From 7fba8470c7f110a26f2ead29d064d4d5ca031114 Mon Sep 17 00:00:00 2001
From: Brian Wellington <source@isc.org>
Date: Thu, 29 Jul 1999 17:21:23 +0000
Subject: [PATCH] minor code cleanup, HMAC-MD5 bugfix

---
 lib/dns/sec/dst/dst_api.c         | 41 ++++++++++++++-----------------
 lib/dns/sec/dst/dst_internal.h    |  1 +
 lib/dns/sec/dst/hmac_link.c       |  7 +++---
 lib/dns/sec/dst/include/dst/dst.h | 18 ++++++--------
 4 files changed, 32 insertions(+), 35 deletions(-)

diff --git a/lib/dns/sec/dst/dst_api.c b/lib/dns/sec/dst/dst_api.c
index 47ca789d86..14e092c570 100644
--- a/lib/dns/sec/dst/dst_api.c
+++ b/lib/dns/sec/dst/dst_api.c
@@ -17,7 +17,7 @@
 
 /*
  * Principal Author: Brian Wellington
- * $Id: dst_api.c,v 1.1 1999/07/12 20:08:28 bwelling Exp $
+ * $Id: dst_api.c,v 1.2 1999/07/29 17:21:23 bwelling Exp $
  */
 
 #include <config.h>
@@ -100,18 +100,16 @@ dst_supported_algorithm(const int alg) {
  *	context		The state of the operation
  *	data		The data to be signed.
  *	sig		The buffer to which the signature will be written.
- *	mctx		Memory context used for allocations
  * Return
  *	DST_R_SUCCESS	Success
  *	!DST_R_SUCCESS	Failure
  */
 dst_result_t
-dst_sign(const int mode, dst_key_t *key, void **context, 
-	 isc_region_t *data, isc_buffer_t *sig, isc_mem_t *mctx)
+dst_sign(const int mode, dst_key_t *key, dst_context_t *context, 
+	 isc_region_t *data, isc_buffer_t *sig)
 {
 	RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
 	REQUIRE(VALID_KEY(key));
-	REQUIRE(mctx != NULL);
 	REQUIRE((mode & DST_SIG_MODE_ALL) != 0);
 
 	if ((mode & DST_SIG_MODE_UPDATE) != 0)
@@ -125,7 +123,8 @@ dst_sign(const int mode, dst_key_t *key, void **context,
 	if (key->opaque == NULL)
 		return (DST_R_NULL_KEY);
 
-	return (key->func->sign(mode, key, context, data, sig, mctx));
+	return (key->func->sign(mode, key, (void **)context, data, sig,
+				key->mctx));
 }
 
 
@@ -147,19 +146,17 @@ dst_sign(const int mode, dst_key_t *key, void **context,
  *	context		The state of the operation
  *	data		The data to be digested.
  *	sig		The signature.
- *	mctx		Memory context used for allocations
  *  Returns
  *	DST_R_SUCCESS	Success
  *	!DST_R_SUCCESS	Failure
  */
 
 dst_result_t
-dst_verify(const int mode, dst_key_t *key, void **context, 
-	   isc_region_t *data, isc_region_t *sig, isc_mem_t *mctx)
+dst_verify(const int mode, dst_key_t *key, dst_context_t *context, 
+	   isc_region_t *data, isc_region_t *sig)
 {
 	RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
 	REQUIRE(VALID_KEY(key));
-	REQUIRE(mctx != NULL);
 	REQUIRE((mode & DST_SIG_MODE_ALL) != 0);
 
 	if ((mode & DST_SIG_MODE_UPDATE) != 0)
@@ -173,7 +170,8 @@ dst_verify(const int mode, dst_key_t *key, void **context,
 	if (key->opaque == NULL)
 		return (DST_R_NULL_KEY);
 
-	return (key->func->verify(mode, key, context, data, sig, mctx));
+	return (key->func->verify(mode, key, (void **)context, data, sig,
+				  key->mctx));
 }
 
 /*
@@ -261,14 +259,14 @@ dst_key_fromfile(const char *name, const isc_uint16_t id, const int alg,
 
 	key = get_key_struct(name, pubkey->key_alg, pubkey->key_flags,
 				   pubkey->key_proto, 0, mctx);
-	dst_key_free(pubkey, mctx);
+	dst_key_free(pubkey);
 	if (key == NULL)
 		return (DST_R_NOMEMORY);
 
 	/* Fill in private key and some fields in the general key structure */
 	ret = key->func->from_file(key, id, mctx);
 	if (ret != DST_R_SUCCESS) {
-		dst_key_free(key, mctx);
+		dst_key_free(key);
 		return (ret);
 	}
 
@@ -369,7 +367,7 @@ dst_key_fromdns(const char *name, isc_buffer_t *source, isc_mem_t *mctx,
 
 	ret = (*keyp)->func->from_dns(*keyp, source, mctx);
 	if (ret != DST_R_SUCCESS) 
-		dst_key_free((*keyp), mctx);
+		dst_key_free((*keyp));
 	return (ret);
 }
 
@@ -412,7 +410,7 @@ dst_key_frombuffer(const char *name, const int alg, const int flags,
 
 	ret = (*keyp)->func->from_dns((*keyp), source, mctx);
 	if (ret != DST_R_SUCCESS) {
-		dst_key_free((*keyp), mctx);
+		dst_key_free((*keyp));
 		return (ret);
 	}
 	return (DST_R_SUCCESS);
@@ -489,7 +487,7 @@ dst_key_generate(const char *name, const int alg, const int bits,
 
 	ret = (*keyp)->func->generate(*keyp, exp, mctx);
 	if (ret != DST_R_SUCCESS) {
-		dst_key_free(*keyp, mctx);
+		dst_key_free(*keyp);
 		return (ret);
 	}
 
@@ -528,20 +526,18 @@ dst_key_compare(const dst_key_t *key1, const dst_key_t *key2) {
  *	Release all data structures pointed to by a key structure.
  *  Parameters
  *	key	Key structure to be freed.
- *	mctx	The memory context used to allocate the key
  */
 void
-dst_key_free(dst_key_t *key, isc_mem_t *mctx) {
+dst_key_free(dst_key_t *key) {
 	RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
 	REQUIRE(VALID_KEY(key));
-	REQUIRE(mctx != NULL);
 
 	if (key->opaque != NULL)
-		key->func->destroy(key->opaque, mctx);
+		key->func->destroy(key->opaque, key->mctx);
 
-	isc_mem_free(mctx, key->key_name);
+	isc_mem_free(key->mctx, key->key_name);
 	memset(key, 0, sizeof(dst_key_t));
-	isc_mem_put(mctx, key, sizeof(dst_key_t));
+	isc_mem_put(key->mctx, key, sizeof(dst_key_t));
 }
 
 char *
@@ -705,6 +701,7 @@ get_key_struct(const char *name, const int alg, const int flags,
 	key->key_alg = alg;
 	key->key_flags = flags;
 	key->key_proto = protocol;
+	key->mctx = mctx;
 	key->opaque = NULL;
 	key->key_size = bits;
 	key->func = dst_t_func[alg];
diff --git a/lib/dns/sec/dst/dst_internal.h b/lib/dns/sec/dst/dst_internal.h
index 46707ee064..662eeefa27 100644
--- a/lib/dns/sec/dst/dst_internal.h
+++ b/lib/dns/sec/dst/dst_internal.h
@@ -55,6 +55,7 @@ struct dst_key {
 	int		key_alg;	/* algorithm of the key */
 	isc_uint32_t	key_flags;	/* flags of the public key */
 	isc_uint16_t	key_id;		/* identifier of the key */
+	isc_mem_t	*mctx;		/* memory context */
 	void *		opaque;		/* pointer to key in crypto pkg fmt */
 	dst_func *	func;		/* crypto package specific functions */
 };
diff --git a/lib/dns/sec/dst/hmac_link.c b/lib/dns/sec/dst/hmac_link.c
index cd329d9ad0..9e377761ce 100644
--- a/lib/dns/sec/dst/hmac_link.c
+++ b/lib/dns/sec/dst/hmac_link.c
@@ -17,7 +17,7 @@
 
 /*
  * Principal Author: Brian Wellington
- * $Id: hmac_link.c,v 1.1 1999/07/12 20:08:29 bwelling Exp $
+ * $Id: hmac_link.c,v 1.2 1999/07/29 17:21:23 bwelling Exp $
  */
 
