separated BIND specific configuration code from rest

of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library

separated BIND specific configuration code from rest
of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library
f93d33e2 · Andreas Gustafsson · c9939598 · f93d33e2 · f93d33e2 · f93d33e2
Commit f93d33e2 authored Jan 24, 2000 by Andreas Gustafsson
17 changed files
--- a/bin/named/include/named/tkeyconf.h
+++ b/bin/named/include/named/tkeyconf.h
+/*
+ * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+#ifndef DNS_TKEYCONF_H
+#define DNS_TKEYCONF_H 1
+
+#include <isc/types.h>
+#include <isc/lang.h>
+
+#include <dns/tkey.h>
+#include <dns/confctx.h>
+
+ISC_LANG_BEGINDECLS
+
+isc_result_t
+dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx, dns_tkey_ctx_t **tctxp);
+/*
+ * 	Create a TKEY context and configure it, including the default DH key
+ *	and default domain, according to 'cfg'.
+ *
+ *	Requires:
+ *		'cfg' is a valid configuration context.
+ *		'mctx' is not NULL
+ *		'tctx' is not NULL
+ *		'*tctx' is NULL
+ *
+ *	Returns:
+ *		ISC_R_SUCCESS
+ *		ISC_R_NOMEMORY
+ */
+ 
+ISC_LANG_ENDDECLS
+
+#endif /* DNS_TKEYCONF_H */
--- a/bin/named/include/named/tsigconf.h
+++ b/bin/named/include/named/tsigconf.h
+/*
+ * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+#ifndef DNS_TSIGCONF_H
+#define DNS_TSIGCONF_H 1
+
+#include <isc/types.h>
+#include <isc/lang.h>
+
+#include <dns/tsig.h>
+#include <dns/confctx.h>
+
+ISC_LANG_BEGINDECLS
+
+isc_result_t
+dns_tsigkeyring_fromconfig(dns_c_ctx_t *confctx, isc_mem_t *mctx,
+			   dns_tsig_keyring_t **ring);
+/*
+ * Create a TSIG key ring and configure it according to 'confctx'.
+ *
+ *	Requires:
+ *		'confctx' is a valid configuration context.
+ *		'mctx' is not NULL
+ *		'ring' is not NULL, and '*ring' is NULL
+ *
+ *	Returns:
+ *		ISC_R_SUCCESS
+ *		ISC_R_NOMEMORY
+ */
+ 
+ISC_LANG_ENDDECLS
+
+#endif /* DNS_TSIGCONF_H */
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -47,8 +47,8 @@
 #include <dns/rdata.h>
 #include <dns/result.h>
 #include <dns/rootns.h>
-#include <dns/tkey.h>
-#include <dns/tsig.h>
+#include <dns/tkeyconf.h>
+#include <dns/tsigconf.h>
 #include <dns/types.h>
 #include <dns/view.h>
 #include <dns/zone.h>
@@ -156,7 +156,7 @@ configure_view(dns_view_t *view, dns_c_ctx_t *cctx, isc_mem_t *mctx)
 	 * Configure the view's TSIG keys.
 	 */
 	ring = NULL;
-	CHECK(dns_tsig_init(cctx, view->mctx, &ring));
+	CHECK(dns_tsigkeyring_fromconfig(cctx, view->mctx, &ring));
 	dns_view_setkeyring(view, ring);

 cleanup:
@@ -564,8 +564,8 @@ load_configuration(const char *filename, ns_server_t *server) {
 	 * Load the TKEY information from the configuration
 	 */
 	if (ns_g_tkeyctx != NULL)
-		dns_tkey_destroy(&ns_g_tkeyctx);
-	CHECKM(dns_tkey_init(configctx, ns_g_mctx, &ns_g_tkeyctx),
+		dns_tkeyctx_destroy(&ns_g_tkeyctx);
+	CHECKM(dns_tkeyctx_fromconfig(configctx, ns_g_mctx, &ns_g_tkeyctx),
 	       "setting up TKEY");
 	/*
 	 * Rescan the interface list to pick up changes in the
@@ -667,7 +667,7 @@ shutdown_server(isc_task_t *task, isc_event_t *event) {

 	RWUNLOCK(&server->viewlock, isc_rwlocktype_write);

-	dns_tkey_destroy(&ns_g_tkeyctx);
+	dns_tkeyctx_destroy(&ns_g_tkeyctx);

 	ns_clientmgr_destroy(&server->clientmgr);
 	ns_interfacemgr_shutdown(server->interfacemgr);

--- a/bin/named/tkeyconf.c
+++ b/bin/named/tkeyconf.c
+/*
+ * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <isc/base64.h>
+#include <isc/lex.h>
+
+#include <dns/confctx.h>
+#include <dns/confkeys.h>
+#include <dns/keyvalues.h>
+#include <dns/name.h>
+#include <dns/tkeyconf.h>
+
+#define RETERR(x) do { \
+	result = (x); \
+	if (result != ISC_R_SUCCESS) \
+		goto failure; \
+	} while (0)
+
+
+isc_result_t
+dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx,
+		       dns_tkey_ctx_t **tctxp)
+{
+	isc_result_t result;
+	dns_tkey_ctx_t *tctx = NULL;
+	char *s;
+	int n;
+	isc_buffer_t b, namebuf;
+	unsigned char data[1024];
+	dns_name_t domain;
+
+	result = dns_tkeyctx_create(mctx, &tctx);
+	if (result != ISC_R_SUCCESS)
+		return (result);
+
+	s = NULL;
+	result = dns_c_ctx_gettkeydhkey(cfg, &s, &n);
+	if (result == ISC_R_NOTFOUND)
+		return (ISC_R_SUCCESS);
+	RETERR(dst_key_fromfile(s, n, DNS_KEYALG_DH,
+				DST_TYPE_PUBLIC|DST_TYPE_PRIVATE,
+				mctx, &tctx->dhkey));
+	s = NULL;
+	RETERR(dns_c_ctx_gettkeydomain(cfg, &s));
+	dns_name_init(&domain, NULL);
+	tctx->domain = (dns_name_t *) isc_mem_get(mctx, sizeof(dns_name_t));
+	if (tctx->domain == NULL)
+		return (ISC_R_NOMEMORY);
+	dns_name_init(tctx->domain, NULL);
+	isc_buffer_init(&b, s, strlen(s), ISC_BUFFERTYPE_TEXT);
+	isc_buffer_add(&b, strlen(s));
+	isc_buffer_init(&namebuf, data, sizeof(data), ISC_BUFFERTYPE_BINARY);
+	RETERR(dns_name_fromtext(&domain, &b, dns_rootname, ISC_FALSE,
+				 &namebuf));
+	RETERR(dns_name_dup(&domain, mctx, tctx->domain));
+
+	*tctxp = tctx;
+	return (ISC_R_SUCCESS);
+
+ failure:
+	if (tctx->dhkey != NULL) {
+		dst_key_free(tctx->dhkey);
+		tctx->dhkey = NULL;
+	}
+	if (tctx->domain != NULL) {
+		dns_name_free(tctx->domain, mctx);
+		isc_mem_put(mctx, tctx->domain, sizeof(dns_name_t));
+		tctx->domain = NULL;
+	}
+	dns_tkeyctx_destroy(&tctx);
+	return (result);
+}
+
--- a/bin/named/tsigconf.c
+++ b/bin/named/tsigconf.c
+/*
+ * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <isc/base64.h>
+#include <isc/lex.h>
+
+#include <dns/confctx.h>
+#include <dns/confkeys.h>
+#include <dns/name.h>
+#include <dns/tsigconf.h>
+
+static isc_result_t
+add_initial_keys(dns_c_kdeflist_t *list, dns_tsig_keyring_t *ring,
+		 isc_mem_t *mctx)
+{
+	isc_lex_t *lex = NULL;
+	dns_c_kdef_t *key;
+	unsigned char *secret = NULL;
+	int secretalloc = 0;
+	int secretlen = 0;
+	isc_result_t ret;
+
+	key = ISC_LIST_HEAD(list->keydefs);
+	while (key != NULL) {
+		dns_name_t keyname;
+		dns_name_t alg;
+		char keynamedata[1024], algdata[1024];
+		isc_buffer_t keynamesrc, keynamebuf, algsrc, algbuf;
+		isc_buffer_t secretsrc, secretbuf;
+
+		dns_name_init(&keyname, NULL);
+		dns_name_init(&alg, NULL);
+
+		/* Create the key name */
+		isc_buffer_init(&keynamesrc, key->keyid, strlen(key->keyid),
+				ISC_BUFFERTYPE_TEXT);
+		isc_buffer_add(&keynamesrc, strlen(key->keyid));
+		isc_buffer_init(&keynamebuf, keynamedata, sizeof(keynamedata),
+				ISC_BUFFERTYPE_BINARY);
+		ret = dns_name_fromtext(&keyname, &keynamesrc, dns_rootname,
+					ISC_TRUE, &keynamebuf);
+		if (ret != ISC_R_SUCCESS)
+			goto failure;
+
+		/* Create the algorithm */
+		if (strcasecmp(key->algorithm, "hmac-md5") == 0)
+			alg = *dns_tsig_hmacmd5_name;
+		else {
+			isc_buffer_init(&algsrc, key->algorithm,
+					strlen(key->algorithm),
+					ISC_BUFFERTYPE_TEXT);
+			isc_buffer_add(&algsrc, strlen(key->algorithm));
+			isc_buffer_init(&algbuf, algdata, sizeof(algdata),
+					ISC_BUFFERTYPE_BINARY);
+			ret = dns_name_fromtext(&alg, &algsrc, dns_rootname,
+						ISC_TRUE, &algbuf);
+			if (ret != ISC_R_SUCCESS)
+				goto failure;
+		}
+
+		if (strlen(key->secret) % 4 != 0) {
+			ret = ISC_R_BADBASE64;
+			goto failure;
+		}
+		secretalloc = secretlen = strlen(key->secret) * 3 / 4;
+		secret = isc_mem_get(mctx, secretlen);
+		if (secret == NULL) {
+			ret = ISC_R_NOMEMORY;
+			goto failure;
+		}
+		isc_buffer_init(&secretsrc, key->secret, strlen(key->secret),
+				ISC_BUFFERTYPE_TEXT);
+		isc_buffer_add(&secretsrc, strlen(key->secret));
+		isc_buffer_init(&secretbuf, secret, secretlen,
+				ISC_BUFFERTYPE_BINARY);
+		ret = isc_lex_create(mctx, strlen(key->secret), &lex);
+		if (ret != ISC_R_SUCCESS)
+			goto failure;
+		ret = isc_lex_openbuffer(lex, &secretsrc);
+		if (ret != ISC_R_SUCCESS)
+			goto failure;
+		ret = isc_base64_tobuffer(lex, &secretbuf, -1);
+		if (ret != ISC_R_SUCCESS)
+			goto failure;
+		secretlen = ISC_BUFFER_USEDCOUNT(&secretbuf);
+		isc_lex_close(lex);
+		isc_lex_destroy(&lex);
+
+		ret = dns_tsigkey_create(&keyname, &alg, secret, secretlen,
+					 ISC_FALSE, NULL, mctx, ring, NULL);
+		isc_mem_put(mctx, secret, secretalloc);
+		secret = NULL;
+		if (ret != ISC_R_SUCCESS)
+			goto failure;
+		key = ISC_LIST_NEXT(key, next);
+	}
+	return (ISC_R_SUCCESS);
+
+ failure:
+	if (lex != NULL)
+		isc_lex_destroy(&lex);
+	if (secret != NULL)
+		isc_mem_put(mctx, secret, secretlen);
+	return (ret);
+
+}
+
+isc_result_t
+dns_tsigkeyring_fromconfig(dns_c_ctx_t *confctx, isc_mem_t *mctx,
+			   dns_tsig_keyring_t **ringp)
+{
+	dns_c_kdeflist_t *keylist = NULL;
+	dns_tsig_keyring_t *ring = NULL;
+	isc_result_t result;
+
+	result = dns_tsigkeyring_create(mctx, &ring);
+	if (result != ISC_R_SUCCESS)
+		return (result);
+	
+	result = dns_c_ctx_getkdeflist(confctx, &keylist);
+	if (result == ISC_R_SUCCESS)
+		result = add_initial_keys(keylist, ring, mctx);
+	else if (result == ISC_R_NOTFOUND)
+		result = ISC_R_SUCCESS;
+	if (result != ISC_R_SUCCESS)
+		goto failure;
+
+	*ringp = ring;
+	return (ISC_R_SUCCESS);
+
+ failure:
+	dns_tsigkeyring_destroy(&ring);
+	return (result);
+}
--- a/bin/tests/tkey_test.c
+++ b/bin/tests/tkey_test.c
@@ -320,8 +320,8 @@ main(int argc, char *argv[]) {

 	RUNTIME_CHECK(isc_log_create(mctx, &log) == ISC_R_SUCCESS);
 	ring = NULL;
-	RUNTIME_CHECK(dns_tsig_init(NULL, mctx, &ring) == ISC_R_SUCCESS);
-	RUNTIME_CHECK(dns_tkey_init(NULL, mctx, &tctx) == ISC_R_SUCCESS);
+	RUNTIME_CHECK(dns_tsigkeyring_create(mctx, &ring) == ISC_R_SUCCESS);
+	RUNTIME_CHECK(dns_tkeyctx_create(mctx, &tctx) == ISC_R_SUCCESS);

 	argc -= isc_commandline_index;
 	argv += isc_commandline_index;
@@ -362,8 +362,8 @@ main(int argc, char *argv[]) {
 	isc_socketmgr_destroy(&socketmgr);
 	isc_timermgr_destroy(&timermgr);

-	dns_tsig_destroy(&ring);
-	dns_tkey_destroy(&tctx);
+	dns_tsigkeyring_destroy(&ring);
+	dns_tkeyctx_destroy(&tctx);
 	if (verbose)
 		isc_mem_stats(mctx, stdout);
 	isc_mem_destroy(&mctx);

--- a/lib/dns/Makefile.in
+++ b/lib/dns/Makefile.in
@@ -123,7 +123,8 @@ OBJS =		a6.@O@ acl.@O@ aclconf.@O@ adb.@O@ byaddr.@O@ \
 		rbt.@O@ rbtdb.@O@ rbtdb64.@O@ rdata.@O@ rdatalist.@O@ \
 		rdataset.@O@ rdatasetiter.@O@ rdataslab.@O@ resolver.@O@ \
 		result.@O@ rootns.@O@ \
-		tcpmsg.@O@ time.@O@ tkey.@O@ tsig.@O@ ttl.@O@ \
+		tcpmsg.@O@ time.@O@ tkey.@O@ tkeyconf.@O@ \
+		tsig.@O@ tsigconf.@O@ ttl.@O@ \
 		version.@O@ view.@O@ xfrin.@O@ zone.@O@ zoneconf.@O@ zt.@O@ \
 		${DSTOBJS} ${OPENSSLOBJS} ${DNSSAFEOBJS} ${CONFOBJS}

@@ -137,7 +138,8 @@ SRCS =		a6.c acl.c aclconf.c adb.c byaddr.c \
 		rbt.c rbtdb.c rbtdb64.c rdata.c rdatalist.c \
 		rdataset.c rdatasetiter.c rdataslab.c resolver.c \
 		result.c rootns.c \
-		tcpmsg.c time.c tkey.c tsig.c ttl.c \
+		tcpmsg.c time.c tkey.c tkeyconf.c \
+		tsig.c tsigconf.c ttl.c \
 		version.c view.c xfrin.c zone.c zoneconf.c zt.c

 SUBDIRS =	include sec config

--- a/lib/dns/include/dns/tkey.h
+++ b/lib/dns/include/dns/tkey.h
@@ -18,12 +18,11 @@
 #ifndef DNS_TKEY_H
 #define DNS_TKEY_H 1

-#include <isc/mem.h>
+#include <isc/types.h>
 #include <isc/lang.h>

 #include <dns/types.h>
 #include <dns/name.h>
-#include <dns/confctx.h>

 #include <dst/dst.h>

@@ -43,10 +42,9 @@ struct dns_tkey_ctx {
 };

 isc_result_t
-dns_tkey_init(dns_c_ctx_t *cfg, isc_mem_t *mctx, dns_tkey_ctx_t **tctx);
+dns_tkeyctx_create(isc_mem_t *mctx, dns_tkey_ctx_t **tctx);
 /*
- *	Obtains TKEY configuration information, including default DH key
- *	and default domain from the configuration, if it's not NULL.
+ *	Create an empty TKEY context.
 *
 * 	Requires:
 *		'mctx' is not NULL
@@ -60,7 +58,7 @@ dns_tkey_init(dns_c_ctx_t *cfg, isc_mem_t *mctx, dns_tkey_ctx_t **tctx);
 */

 void
-dns_tkey_destroy(dns_tkey_ctx_t **tctx);
+dns_tkeyctx_destroy(dns_tkey_ctx_t **tctx);
 /*
 *      Frees all data associated with the TKEY context
 *

--- a/lib/dns/include/dns/tkeyconf.h
+++ b/lib/dns/include/dns/tkeyconf.h
+/*
+ * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+#ifndef DNS_TKEYCONF_H
+#define DNS_TKEYCONF_H 1
+
+#include <isc/types.h>
+#include <isc/lang.h>
+
+#include <dns/tkey.h>
+#include <dns/confctx.h>
+
+ISC_LANG_BEGINDECLS
+
+isc_result_t
+dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx, dns_tkey_ctx_t **tctxp);
+/*
+ * 	Create a TKEY context and configure it, including the default DH key
+ *	and default domain, according to 'cfg'.
+ *
+ *	Requires:
+ *		'cfg' is a valid configuration context.
+ *		'mctx' is not NULL
+ *		'tctx' is not NULL
+ *		'*tctx' is NULL
+ *
+ *	Returns:
+ *		ISC_R_SUCCESS
+ *		ISC_R_NOMEMORY
+ */
+ 
+ISC_LANG_ENDDECLS
+
+#endif /* DNS_TKEYCONF_H */
--- a/lib/dns/include/dns/tsig.h
+++ b/lib/dns/include/dns/tsig.h
@@ -24,7 +24,6 @@

