mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 05:28:00 +00:00
Code Issues Releases Wiki Activity

dst now stores the key name as a dns_name_t, not a char *.

Browse Source
This commit is contained in:
Brian Wellington 2000-05-24 23:13:32 +00:00
parent 8a01e235df
commit a9bc95f22e
20 changed files with 271 additions and 313 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@ -1,3 +1,6 @@
206. [cleanup] dst now stores the key name as a dns_name_t, not
a char *.
205. [cleanup] On IRIX, turn off the mostly harmless warnings 1692
("prototyped function redeclared without prototype")
and 1552 ("variable ... set but not used") when

33
bin/dnssec/dnssec-keygen.c
View File

@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THE SOFTWARE.
*/
/* $Id: dnssec-keygen.c,v 1.25 2000/05/24 17:13:29 bwelling Exp $ */
/* $Id: dnssec-keygen.c,v 1.26 2000/05/24 23:13:12 bwelling Exp $ */
#include <config.h>
@ -28,8 +28,12 @@
#include <isc/string.h>
#include <isc/util.h>
#include <dns/fixedname.h>
#include <dns/keyvalues.h>
#include <dns/name.h>
#include <dns/result.h>
#include <dns/secalg.h>
#include <dst/dst.h>
#include <dst/result.h>
@ -114,7 +118,8 @@ main(int argc, char **argv) {
char *algname = NULL, *nametype = NULL, *type = NULL;
char *prog, *endp;
dst_key_t *key = NULL, *oldkey;
char *name = NULL;
dns_fixedname_t fname;
dns_name_t *name;
isc_uint16_t flags = 0;
dns_secalg_t alg;
isc_boolean_t conflict = ISC_FALSE, null_key = ISC_FALSE;
@ -138,6 +143,9 @@ main(int argc, char **argv) {
if (argc == 1)
usage();
dns_result_register();
dst_result_register();
while ((ch = isc_commandline_parse(argc, argv,
"a:b:eg:n:t:p:s:hv:")) != -1)
{
@ -295,16 +303,15 @@ main(int argc, char **argv) {
fatal("Specified null key with signing authority");
}
name = isc_mem_allocate(mctx, strlen(argv[isc_commandline_index]) + 2);
if (name == NULL)
fatal("out of memory");
strcpy(name, argv[isc_commandline_index]);
if (name[strlen(name) - 1] != '.') {
strcat(name, ".");
fprintf(stderr,
"%s: added a trailing dot to fully qualify the name\n",
PROGRAM);
}
dns_fixedname_init(&fname);
name = dns_fixedname_name(&fname);
isc_buffer_init(&buf, argv[isc_commandline_index],
strlen(argv[isc_commandline_index]));
isc_buffer_add(&buf, strlen(argv[isc_commandline_index]));
ret = dns_name_fromtext(name, &buf, dns_rootname, ISC_FALSE, NULL);
if (ret != ISC_R_SUCCESS)
fatal("Invalid key name %s: %s", argv[isc_commandline_index],
isc_result_totext(ret));
switch(alg) {
case DNS_KEYALG_RSA:
@ -323,7 +330,6 @@ main(int argc, char **argv) {
null_key = ISC_TRUE;
isc_buffer_init(&buf, filename, sizeof(filename) - 1);
dst_result_register();
do {
conflict = ISC_FALSE;
@ -382,7 +388,6 @@ main(int argc, char **argv) {
ret = dst_key_buildfilename(key, 0, &buf);
filename[isc_buffer_usedlength(&buf)] = 0;
printf("%s\n", filename);
isc_mem_free(mctx, name);
isc_mem_free(mctx, algname);
isc_mem_free(mctx, nametype);
isc_mem_free(mctx, prog);

32
bin/dnssec/dnssec-makekeyset.c
View File

@ -178,7 +178,8 @@ main(int argc, char *argv[]) {
isc_log_t *log = NULL;
isc_logconfig_t *logconfig;
keynode_t *keynode;
char *savedname = NULL;
dns_fixedname_t fsavedname;
dns_name_t *savedname = NULL;
dns_result_register();
@ -273,25 +274,29 @@ main(int argc, char *argv[]) {
for (i = 0; i < argc; i++) {
isc_uint16_t id;
int alg;
char *namestr = NULL;
dns_fixedname_t fname;
dns_name_t *name;
char namestr[1025];
isc_buffer_init(&b, argv[i], strlen(argv[i]));
isc_buffer_add(&b, strlen(argv[i]));
result = dst_key_parsefilename(&b, mctx, &namestr, &id, &alg,
NULL);
dns_fixedname_init(&fname);
name = dns_fixedname_name(&fname);
result = dst_key_parsefilename(&b, mctx, name, &id, &alg, NULL);
if (result != ISC_R_SUCCESS)
fatal("%s is not a valid key filename", argv[i]);
strncpy(namestr, nametostr(name), sizeof(namestr) - 1);
namestr[sizeof(namestr) - 1] = 0;
if (savedname == NULL) {
savedname = isc_mem_strdup(mctx, namestr);
if (savedname == NULL)
fatal("out of memory");
fsavedname = fname;
savedname = dns_fixedname_name(&fsavedname);
}
else {
if (strcmp(savedname, namestr) != 0)
if (!dns_name_equal(savedname, name) != 0)
fatal("all keys must have the same owner - %s "
"and %s do not match",
savedname, namestr);
nametostr(savedname), namestr);
}
if (output == NULL) {
output = isc_mem_allocate(mctx,
@ -314,12 +319,12 @@ main(int argc, char *argv[]) {
namestr, isc_result_totext(result));
}
key = NULL;
result = dst_key_fromfile(namestr, id, alg, DST_TYPE_PUBLIC,
result = dst_key_fromfile(name, id, alg, DST_TYPE_PUBLIC,
mctx, &key);
check_result(result, "dst_key_fromfile");
if (dst_key_iszonekey(key)) {
dst_key_t *zonekey = NULL;
result = dst_key_fromfile(namestr, id, alg,
result = dst_key_fromfile(name, id, alg,
DST_TYPE_PRIVATE, mctx,
&zonekey);
@ -351,12 +356,9 @@ main(int argc, char *argv[]) {
dns_rdata_fromregion(rdata, dns_rdataclass_in,
dns_rdatatype_key, &r);
ISC_LIST_APPEND(rdatalist.rdata, rdata, link);
isc_mem_put(mctx, namestr, strlen(namestr) + 1);
dst_key_free(&key);
}
isc_mem_free(mctx, savedname);
dns_rdataset_init(&rdataset);
result = dns_rdatalist_tordataset(&rdatalist, &rdataset);
check_result(result, "dns_rdatalist_tordataset()");
@ -387,7 +389,7 @@ main(int argc, char *argv[]) {
rdata);
if (result != ISC_R_SUCCESS)
fatal("failed to sign keyset with key %s/%s/%d: %s",
dst_key_name(keynode->key),
nametostr(dst_key_name(keynode->key)),
algtostr(dst_key_alg(keynode->key)),
dst_key_id(keynode->key),
isc_result_totext(result));

11
bin/dnssec/dnssec-signkey.c
View File

@ -335,23 +335,24 @@ main(int argc, char *argv[]) {
for (i = 0; i < argc; i++) {
isc_uint16_t id;
int alg;
char *namestr = NULL;
dns_fixedname_t fname;
dns_name_t *name;
isc_buffer_init(&b, argv[i], strlen(argv[i]));
isc_buffer_add(&b, strlen(argv[i]));
result = dst_key_parsefilename(&b, mctx, &namestr, &id, &alg,
NULL);
dns_fixedname_init(&fname);
name = dns_fixedname_name(&fname);
result = dst_key_parsefilename(&b, mctx, name, &id, &alg, NULL);
if (result != ISC_R_SUCCESS)
usage();
key = NULL;
result = dst_key_fromfile(namestr, id, alg, DST_TYPE_PRIVATE,
result = dst_key_fromfile(name, id, alg, DST_TYPE_PRIVATE,
mctx, &key);
if (result != ISC_R_SUCCESS)
fatal("failed to read key %s/%s/%d from disk: %s",
dst_key_name(key), algtostr(dst_key_alg(key)),
dst_key_id(key), isc_result_totext(result));
isc_mem_put(mctx, namestr, strlen(namestr) + 1);
rdata = isc_mem_get(mctx, sizeof(dns_rdata_t));
if (rdata == NULL)

