mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-08-31 22:45:39 +00:00
DST_SIG_MODE -> DST_SIGMODE
This commit is contained in:
Brian Wellington
@@ -51,13 +51,13 @@ use(dst_key_t *key) {
|
||||
isc_buffer_add(&databuf, strlen(data));
|
||||
isc_buffer_used(&databuf, &datareg);
|
||||
|
||||
ret = dst_sign(DST_SIG_MODE_ALL, key, NULL, &datareg, &sigbuf);
|
||||
ret = dst_sign(DST_SIGMODE_ALL, key, NULL, &datareg, &sigbuf);
|
||||
printf("sign(%d) returned: %s\n", dst_key_alg(key),
|
||||
dst_result_totext(ret));
|
||||
|
||||
isc_buffer_forward(&sigbuf, 1);
|
||||
isc_buffer_remaining(&sigbuf, &sigreg);
|
||||
ret = dst_verify(DST_SIG_MODE_ALL, key, NULL, &datareg, &sigreg);
|
||||
ret = dst_verify(DST_SIGMODE_ALL, key, NULL, &datareg, &sigreg);
|
||||
printf("verify(%d) returned: %s\n", dst_key_alg(key),
|
||||
dst_result_totext(ret));
|
||||
}
|
||||
|
||||
@@ -92,7 +92,7 @@ use(dst_key_t *key, dst_result_t exp_result, int *nfails) {
|
||||
isc_buffer_add(&databuf, strlen(data));
|
||||
isc_buffer_used(&databuf, &datareg);
|
||||
|
||||
ret = dst_sign(DST_SIG_MODE_ALL, key, NULL, &datareg, &sigbuf);
|
||||
ret = dst_sign(DST_SIGMODE_ALL, key, NULL, &datareg, &sigbuf);
|
||||
if (ret != exp_result) {
|
||||
t_info("dst_sign(%d) returned (%s) expected (%s)\n",
|
||||
dst_key_alg(key), dst_result_totext(ret),
|
||||
@@ -103,7 +103,7 @@ use(dst_key_t *key, dst_result_t exp_result, int *nfails) {
|
||||
|
||||
|
||||
isc_buffer_remaining(&sigbuf, &sigreg);
|
||||
ret = dst_verify(DST_SIG_MODE_ALL, key, NULL, &datareg, &sigreg);
|
||||
ret = dst_verify(DST_SIGMODE_ALL, key, NULL, &datareg, &sigreg);
|
||||
if (ret != exp_result) {
|
||||
t_info("dst_verify(%d) returned (%s) expected (%s)\n",
|
||||
dst_key_alg(key), dst_result_totext(ret),
|
||||
|
||||
@@ -19,7 +19,7 @@
|
||||
|
||||
/*
|
||||
* Principal Author: Brian Wellington
|
||||
* $Id: bsafe_link.c,v 1.1 1999/07/12 20:08:28 bwelling Exp $
|
||||
* $Id: bsafe_link.c,v 1.2 1999/08/26 20:41:54 bwelling Exp $
|
||||
*/
|
||||
|
||||
#include <config.h>
|
||||
@@ -136,7 +136,7 @@ dst_s_bsafe_init()
|
||||
* UPDATE (hash (more) data), FINAL (generate a signature). This
|
||||
* routine performs one or more of these steps.
|
||||
* Parameters
|
||||
* mode DST_SIG_MODE_{INIT_UPDATE_FINAL|ALL}
|
||||
* mode DST_SIGMODE_{INIT_UPDATE_FINAL|ALL}
|
||||
* key key to use for signing
|
||||
* context the context to use for this computation
|
||||
* data data to be signed
|
||||
@@ -157,7 +157,7 @@ dst_bsafe_sign(const int mode, dst_key_t *key, void **context,
|
||||
isc_region_t sig_region, digest_region;
|
||||
dst_result_t ret;
|
||||
|
||||
if (mode & DST_SIG_MODE_INIT) {
|
||||
if (mode & DST_SIGMODE_INIT) {
|
||||
md5_ctx = (B_ALGORITHM_OBJ *) isc_mem_get(mctx,
|
||||
sizeof(*md5_ctx));
|
||||
if (md5_ctx == NULL)
|
||||
@@ -174,7 +174,7 @@ dst_bsafe_sign(const int mode, dst_key_t *key, void **context,
|
||||
isc_buffer_init(&digest, digest_array, sizeof(digest_array),
|
||||
ISC_BUFFERTYPE_BINARY);
|
||||
ret = dst_bsafe_md5digest(mode, md5_ctx, data, &digest);
|
||||
if (ret != DST_R_SUCCESS || (mode & DST_SIG_MODE_FINAL)) {
|
||||
if (ret != DST_R_SUCCESS || (mode & DST_SIGMODE_FINAL)) {
|
||||
B_DestroyAlgorithmObject(md5_ctx);
|
||||
memset(md5_ctx, 0, sizeof(*md5_ctx));
|
||||
isc_mem_put(mctx, md5_ctx, sizeof(*md5_ctx));
|
||||
@@ -182,7 +182,7 @@ dst_bsafe_sign(const int mode, dst_key_t *key, void **context,
|
||||
return (ret);
|
||||
}
|
||||
|
||||
if (mode & DST_SIG_MODE_FINAL) {
|
||||
if (mode & DST_SIGMODE_FINAL) {
|
||||
RSA_Key *rkey;
|
||||
B_ALGORITHM_OBJ rsaEncryptor = (B_ALGORITHM_OBJ) NULL_PTR;
|
||||
unsigned int written = 0;
|
||||
@@ -261,7 +261,7 @@ dst_bsafe_sign(const int mode, dst_key_t *key, void **context,
|
||||
* FINAL (generate a signature). This routine performs one or more of
|
||||
* these steps.
