summaryrefslogtreecommitdiffstats
path: root/contrib/bind9/lib/dns/ds.c
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/bind9/lib/dns/ds.c')
-rw-r--r--contrib/bind9/lib/dns/ds.c72
1 files changed, 64 insertions, 8 deletions
diff --git a/contrib/bind9/lib/dns/ds.c b/contrib/bind9/lib/dns/ds.c
index 9cf5659..80e1503 100644
--- a/contrib/bind9/lib/dns/ds.c
+++ b/contrib/bind9/lib/dns/ds.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2002, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: ds.c,v 1.11 2007-06-19 23:47:16 tbox Exp $ */
+/* $Id: ds.c,v 1.13 2010-12-23 23:47:08 tbox Exp $ */
/*! \file */
@@ -38,6 +38,13 @@
#include <dst/dst.h>
+#ifdef HAVE_OPENSSL_GOST
+#include <dst/result.h>
+#include <openssl/evp.h>
+
+extern const EVP_MD * EVP_gost(void);
+#endif
+
isc_result_t
dns_ds_buildrdata(dns_name_t *owner, dns_rdata_t *key,
unsigned int digest_type, unsigned char *buffer,
@@ -49,6 +56,12 @@ dns_ds_buildrdata(dns_name_t *owner, dns_rdata_t *key,
isc_region_t r;
isc_buffer_t b;
dns_rdata_ds_t ds;
+ isc_sha1_t sha1;
+ isc_sha256_t sha256;
+#ifdef HAVE_OPENSSL_GOST
+ EVP_MD_CTX ctx;
+ const EVP_MD *md;
+#endif
REQUIRE(key != NULL);
REQUIRE(key->type == dns_rdatatype_dnskey);
@@ -63,8 +76,8 @@ dns_ds_buildrdata(dns_name_t *owner, dns_rdata_t *key,
memset(buffer, 0, DNS_DS_BUFFERSIZE);
isc_buffer_init(&b, buffer, DNS_DS_BUFFERSIZE);
- if (digest_type == DNS_DSDIGEST_SHA1) {
- isc_sha1_t sha1;
+ switch (digest_type) {
+ case DNS_DSDIGEST_SHA1:
isc_sha1_init(&sha1);
dns_name_toregion(name, &r);
isc_sha1_update(&sha1, r.base, r.length);
@@ -72,8 +85,33 @@ dns_ds_buildrdata(dns_name_t *owner, dns_rdata_t *key,
INSIST(r.length >= 4);
isc_sha1_update(&sha1, r.base, r.length);
isc_sha1_final(&sha1, digest);
- } else {
- isc_sha256_t sha256;
+ break;
+#ifdef HAVE_OPENSSL_GOST
+#define CHECK(x) \
+ if ((x) != 1) { \
+ EVP_MD_CTX_cleanup(&ctx); \
+ return (DST_R_OPENSSLFAILURE); \
+ }
+
+ case DNS_DSDIGEST_GOST:
+ md = EVP_gost();
+ if (md == NULL)
+ return (DST_R_OPENSSLFAILURE);
+ EVP_MD_CTX_init(&ctx);
+ CHECK(EVP_DigestInit(&ctx, md));
+ dns_name_toregion(name, &r);
+ CHECK(EVP_DigestUpdate(&ctx,
+ (const void *) r.base,
+ (size_t) r.length));
+ dns_rdata_toregion(key, &r);
+ INSIST(r.length >= 4);
+ CHECK(EVP_DigestUpdate(&ctx,
+ (const void *) r.base,
+ (size_t) r.length));
+ CHECK(EVP_DigestFinal(&ctx, digest, NULL));
+ break;
+#endif
+ default:
isc_sha256_init(&sha256);
dns_name_toregion(name, &r);
isc_sha256_update(&sha256, r.base, r.length);
@@ -81,6 +119,7 @@ dns_ds_buildrdata(dns_name_t *owner, dns_rdata_t *key,
INSIST(r.length >= 4);
isc_sha256_update(&sha256, r.base, r.length);
isc_sha256_final(digest, &sha256);
+ break;
}
ds.mctx = NULL;
@@ -89,8 +128,19 @@ dns_ds_buildrdata(dns_name_t *owner, dns_rdata_t *key,
ds.algorithm = r.base[3];
ds.key_tag = dst_region_computeid(&r, ds.algorithm);
ds.digest_type = digest_type;
- ds.length = (digest_type == DNS_DSDIGEST_SHA1) ?
- ISC_SHA1_DIGESTLENGTH : ISC_SHA256_DIGESTLENGTH;
+ switch (digest_type) {
+ case DNS_DSDIGEST_SHA1:
+ ds.length = ISC_SHA1_DIGESTLENGTH;
+ break;
+#ifdef HAVE_OPENSSL_GOST
+ case DNS_DSDIGEST_GOST:
+ ds.length = ISC_GOST_DIGESTLENGTH;
+ break;
+#endif
+ default:
+ ds.length = ISC_SHA256_DIGESTLENGTH;
+ break;
+ }
ds.digest = digest;
return (dns_rdata_fromstruct(rdata, key->rdclass, dns_rdatatype_ds,
@@ -99,6 +149,12 @@ dns_ds_buildrdata(dns_name_t *owner, dns_rdata_t *key,
isc_boolean_t
dns_ds_digest_supported(unsigned int digest_type) {
+#ifdef HAVE_OPENSSL_GOST
+ return (ISC_TF(digest_type == DNS_DSDIGEST_SHA1 ||
+ digest_type == DNS_DSDIGEST_SHA256 ||
+ digest_type == DNS_DSDIGEST_GOST));
+#else
return (ISC_TF(digest_type == DNS_DSDIGEST_SHA1 ||
digest_type == DNS_DSDIGEST_SHA256));
+#endif
}
OpenPOWER on IntegriCloud