54
bin/dnssec/dnssec-signzone.c
View File

@ -176,7 +176,7 @@ signwithkey(dns_name_t *name, dns_rdataset_t *rdataset, dns_rdata_t *rdata,
mctx, b, rdata);
if (result != ISC_R_SUCCESS)
fatal("key '%s/%s/%d' failed to sign data: %s",
dst_key_name(key), algtostr(dst_key_alg(key)),
nametostr(dst_key_name(key)), algtostr(dst_key_alg(key)),
dst_key_id(key), isc_result_totext(result));
if (tryverify) {
@ -196,17 +196,9 @@ issigningkey(signer_key_t *key) {
static inline isc_boolean_t
iszonekey(signer_key_t *key, dns_db_t *db) {
char origin[1024];
isc_buffer_t b;
isc_result_t result;
isc_buffer_init(&b, origin, sizeof(origin));
result = dns_name_totext(dns_db_origin(db), ISC_FALSE, &b);
check_result(result, "dns_name_totext()");
return (ISC_TF(strcasecmp(dst_key_name(key->key), origin) == 0 &&
return (dns_name_equal(dst_key_name(key->key), dns_db_origin(db)) &&
(dst_key_flags(key->key) & DNS_KEYFLAG_OWNERMASK) ==
DNS_KEYOWNER_ZONE));
DNS_KEYOWNER_ZONE);
}
/*
@ -215,23 +207,20 @@ iszonekey(signer_key_t *key, dns_db_t *db) {
*/
static signer_key_t *
keythatsigned(dns_rdata_sig_t *sig) {
char *keyname;
isc_result_t result;
dst_key_t *pubkey = NULL, *privkey = NULL;
signer_key_t *key;
keyname = nametostr(&sig->signer);
key = ISC_LIST_HEAD(keylist);
while (key != NULL) {
if (sig->keyid == dst_key_id(key->key) &&
sig->algorithm == dst_key_alg(key->key) &&
strcasecmp(keyname, dst_key_name(key->key)) == 0)
dns_name_equal(&sig->signer, dst_key_name(key->key)))
return key;
key = ISC_LIST_NEXT(key, link);
}
result = dst_key_fromfile(keyname, sig->keyid, sig->algorithm,
result = dst_key_fromfile(&sig->signer, sig->keyid, sig->algorithm,
DST_TYPE_PUBLIC, mctx, &pubkey);
if (result != ISC_R_SUCCESS)
return (NULL);
@ -240,7 +229,7 @@ keythatsigned(dns_rdata_sig_t *sig) {
if (key == NULL)
fatal("out of memory");
result = dst_key_fromfile(keyname, sig->keyid, sig->algorithm,
result = dst_key_fromfile(&sig->signer, sig->keyid, sig->algorithm,
DST_TYPE_PRIVATE, mctx, &privkey);
if (result == ISC_R_SUCCESS) {
key->key = privkey;
@ -465,7 +454,7 @@ signset(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node,
else if (resign) {
allocbufferandrdata;
vbprintf(1, "\tresigning with key %s/%s/%d\n",
dst_key_name(key->key),
nametostr(dst_key_name(key->key)),
algtostr(dst_key_alg(key->key)),
dst_key_id(key->key));
signwithkey(name, set, trdata, key->key, &b);
@ -496,7 +485,7 @@ signset(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node,
{
allocbufferandrdata;
vbprintf(1, "\tsigning with key %s/%s/%d\n",
dst_key_name(key->key),
nametostr(dst_key_name(key->key)),
algtostr(dst_key_alg(key->key)),
dst_key_id(key->key));
signwithkey(name, set, trdata, key->key, &b);
@ -889,7 +878,7 @@ signname(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node,
dns_rdatalist_init(&keyrdatalist);
dstkey = NULL;
result = dst_key_generate("", DNS_KEYALG_DSA,
result = dst_key_generate(name, DNS_KEYALG_DSA,
0, 0,
DNS_KEYTYPE_NOKEY |
DNS_KEYOWNER_ZONE,
@ -1489,12 +1478,15 @@ main(int argc, char *argv[]) {
for (i = 0; i < argc; i++) {
isc_uint16_t id;
int alg;
char *namestr = NULL;
dns_fixedname_t fname;
dns_name_t *name;
isc_buffer_t b;
isc_buffer_init(&b, argv[i], strlen(argv[i]));
isc_buffer_add(&b, strlen(argv[i]));
result = dst_key_parsefilename(&b, mctx, &namestr,
dns_fixedname_init(&fname);
name = dns_fixedname_name(&fname);
result = dst_key_parsefilename(&b, mctx, name,
&id, &alg, NULL);
if (result != ISC_R_SUCCESS)
usage();
@ -1504,31 +1496,30 @@ main(int argc, char *argv[]) {
dst_key_t *dkey = key->key;
if (dst_key_id(dkey) == id &&
dst_key_alg(dkey) == alg &&
strcasecmp(namestr,
dst_key_name(dkey)) == 0)
dns_name_equal(name, dst_key_name(dkey)))
{
key->isdefault = ISC_TRUE;
if (!dst_key_isprivate(dkey))
fatal("cannot sign zone with "
"non-private key "
"'%s/%s/%d'",
dst_key_name(dkey),
algtostr(dst_key_alg(dkey)),
dst_key_id(dkey));
nametostr(dst_key_name(dkey)),
algtostr(dst_key_alg(dkey)),
dst_key_id(dkey));
break;
}
key = ISC_LIST_NEXT(key, link);
}
if (key == NULL) {
dst_key_t *dkey = NULL;
result = dst_key_fromfile(namestr, id, alg,
result = dst_key_fromfile(name, id, alg,
DST_TYPE_PRIVATE,
mctx, &dkey);
if (result != ISC_R_SUCCESS)
fatal("failed to load key '%s/%s/%d' "
"from disk: %s", namestr,
algtostr(alg), id,
isc_result_totext(result));
"from disk: %s",
nametostr(name), algtostr(alg),
id, isc_result_totext(result));
key = isc_mem_get(mctx, sizeof(signer_key_t));
if (key == NULL)
fatal("out of memory");
@ -1536,7 +1527,6 @@ main(int argc, char *argv[]) {
key->isdefault = ISC_TRUE;
ISC_LIST_APPEND(keylist, key, link);
}
isc_mem_put(mctx, namestr, strlen(namestr) + 1);
}
}

12
bin/named/server.c
View File

@ -199,6 +199,9 @@ configure_view_dnsseckeys(dns_c_ctx_t *cctx,
unsigned char rrdata[4096];
isc_buffer_t rrdatabuf;
isc_region_t r;
dns_fixedname_t fkeyname;
dns_name_t *keyname;
isc_buffer_t namebuf;
if (cview == NULL)
viewclass = dns_rdataclass_in;
@ -241,7 +244,14 @@ configure_view_dnsseckeys(dns_c_ctx_t *cctx,
keystruct.common.rdclass,
keystruct.common.rdtype,
&keystruct, &rrdatabuf));
CHECK(dst_key_fromdns(ckey->domain, &rrdatabuf, mctx,
dns_fixedname_init(&fkeyname);
keyname = dns_fixedname_name(&fkeyname);
isc_buffer_init(&namebuf, ckey->domain,
strlen(ckey->domain));
isc_buffer_add(&namebuf, strlen(ckey->domain));
CHECK(dns_name_fromtext(keyname, &namebuf,
dns_rootname, ISC_FALSE, NULL));
CHECK(dst_key_fromdns(keyname, &rrdatabuf, mctx,
&dstkey));
CHECK(dns_keytable_add(keytable, &dstkey));

10
bin/named/tkeyconf.c
View File

@ -43,7 +43,7 @@ dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx,
int n;
isc_buffer_t b, namebuf;
unsigned char data[1024];
dns_name_t domain;
dns_name_t domain, keyname;
result = dns_tkeyctx_create(mctx, &tctx);
if (result != ISC_R_SUCCESS)
@ -55,7 +55,12 @@ dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx,
*tctxp = tctx;
return (ISC_R_SUCCESS);
}
RETERR(dst_key_fromfile(s, n, DNS_KEYALG_DH,
isc_buffer_init(&namebuf, data, sizeof(data));
dns_name_init(&keyname, NULL);
isc_buffer_init(&b, s, strlen(s));
isc_buffer_add(&b, strlen(s));
dns_name_fromtext(&keyname, &b, dns_rootname, ISC_FALSE, &namebuf);
RETERR(dst_key_fromfile(&keyname, n, DNS_KEYALG_DH,
DST_TYPE_PUBLIC|DST_TYPE_PRIVATE,
mctx, &tctx->dhkey));
s = NULL;
@ -69,7 +74,6 @@ dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx,
dns_name_init(tctx->domain, NULL);
isc_buffer_init(&b, s, strlen(s));
isc_buffer_add(&b, strlen(s));
isc_buffer_init(&namebuf, data, sizeof(data));
RETERR(dns_name_fromtext(&domain, &b, dns_rootname, ISC_FALSE,
&namebuf));
RETERR(dns_name_dup(&domain, mctx, tctx->domain));

28
bin/tests/dst/dst_test.c
View File

@ -26,6 +26,8 @@
#include <isc/region.h>
#include <isc/string.h> /* Required for HP/UX (and others?) */
#include <dns/fixedname.h>
#include <dns/name.h>
#include <dns/result.h>
#include <dst/dst.h>
@ -97,7 +99,7 @@ dns(dst_key_t *key, isc_mem_t *mctx) {
}
static void
io(char *name, int id, int alg, int type, isc_mem_t *mctx) {
io(dns_name_t *name, int id, int alg, int type, isc_mem_t *mctx) {
dst_key_t *key = NULL;
isc_result_t ret;
@ -117,7 +119,7 @@ io(char *name, int id, int alg, int type, isc_mem_t *mctx) {
}
static void
dh(char *name1, int id1, char *name2, int id2, isc_mem_t *mctx) {
dh(dns_name_t *name1, int id1, dns_name_t *name2, int id2, isc_mem_t *mctx) {
dst_key_t *key1 = NULL, *key2 = NULL;
isc_result_t ret;
isc_buffer_t b1, b2;
@ -183,7 +185,7 @@ generate(int alg, isc_mem_t *mctx) {
isc_result_t ret;
dst_key_t *key = NULL;
ret = dst_key_generate("test.", alg, 512, 0, 0, 0, mctx, &key);
ret = dst_key_generate(dns_rootname, alg, 512, 0, 0, 0, mctx, &key);
printf("generate(%d) returned: %s\n", alg, isc_result_totext(ret));
if (alg != DST_ALG_DH)
@ -210,6 +212,9 @@ get_random(void) {
int
main(void) {
isc_mem_t *mctx = NULL;
isc_buffer_t b;
dns_fixedname_t fname;
dns_name_t *name;
isc_mem_create(0, 0, &mctx);
@ -219,14 +224,19 @@ main(void) {
dns_result_register();
dst_result_register();
io("test.", 6204, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx);
io("test.", 54622, DST_ALG_RSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
mctx);
dns_fixedname_init(&fname);
name = dns_fixedname_name(&fname);
isc_buffer_init(&b, "test.", 5);
dns_name_fromtext(name, &b, NULL, ISC_FALSE, NULL);
io(name, 6204, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx);
io(name, 54622, DST_ALG_RSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx);
io("test.", 0, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx);
io("test.", 0, DST_ALG_RSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx);
io(name, 0, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx);
io(name, 0, DST_ALG_RSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx);
dh("dh.", 18088, "dh.", 48443, mctx);
isc_buffer_init(&b, "dh.", 3);
dns_name_fromtext(name, &b, NULL, ISC_FALSE, NULL);
dh(name, 18088, name, 48443, mctx);
generate(DST_ALG_RSA, mctx);
generate(DST_ALG_DH, mctx);

39
bin/tests/dst/t_dst.c
View File

@ -34,6 +34,9 @@
#include <isc/string.h>
#include <isc/util.h>
#include <dns/fixedname.h>
#include <dns/name.h>
#include <dst/dst.h>
#include <dst/result.h>
@ -109,7 +112,7 @@ use(dst_key_t *key, isc_result_t exp_result, int *nfails) {
}
static void
dh(char *name1, int id1, char *name2, int id2, isc_mem_t *mctx,
dh(dns_name_t *name1, int id1, dns_name_t *name2, int id2, isc_mem_t *mctx,
isc_result_t exp_result, int *nfails, int *nprobs)
{
dst_key_t *key1 = NULL, *key2 = NULL;
@ -228,7 +231,7 @@ dh(char *name1, int id1, char *name2, int id2, isc_mem_t *mctx,
}
static void
io(char *name, int id, int alg, int type, isc_mem_t *mctx,
io(dns_name_t *name, int id, int alg, int type, isc_mem_t *mctx,
isc_result_t exp_result, int *nfails, int *nprobs)
{
dst_key_t *key = NULL;
@ -302,7 +305,7 @@ generate(int alg, isc_mem_t *mctx, int size, int *nfails) {
isc_result_t ret;
dst_key_t *key = NULL;
ret = dst_key_generate("test.", alg, size, 0, 0, 0, mctx, &key);
ret = dst_key_generate(dns_rootname, alg, size, 0, 0, 0, mctx, &key);
if (ret != ISC_R_SUCCESS) {
t_info("dst_key_generate(%d) returned: %s\n", alg,
dst_result_totext(ret));
@ -369,6 +372,9 @@ t1(void) {
int nprobs;
int result;
isc_result_t isc_result;
dns_fixedname_t fname;
dns_name_t *name;
isc_buffer_t b;
t_assert("dst", 1, T_REQUIRED, a1);
@ -384,20 +390,28 @@ t1(void) {
}
t_info("testing use of stored keys [1]\n");
io("test.", 6204, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
dns_fixedname_init(&fname);
name = dns_fixedname_name(&fname);
isc_buffer_init(&b, "test.", 5);
dns_name_fromtext(name, &b, NULL, ISC_FALSE, NULL);
io(name, 6204, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
mctx, ISC_R_SUCCESS, &nfails, &nprobs);
t_info("testing use of stored keys [2]\n");
io("test.", 54622, DST_ALG_RSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
io(name, 54622, DST_ALG_RSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
mctx, ISC_R_SUCCESS, &nfails, &nprobs);
t_info("testing use of stored keys [3]\n");
io("test.", 0, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
io(name, 0, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
mctx, DST_R_NULLKEY, &nfails, &nprobs);
t_info("testing use of stored keys [4]\n");
io("test.", 0, DST_ALG_RSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
io(name, 0, DST_ALG_RSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
mctx, DST_R_NULLKEY, &nfails, &nprobs);
dh("dh.", 18088, "dh.", 48443, mctx, ISC_R_SUCCESS, &nfails, &nprobs);
isc_buffer_init(&b, "dh.", 3);
dns_name_fromtext(name, &b, NULL, ISC_FALSE, NULL);
dh(name, 18088, name, 48443, mctx, ISC_R_SUCCESS, &nfails, &nprobs);
t_info("testing use of generated keys\n");
generate(DST_ALG_RSA, mctx, 512, &nfails);
@ -599,6 +613,9 @@ t2_sigchk(char *datapath, char *sigpath, char *keyname,
isc_buffer_t sigbuf;
isc_region_t datareg;
isc_region_t sigreg;
dns_fixedname_t fname;
dns_name_t *name;
isc_buffer_t b;
/*
* Read data from file in a form usable by dst_verify.
@ -639,7 +656,11 @@ t2_sigchk(char *datapath, char *sigpath, char *keyname,
/*
* Read key from file in a form usable by dst_verify.
*/
isc_result = dst_key_fromfile(keyname, id, alg, type, mctx, &key);
dns_fixedname_init(&fname);
name = dns_fixedname_name(&fname);
isc_buffer_init(&b, keyname, strlen(keyname));
dns_name_fromtext(name, &b, dns_rootname, ISC_FALSE, NULL);
isc_result = dst_key_fromfile(name, id, alg, type, mctx, &key);
if (isc_result != ISC_R_SUCCESS) {
t_info("dst_key_fromfile failed %s\n",
isc_result_totext(isc_result));

60
lib/dns/dnssec.c
View File

@ -16,7 +16,7 @@
*/
/*
* $Id: dnssec.c,v 1.38 2000/05/20 01:27:28 bwelling Exp $
* $Id: dnssec.c,v 1.39 2000/05/24 23:13:19 bwelling Exp $
* Principal Author: Brian Wellington
*/
@ -62,9 +62,6 @@ typedef struct digestctx {
static isc_result_t
digest_callback(void *arg, isc_region_t *data);
static isc_result_t
keyname_to_name(char *keyname, isc_mem_t *mctx, dns_name_t *name);
static int
rdata_compare_wrapper(const void *rdata1, const void *rdata2);
@ -88,30 +85,6 @@ digest_callback(void *arg, isc_region_t *data) {
return (result);
}
/*
* Converts the name of a key into a canonical dns_name_t.
*/
static isc_result_t
keyname_to_name(char *keyname, isc_mem_t *mctx, dns_name_t *name) {
isc_buffer_t src, dst;
unsigned char data[1024];
isc_result_t ret;
dns_name_t tname;
dns_name_init(name, NULL);
dns_name_init(&tname, NULL);
isc_buffer_init(&src, keyname, strlen(keyname));
isc_buffer_add(&src, strlen(keyname));
isc_buffer_init(&dst, data, sizeof(data));
ret = dns_name_fromtext(&tname, &src, NULL, ISC_TRUE, &dst);
if (ret != ISC_R_SUCCESS)
return (ret);
ret = dns_name_dup(&tname, mctx, name);
dns_name_downcase(name, name, NULL);
return (ret);
}
/*
* Make qsort happy.
*/
@ -168,10 +141,8 @@ isc_result_t
dns_dnssec_keyfromrdata(dns_name_t *name, dns_rdata_t *rdata, isc_mem_t *mctx,
dst_key_t **key)
{
isc_buffer_t b, namebuf;
isc_buffer_t b;
isc_region_t r;
isc_result_t ret;
char namestr[1024];
INSIST(name != NULL);
INSIST(rdata != NULL);
@ -179,16 +150,10 @@ dns_dnssec_keyfromrdata(dns_name_t *name, dns_rdata_t *rdata, isc_mem_t *mctx,
INSIST(key != NULL);
INSIST(*key == NULL);
isc_buffer_init(&namebuf, namestr, sizeof(namestr) - 1);
ret = dns_name_totext(name, ISC_FALSE, &namebuf);
if (ret != ISC_R_SUCCESS)
return ret;
isc_buffer_usedregion(&namebuf, &r);
namestr[r.length] = 0;
dns_rdata_toregion(rdata, &r);
isc_buffer_init(&b, r.base, r.length);
isc_buffer_add(&b, r.length);
return (dst_key_fromdns(namestr, &b, mctx, key));
return (dst_key_fromdns(name, &b, mctx, key));
}
isc_result_t
@ -234,9 +199,8 @@ dns_dnssec_sign(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
sig.common.rdtype = dns_rdatatype_sig;
ISC_LINK_INIT(&sig.common, link);
ret = keyname_to_name(dst_key_name(key), mctx, &sig.signer);
if (ret != ISC_R_SUCCESS)
return (ret);
dns_name_init(&sig.signer, NULL);
dns_name_clone(dst_key_name(key), &sig.signer);
sig.covered = set->type;
sig.algorithm = dst_key_alg(key);
@ -253,7 +217,7 @@ dns_dnssec_sign(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
sig.siglen = sigsize;
sig.signature = isc_mem_get(mctx, sig.siglen);
if (sig.signature == NULL)
goto cleanup_name;
return (ISC_R_NOMEMORY);
isc_buffer_init(&b, data, sizeof(data));
ret = dns_rdata_fromstruct(NULL, sig.common.rdclass,
@ -344,8 +308,6 @@ cleanup_array:
isc_mem_put(mctx, rdatas, nrdatas * sizeof(dns_rdata_t));
cleanup_signature:
isc_mem_put(mctx, sig.signature, sig.siglen);
cleanup_name:
dns_name_free(&sig.signer, mctx);
return (ret);
}
@ -564,7 +526,6 @@ dns_dnssec_signmessage(dns_message_t *msg, dst_key_t *key) {
isc_buffer_t headerbuf, databuf, sigbuf;
unsigned int sigsize;
isc_buffer_t *dynbuf;
dns_name_t signer;
dns_rdata_t *rdata;
dns_rdatalist_t *datalist;
dns_rdataset_t *dataset;
@ -601,8 +562,8 @@ dns_dnssec_signmessage(dns_message_t *msg, dst_key_t *key) {
sig.keyid = dst_key_id(key);
dns_name_init(&signer, NULL);
RETERR(keyname_to_name(dst_key_name(key), mctx, &sig.signer));
dns_name_init(&sig.signer, NULL);
dns_name_clone(dst_key_name(key), &sig.signer);
sig.siglen = 0;
sig.signature = NULL;
@ -660,7 +621,6 @@ dns_dnssec_signmessage(dns_message_t *msg, dst_key_t *key) {
dns_rdatatype_sig, &sig, dynbuf));
isc_mem_put(mctx, sig.signature, sig.siglen);
dns_name_free(&sig.signer, mctx);
signeedsfree = ISC_FALSE;
dns_message_takebuffer(msg, &dynbuf);
@ -684,10 +644,8 @@ dns_dnssec_signmessage(dns_message_t *msg, dst_key_t *key) {
failure:
if (dynbuf != NULL)
isc_buffer_free(&dynbuf);
if (signeedsfree) {
if (signeedsfree)
isc_mem_put(mctx, sig.signature, sig.siglen);
dns_name_free(&sig.signer, mctx);
}
return (result);
}

17
lib/dns/keytable.c
View File

@ -184,10 +184,7 @@ dns_keytable_add(dns_keytable_t *keytable, dst_key_t **keyp) {
isc_result_t result;
dns_keynode_t *knode;
dns_rbtnode_t *node;
dns_fixedname_t fname;
char *keyname;
isc_buffer_t buffer;
size_t len;
dns_name_t *keyname;
/*
* Add '*keyp' to 'keytable'.
@ -197,15 +194,6 @@ dns_keytable_add(dns_keytable_t *keytable, dst_key_t **keyp) {
REQUIRE(keyp != NULL);
keyname = dst_key_name(*keyp);
INSIST(keyname != NULL);
len = strlen(keyname);
isc_buffer_init(&buffer, keyname, len);
isc_buffer_add(&buffer, len);
dns_fixedname_init(&fname);
result = dns_name_fromtext(dns_fixedname_name(&fname), &buffer,
dns_rootname, ISC_FALSE, NULL);
if (result != ISC_R_SUCCESS)
return (result);
knode = isc_mem_get(keytable->mctx, sizeof *knode);
if (knode == NULL)
@ -214,8 +202,7 @@ dns_keytable_add(dns_keytable_t *keytable, dst_key_t **keyp) {
RWLOCK(&keytable->rwlock, isc_rwlocktype_write);
node = NULL;
result = dns_rbt_addnode(keytable->table, dns_fixedname_name(&fname),
&node);
result = dns_rbt_addnode(keytable->table, keyname, &node);
if (result == ISC_R_SUCCESS || result == ISC_R_EXISTS) {
knode->magic = KEYNODE_MAGIC;

7
lib/dns/message.c
View File

@ -2385,11 +2385,8 @@ dns_message_checksig(dns_message_t *msg, dns_view_t *view) {
isc_buffer_init(&b, rdata.data, rdata.length);
isc_buffer_add(&b, rdata.length);
/*
* XXXBEW should actually pass in the key name,
* but it's not used anyway.
*/
result = dst_key_fromdns("", &b, view->mctx, &key);
result = dst_key_fromdns(&sig.signer, &b, view->mctx,
&key);
if (result != ISC_R_SUCCESS)
continue;
if (dst_key_alg(key) != sig.algorithm ||

158
lib/dns/sec/dst/dst_api.c
View File

@ -19,7 +19,7 @@
/*
* Principal Author: Brian Wellington
* $Id: dst_api.c,v 1.40 2000/05/24 05:09:36 tale Exp $
* $Id: dst_api.c,v 1.41 2000/05/24 23:13:28 bwelling Exp $
*/
#include <config.h>
@ -36,6 +36,7 @@
#include <isc/time.h>
#include <isc/util.h>
#include <dns/name.h>
#include <dns/rdata.h>
#include <dns/keyvalues.h>
@ -56,10 +57,10 @@ static isc_mutex_t random_lock;
/* Static functions */
static void initialize(void);
static dst_key_t * get_key_struct(const char *name, const int alg,
static dst_key_t * get_key_struct(dns_name_t *name, const int alg,
const int flags, const int protocol,
const int bits, isc_mem_t *mctx);
static isc_result_t read_public_key(const char *name,
static isc_result_t read_public_key(dns_name_t *name,
const isc_uint16_t id, int in_alg,
isc_mem_t *mctx, dst_key_t **keyp);
static isc_result_t write_public_key(const dst_key_t *key);
@ -314,14 +315,14 @@ dst_key_tofile(const dst_key_t *key, const int type) {
* !ISC_R_SUCCESS Failure
*/
isc_result_t
dst_key_fromfile(const char *name, const isc_uint16_t id, const int alg,
dst_key_fromfile(dns_name_t *name, const isc_uint16_t id, const int alg,
const int type, isc_mem_t *mctx, dst_key_t **keyp)
{
dst_key_t *key = NULL, *pubkey = NULL;
isc_result_t ret;
RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
REQUIRE(name != NULL);
REQUIRE(dns_name_isabsolute(name));
REQUIRE(mctx != NULL);
REQUIRE(keyp != NULL && *keyp == NULL);
@ -346,7 +347,7 @@ dst_key_fromfile(const char *name, const isc_uint16_t id, const int alg,
}
key = get_key_struct(name, pubkey->key_alg, pubkey->key_flags,
pubkey->key_proto, 0, mctx);
pubkey->key_proto, 0, mctx);
dst_key_free(&pubkey);
}
@ -423,7 +424,7 @@ dst_key_todns(const dst_key_t *key, isc_buffer_t *target) {
*/
isc_result_t
dst_key_fromdns(const char *name, isc_buffer_t *source, isc_mem_t *mctx,
dst_key_fromdns(dns_name_t *name, isc_buffer_t *source, isc_mem_t *mctx,
dst_key_t **keyp)
{
isc_region_t r;
@ -433,7 +434,7 @@ dst_key_fromdns(const char *name, isc_buffer_t *source, isc_mem_t *mctx,
dst_key_t *key = NULL;
RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
REQUIRE(name != NULL);
REQUIRE(dns_name_isabsolute(name));
REQUIRE(source != NULL);
REQUIRE(mctx != NULL);
REQUIRE(keyp != NULL && *keyp == NULL);
@ -488,7 +489,7 @@ dst_key_fromdns(const char *name, isc_buffer_t *source, isc_mem_t *mctx,
* !ISC_R_SUCCESS Failure
*/
isc_result_t
dst_key_frombuffer(const char *name, const int alg, const int flags,
dst_key_frombuffer(dns_name_t *name, const int alg, const int flags,
const int protocol, isc_buffer_t *source, isc_mem_t *mctx,
dst_key_t **keyp)
{
@ -496,7 +497,7 @@ dst_key_frombuffer(const char *name, const int alg, const int flags,
isc_result_t ret;
RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
REQUIRE(name != NULL);
REQUIRE(dns_name_isabsolute(name));
REQUIRE(source != NULL);
REQUIRE(mctx != NULL);
REQUIRE(keyp != NULL && *keyp == NULL);
@ -570,7 +571,7 @@ dst_key_tobuffer(const dst_key_t *key, isc_buffer_t *target) {
* !ISC_R_SUCCESS Failure
*/
isc_result_t
dst_key_generate(const char *name, const int alg, const int bits,
dst_key_generate(dns_name_t *name, const int alg, const int bits,
const int exp, const int flags, const int protocol,
isc_mem_t *mctx, dst_key_t **keyp)
{
@ -578,7 +579,7 @@ dst_key_generate(const char *name, const int alg, const int bits,
isc_result_t ret;
RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
REQUIRE(name != NULL);
REQUIRE(dns_name_isabsolute(name));
REQUIRE(mctx != NULL);
REQUIRE(keyp != NULL && *keyp == NULL);
@ -680,13 +681,14 @@ dst_key_free(dst_key_t **keyp) {
if (key->opaque != NULL)
key->func->destroy(key->opaque, mctx);
isc_mem_free(mctx, key->key_name);
dns_name_free(key->key_name, mctx);
isc_mem_put(mctx, key->key_name, sizeof(dns_name_t));
memset(key, 0, sizeof(dst_key_t));
isc_mem_put(mctx, key, sizeof(dst_key_t));
*keyp = NULL;
}
char *
dns_name_t *
dst_key_name(const dst_key_t *key) {
REQUIRE(VALID_KEY(key));
return (key->key_name);
@ -757,11 +759,10 @@ dst_key_isnullkey(const dst_key_t *key) {
}
isc_result_t
dst_key_buildfilename(const dst_key_t *key, const int type, isc_buffer_t *out)
{
dst_key_buildfilename(const dst_key_t *key, const int type, isc_buffer_t *out) {
char *suffix;
unsigned int namelen;
isc_region_t r;
unsigned int len;
isc_result_t result;
REQUIRE(VALID_KEY(key));
REQUIRE(type == DST_TYPE_PRIVATE || type == DST_TYPE_PUBLIC ||
@ -773,32 +774,35 @@ dst_key_buildfilename(const dst_key_t *key, const int type, isc_buffer_t *out)
suffix = ".private";
else
suffix = ".key";
namelen = 1 + strlen(key->key_name) + 1 + 3 + 1 + 5 + 1 +
strlen(suffix);
isc_buffer_availableregion(out, &r);
if (namelen >= r.length)
if (isc_buffer_availablelength(out) < 1)
return (ISC_R_NOSPACE);
if (namelen >= ISC_DIR_NAMEMAX)
return (ISC_R_INVALIDFILE);
sprintf((char *) r.base, "K%s+%03d+%05d%s", key->key_name,
isc_buffer_putstr(out, "K");
result = dns_name_totext(key->key_name, ISC_FALSE, out);
if (result != ISC_R_SUCCESS)
return (result);
len = 1 + 3 + 1 + 5 + strlen(suffix) + 1;
if (isc_buffer_availablelength(out) < len)
return (ISC_R_NOSPACE);
sprintf((char *) isc_buffer_used(out), "+%03d+%05d%s",
key->key_alg, key->key_id, suffix);
isc_buffer_add(out, namelen);
isc_buffer_add(out, len);
return (ISC_R_SUCCESS);
}
isc_result_t
dst_key_parsefilename(isc_buffer_t *source, isc_mem_t *mctx, char **name,
dst_key_parsefilename(isc_buffer_t *source, isc_mem_t *mctx, dns_name_t *name,
isc_uint16_t *id, int *alg, char **suffix)
{
isc_result_t result = ISC_R_SUCCESS;
char c, str[6], *p, *endp;
isc_region_t r;
isc_buffer_t b;
unsigned int length;
long l;
REQUIRE(source != NULL);
REQUIRE(mctx != NULL);
REQUIRE(name != NULL && *name == NULL);
REQUIRE(dns_name_hasbuffer(name));
REQUIRE(id != NULL);
REQUIRE(alg != NULL);
REQUIRE(suffix == NULL || *suffix == NULL);
@ -806,10 +810,9 @@ dst_key_parsefilename(isc_buffer_t *source, isc_mem_t *mctx, char **name,
if (isc_buffer_remaininglength(source) < 1)
return (ISC_R_UNEXPECTEDEND);
c = (char) isc_buffer_getuint8(source);
if (c != 'K') {
result = ISC_R_INVALIDFILE;
goto fail;
}
if (c != 'K')
return (ISC_R_INVALIDFILE);
isc_buffer_remainingregion(source, &r);
p = (char *)r.base;
length = r.length;
@ -819,45 +822,35 @@ dst_key_parsefilename(isc_buffer_t *source, isc_mem_t *mctx, char **name,
}
if (length == 0)
return (ISC_R_UNEXPECTEDEND);
length = p - (char *) r.base;
*name = isc_mem_get(mctx, length + 1);
if (*name == NULL)
return (ISC_R_NOMEMORY);
memcpy(*name, r.base, length);
(*name)[length] = 0;
length = p - (char *)r.base;
isc_buffer_init(&b, r.base, length);
isc_buffer_add(&b, length);
result = dns_name_fromtext(name, &b, dns_rootname, ISC_FALSE, NULL);
if (result != ISC_R_SUCCESS)
return (result);
isc_buffer_forward(source, length);
if (isc_buffer_remaininglength(source) < 1 + 3 + 1 + 5) {
result = ISC_R_UNEXPECTEDEND;
goto fail;
}
if (isc_buffer_remaininglength(source) < 1 + 3 + 1 + 5)
return (ISC_R_UNEXPECTEDEND);
c = (char) isc_buffer_getuint8(source);
if (c != '+') {
result = ISC_R_INVALIDFILE;
goto fail;
}
if (c != '+')
return (ISC_R_INVALIDFILE);
isc_buffer_remainingregion(source, &r);
memcpy(str, r.base, 3);
str[3] = 0;
*alg = strtol(str, &endp, 10);
if (*endp != '\0') {
result = ISC_R_INVALIDFILE;
goto fail;
}
if (*endp != '\0')
return (ISC_R_INVALIDFILE);
isc_buffer_forward(source, 3);
c = (char) isc_buffer_getuint8(source);
if (c != '+') {
result = ISC_R_INVALIDFILE;
goto fail;
}
if (c != '+')
return (ISC_R_INVALIDFILE);
isc_buffer_remainingregion(source, &r);
memcpy(str, r.base, 5);
str[5] = 0;
l = strtol(str, &endp, 10);
if (*endp != '\0' || l > (isc_uint16_t)-1) {
result = ISC_R_INVALIDFILE;
goto fail;
}
if (*endp != '\0' || l > (isc_uint16_t)-1)
return (ISC_R_INVALIDFILE);
*id = (isc_uint16_t)l;
isc_buffer_forward(source, 5);
@ -865,20 +858,12 @@ dst_key_parsefilename(isc_buffer_t *source, isc_mem_t *mctx, char **name,
return (ISC_R_SUCCESS);
isc_buffer_remainingregion(source, &r);
*suffix = isc_mem_get(mctx, r.length + 1);
if (*suffix == NULL) {
result = ISC_R_NOMEMORY;
goto fail;
}
if (*suffix == NULL)
return (ISC_R_NOMEMORY);
if (r.length > 0)
memcpy(*suffix, r.base, r.length);
(*suffix)[r.length] = 0;
return (ISC_R_SUCCESS);
fail:
if (*name != NULL)
isc_mem_put(mctx, name, strlen(*name) + 1);
return (result);
}
/*
@ -1051,10 +1036,11 @@ initialize(void) {
* valid pointer otherwise
*/
static dst_key_t *
get_key_struct(const char *name, const int alg, const int flags,
get_key_struct(dns_name_t *name, const int alg, const int flags,
const int protocol, const int bits, isc_mem_t *mctx)
{
dst_key_t *key;
isc_result_t result;
REQUIRE(dst_algorithm_supported(alg) != ISC_FALSE);
@ -1064,20 +1050,18 @@ get_key_struct(const char *name, const int alg, const int flags,
memset(key, 0, sizeof(dst_key_t));
key->magic = KEY_MAGIC;
if (name[strlen(name) - 1] == '.') {
key->key_name = isc_mem_strdup(mctx, name);
if (key->key_name == NULL) {
isc_mem_free(mctx, key);
return (NULL);
}
key->key_name = isc_mem_get(mctx, sizeof(dns_name_t));
if (key->key_name == NULL) {
isc_mem_put(mctx, key, sizeof(dst_key_t));
return (NULL);
}
else {
key->key_name = isc_mem_allocate(mctx, strlen(name) + 2);
if (key->key_name == NULL) {
isc_mem_free(mctx, key);
return (NULL);
}
sprintf(key->key_name, "%s.", name);
dns_name_init(key->key_name, NULL);
result = dns_name_dup(name, mctx, key->key_name);
if (result != ISC_R_SUCCESS) {
isc_mem_put(mctx, key->key_name, sizeof(dns_name_t));
isc_mem_put(mctx, key, sizeof(dst_key_t));
return (NULL);
}
key->key_alg = alg;
key->key_flags = flags;
@ -1090,7 +1074,7 @@ get_key_struct(const char *name, const int alg, const int flags,
}
/*
* dst_read_public_key
* read_public_key
* Read a public key from disk
* Parameters
* name The name
@ -1104,7 +1088,7 @@ get_key_struct(const char *name, const int alg, const int flags,
*/
static isc_result_t
read_public_key(const char *name, const isc_uint16_t id, int alg,
read_public_key(dns_name_t *name, const isc_uint16_t id, int alg,
isc_mem_t *mctx, dst_key_t **keyp)
{
char filename[ISC_DIR_NAMEMAX];
@ -1258,7 +1242,11 @@ write_public_key(const dst_key_t *key) {
if ((fp = fopen(filename, "w")) == NULL)
return (DST_R_WRITEERROR);
fprintf(fp, "%s IN KEY ", key->key_name);
ret = dns_name_print(key->key_name, fp);
if (ret != ISC_R_SUCCESS)
return (ret);
fprintf(fp, " IN KEY ");
fwrite(r.base, 1, r.length, fp);
fputc('\n', fp);
fclose(fp);

2
lib/dns/sec/dst/dst_internal.h
View File

@ -47,7 +47,7 @@ typedef struct dst_func dst_func;
struct dst_key {
unsigned int magic;
char * key_name; /* name of the key */
dns_name_t * key_name; /* name of the key */
int key_size; /* size of the key in bits */
int key_proto; /* protocols this key is used for */
int key_alg; /* algorithm of the key */

24
lib/dns/sec/dst/include/dst/dst.h
View File

@ -4,6 +4,8 @@
#include <isc/lang.h>
#include <isc/types.h>
#include <dns/types.h>
ISC_LANG_BEGINDECLS
/***
@ -132,13 +134,13 @@ dst_key_computesecret(const dst_key_t *pub, const dst_key_t *priv,
*/
isc_result_t
dst_key_fromfile(const char *name, const isc_uint16_t id, const int alg,
dst_key_fromfile(dns_name_t *name, const isc_uint16_t id, const int alg,
const int type, isc_mem_t *mctx, dst_key_t **keyp);
/*
* Reads a key from permanent storage.
*
* Requires:
* "name" is not NULL.
* "name" is a valid absolute dns name.
* "id" is a valid key tag identifier.
* "alg" is a supported key algorithm.
* "type" is either DST_TYPE_PUBLIC or DST_TYPE_PRIVATE.
@ -160,13 +162,13 @@ dst_key_tofile(const dst_key_t *key, const int type);
*/
isc_result_t
dst_key_fromdns(const char *name, isc_buffer_t *source, isc_mem_t *mctx,
dst_key_fromdns(dns_name_t *name, isc_buffer_t *source, isc_mem_t *mctx,
dst_key_t **keyp);
/*
* Converts a DNS KEY record into a DST key.
*
* Requires:
* "name" is not NULL.
* "name" is a valid absolute dns name.
* "source" is a valid buffer. There must be at least 4 bytes available.
* "mctx" is a valid memory context.
* "keyp" is not NULL and "*keyp" is NULL.
@ -190,14 +192,14 @@ dst_key_todns(const dst_key_t *key, isc_buffer_t *target);
*/
isc_result_t
dst_key_frombuffer(const char *name, const int alg, const int flags,
dst_key_frombuffer(dns_name_t *name, const int alg, const int flags,
const int protocol, isc_buffer_t *source, isc_mem_t *mctx,
dst_key_t **keyp);
/*
* Converts a buffer containing DNS KEY RDATA into a DST key.
*
* Requires:
* "name" is not NULL.
* "name" is a valid absolute dns name.
* "alg" is a supported key algorithm.
* "source" is a valid buffer.
* "mctx" is a valid memory context.
@ -222,14 +224,14 @@ dst_key_tobuffer(const dst_key_t *key, isc_buffer_t *target);
*/
isc_result_t
dst_key_generate(const char *name, const int alg, const int bits,
dst_key_generate(dns_name_t *name, const int alg, const int bits,
const int param, const int flags, const int protocol,
isc_mem_t *mctx, dst_key_t **keyp);
/*
* Generate a DST key (or keypair)
*
* Requires:
* "name" is not NULL
* "name" is a valid absolute dns name.
* "alg" is a supported algorithm
* "bits" is a valid key size for the given algorithm
* "keyp" is not NULL and "*keyp" is NULL.
@ -277,7 +279,7 @@ dst_key_free(dst_key_t **keyp);
* Require:
* "key" is a valid key.
*/
char *
dns_name_t *
dst_key_name(const dst_key_t *key);
int
@ -320,7 +322,7 @@ dst_key_buildfilename(const dst_key_t *key, const int type, isc_buffer_t *out);
*/
isc_result_t
dst_key_parsefilename(isc_buffer_t *source, isc_mem_t *mctx, char **name,
dst_key_parsefilename(isc_buffer_t *source, isc_mem_t *mctx, dns_name_t *name,
isc_uint16_t *id, int *alg, char **suffix);
/*
* Parses a dst key filename into its components.
@ -328,7 +330,7 @@ dst_key_parsefilename(isc_buffer_t *source, isc_mem_t *mctx, char **name,
* Requires:
* "source" is a valid buffer
* "mctx" is a valid memory context
* "name" is not NULL and "*name" is NULL
* "name" is a valid name with a dedicated buffer
* "id" and "alg" are not NULL
* Either "suffix" is NULL or "suffix" is not NULL and "*suffix" is NULL
*

35
lib/dns/tkey.c
View File

@ -16,7 +16,7 @@
*/
/*
* $Id: tkey.c,v 1.38 2000/05/23 23:36:39 bwelling Exp $
* $Id: tkey.c,v 1.39 2000/05/24 23:13:23 bwelling Exp $
* Principal Author: Brian Wellington
*/
@ -218,11 +218,10 @@ process_dhtkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name,
dns_rdata_t keyrdata, ourkeyrdata;
isc_boolean_t found_key = ISC_FALSE, found_incompatible = ISC_FALSE;
dst_key_t *pubkey = NULL;
isc_buffer_t ourkeybuf, ournamein, ournameout, *shared = NULL;
isc_buffer_t ourkeybuf, *shared = NULL;
isc_region_t r, r2, ourkeyr;
isc_uint32_t ourttl;
unsigned char keydata[DST_KEY_MAXSIZE];
unsigned char namedata[1024];
unsigned int sharedsize;
isc_buffer_t randombuf, secret;
unsigned char *randomdata = NULL, secretdata[256];
@ -285,13 +284,10 @@ process_dhtkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name,
isc_buffer_usedregion(&ourkeybuf, &ourkeyr);
dns_rdata_fromregion(&ourkeyrdata, dns_rdataclass_any,
dns_rdatatype_key, &ourkeyr);
isc_buffer_init(&ournamein, dst_key_name(tctx->dhkey),
strlen(dst_key_name(tctx->dhkey)));
isc_buffer_add(&ournamein, strlen(dst_key_name(tctx->dhkey)));
isc_buffer_init(&ournameout, namedata, sizeof(namedata));
dns_name_init(&ourname, NULL);
RETERR(dns_name_fromtext(&ourname, &ournamein, dns_rootname, ISC_FALSE,
&ournameout));
dns_name_clone(dst_key_name(tctx->dhkey), &ourname);
ourttl = 0;
#if 0
/*
@ -721,7 +717,7 @@ dns_tkey_builddhquery(dns_message_t *msg, dst_key_t *key, dns_name_t *name,
{
dns_rdata_tkey_t tkey;
dns_rdata_t *rdata = NULL;
isc_buffer_t src, *dynbuf = NULL;
isc_buffer_t *dynbuf = NULL;
isc_region_t r;
dns_name_t keyname;
dns_namelist_t namelist;
@ -769,13 +765,10 @@ dns_tkey_builddhquery(dns_message_t *msg, dst_key_t *key, dns_name_t *name,
dns_rdata_fromregion(rdata, dns_rdataclass_any,
dns_rdatatype_key, &r);
dns_message_takebuffer(msg, &dynbuf);
isc_buffer_init(&src, dst_key_name(key), strlen(dst_key_name(key)));
isc_buffer_add(&src, strlen(dst_key_name(key)));
RETERR(isc_buffer_allocate(msg->mctx, &dynbuf, 1024));
dns_name_init(&keyname, NULL);
RETERR(dns_name_fromtext(&keyname, &src, dns_rootname, ISC_FALSE,
dynbuf));
dns_message_takebuffer(msg, &dynbuf);
dns_name_clone(dst_key_name(key), &keyname);
ISC_LIST_INIT(namelist);
RETERR(add_rdata_to_list(msg, &keyname, rdata, 0, &namelist));
dns_message_addname(msg, ISC_LIST_HEAD(namelist),
@ -851,9 +844,9 @@ dns_tkey_processdhresponse(dns_message_t *qmsg, dns_message_t *rmsg,
dns_rdata_t theirkeyrdata;
dst_key_t *theirkey;
dns_rdata_tkey_t qtkey, rtkey;
unsigned char keydata[1024], secretdata[256];
unsigned char secretdata[256];
unsigned int sharedsize;
isc_buffer_t keysrc, keybuf, *shared = NULL, secret;
isc_buffer_t *shared = NULL, secret;
isc_region_t r, r2;
isc_result_t result;
@ -886,12 +879,8 @@ dns_tkey_processdhresponse(dns_message_t *qmsg, dns_message_t *rmsg,
goto failure;
}
isc_buffer_init(&keysrc, dst_key_name(key), strlen(dst_key_name(key)));
isc_buffer_add(&keysrc, strlen(dst_key_name(key)));
isc_buffer_init(&keybuf, keydata, sizeof(keydata));
dns_name_init(&keyname, NULL);
RETERR(dns_name_fromtext(&keyname, &keysrc, dns_rootname,
ISC_FALSE, &keybuf));
dns_name_clone(dst_key_name(key), &keyname);
ourkeyname = NULL;
ourkeyset = NULL;