|
||||
* Parameters
|
||||
* mode DST_SIG_MODE_{INIT_UPDATE_FINAL|ALL}
|
||||
* mode DST_SIGMODE_{INIT_UPDATE_FINAL|ALL}
|
||||
* key key to use for verifying
|
||||
* context the context to use for this computation
|
||||
* data signed data
|
||||
@@ -283,7 +283,7 @@ dst_bsafe_verify(const int mode, dst_key_t *key, void **context,
|
||||
dst_result_t ret;
|
||||
int status = 0;
|
||||
|
||||
if (mode & DST_SIG_MODE_INIT) {
|
||||
if (mode & DST_SIGMODE_INIT) {
|
||||
md5_ctx = (B_ALGORITHM_OBJ *) isc_mem_get(mctx,
|
||||
sizeof(*md5_ctx));
|
||||
if (md5_ctx == NULL)
|
||||
@@ -300,7 +300,7 @@ dst_bsafe_verify(const int mode, dst_key_t *key, void **context,
|
||||
isc_buffer_init(&digest, digest_array, sizeof(digest_array),
|
||||
ISC_BUFFERTYPE_BINARY);
|
||||
ret = dst_bsafe_md5digest(mode, md5_ctx, data, &digest);
|
||||
if (ret != DST_R_SUCCESS || (mode & DST_SIG_MODE_FINAL)) {
|
||||
if (ret != DST_R_SUCCESS || (mode & DST_SIGMODE_FINAL)) {
|
||||
B_DestroyAlgorithmObject(md5_ctx);
|
||||
memset(md5_ctx, 0, sizeof(*md5_ctx));
|
||||
isc_mem_put(mctx, md5_ctx, sizeof(*md5_ctx));
|
||||
@@ -308,7 +308,7 @@ dst_bsafe_verify(const int mode, dst_key_t *key, void **context,
|
||||
return (ret);
|
||||
}
|
||||
|
||||
if (mode & DST_SIG_MODE_FINAL) {
|
||||
if (mode & DST_SIGMODE_FINAL) {
|
||||
RSA_Key *rkey;
|
||||
B_ALGORITHM_OBJ rsaEncryptor = (B_ALGORITHM_OBJ) NULL_PTR;
|
||||
unsigned int written = 0;
|
||||
@@ -1004,18 +1004,18 @@ dst_bsafe_md5digest(const int mode, B_ALGORITHM_OBJ *digest_obj,
|
||||
REQUIRE(digest != NULL);
|
||||
REQUIRE(digest_obj != NULL);
|
||||
|
||||
if ((mode & DST_SIG_MODE_INIT) &&
|
||||
if ((mode & DST_SIGMODE_INIT) &&
|
||||
(status = B_DigestInit(*digest_obj, (B_KEY_OBJ) NULL,
|
||||
CHOOSER, NULL_SURRENDER)) != 0)
|
||||
return (DST_R_SIGN_INIT_FAILURE);
|
||||
|
||||
if ((mode & DST_SIG_MODE_UPDATE) &&
|
||||
if ((mode & DST_SIGMODE_UPDATE) &&
|
||||
(status = B_DigestUpdate(*digest_obj, data->base, data->length,
|
||||
NULL_SURRENDER)) != 0)
|
||||
return (DST_R_SIGN_UPDATE_FAILURE);
|
||||
|
||||
isc_buffer_available(digest, &r);
|
||||
if (mode & DST_SIG_MODE_FINAL) {
|
||||
if (mode & DST_SIGMODE_FINAL) {
|
||||
if (digest == NULL ||
|
||||
(status = B_DigestFinal(*digest_obj, r.base, &written,
|
||||
r.length, NULL_SURRENDER)) != 0)
|
||||
|
||||
@@ -17,7 +17,7 @@
|
||||
|
||||
/*
|
||||
* Principal Author: Brian Wellington
|
||||
* $Id: dst_api.c,v 1.4 1999/08/20 17:03:30 bwelling Exp $
|
||||
* $Id: dst_api.c,v 1.5 1999/08/26 20:41:54 bwelling Exp $
|
||||
*/
|
||||
|
||||
#include <config.h>
|
||||
@@ -85,17 +85,17 @@ dst_supported_algorithm(const int alg) {
|
||||
/*
|
||||
* dst_sign
|
||||
* An incremental signing function. Data is signed in steps.
|
||||
* First the context must be initialized (DST_SIG_MODE_INIT).
|
||||
* Then data is hashed (DST_SIG_MODE_UPDATE). Finally the signature
|
||||
* itself is created (DST_SIG_MODE_FINAL). This function can be called
|
||||
* once with DST_SIG_MODE_ALL set, or it can be called separately
|
||||
* First the context must be initialized (DST_SIGMODE_INIT).
|
||||
* Then data is hashed (DST_SIGMODE_UPDATE). Finally the signature
|
||||
* itself is created (DST_SIGMODE_FINAL). This function can be called
|
||||
* once with DST_SIGMODE_ALL set, or it can be called separately
|
||||
* for each step. The UPDATE step may be repeated.
|
||||
* Parameters
|
||||
* mode A bit mask specifying operation(s) to be performed.
|
||||
* DST_SIG_MODE_INIT Initialize digest
|
||||
* DST_SIG_MODE_UPDATE Add data to digest
|
||||
* DST_SIG_MODE_FINAL Generate signature
|
||||
* DST_SIG_MODE_ALL Perform all operations
|
||||
* DST_SIGMODE_INIT Initialize digest
|
||||
* DST_SIGMODE_UPDATE Add data to digest
|
||||
* DST_SIGMODE_FINAL Generate signature
|
||||
* DST_SIGMODE_ALL Perform all operations
|
||||
* key The private key used to sign the data
|
||||
* context The state of the operation
|
||||
* data The data to be signed.
|
||||
@@ -110,12 +110,12 @@ dst_sign(const int mode, dst_key_t *key, dst_context_t *context,
|
||||
{
|
||||
RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
|
||||
REQUIRE(VALID_KEY(key));
|
||||
REQUIRE((mode & DST_SIG_MODE_ALL) != 0);
|
||||
REQUIRE((mode & DST_SIGMODE_ALL) != 0);
|
||||
|
||||
if ((mode & DST_SIG_MODE_UPDATE) != 0)
|
||||
if ((mode & DST_SIGMODE_UPDATE) != 0)
|
||||
REQUIRE(data != NULL && data->base != NULL);
|
||||
|
||||
if ((mode & DST_SIG_MODE_FINAL) != 0)
|
||||
if ((mode & DST_SIGMODE_FINAL) != 0)
|
||||
REQUIRE(sig != NULL);
|
||||
|
||||
if (dst_supported_algorithm(key->key_alg) == ISC_FALSE)
|
||||
@@ -131,17 +131,17 @@ dst_sign(const int mode, dst_key_t *key, dst_context_t *context,
|
||||
/*
|
||||
* dst_verify
|
||||
* An incremental verify function. Data is verified in steps.
|
||||
* First the context must be initialized (DST_SIG_MODE_INIT).
|
||||
* Then data is hashed (DST_SIG_MODE_UPDATE). Finally the signature
|
||||
* is verified (DST_SIG_MODE_FINAL). This function can be called
|
||||
* once with DST_SIG_MODE_ALL set, or it can be called separately
|
||||
* First the context must be initialized (DST_SIGMODE_INIT).
|
||||
* Then data is hashed (DST_SIGMODE_UPDATE). Finally the signature
|
||||
* is verified (DST_SIGMODE_FINAL). This function can be called
|
||||
* once with DST_SIGMODE_ALL set, or it can be called separately
|
||||
* for each step. The UPDATE step may be repeated.
|
||||
* Parameters
|
||||
* mode A bit mask specifying operation(s) to be performed.
|
||||
* DST_SIG_MODE_INIT Initialize digest
|
||||
* DST_SIG_MODE_UPDATE Add data to digest
|
||||
* DST_SIG_MODE_FINAL Verify signature
|
||||
* DST_SIG_MODE_ALL Perform all operations
|
||||
* DST_SIGMODE_INIT Initialize digest
|
||||
* DST_SIGMODE_UPDATE Add data to digest
|
||||
* DST_SIGMODE_FINAL Verify signature
|
||||
* DST_SIGMODE_ALL Perform all operations
|
||||
* key The public key used to verify the signature.
|
||||
* context The state of the operation
|
||||
* data The data to be digested.
|
||||
@@ -157,12 +157,12 @@ dst_verify(const int mode, dst_key_t *key, dst_context_t *context,
|
||||
{
|
||||
RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
|
||||
REQUIRE(VALID_KEY(key));
|
||||
REQUIRE((mode & DST_SIG_MODE_ALL) != 0);
|
||||
REQUIRE((mode & DST_SIGMODE_ALL) != 0);
|
||||
|
||||
if ((mode & DST_SIG_MODE_UPDATE) != 0)
|
||||
if ((mode & DST_SIGMODE_UPDATE) != 0)
|
||||
REQUIRE(data != NULL && data->base != NULL);
|
||||
|
||||
if ((mode & DST_SIG_MODE_FINAL) != 0)
|
||||
if ((mode & DST_SIGMODE_FINAL) != 0)
|
||||
REQUIRE(sig != NULL && sig->base != NULL);
|
||||
|
||||
if (dst_supported_algorithm(key->key_alg) == ISC_FALSE)
|
||||
|
||||
@@ -17,7 +17,7 @@
|
||||
|
||||
/*
|
||||
* Principal Author: Brian Wellington
|
||||
* $Id: hmac_link.c,v 1.2 1999/07/29 17:21:23 bwelling Exp $
|
||||
* $Id: hmac_link.c,v 1.3 1999/08/26 20:41:54 bwelling Exp $
|
||||
*/
|
||||
|
||||
#include <config.h>
|
||||
@@ -100,7 +100,7 @@ dst_s_hmacmd5_init()
|
||||
* UPDATE (hash (more) data), FINAL (generate a signature). This
|
||||
* routine performs one or more of these steps.
|
||||
* Parameters
|
||||
* mode DST_SIG_MODE_{INIT_UPDATE_FINAL|ALL}
|
||||
* mode DST_SIGMODE_{INIT_UPDATE_FINAL|ALL}
|
||||
* key key to use for signing
|
||||
* context the context to use for this computation
|
||||
* data data to be signed
|
||||
@@ -117,7 +117,7 @@ dst_hmacmd5_sign(const int mode, dst_key_t *key, void **context,
|
||||
isc_region_t r;
|
||||
MD5_CTX *ctx = NULL;
|
||||
|
||||
if (mode & DST_SIG_MODE_INIT) {
|
||||
if (mode & DST_SIGMODE_INIT) {
|
||||
ctx = (MD5_CTX *) isc_mem_get(mctx, sizeof(MD5_CTX));
|
||||
if (ctx == NULL)
|
||||
return (DST_R_NOMEMORY);
|
||||
@@ -126,17 +126,17 @@ dst_hmacmd5_sign(const int mode, dst_key_t *key, void **context,
|
||||
ctx = (MD5_CTX *) *context;
|
||||
REQUIRE (ctx != NULL);
|
||||
|
||||
if (mode & DST_SIG_MODE_INIT) {
|
||||
if (mode & DST_SIGMODE_INIT) {
|
||||
HMAC_Key *hkey = key->opaque;
|
||||
|
||||
MD5Init(ctx);
|
||||
MD5Update(ctx, hkey->ipad, HMAC_LEN);
|
||||
}
|
||||
|
||||
if ((mode & DST_SIG_MODE_UPDATE))
|
||||
if ((mode & DST_SIGMODE_UPDATE))
|
||||
MD5Update(ctx, data->base, data->length);
|
||||
|
||||
if (mode & DST_SIG_MODE_FINAL) {
|
||||
if (mode & DST_SIGMODE_FINAL) {
|
||||
HMAC_Key *hkey = key->opaque;
|
||||
|
||||
isc_buffer_available(sig, &r);
|
||||
@@ -168,7 +168,7 @@ dst_hmacmd5_sign(const int mode, dst_key_t *key, void **context,
|
||||
* FINAL (generate a signature). This routine performs one or more of
|
||||
* these steps.
|
||||
* Parameters
|
||||
* mode DST_SIG_MODE_{INIT_UPDATE_FINAL|ALL}
|
||||
* mode DST_SIGMODE_{INIT_UPDATE_FINAL|ALL}
|
||||
* key key to use for verifying
|
||||
* context the context to use for this computation
|
||||
* data signed data
|
||||
@@ -184,7 +184,7 @@ dst_hmacmd5_verify(const int mode, dst_key_t *key, void **context,
|
||||
{
|
||||
MD5_CTX *ctx = NULL;
|
||||
|
||||
if (mode & DST_SIG_MODE_INIT) {
|
||||
if (mode & DST_SIGMODE_INIT) {
|
||||
ctx = (MD5_CTX *) isc_mem_get(mctx, sizeof(MD5_CTX));
|
||||
if (ctx == NULL)
|
||||
return (DST_R_NOMEMORY);
|
||||
@@ -193,17 +193,17 @@ dst_hmacmd5_verify(const int mode, dst_key_t *key, void **context,
|
||||
ctx = (MD5_CTX *) *context;
|
||||
REQUIRE (ctx != NULL);
|
||||
|
||||
if (mode & DST_SIG_MODE_INIT) {
|
||||
if (mode & DST_SIGMODE_INIT) {
|
||||
HMAC_Key *hkey = key->opaque;
|
||||
|
||||
MD5Init(ctx);
|
||||
MD5Update(ctx, hkey->ipad, HMAC_LEN);
|
||||
}
|
||||
|
||||
if ((mode & DST_SIG_MODE_UPDATE))
|
||||
if ((mode & DST_SIGMODE_UPDATE))
|
||||
MD5Update(ctx, data->base, data->length);
|
||||
|
||||
if (mode & DST_SIG_MODE_FINAL) {
|
||||
if (mode & DST_SIGMODE_FINAL) {
|
||||
u_char digest[MD5_LEN];
|
||||
HMAC_Key *hkey = key->opaque;
|
||||
|
||||
|
||||
@@ -37,12 +37,12 @@ typedef void * dst_context_t;
|
||||
#define DST_MAX_ALGS DST_ALG_HMAC_SHA1
|
||||
|
||||
/* 'Mode' passed into dst_sign() and dst_verify() */
|
||||
#define DST_SIG_MODE_INIT 1 /* initialize digest */
|
||||
#define DST_SIG_MODE_UPDATE 2 /* add data to digest */
|
||||
#define DST_SIG_MODE_FINAL 4 /* generate/verify signature */
|
||||
#define DST_SIG_MODE_ALL (DST_SIG_MODE_INIT | \
|
||||
DST_SIG_MODE_UPDATE | \
|
||||
DST_SIG_MODE_FINAL)
|
||||
#define DST_SIGMODE_INIT 1 /* initialize digest */
|
||||
#define DST_SIGMODE_UPDATE 2 /* add data to digest */
|
||||
#define DST_SIGMODE_FINAL 4 /* generate/verify signature */
|
||||
#define DST_SIGMODE_ALL (DST_SIGMODE_INIT | \
|
||||
DST_SIGMODE_UPDATE | \
|
||||
DST_SIGMODE_FINAL)
|
||||
|
||||
/* A buffer of this size is large enough to hold any key */
|
||||
#define DST_MAX_KEY_SIZE 1024
|
||||
@@ -64,8 +64,8 @@ dst_supported_algorithm(const int alg);
|
||||
/* Sign a block of data.
|
||||
*
|
||||
* Requires:
|
||||
* "mode" is some combination of DST_SIG_MODE_INIT, DST_SIG_MODE_UPDATE,
|
||||
* and DST_SIG_MODE_FINAL.
|
||||
* "mode" is some combination of DST_SIGMODE_INIT, DST_SIGMODE_UPDATE,
|
||||
* and DST_SIGMODE_FINAL.
|
||||
* "key" is a valid key.
|
||||
* "context" contains a value appropriate for the value of "mode".
|
||||
* "data" is a valid region.
|
||||
@@ -82,8 +82,8 @@ dst_sign(const int mode, dst_key_t *key, dst_context_t *context,
|
||||
/* Verify a signature on a block of data.
|
||||
*
|
||||
* Requires:
|
||||
* "mode" is some combination of DST_SIG_MODE_INIT, DST_SIG_MODE_UPDATE,
|
||||
* and DST_SIG_MODE_FINAL.
|
||||
* "mode" is some combination of DST_SIGMODE_INIT, DST_SIGMODE_UPDATE,
|
||||
* and DST_SIGMODE_FINAL.
|
||||
* "key" is a valid key.
|
||||
* "context" contains a value appropriate for the value of "mode".
|
||||
* "data" is a valid region.
|
||||
|
||||
@@ -19,7 +19,7 @@
|
||||
|
||||
/*
|
||||
* Principal Author: Brian Wellington
|
||||
* $Id: openssl_link.c,v 1.1 1999/07/12 20:08:29 bwelling Exp $
|
||||
* $Id: openssl_link.c,v 1.2 1999/08/26 20:41:54 bwelling Exp $
|
||||
*/
|
||||
|
||||
#include <config.h>
|
||||
@@ -97,7 +97,7 @@ dst_s_openssl_init()
|
||||
* UPDATE (hash (more) data), FINAL (generate a signature). This
|
||||
* routine performs one or more of these steps.
|
||||
* Parameters
|
||||
* mode DST_SIG_MODE_{INIT_UPDATE_FINAL|ALL}
|
||||
* mode DST_SIGMODE_{INIT_UPDATE_FINAL|ALL}
|
||||
* key key to use for signing
|
||||
* context the context to use for this computation
|
||||
* data data to be signed
|
||||
@@ -114,7 +114,7 @@ dst_openssl_sign(const int mode, dst_key_t *key, void **context,
|
||||
isc_region_t r;
|
||||
SHA_CTX *ctx = NULL;
|
||||
|
||||
if (mode & DST_SIG_MODE_INIT) {
|
||||
if (mode & DST_SIGMODE_INIT) {
|
||||
ctx = (SHA_CTX *) isc_mem_get(mctx, sizeof(SHA_CTX));
|
||||
if (ctx == NULL)
|
||||
return (DST_R_NOMEMORY);
|
||||
@@ -123,13 +123,13 @@ dst_openssl_sign(const int mode, dst_key_t *key, void **context,
|
||||
ctx = (SHA_CTX *) *context;
|
||||
REQUIRE (ctx != NULL);
|
||||
|
||||
if (mode & DST_SIG_MODE_INIT)
|
||||
if (mode & DST_SIGMODE_INIT)
|
||||
SHA1_Init(ctx);
|
||||
|
||||
if ((mode & DST_SIG_MODE_UPDATE))
|
||||
if ((mode & DST_SIGMODE_UPDATE))
|
||||
SHA1_Update(ctx, data->base, data->length);
|
||||
|
||||
if (mode & DST_SIG_MODE_FINAL) {
|
||||
if (mode & DST_SIGMODE_FINAL) {
|
||||
DSA *dsa;
|
||||
DSA_SIG *dsasig;
|
||||
unsigned char digest[SHA_DIGEST_LENGTH];
|
||||
@@ -169,7 +169,7 @@ dst_openssl_sign(const int mode, dst_key_t *key, void **context,
|
||||
* FINAL (generate a signature). This routine performs one or more of
|
||||
* these steps.
|
||||
* Parameters
|
||||
* mode DST_SIG_MODE_{INIT_UPDATE_FINAL|ALL}
|
||||
* mode DST_SIGMODE_{INIT_UPDATE_FINAL|ALL}
|
||||
* key key to use for verifying
|
||||
* context the context to use for this computation
|
||||
* data signed data
|
||||
@@ -186,7 +186,7 @@ dst_openssl_verify(const int mode, dst_key_t *key, void **context,
|
||||
int status = 0;
|
||||
SHA_CTX *ctx = NULL;
|
||||
|
||||
if (mode & DST_SIG_MODE_INIT) {
|
||||
if (mode & DST_SIGMODE_INIT) {
|
||||
ctx = (SHA_CTX *) isc_mem_get(mctx, sizeof(SHA_CTX));
|
||||
if (ctx == NULL)
|
||||
return (DST_R_NOMEMORY);
|
||||
@@ -195,13 +195,13 @@ dst_openssl_verify(const int mode, dst_key_t *key, void **context,
|
||||
ctx = (SHA_CTX *) *context;
|
||||
REQUIRE (ctx != NULL);
|
||||
|
||||
if (mode & DST_SIG_MODE_INIT)
|
||||
if (mode & DST_SIGMODE_INIT)
|
||||
SHA1_Init(ctx);
|
||||
|
||||
if ((mode & DST_SIG_MODE_UPDATE))
|
||||
if ((mode & DST_SIGMODE_UPDATE))
|
||||
SHA1_Update(ctx, data->base, data->length);
|
||||
|
||||
if (mode & DST_SIG_MODE_FINAL) {
|
||||
if (mode & DST_SIGMODE_FINAL) {
|
||||
DSA *dsa;
|
||||
DSA_SIG *dsasig;
|
||||
unsigned char digest[SHA_DIGEST_LENGTH];
|
||||
|
||||
@@ -16,7 +16,7 @@
|
||||
*/
|
||||
|
||||
/*
|
||||
* $Id: tsig.c,v 1.2 1999/08/25 14:43:45 bwelling Exp $
|
||||
* $Id: tsig.c,v 1.3 1999/08/26 20:41:53 bwelling Exp $
|
||||
* Principal Author: Brian Wellington
|
||||
*/
|
||||
|
||||
@@ -217,7 +217,7 @@ dns_tsig_sign(dns_message_t *msg) {
|
||||
isc_buffer_init(&databuf, data, sizeof(data), ISC_BUFFERTYPE_BINARY);
|
||||
|
||||
if (!dns_tsig_emptykey(key)) {
|
||||
ret = dst_sign(DST_SIG_MODE_INIT, key->key, &ctx, NULL, NULL);
|
||||
ret = dst_sign(DST_SIGMODE_INIT, key->key, &ctx, NULL, NULL);
|
||||
if (ret != ISC_R_SUCCESS)
|
||||
goto cleanup_algorithm;
|
||||
}
|
||||
@@ -232,7 +232,7 @@ dns_tsig_sign(dns_message_t *msg) {
|
||||
msg->querytsig->siglen);
|
||||
isc_buffer_add(&databuf, msg->querytsig->siglen);
|
||||
isc_buffer_used(&databuf, &r);
|
||||
ret = dst_sign(DST_SIG_MODE_UPDATE, key->key, &ctx, &r,
|
||||
ret = dst_sign(DST_SIGMODE_UPDATE, key->key, &ctx, &r,
|
||||
NULL);
|
||||
if (ret != ISC_R_SUCCESS)
|
||||
goto cleanup_algorithm;
|
||||
@@ -268,18 +268,18 @@ dns_tsig_sign(dns_message_t *msg) {
|
||||
ISC_BUFFERTYPE_BINARY);
|
||||
dns_message_renderheader(msg, &headerbuf);
|
||||
isc_buffer_used(&headerbuf, &r);
|
||||
ret = dst_sign(DST_SIG_MODE_UPDATE, key->key, &ctx, &r, NULL);
|
||||
ret = dst_sign(DST_SIGMODE_UPDATE, key->key, &ctx, &r, NULL);
|
||||
if (ret != ISC_R_SUCCESS)
|
||||
goto cleanup_other;
|
||||
isc_buffer_used(msg->buffer, &r);
|
||||
isc_region_consume(&r, DNS_MESSAGE_HEADERLEN);
|
||||
ret = dst_sign(DST_SIG_MODE_UPDATE, key->key, &ctx, &r, NULL);
|
||||
ret = dst_sign(DST_SIGMODE_UPDATE, key->key, &ctx, &r, NULL);
|
||||
if (ret != ISC_R_SUCCESS)
|
||||
goto cleanup_other;
|
||||
|
||||
/* Digest the name, class, ttl, alg */
|
||||
dns_name_toregion(&key->name, &r);
|
||||
ret = dst_sign(DST_SIG_MODE_UPDATE, key->key, &ctx, &r, NULL);
|
||||
ret = dst_sign(DST_SIGMODE_UPDATE, key->key, &ctx, &r, NULL);
|
||||
if (ret != ISC_R_SUCCESS)
|
||||
goto cleanup_other;
|
||||
|
||||
@@ -287,12 +287,12 @@ dns_tsig_sign(dns_message_t *msg) {
|
||||
isc_buffer_putuint16(&databuf, dns_rdataclass_any);
|
||||
isc_buffer_putuint32(&databuf, 0); /* ttl */
|
||||
isc_buffer_used(&databuf, &r);
|
||||
ret = dst_sign(DST_SIG_MODE_UPDATE, key->key, &ctx, &r, NULL);
|
||||
ret = dst_sign(DST_SIGMODE_UPDATE, key->key, &ctx, &r, NULL);
|
||||
if (ret != ISC_R_SUCCESS)
|
||||
goto cleanup_other;
|
||||
|
||||
dns_name_toregion(tsig->algorithm, &r);
|
||||
ret = dst_sign(DST_SIG_MODE_UPDATE, key->key, &ctx, &r, NULL);
|
||||
ret = dst_sign(DST_SIGMODE_UPDATE, key->key, &ctx, &r, NULL);
|
||||
if (ret != ISC_R_SUCCESS)
|
||||
goto cleanup_other;
|
||||
|
||||
@@ -315,14 +315,14 @@ dns_tsig_sign(dns_message_t *msg) {
|
||||
isc_buffer_putuint16(&databuf, tsig->otherlen);
|
||||
|
||||
isc_buffer_used(&databuf, &r);
|
||||
ret = dst_sign(DST_SIG_MODE_UPDATE, key->key, &ctx, &r, NULL);
|
||||
ret = dst_sign(DST_SIGMODE_UPDATE, key->key, &ctx, &r, NULL);
|
||||
if (ret != ISC_R_SUCCESS)
|
||||
goto cleanup_other;
|
||||
|
||||
if (tsig->otherlen > 0) {
|
||||
r.length = tsig->otherlen;
|
||||
r.base = tsig->other;
|
||||
ret = dst_sign(DST_SIG_MODE_UPDATE, key->key, &ctx, &r,
|
||||
ret = dst_sign(DST_SIGMODE_UPDATE, key->key, &ctx, &r,
|
||||
NULL);
|
||||
if (ret != ISC_R_SUCCESS)
|
||||
goto cleanup_other;
|
||||
@@ -338,7 +338,7 @@ dns_tsig_sign(dns_message_t *msg) {
|
||||
|
||||
isc_buffer_init(&sigbuf, tsig->signature, tsig->siglen,
|
||||
ISC_BUFFERTYPE_BINARY);
|
||||
ret = dst_sign(DST_SIG_MODE_FINAL, key->key, &ctx, NULL,
|
||||
ret = dst_sign(DST_SIGMODE_FINAL, key->key, &ctx, NULL,
|
||||
&sigbuf);
|
||||
if (ret != ISC_R_SUCCESS)
|
||||
goto cleanup_signature;
|
||||
@@ -518,7 +518,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg) {
|
||||
sig_r.base = tsig->signature;
|
||||
sig_r.length = tsig->siglen;
|
||||
|
||||
ret = dst_verify(DST_SIG_MODE_INIT, key, &ctx, NULL, &sig_r);
|
||||
ret = dst_verify(DST_SIGMODE_INIT, key, &ctx, NULL, &sig_r);
|
||||
if (ret != ISC_R_SUCCESS)
|
||||
goto cleanup_key;
|
||||
|
||||
@@ -527,14 +527,14 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg) {
|
||||
ISC_BUFFERTYPE_BINARY);
|
||||
isc_buffer_putuint16(&databuf, msg->querytsig->siglen);
|
||||
isc_buffer_used(&databuf, &r);
|
||||
ret = dst_verify(DST_SIG_MODE_UPDATE, key, &ctx, &r,
|
||||
ret = dst_verify(DST_SIGMODE_UPDATE, key, &ctx, &r,
|
||||
NULL);
|
||||
if (ret != ISC_R_SUCCESS)
|
||||
goto cleanup_key;
|
||||
if (msg->querytsig->siglen > 0) {
|
||||
r.length = msg->querytsig->siglen;
|
||||
r.base = msg->querytsig->signature;
|
||||
ret = dst_verify(DST_SIG_MODE_UPDATE, key,
|
||||
ret = dst_verify(DST_SIGMODE_UPDATE, key,
|
||||
