diff options
Diffstat (limited to 'contrib/bind9/lib/dns/ds.c')
-rw-r--r-- | contrib/bind9/lib/dns/ds.c | 72 |
1 files changed, 64 insertions, 8 deletions
diff --git a/contrib/bind9/lib/dns/ds.c b/contrib/bind9/lib/dns/ds.c index 9cf5659..80e1503 100644 --- a/contrib/bind9/lib/dns/ds.c +++ b/contrib/bind9/lib/dns/ds.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2010 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2002, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ds.c,v 1.11 2007-06-19 23:47:16 tbox Exp $ */ +/* $Id: ds.c,v 1.13 2010-12-23 23:47:08 tbox Exp $ */ /*! \file */ @@ -38,6 +38,13 @@ #include <dst/dst.h> +#ifdef HAVE_OPENSSL_GOST +#include <dst/result.h> +#include <openssl/evp.h> + +extern const EVP_MD * EVP_gost(void); +#endif + isc_result_t dns_ds_buildrdata(dns_name_t *owner, dns_rdata_t *key, unsigned int digest_type, unsigned char *buffer, @@ -49,6 +56,12 @@ dns_ds_buildrdata(dns_name_t *owner, dns_rdata_t *key, isc_region_t r; isc_buffer_t b; dns_rdata_ds_t ds; + isc_sha1_t sha1; + isc_sha256_t sha256; +#ifdef HAVE_OPENSSL_GOST + EVP_MD_CTX ctx; + const EVP_MD *md; +#endif REQUIRE(key != NULL); REQUIRE(key->type == dns_rdatatype_dnskey); @@ -63,8 +76,8 @@ dns_ds_buildrdata(dns_name_t *owner, dns_rdata_t *key, memset(buffer, 0, DNS_DS_BUFFERSIZE); isc_buffer_init(&b, buffer, DNS_DS_BUFFERSIZE); - if (digest_type == DNS_DSDIGEST_SHA1) { - isc_sha1_t sha1; + switch (digest_type) { + case DNS_DSDIGEST_SHA1: isc_sha1_init(&sha1); dns_name_toregion(name, &r); isc_sha1_update(&sha1, r.base, r.length); @@ -72,8 +85,33 @@ dns_ds_buildrdata(dns_name_t *owner, dns_rdata_t *key, INSIST(r.length >= 4); isc_sha1_update(&sha1, r.base, r.length); isc_sha1_final(&sha1, digest); - } else { - isc_sha256_t sha256; + break; +#ifdef HAVE_OPENSSL_GOST +#define CHECK(x) \ + if ((x) != 1) { \ + EVP_MD_CTX_cleanup(&ctx); \ + return (DST_R_OPENSSLFAILURE); \ + } + + case DNS_DSDIGEST_GOST: + md = EVP_gost(); + if (md == NULL) + return (DST_R_OPENSSLFAILURE); + EVP_MD_CTX_init(&ctx); + CHECK(EVP_DigestInit(&ctx, md)); + dns_name_toregion(name, &r); + CHECK(EVP_DigestUpdate(&ctx, + (const void *) r.base, + (size_t) r.length)); + dns_rdata_toregion(key, &r); + INSIST(r.length >= 4); + CHECK(EVP_DigestUpdate(&ctx, + (const void *) r.base, + (size_t) r.length)); + CHECK(EVP_DigestFinal(&ctx, digest, NULL)); + break; +#endif + default: isc_sha256_init(&sha256); dns_name_toregion(name, &r); isc_sha256_update(&sha256, r.base, r.length); @@ -81,6 +119,7 @@ dns_ds_buildrdata(dns_name_t *owner, dns_rdata_t *key, INSIST(r.length >= 4); isc_sha256_update(&sha256, r.base, r.length); isc_sha256_final(digest, &sha256); + break; } ds.mctx = NULL; @@ -89,8 +128,19 @@ dns_ds_buildrdata(dns_name_t *owner, dns_rdata_t *key, ds.algorithm = r.base[3]; ds.key_tag = dst_region_computeid(&r, ds.algorithm); ds.digest_type = digest_type; - ds.length = (digest_type == DNS_DSDIGEST_SHA1) ? - ISC_SHA1_DIGESTLENGTH : ISC_SHA256_DIGESTLENGTH; + switch (digest_type) { + case DNS_DSDIGEST_SHA1: + ds.length = ISC_SHA1_DIGESTLENGTH; + break; +#ifdef HAVE_OPENSSL_GOST + case DNS_DSDIGEST_GOST: + ds.length = ISC_GOST_DIGESTLENGTH; + break; +#endif + default: + ds.length = ISC_SHA256_DIGESTLENGTH; + break; + } ds.digest = digest; return (dns_rdata_fromstruct(rdata, key->rdclass, dns_rdatatype_ds, @@ -99,6 +149,12 @@ dns_ds_buildrdata(dns_name_t *owner, dns_rdata_t *key, isc_boolean_t dns_ds_digest_supported(unsigned int digest_type) { +#ifdef HAVE_OPENSSL_GOST + return (ISC_TF(digest_type == DNS_DSDIGEST_SHA1 || + digest_type == DNS_DSDIGEST_SHA256 || + digest_type == DNS_DSDIGEST_GOST)); +#else return (ISC_TF(digest_type == DNS_DSDIGEST_SHA1 || digest_type == DNS_DSDIGEST_SHA256)); +#endif } |