mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 14:35:26 +00:00
Code Issues Releases Wiki Activity

[master] merge several interdependent fixes

Browse Source 
3760.   [bug]           Improve SIT with native PKCS#11 and on Windows.
			[RT #35433]

3759.   [port]          Enable delve on Windows. [RT #35441]

3758.   [port]          Enable export library APIs on windows. [RT #35382]
This commit is contained in:
Evan Hunt
2014-02-26 19:00:05 -08:00
parent 95c3a5e116
commit 98922b2b2b
109 changed files with 7208 additions and 529 deletions
Download Patch File Download Diff File Expand all files Collapse all files

150
lib/isc/aes.c
View File

@@ -27,42 +27,7 @@
#include <isc/types.h>
#include <isc/util.h>
#ifdef ISC_PLATFORM_OPENSSLAES
#ifndef EVP_AES
#include <openssl/aes.h>
void
isc_aes128_crypt(const unsigned char *key, const unsigned char *in,
unsigned char *out)
{
AES_KEY k;
RUNTIME_CHECK(AES_set_encrypt_key(key, 128, &k) == 0);
AES_encrypt(in, out, &k);
}
void
isc_aes192_crypt(const unsigned char *key, const unsigned char *in,
unsigned char *out)
{
AES_KEY k;
RUNTIME_CHECK(AES_set_encrypt_key(key, 192, &k) == 0);
AES_encrypt(in, out, &k);
}
void
isc_aes256_crypt(const unsigned char *key, const unsigned char *in,
unsigned char *out)
{
AES_KEY k;
RUNTIME_CHECK(AES_set_encrypt_key(key, 256, &k) == 0);
AES_encrypt(in, out, &k);
}
#else
#if HAVE_OPENSSL_EVP_AES
#include <openssl/evp.h>
@@ -113,6 +78,117 @@ isc_aes256_crypt(const unsigned char *key, const unsigned char *in,
RUNTIME_CHECK(len == ISC_AES_BLOCK_LENGTH);
RUNTIME_CHECK(EVP_CIPHER_CTX_cleanup(&c) == 1);
}
#endif
#elif HAVE_OPENSSL_AES
#include <openssl/aes.h>
void
isc_aes128_crypt(const unsigned char *key, const unsigned char *in,
unsigned char *out)
{
AES_KEY k;
RUNTIME_CHECK(AES_set_encrypt_key(key, 128, &k) == 0);
AES_encrypt(in, out, &k);
}
void
isc_aes192_crypt(const unsigned char *key, const unsigned char *in,
unsigned char *out)
{
AES_KEY k;
RUNTIME_CHECK(AES_set_encrypt_key(key, 192, &k) == 0);
AES_encrypt(in, out, &k);
}
void
isc_aes256_crypt(const unsigned char *key, const unsigned char *in,
unsigned char *out)
{
AES_KEY k;
RUNTIME_CHECK(AES_set_encrypt_key(key, 256, &k) == 0);
AES_encrypt(in, out, &k);
}
#elif PKCS11CRYPTO
#include <pk11/pk11.h>
#include <pk11/internal.h>
static CK_BBOOL truevalue = TRUE;
static CK_BBOOL falsevalue = FALSE;
static void isc_aes_crypt(const unsigned char *key, CK_ULONG keylen,
const unsigned char *in, unsigned char *out);
void
isc_aes128_crypt(const unsigned char *key, const unsigned char *in,
unsigned char *out)
{
isc_aes_crypt(key, ISC_AES128_KEYLENGTH, in, out);
}
void
isc_aes192_crypt(const unsigned char *key, const unsigned char *in,
unsigned char *out)
{
isc_aes_crypt(key, ISC_AES192_KEYLENGTH, in, out);
}
void
isc_aes256_crypt(const unsigned char *key, const unsigned char *in,
unsigned char *out)
{
isc_aes_crypt(key, ISC_AES256_KEYLENGTH, in, out);
}
static void
isc_aes_crypt(const unsigned char *key, CK_ULONG keylen,
const unsigned char *in, unsigned char *out)
{
CK_RV rv;
CK_MECHANISM mech = { CKM_AES_ECB, NULL, 0 };
CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
CK_KEY_TYPE keyType = CKK_AES;
CK_ATTRIBUTE keyTemplate[] =
{
{ CKA_CLASS, &keyClass, (CK_ULONG) sizeof(keyClass) },
{ CKA_KEY_TYPE, &keyType, (CK_ULONG) sizeof(keyType) },
{ CKA_TOKEN, &falsevalue, (CK_ULONG) sizeof(falsevalue) },
{ CKA_PRIVATE, &falsevalue, (CK_ULONG) sizeof(falsevalue) },
{ CKA_ENCRYPT, &truevalue, (CK_ULONG) sizeof(truevalue) },
{ CKA_VALUE, NULL, keylen }
};
CK_ULONG blocklen;
CK_BYTE_PTR pData;
pk11_context_t ctx;
DE_CONST(key, keyTemplate[5].pValue);
RUNTIME_CHECK(pk11_get_session(&ctx, OP_AES, ISC_FALSE, ISC_FALSE,
NULL, 0) == ISC_R_SUCCESS);
ctx.object = CK_INVALID_HANDLE;
PK11_FATALCHECK(pkcs_C_CreateObject,
(ctx.session, keyTemplate,
(CK_ULONG) 6, &ctx.object));
INSIST(ctx.object != CK_INVALID_HANDLE);
PK11_FATALCHECK(pkcs_C_EncryptInit,
(ctx.session, &mech, ctx.object));
DE_CONST(in, pData);
blocklen = (CK_ULONG) ISC_AES_BLOCK_LENGTH;
PK11_FATALCHECK(pkcs_C_Encrypt,
(ctx.session,
pData, (CK_ULONG) ISC_AES_BLOCK_LENGTH,
out, &blocklen));
RUNTIME_CHECK(blocklen == (CK_ULONG) ISC_AES_BLOCK_LENGTH);
(void) pkcs_C_DestroyObject(ctx.session, ctx.object);
ctx.object = CK_INVALID_HANDLE;
pk11_return_session(&ctx);
}
#endif