest);
break;
}
memcpy(input, client->cookie, 8);
for (i = 0; i < 8; i++)
input[i + 8] = digest[i] ^ digest[i + 8];
isc_aes128_crypt(ns_g_server->secret, input, digest);
for (i = 0; i < 8; i++)
digest[i] ^= digest[i + 8];
isc_buffer_putmem(buf, digest, 8);
......@@ -1601,7 +1597,7 @@ compute_sit(ns_client_t *client, isc_uint32_t when, isc_uint32_t nonce,
isc_hmacsha1_init(&hmacsha1,
ns_g_server->secret,
ISC_SHA1_DIGESTLENGTH);
isc_hmacsha1_update(&hmacsha1, cp, 8);
isc_hmacsha1_update(&hmacsha1, cp, 16);
isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
switch (netaddr.family) {
case AF_INET:
......@@ -1632,7 +1628,7 @@ compute_sit(ns_client_t *client, isc_uint32_t when, isc_uint32_t nonce,
isc_hmacsha256_init(&hmacsha256,
ns_g_server->secret,
ISC_SHA256_DIGESTLENGTH);
isc_hmacsha256_update(&hmacsha256, cp, 8);
isc_hmacsha256_update(&hmacsha256, cp, 16);
isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
switch (netaddr.family) {
case AF_INET:
......@@ -1671,7 +1667,7 @@ process_sit(ns_client_t *client, isc_buffer_t *buf, size_t optlen) {
* Not our token.
*/
if (optlen >= 8U)
memcpy(client->cookie, isc_buffer_current(buf), 8);
memmove(client->cookie, isc_buffer_current(buf), 8);
else
memset(client->cookie, 0, 8);
isc_buffer_forward(buf, (unsigned int)optlen);
......@@ -1689,7 +1685,7 @@ process_sit(ns_client_t *client, isc_buffer_t *buf, size_t optlen) {
* Process all of the incoming buffer.
*/
old = isc_buffer_current(buf);
memcpy(client->cookie, old, 8);
memmove(client->cookie, old, 8);
isc_buffer_forward(buf, 8);
nonce = isc_buffer_getuint32(buf);
when = isc_buffer_getuint32(buf);
......
......@@ -4286,7 +4286,7 @@ dns_adb_setsit(dns_adb_t *adb, dns_adbaddrinfo_t *addr,
}
if (addr->entry->sit != NULL)
memcpy(addr->entry->sit, sit, len);
memmove(addr->entry->sit, sit, len);
UNLOCK(&adb->entrylocks[bucket]);
}
......@@ -4304,7 +4304,7 @@ dns_adb_getsit(dns_adb_t *adb, dns_adbaddrinfo_t *addr,
if (sit != NULL && addr->entry->sit != NULL &&
len >= addr->entry->sitlen)
{
memcpy(sit, addr->entry->sit, addr->entry->sitlen);
memmove(sit, addr->entry->sit, addr->entry->sitlen);
len = addr->entry->sitlen;
} else
len = 0;
......
......@@ -1753,17 +1753,17 @@ compute_cc(resquery_t *query, unsigned char *sit, size_t len) {
isc_netaddr_fromsockaddr(&netaddr, &query->addrinfo->sockaddr);
switch (netaddr.family) {
case AF_INET:
memcpy(input, (unsigned char *)&netaddr.type.in, 4);
memmove(input, (unsigned char *)&netaddr.type.in, 4);
memset(input + 4, 0, 12);
break;
case AF_INET6:
memcpy(input, (unsigned char *)&netaddr.type.in6, 16);
memmove(input, (unsigned char *)&netaddr.type.in6, 16);
break;
}
isc_aes128_crypt(query->fctx->res->view->secret, input, digest);
for (i = 0; i < 8; i++)
digest[i] ^= digest[i + 8];
memcpy(sit, digest, 8);
memmove(sit, digest, 8);
#endif
#ifdef HMAC_SHA1_SIT
unsigned char digest[ISC_SHA1_DIGESTLENGTH];
......@@ -1786,7 +1786,7 @@ compute_cc(resquery_t *query, unsigned char *sit, size_t len) {
break;
}
isc_hmacsha1_sign(&hmacsha1, digest, sizeof(digest));
memcpy(sit, digest, 8);
memmove(sit, digest, 8);
isc_hmacsha1_invalidate(&hmacsha1);
#endif
#ifdef HMAC_SHA256_SIT
......@@ -1810,7 +1810,7 @@ compute_cc(resquery_t *query, unsigned char *sit, size_t len) {
break;
}
isc_hmacsha256_sign(&hmacsha256, digest, sizeof(digest));
memcpy(sit, digest, 8);
memmove(sit, digest, 8);
isc_hmacsha256_invalidate(&hmacsha256);
#endif
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment