diff options
Diffstat (limited to 'contrib/bind/lib/dst')
| -rw-r--r-- | contrib/bind/lib/dst/bsafe_link.c | 11 | ||||
| -rw-r--r-- | contrib/bind/lib/dst/cylink_link.c | 14 | ||||
| -rw-r--r-- | contrib/bind/lib/dst/dst_api.c | 43 | ||||
| -rw-r--r-- | contrib/bind/lib/dst/eay_dss_link.c | 14 | ||||
| -rw-r--r-- | contrib/bind/lib/dst/prandom.c | 5 | ||||
| -rw-r--r-- | contrib/bind/lib/dst/rsaref_link.c | 13 | ||||
| -rw-r--r-- | contrib/bind/lib/dst/support.c | 21 |
7 files changed, 52 insertions, 69 deletions
diff --git a/contrib/bind/lib/dst/bsafe_link.c b/contrib/bind/lib/dst/bsafe_link.c index 7d9345e..ec072b3 100644 --- a/contrib/bind/lib/dst/bsafe_link.c +++ b/contrib/bind/lib/dst/bsafe_link.c @@ -1,5 +1,5 @@ #if defined(BSAFE) || defined(DNSSAFE) -static const char rcsid[] = "$Header: /proj/cvs/isc/bind8/src/lib/dst/bsafe_link.c,v 1.11 1999/10/13 16:39:22 vixie Exp $"; +static const char rcsid[] = "$Header: /proj/cvs/isc/bind8/src/lib/dst/bsafe_link.c,v 1.12 2001/04/05 21:59:59 bwelling Exp $"; /* * Portions Copyright (c) 1995-1998 by Trusted Information Systems, Inc. @@ -489,8 +489,6 @@ dst_bsafe_from_dns_key(DST_KEY *s_key, const u_char *key, const int len) B_SetKeyInfo(r_key->rk_Public_Key, KI_RSAPublic, (POINTER) public); - s_key->dk_id = (u_int16_t) - dst_s_get_int16(&public->modulus.data[public->modulus.len - 3]); s_key->dk_key_size = dst_bsafe_key_size(r_key); SAFE_FREE(public->modulus.data); SAFE_FREE(public->exponent.data); @@ -750,8 +748,6 @@ dst_bsafe_key_from_file_format(DST_KEY *d_key, const char *buff, if (status) return (-1); - tag = (int)(u_int16_t) - dst_s_get_int16(&public->modulus.data[public->modulus.len - 3]); d_key->dk_key_size = dst_bsafe_key_size(b_key); SAFE_FREE(private->modulus.data); @@ -766,7 +762,7 @@ dst_bsafe_key_from_file_format(DST_KEY *d_key, const char *buff, SAFE_FREE(public->modulus.data); SAFE_FREE(public->exponent.data); SAFE_FREE(public); - return (tag); + return (0); } @@ -925,10 +921,7 @@ dst_bsafe_generate_keypair(DST_KEY *key, int exp) rsa->rk_Public_Key = public; key->dk_KEY_struct = (void *) rsa; - /* fill in the footprint on generate key */ B_GetKeyInfo((POINTER *) &pk_access, public, KI_RSAPublic); - key->dk_id = (u_int16_t) - dst_s_get_int16(&pk_access->modulus.data[pk_access->modulus.len - 3]); return (1); } diff --git a/contrib/bind/lib/dst/cylink_link.c b/contrib/bind/lib/dst/cylink_link.c index 0638ef1..60097f5 100644 --- a/contrib/bind/lib/dst/cylink_link.c +++ b/contrib/bind/lib/dst/cylink_link.c @@ -1,5 +1,5 @@ #ifdef CYLINK_DSS -static const char rcsid[] = "$Header: /proj/cvs/isc/bind8/src/lib/dst/cylink_link.c,v 1.7 1999/10/13 16:39:22 vixie Exp $"; +static const char rcsid[] = "$Header: /proj/cvs/isc/bind8/src/lib/dst/cylink_link.c,v 1.8 2001/04/05 22:00:00 bwelling Exp $"; /* * Portions Copyright (c) 1995-1998 by Trusted Information Systems, Inc. @@ -373,7 +373,6 @@ dst_cylink_from_dns_key(DST_KEY *s_key, const u_char *key, const int len) memcpy(d_key->dk_y, key_ptr, d_key->dk_p_bytes); key_ptr += d_key->dk_p_bytes; - s_key->dk_id = dst_s_id_calc(key, len); s_key->dk_key_size = d_key->dk_p_bytes * 8; return (1); } @@ -470,9 +469,7 @@ dst_cylink_key_from_file_format(DST_KEY *d_key, const char *buff, const int buff_len) { u_char s[DSS_LENGTH_MAX]; - u_char dns[1024]; int len, s_len = sizeof(s); - int foot = -1, dnslen; const char *p = buff; DSA_Key *dsa_key; @@ -534,10 +531,8 @@ dst_cylink_key_from_file_format(DST_KEY *d_key, const char *buff, } /* while p */ d_key->dk_key_size = dsa_key->dk_p_bytes * 8; - dnslen = d_key->dk_func->to_dns_key(d_key, dns, sizeof(dns)); - foot = dst_s_id_calc(dns, dnslen); - return (foot); + return (0); } @@ -577,10 +572,9 @@ dst_cylink_free_key_structure(void *key) static int dst_cylink_generate_keypair(DST_KEY *key, int nothing) { - int status, dnslen, n; + int status, n; DSA_Key *dsa; u_char rand[SHA_LENGTH]; - u_char dns[1024]; if (key == NULL || key->dk_alg != KEY_DSA) return (0); @@ -615,8 +609,6 @@ dst_cylink_generate_keypair(DST_KEY *key, int nothing) return (0); memset(rand, 0, sizeof(rand)); key->dk_KEY_struct = (void *) dsa; - dnslen = key->dk_func->to_dns_key(key, dns, sizeof(dns)); - key->dk_id = dst_s_id_calc(dns, dnslen); return (1); } diff --git a/contrib/bind/lib/dst/dst_api.c b/contrib/bind/lib/dst/dst_api.c index e32d075..c296fdd 100644 --- a/contrib/bind/lib/dst/dst_api.c +++ b/contrib/bind/lib/dst/dst_api.c @@ -1,5 +1,5 @@ #ifndef LINT -static const char rcsid[] = "$Header: /proj/cvs/isc/bind8/src/lib/dst/dst_api.c,v 1.16 2000/11/13 04:09:23 vixie Exp $"; +static const char rcsid[] = "$Header: /proj/cvs/isc/bind8/src/lib/dst/dst_api.c,v 1.17 2001/04/05 22:00:02 bwelling Exp $"; #endif /* @@ -657,6 +657,7 @@ dst_dnskey_to_key(const char *in_name, const u_char *rdata, const int len) if (in_name == NULL) return (NULL); + key_st->dk_id = dst_s_dns_key_id(rdata, len); key_st->dk_flags = dst_s_get_int16(rdata); key_st->dk_proto = (u_int16_t) rdata[DST_KEY_PROT]; if (key_st->dk_flags & DST_EXTEND_FLAG) { @@ -760,6 +761,8 @@ dst_buffer_to_key(const char *key_name, /* name of the key */ { DST_KEY *dkey = NULL; + int dnslen; + u_char dns[2048]; if (!dst_check_algorithm(alg)) { /* make sure alg is available */ EREPORT(("dst_buffer_to_key(): Algorithm %d not suppored\n", alg)); @@ -771,14 +774,17 @@ dst_buffer_to_key(const char *key_name, /* name of the key */ if (dkey == NULL) return (NULL); - if (dkey->dk_func != NULL && dkey->dk_func->from_dns_key != NULL) { - if (dkey->dk_func->from_dns_key(dkey, key_buf, key_len) < 0) { - EREPORT(("dst_buffer_to_key(): dst_buffer_to_hmac failed\n")); - return (dst_free_key(dkey)); - } - return (dkey); + if (dkey->dk_func == NULL || dkey->dk_func->from_dns_key == NULL) + return NULL; + + if (dkey->dk_func->from_dns_key(dkey, key_buf, key_len) < 0) { + EREPORT(("dst_buffer_to_key(): dst_buffer_to_hmac failed\n")); + return (dst_free_key(dkey)); } - return (NULL); + + dnslen = dst_key_to_dnskey(dkey, dns, sizeof(dns)); + dkey->dk_id = dst_s_dns_key_id(dns, dnslen); + return (dkey); } int @@ -816,10 +822,12 @@ dst_s_read_private_key_file(char *name, DST_KEY *pk_key, u_int16_t in_id, int in_alg) { int cnt, alg, len, major, minor, file_major, file_minor; - int id; + int ret, id; char filename[PATH_MAX]; u_char in_buff[RAW_KEY_SIZE], *p; FILE *fp; + int dnslen; + u_char dns[2048]; if (name == NULL || pk_key == NULL) { EREPORT(("dst_read_private_key_file(): No key name given\n")); @@ -886,10 +894,13 @@ dst_s_read_private_key_file(char *name, DST_KEY *pk_key, u_int16_t in_id, if (pk_key->dk_func == NULL || pk_key->dk_func->from_file_fmt == NULL) goto fail; - id = pk_key->dk_func->from_file_fmt(pk_key, (char *)p, &in_buff[len] - p); - if (id < 0) + ret = pk_key->dk_func->from_file_fmt(pk_key, (char *)p, &in_buff[len] - p); + if (ret < 0) goto fail; + dnslen = dst_key_to_dnskey(pk_key, dns, sizeof(dns)); + id = dst_s_dns_key_id(dns, dnslen); + /* Make sure the actual key tag matches the input tag used in the filename */ if (id != in_id) { @@ -942,6 +953,9 @@ dst_generate_key(const char *name, const int bits, const int exp, { DST_KEY *new_key = NULL; int res; + int dnslen; + u_char dns[2048]; + if (name == NULL) return (NULL); @@ -966,6 +980,13 @@ dst_generate_key(const char *name, const int bits, const int exp, new_key->dk_key_size, exp)); return (dst_free_key(new_key)); } + + dnslen = dst_key_to_dnskey(new_key, dns, sizeof(dns)); + if (dnslen != UNSUPPORTED_KEYALG) + new_key->dk_id = dst_s_dns_key_id(dns, dnslen); + else + new_key->dk_id = 0; + return (new_key); } diff --git a/contrib/bind/lib/dst/eay_dss_link.c b/contrib/bind/lib/dst/eay_dss_link.c index 8542149..0cc01a8 100644 --- a/contrib/bind/lib/dst/eay_dss_link.c +++ b/contrib/bind/lib/dst/eay_dss_link.c @@ -1,5 +1,5 @@ #ifdef EAY_DSS -static const char rcsid[] = "$Header: /proj/cvs/isc/bind8/src/lib/dst/eay_dss_link.c,v 1.4 1999/10/13 16:39:23 vixie Exp $"; +static const char rcsid[] = "$Header: /proj/cvs/isc/bind8/src/lib/dst/eay_dss_link.c,v 1.5 2001/04/05 22:00:03 bwelling Exp $"; /* * Portions Copyright (c) 1995-1998 by Trusted Information Systems, Inc. @@ -341,7 +341,6 @@ dst_eay_dss_from_dns_key(DST_KEY *s_key, const u_char *key, const int len) d_key->pub_key = BN_bin2bn(key_ptr, p_bytes, NULL); key_ptr += p_bytes; - s_key->dk_id = dst_s_id_calc(key, len); s_key->dk_key_size = p_bytes * 8; return (1); } @@ -442,9 +441,7 @@ dst_eay_dss_key_from_file_format(DST_KEY *d_key, const u_char *buff, const int buff_len) { char s[128]; - char dns[1024]; int len, s_len = sizeof(s); - int foot = -1, dnslen; const char *p = buff; DSA *dsa_key; @@ -499,10 +496,8 @@ dst_eay_dss_key_from_file_format(DST_KEY *d_key, const u_char *buff, } /* while p */ d_key->dk_key_size = BN_num_bytes(dsa_key->p); - dnslen = d_key->dk_func->to_dns_key(d_key, dns, sizeof(dns)); - foot = dst_s_id_calc(dns, dnslen); - return (foot); + return (0); } @@ -543,10 +538,9 @@ dst_eay_dss_free_key_structure(void *key) static int dst_eay_dss_generate_keypair(DST_KEY *key, int nothing) { - int status, dnslen, n; + int status, n; DSA *dsa; u_char rand[SHA_DIGEST_LENGTH]; - char dns[1024]; if (key == NULL || key->dk_alg != KEY_DSA) return (0); @@ -572,8 +566,6 @@ dst_eay_dss_generate_keypair(DST_KEY *key, int nothing) return(0); } key->dk_KEY_struct = (void *) dsa; - dnslen = key->dk_func->to_dns_key(key, dns, sizeof(dns)); - key->dk_id = dst_s_id_calc(dns, dnslen); return (1); } diff --git a/contrib/bind/lib/dst/prandom.c b/contrib/bind/lib/dst/prandom.c index a17e071..031da2e 100644 --- a/contrib/bind/lib/dst/prandom.c +++ b/contrib/bind/lib/dst/prandom.c @@ -1,5 +1,5 @@ #ifndef LINT -static const char rcsid[] = "$Header: /proj/cvs/isc/bind8/src/lib/dst/prandom.c,v 1.9 2000/07/17 07:36:53 vixie Exp $"; +static const char rcsid[] = "$Header: /proj/cvs/isc/bind8/src/lib/dst/prandom.c,v 1.10 2001/02/12 23:13:46 marka Exp $"; #endif /* * Portions Copyright (c) 1995-1998 by Trusted Information Systems, Inc. @@ -204,7 +204,6 @@ do_time(dst_work *work) zone = (struct timezone *) tmp; mtime = (struct timeval *)(tmp + sizeof(struct timezone)); gettimeofday(mtime, zone); - assert(mtime->tv_usec >= 0 && mtime->tv_usec < 1000000); cnt = sizeof(tmp); my_digest(work, tmp, sizeof(tmp)); @@ -252,7 +251,7 @@ do_ls(dst_work *work) if (stat(dirs[i++], &buf)) /* directory does not exist */ return (0); - gettimeofday(&tv,NULL); + gettimeofday(&tv, NULL); if (d_round == 0) d_round = tv.tv_sec - MAX_OLD; else if (i==1) /* if starting a new round cut what we accept */ diff --git a/contrib/bind/lib/dst/rsaref_link.c b/contrib/bind/lib/dst/rsaref_link.c index 52a49b4..a45b6f7 100644 --- a/contrib/bind/lib/dst/rsaref_link.c +++ b/contrib/bind/lib/dst/rsaref_link.c @@ -1,5 +1,5 @@ #ifdef RSAREF -static const char rcsid[] = "$Header: /proj/cvs/isc/bind8/src/lib/dst/rsaref_link.c,v 1.7 2000/07/17 07:36:53 vixie Exp $"; +static const char rcsid[] = "$Header: /proj/cvs/isc/bind8/src/lib/dst/rsaref_link.c,v 1.9 2001/04/05 22:00:04 bwelling Exp $"; /* * Portions Copyright (c) 1995-1998 by Trusted Information Systems, Inc. @@ -357,8 +357,6 @@ dst_rsaref_from_dns_key(DST_KEY *s_key, const u_char *key, const int len) memcpy(&r_key->rk_Public_Key->modulus[MAX_RSA_MODULUS_LEN - bytes], key_ptr, bytes); r_key->rk_Public_Key->bits = bytes * 8; - s_key->dk_id = (u_int16_t) dst_s_get_int16((u_char *) - &r_key->rk_Public_Key->modulus[MAX_RSA_MODULUS_LEN - 3]); s_key->dk_key_size = r_key->rk_Public_Key->bits; return (1); @@ -544,10 +542,8 @@ dst_rsaref_key_from_file_format(DST_KEY *d_key, const u_char *buff, r_key->rk_signer = strdup(d_key->dk_key_name); d_key->dk_KEY_struct = (void *) r_key; d_key->dk_key_size = r_key->rk_Private_Key->bits; - d_key->dk_id = (u_int16_t) dst_s_get_int16((u_char *) - &r_key->rk_Public_Key->modulus[MAX_RSA_MODULUS_LEN - 3]); - foot = (int) d_key->dk_id; - return (foot); + + return (0); } @@ -646,8 +642,6 @@ dst_rsaref_generate_keypair(DST_KEY *key, const int exp) rsa->rk_Public_Key = public; key->dk_KEY_struct = (void *) rsa; - key->dk_id = (u_int16_t) dst_s_get_int16((u_char *) - &rsa->rk_Public_Key->modulus[MAX_RSA_MODULUS_LEN - 3]); return (1); } @@ -706,7 +700,6 @@ dst_rsaref_init_random_struct(R_RANDOM_STRUCT * randomstruct) * This must be the FIRST CALL */ gettimeofday(&tv, 0); - assert(tv.tv_usec >= 0 && tv.tv_usec < 1000000); R_RandomUpdate(randomstruct, (u_char *) &tv, sizeof(struct timeval)); diff --git a/contrib/bind/lib/dst/support.c b/contrib/bind/lib/dst/support.c index d07df5a..d191eb4 100644 --- a/contrib/bind/lib/dst/support.c +++ b/contrib/bind/lib/dst/support.c @@ -1,4 +1,4 @@ -static const char rcsid[] = "$Header: /proj/cvs/isc/bind8/src/lib/dst/support.c,v 1.8 1999/10/13 16:39:24 vixie Exp $"; +static const char rcsid[] = "$Header: /proj/cvs/isc/bind8/src/lib/dst/support.c,v 1.9 2001/04/05 22:00:06 bwelling Exp $"; /* @@ -200,7 +200,7 @@ dst_s_calculate_bits(const u_char *str, const int max_bits) /* - * calculates a checksum used in kmt for a id. + * calculates a checksum used in dst for an id. * takes an array of bytes and a length. * returns a 16 bit checksum. */ @@ -225,34 +225,27 @@ dst_s_id_calc(const u_char *key, const int keysize) } /* - * dst_s_dns_key_id() Function to calculated DNSSEC footprint from KEY reocrd - * rdata (all of record) + * dst_s_dns_key_id() Function to calculate DNSSEC footprint from KEY record + * rdata * Input: * dns_key_rdata: the raw data in wire format * rdata_len: the size of the input data * Output: - * the key footprint/id calcuated from the key data + * the key footprint/id calculated from the key data */ u_int16_t dst_s_dns_key_id(const u_char *dns_key_rdata, const int rdata_len) { - int key_data = 4; - - if (!dns_key_rdata || (rdata_len < key_data)) + if (!dns_key_rdata) return 0; - /* check the extended parameters bit in the DNS Key RR flags */ - if (dst_s_get_int16(dns_key_rdata) & DST_EXTEND_FLAG) - key_data += 2; - /* compute id */ if (dns_key_rdata[3] == KEY_RSA) /* Algorithm RSA */ return dst_s_get_int16((u_char *) &dns_key_rdata[rdata_len - 3]); else /* compute a checksum on the key part of the key rr */ - return dst_s_id_calc(&dns_key_rdata[key_data], - (rdata_len - key_data)); + return dst_s_id_calc(dns_key_rdata, rdata_len); } /* |