&ctx, &r, NULL);
|
||||
if (ret != ISC_R_SUCCESS)
|
||||
goto cleanup_key;
|
||||
@@ -553,7 +553,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg) {
|
||||
/* Digest the modified header */
|
||||
header_r.base = (unsigned char *) header;
|
||||
header_r.length = DNS_MESSAGE_HEADERLEN;
|
||||
ret = dst_verify(DST_SIG_MODE_UPDATE, key, &ctx, &header_r,
|
||||
ret = dst_verify(DST_SIGMODE_UPDATE, key, &ctx, &header_r,
|
||||
&sig_r);
|
||||
if (ret != ISC_R_SUCCESS)
|
||||
goto cleanup_key;
|
||||
@@ -562,13 +562,13 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg) {
|
||||
isc_buffer_used(source, &source_r);
|
||||
r.base = source_r.base + DNS_MESSAGE_HEADERLEN;
|
||||
r.length = msg->tsigstart - DNS_MESSAGE_HEADERLEN;
|
||||
ret = dst_verify(DST_SIG_MODE_UPDATE, key, &ctx, &r, &sig_r);
|
||||
ret = dst_verify(DST_SIGMODE_UPDATE, key, &ctx, &r, &sig_r);
|
||||
if (ret != ISC_R_SUCCESS)
|
||||
goto cleanup_key;
|
||||
|
||||
/* Digest the key name */
|
||||
dns_name_toregion(&tsigkey->name, &r);
|
||||
ret = dst_verify(DST_SIG_MODE_UPDATE, key, &ctx, &r, &sig_r);
|
||||
ret = dst_verify(DST_SIGMODE_UPDATE, key, &ctx, &r, &sig_r);
|
||||
if (ret != ISC_R_SUCCESS)
|
||||
goto cleanup_key;
|
||||
|
||||
@@ -577,13 +577,13 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg) {
|
||||
isc_buffer_putuint16(&databuf, tsig->common.rdclass);
|
||||
isc_buffer_putuint32(&databuf, dataset->ttl);
|
||||
isc_buffer_used(&databuf, &r);
|
||||
ret = dst_verify(DST_SIG_MODE_UPDATE, key, &ctx, &r, &sig_r);
|
||||
ret = dst_verify(DST_SIGMODE_UPDATE, key, &ctx, &r, &sig_r);
|
||||
if (ret != ISC_R_SUCCESS)
|
||||
goto cleanup_key;
|
||||
|
||||
/* Digest the key algorithm */
|
||||
dns_name_toregion(&tsigkey->algorithm, &r);
|
||||
ret = dst_verify(DST_SIG_MODE_UPDATE, key, &ctx, &r, &sig_r);
|
||||
ret = dst_verify(DST_SIGMODE_UPDATE, key, &ctx, &r, &sig_r);
|
||||
if (ret != ISC_R_SUCCESS)
|
||||
goto cleanup_key;
|
||||
|
||||
@@ -594,18 +594,18 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg) {
|
||||
isc_buffer_putuint16(&databuf, tsig->error);
|
||||
isc_buffer_putuint16(&databuf, tsig->otherlen);
|
||||
isc_buffer_used(&databuf, &r);
|
||||
ret = dst_verify(DST_SIG_MODE_UPDATE, key, &ctx, &r, &sig_r);
|
||||
ret = dst_verify(DST_SIGMODE_UPDATE, key, &ctx, &r, &sig_r);
|
||||
|
||||
if (tsig->otherlen > 0) {
|
||||
r.base = tsig->other;
|
||||
r.length = tsig->otherlen;
|
||||
ret = dst_verify(DST_SIG_MODE_UPDATE, key, &ctx, &r,
|
||||
ret = dst_verify(DST_SIGMODE_UPDATE, key, &ctx, &r,
|
||||
&sig_r);
|
||||
if (ret != ISC_R_SUCCESS)
|
||||
goto cleanup_key;
|
||||
}
|
||||
|
||||
ret = dst_verify(DST_SIG_MODE_FINAL, key, &ctx, NULL, &sig_r);
|
||||
ret = dst_verify(DST_SIGMODE_FINAL, key, &ctx, NULL, &sig_r);
|
||||
if (ret == DST_R_VERIFY_FINAL_FAILURE) {
|
||||
msg->tsigstatus = dns_tsigerror_badsig;
|
||||
return (DNS_R_TSIGVERIFYFAILURE);
|
||||
|
||||
Reference in New Issue
Block a user