10
lib/dns/tkeyconf.c
View File

@ -43,7 +43,7 @@ dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx,
int n;
isc_buffer_t b, namebuf;
unsigned char data[1024];
dns_name_t domain;
dns_name_t domain, keyname;
result = dns_tkeyctx_create(mctx, &tctx);
if (result != ISC_R_SUCCESS)
@ -55,7 +55,12 @@ dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx,
*tctxp = tctx;
return (ISC_R_SUCCESS);
}
RETERR(dst_key_fromfile(s, n, DNS_KEYALG_DH,
isc_buffer_init(&namebuf, data, sizeof(data));
dns_name_init(&keyname, NULL);
isc_buffer_init(&b, s, strlen(s));
isc_buffer_add(&b, strlen(s));
dns_name_fromtext(&keyname, &b, dns_rootname, ISC_FALSE, &namebuf);
RETERR(dst_key_fromfile(&keyname, n, DNS_KEYALG_DH,
DST_TYPE_PUBLIC|DST_TYPE_PRIVATE,
mctx, &tctx->dhkey));
s = NULL;
@ -69,7 +74,6 @@ dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx,
dns_name_init(tctx->domain, NULL);
isc_buffer_init(&b, s, strlen(s));
isc_buffer_add(&b, strlen(s));
isc_buffer_init(&namebuf, data, sizeof(data));
RETERR(dns_name_fromtext(&domain, &b, dns_rootname, ISC_FALSE,
&namebuf));
RETERR(dns_name_dup(&domain, mctx, tctx->domain));

16
lib/dns/tsig.c
View File

@ -16,7 +16,7 @@
*/
/*
* $Id: tsig.c,v 1.62 2000/05/24 05:09:15 tale Exp $
* $Id: tsig.c,v 1.63 2000/05/24 23:13:25 bwelling Exp $
* Principal Author: Brian Wellington
*/
@ -57,12 +57,10 @@ dns_tsigkey_create(dns_name_t *name, dns_name_t *algorithm,
isc_stdtime_t expire, isc_mem_t *mctx,
dns_tsig_keyring_t *ring, dns_tsigkey_t **key)
{
isc_buffer_t b, nameb;
char namestr[1025];
isc_buffer_t b;
isc_uint16_t alg;
dns_tsigkey_t *tkey;
isc_result_t ret;
isc_region_t r;
REQUIRE(key == NULL || *key == NULL);
REQUIRE(name != NULL);
@ -109,14 +107,6 @@ dns_tsigkey_create(dns_name_t *name, dns_name_t *algorithm,
else
tkey->creator = NULL;
isc_buffer_init(&nameb, namestr, sizeof(namestr) - 1);
ret = dns_name_totext(name, ISC_FALSE, &nameb);
if (ret != ISC_R_SUCCESS)
goto cleanup_algorithm;
isc_buffer_usedregion(&nameb, &r);
namestr[r.length] = '\0';
tkey->key = NULL;
tkey->ring = NULL;
if (length > 0) {
@ -124,7 +114,7 @@ dns_tsigkey_create(dns_name_t *name, dns_name_t *algorithm,
isc_buffer_init(&b, secret, length);
isc_buffer_add(&b, length);
ret = dst_key_frombuffer(namestr, alg,
ret = dst_key_frombuffer(name, alg,
DNS_KEYOWNER_ENTITY,
DNS_KEYPROTO_DNSSEC,
&b, mctx, &tkey->key);

19
lib/dns/validator.c
View File

@ -558,7 +558,8 @@ containsnullkey(dns_validator_t *val, dns_rdataset_t *rdataset) {
* The key name is unimportant, so we can avoid any name/text
* conversion.
*/
result = dst_key_fromdns("", &b, val->view->mctx, &key);
result = dst_key_fromdns(dns_rootname, &b, val->view->mctx,
&key);
if (result != ISC_R_SUCCESS)
continue;
if (dst_key_isnullkey(key))
@ -583,7 +584,6 @@ get_dst_key(dns_validator_t *val, dns_siginfo_t *siginfo,
isc_result_t result;
isc_buffer_t b;
dns_rdata_t rdata;
char ntext[1024];
dst_key_t *oldkey = val->key;
isc_boolean_t foundold;
@ -599,24 +599,11 @@ get_dst_key(dns_validator_t *val, dns_siginfo_t *siginfo,
goto failure;
do {
dns_rdataset_current(rdataset, &rdata);
/*
* We keep one byte of ntext in reserve so
* we're sure we can NUL terminate.
*/
isc_buffer_init(&b, ntext, sizeof(ntext) - 1);
result = dns_name_totext(&siginfo->signer, ISC_FALSE, &b);
if (result != ISC_R_SUCCESS)
goto failure;
/*
* NUL-terminate the character string.
*/
isc_buffer_putuint8(&b, 0);
isc_buffer_init(&b, rdata.data, rdata.length);
isc_buffer_add(&b, rdata.length);
INSIST(val->key == NULL);
result = dst_key_fromdns(ntext, &b, val->view->mctx,
result = dst_key_fromdns(&siginfo->signer, &b, val->view->mctx,
&val->key);
if (result != ISC_R_SUCCESS)
goto failure;

14
lib/omapi/auth.c
View File

@ -15,7 +15,7 @@
* SOFTWARE.
*/
/* $Id: auth.c,v 1.6 2000/05/08 14:38:08 tale Exp $ */
/* $Id: auth.c,v 1.7 2000/05/24 23:13:32 bwelling Exp $ */
/* Principal Author: DCL */
@ -110,6 +110,9 @@ auth_makekey(const char *name, unsigned int algorithm, dst_key_t **key) {
auth_t *auth = NULL;
unsigned int dst_algorithm;
unsigned int secret_len;
dns_name_t dnsname;
char namebuf[1025];
isc_buffer_t srcb, dstb;
REQUIRE(name != NULL && algorithm != 0);
REQUIRE(key != NULL && *key == NULL);
@ -136,7 +139,14 @@ auth_makekey(const char *name, unsigned int algorithm, dst_key_t **key) {
isc_buffer_add(&secret, secret_len);
result = dst_key_frombuffer(auth->name, dst_algorithm, 0,
dns_name_init(&dnsname, NULL);
isc_buffer_init(&srcb, auth->name, strlen(auth->name));
isc_buffer_init(&dstb, namebuf, sizeof(namebuf));
result = dns_name_fromtext(&dnsname, &srcb, dns_rootname,
ISC_FALSE, &dstb);
if (result != ISC_R_SUCCESS)
return (result);
result = dst_key_frombuffer(&dnsname, dst_algorithm, 0,
0, &secret, omapi_mctx, key);
}