 #include <config.h>
@@ -291,6 +291,7 @@ dst_hmacmd5_from_dns(dst_key_t *key, isc_buffer_t *data, isc_mem_t *mctx) {
 		return (DST_R_NOMEMORY);
 
 	memset(hkey->ipad, 0, sizeof(hkey->ipad));
+	memset(hkey->opad, 0, sizeof(hkey->opad));
 
 	if (r.length > HMAC_LEN) {
 		MD5_CTX ctx;
@@ -300,15 +301,15 @@ dst_hmacmd5_from_dns(dst_key_t *key, isc_buffer_t *data, isc_mem_t *mctx) {
 		MD5Update(&ctx, r.base, r.length);
 		MD5Final(digest, &ctx);
 		memcpy(hkey->ipad, digest, MD5_LEN);
+		memcpy(hkey->opad, digest, MD5_LEN);
 		keylen = MD5_LEN;
 	}
 	else {
 		memcpy(hkey->ipad, r.base, r.length);
+		memcpy(hkey->opad, r.base, r.length);
 		keylen = r.length;
 	}
 	
-	memcpy(hkey->opad, hkey->ipad, keylen);
-
 	/* XOR key with ipad and opad values */
 	for (i = 0; i < HMAC_LEN; i++) {
 		hkey->ipad[i] ^= HMAC_IPAD;
diff --git a/lib/dns/sec/dst/include/dst/dst.h b/lib/dns/sec/dst/include/dst/dst.h
index 78ff94cb26..580c700821 100644
--- a/lib/dns/sec/dst/include/dst/dst.h
+++ b/lib/dns/sec/dst/include/dst/dst.h
@@ -22,7 +22,8 @@ ISC_LANG_BEGINDECLS
  * to set attributes, new accessor functions will be written.
  */
 
-typedef struct dst_key dst_key_t;
+typedef struct dst_key	dst_key_t;
+typedef void *		dst_context_t;
 
 /* DST algorithm codes */
 #define DST_ALG_UNKNOWN		0
@@ -35,7 +36,7 @@ typedef struct dst_key dst_key_t;
 #define DST_ALG_EXPAND		255
 #define DST_MAX_ALGS		DST_ALG_HMAC_SHA1
 
-/* 'Mode' passed into dst_sign_data() and dst_verify_data() */
+/* 'Mode' passed into dst_sign() and dst_verify() */
 #define DST_SIG_MODE_INIT	1	/* initialize digest */
 #define DST_SIG_MODE_UPDATE	2	/* add data to digest */
 #define DST_SIG_MODE_FINAL	4 	/* generate/verify signature */
@@ -69,15 +70,14 @@ dst_supported_algorithm(const int alg);
  *	"context" contains a value appropriate for the value of "mode".
  *	"data" is a valid region.
  *	"sig" is a valid buffer.
- *	"mctx" is a valid memory context.
  *
  * Ensures:
  *	All allocated memory will be freed after the FINAL call.  "sig"
  *	will contain a signature if all operations completed successfully.
  */
 dst_result_t
-dst_sign(const int mode, dst_key_t *key, void **context,
-	 isc_region_t *data, isc_buffer_t *sig, isc_mem_t *mctx);
+dst_sign(const int mode, dst_key_t *key, dst_context_t *context,
+	 isc_region_t *data, isc_buffer_t *sig);
 
 /* Verify a signature on a block of data.
  *
@@ -88,14 +88,13 @@ dst_sign(const int mode, dst_key_t *key, void **context,
  *	"context" contains a value appropriate for the value of "mode".
  *	"data" is a valid region.
  *	"sig" is a valid region.
- *	"mctx" is a valid memory context.
  *
  * Ensures:
  *	All allocated memory will be freed after the FINAL call.
  */
 dst_result_t
-dst_verify(const int mode, dst_key_t *key, void **context,
-	   isc_region_t *data, isc_region_t *sig, isc_mem_t *mctx);
+dst_verify(const int mode, dst_key_t *key, dst_context_t *context,
+	   isc_region_t *data, isc_region_t *sig);
 
 /* Reads a key from permanent storage.
  *
@@ -210,13 +209,12 @@ dst_key_compare(const dst_key_t *key1, const dst_key_t *key2);
  *
  * Requires:
  *	"key" is a valid key.
- *	"mctx" is a valid memory context.
  *
  * Ensures:
  *	All memory associated with "key" will be freed.
  */
 void
-dst_key_free(dst_key_t *key, isc_mem_t *mctx);
+dst_key_free(dst_key_t *key);
 
 /* Accessor functions to obtain key fields.
  *