 #include <dns/types.h>
 #include <dns/name.h>
-#include <dns/confctx.h>

 #include <dst/dst.h>

@@ -174,10 +173,9 @@ dns_tsigkey_find(dns_tsigkey_t **tsigkey, dns_name_t *name,


 isc_result_t
-dns_tsig_init(dns_c_ctx_t *confctx, isc_mem_t *mctx, dns_tsig_keyring_t **ring);
+dns_tsigkeyring_create(isc_mem_t *mctx, dns_tsig_keyring_t **ring);
 /*
- *	Initializes the TSIG subsystem.  If confctx is not NULL, any
- *	specified keys are loaded.
+ *	Create an empty TSIG key ring.
 *
 *	Requires:
 *		'mctx' is not NULL
@@ -190,9 +188,9 @@ dns_tsig_init(dns_c_ctx_t *confctx, isc_mem_t *mctx, dns_tsig_keyring_t **ring);


 void
-dns_tsig_destroy(dns_tsig_keyring_t **ring);
+dns_tsigkeyring_destroy(dns_tsig_keyring_t **ring);
 /*
- *	Frees all data associated with the TSIG subsystem
+ *	Destroy a TSIG key ring.
 *
 *	Requires:
 *		'ring' is not NULL

--- a/lib/dns/include/dns/tsigconf.h
+++ b/lib/dns/include/dns/tsigconf.h
+/*
+ * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+#ifndef DNS_TSIGCONF_H
+#define DNS_TSIGCONF_H 1
+
+#include <isc/types.h>
+#include <isc/lang.h>
+
+#include <dns/tsig.h>
+#include <dns/confctx.h>
+
+ISC_LANG_BEGINDECLS
+
+isc_result_t
+dns_tsigkeyring_fromconfig(dns_c_ctx_t *confctx, isc_mem_t *mctx,
+			   dns_tsig_keyring_t **ring);
+/*
+ * Create a TSIG key ring and configure it according to 'confctx'.
+ *
+ *	Requires:
+ *		'confctx' is a valid configuration context.
+ *		'mctx' is not NULL
+ *		'ring' is not NULL, and '*ring' is NULL
+ *
+ *	Returns:
+ *		ISC_R_SUCCESS
+ *		ISC_R_NOMEMORY
+ */
+ 
+ISC_LANG_ENDDECLS
+
+#endif /* DNS_TSIGCONF_H */
--- a/lib/dns/tkey.c
+++ b/lib/dns/tkey.c
@@ -16,7 +16,7 @@
 */

 /*
- * $Id: tkey.c,v 1.18 2000/01/22 04:45:13 bwelling Exp $
+ * $Id: tkey.c,v 1.19 2000/01/24 19:14:21 gson Exp $
 * Principal Author: Brian Wellington
 */

@@ -65,14 +65,7 @@


 isc_result_t
-dns_tkey_init(dns_c_ctx_t *cfg, isc_mem_t *mctx, dns_tkey_ctx_t **tctx) {
-	isc_result_t result;
-	char *s;
-	int n;
-	isc_buffer_t b, namebuf;
-	unsigned char data[1024];
-	dns_name_t domain;
-
+dns_tkeyctx_create(isc_mem_t *mctx, dns_tkey_ctx_t **tctx) {
 	REQUIRE(mctx != NULL);
 	REQUIRE(tctx != NULL);
 	REQUIRE(*tctx == NULL);
@@ -84,47 +77,11 @@ dns_tkey_init(dns_c_ctx_t *cfg, isc_mem_t *mctx, dns_tkey_ctx_t **tctx) {
 	(*tctx)->dhkey = NULL;
 	(*tctx)->domain = NULL;

-	if (cfg == NULL)
-		return (ISC_R_SUCCESS);
-
-	s = NULL;
-	result = dns_c_ctx_gettkeydhkey(cfg, &s, &n);
-	if (result == ISC_R_NOTFOUND)
-		return (ISC_R_SUCCESS);
-	RETERR(dst_key_fromfile(s, n, DNS_KEYALG_DH,
-				DST_TYPE_PUBLIC|DST_TYPE_PRIVATE,
-				mctx, &(*tctx)->dhkey));
-	s = NULL;
-	RETERR(dns_c_ctx_gettkeydomain(cfg, &s));
-	dns_name_init(&domain, NULL);