diff --git a/CHANGES b/CHANGES index 2e07c3639c..ae93ff1233 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ + 206. [cleanup] dst now stores the key name as a dns_name_t, not + a char *. + 205. [cleanup] On IRIX, turn off the mostly harmless warnings 1692 ("prototyped function redeclared without prototype") and 1552 ("variable ... set but not used") when diff --git a/bin/dnssec/dnssec-keygen.c b/bin/dnssec/dnssec-keygen.c index f5a8707f7d..d37e5e53fe 100644 --- a/bin/dnssec/dnssec-keygen.c +++ b/bin/dnssec/dnssec-keygen.c @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THE SOFTWARE. */ -/* $Id: dnssec-keygen.c,v 1.25 2000/05/24 17:13:29 bwelling Exp $ */ +/* $Id: dnssec-keygen.c,v 1.26 2000/05/24 23:13:12 bwelling Exp $ */ #include @@ -28,8 +28,12 @@ #include #include +#include #include +#include +#include #include + #include #include @@ -114,7 +118,8 @@ main(int argc, char **argv) { char *algname = NULL, *nametype = NULL, *type = NULL; char *prog, *endp; dst_key_t *key = NULL, *oldkey; - char *name = NULL; + dns_fixedname_t fname; + dns_name_t *name; isc_uint16_t flags = 0; dns_secalg_t alg; isc_boolean_t conflict = ISC_FALSE, null_key = ISC_FALSE; @@ -138,6 +143,9 @@ main(int argc, char **argv) { if (argc == 1) usage(); + dns_result_register(); + dst_result_register(); + while ((ch = isc_commandline_parse(argc, argv, "a:b:eg:n:t:p:s:hv:")) != -1) { @@ -295,16 +303,15 @@ main(int argc, char **argv) { fatal("Specified null key with signing authority"); } - name = isc_mem_allocate(mctx, strlen(argv[isc_commandline_index]) + 2); - if (name == NULL) - fatal("out of memory"); - strcpy(name, argv[isc_commandline_index]); - if (name[strlen(name) - 1] != '.') { - strcat(name, "."); - fprintf(stderr, - "%s: added a trailing dot to fully qualify the name\n", - PROGRAM); - } + dns_fixedname_init(&fname); + name = dns_fixedname_name(&fname); + isc_buffer_init(&buf, argv[isc_commandline_index], + strlen(argv[isc_commandline_index])); + isc_buffer_add(&buf, strlen(argv[isc_commandline_index])); + ret = dns_name_fromtext(name, &buf, dns_rootname, ISC_FALSE, NULL); + if (ret != ISC_R_SUCCESS) + fatal("Invalid key name %s: %s", argv[isc_commandline_index], + isc_result_totext(ret)); switch(alg) { case DNS_KEYALG_RSA: @@ -323,7 +330,6 @@ main(int argc, char **argv) { null_key = ISC_TRUE; isc_buffer_init(&buf, filename, sizeof(filename) - 1); - dst_result_register(); do { conflict = ISC_FALSE; @@ -382,7 +388,6 @@ main(int argc, char **argv) { ret = dst_key_buildfilename(key, 0, &buf); filename[isc_buffer_usedlength(&buf)] = 0; printf("%s\n", filename); - isc_mem_free(mctx, name); isc_mem_free(mctx, algname); isc_mem_free(mctx, nametype); isc_mem_free(mctx, prog); diff --git a/bin/dnssec/dnssec-makekeyset.c b/bin/dnssec/dnssec-makekeyset.c index f081b9e1ed..1bf525375b 100644 --- a/bin/dnssec/dnssec-makekeyset.c +++ b/bin/dnssec/dnssec-makekeyset.c @@ -178,7 +178,8 @@ main(int argc, char *argv[]) { isc_log_t *log = NULL; isc_logconfig_t *logconfig; keynode_t *keynode; - char *savedname = NULL; + dns_fixedname_t fsavedname; + dns_name_t *savedname = NULL; dns_result_register(); @@ -273,25 +274,29 @@ main(int argc, char *argv[]) { for (i = 0; i < argc; i++) { isc_uint16_t id; int alg; - char *namestr = NULL; + dns_fixedname_t fname; + dns_name_t *name; + char namestr[1025]; isc_buffer_init(&b, argv[i], strlen(argv[i])); isc_buffer_add(&b, strlen(argv[i])); - result = dst_key_parsefilename(&b, mctx, &namestr, &id, &alg, - NULL); + dns_fixedname_init(&fname); + name = dns_fixedname_name(&fname); + result = dst_key_parsefilename(&b, mctx, name, &id, &alg, NULL); if (result != ISC_R_SUCCESS) fatal("%s is not a valid key filename", argv[i]); + strncpy(namestr, nametostr(name), sizeof(namestr) - 1); + namestr[sizeof(namestr) - 1] = 0; if (savedname == NULL) { - savedname = isc_mem_strdup(mctx, namestr); - if (savedname == NULL) - fatal("out of memory"); + fsavedname = fname; + savedname = dns_fixedname_name(&fsavedname); } else { - if (strcmp(savedname, namestr) != 0) + if (!dns_name_equal(savedname, name) != 0) fatal("all keys must have the same owner - %s " "and %s do not match", - savedname, namestr); + nametostr(savedname), namestr); } if (output == NULL) { output = isc_mem_allocate(mctx, @@ -314,12 +319,12 @@ main(int argc, char *argv[]) { namestr, isc_result_totext(result)); } key = NULL; - result = dst_key_fromfile(namestr, id, alg, DST_TYPE_PUBLIC, + result = dst_key_fromfile(name, id, alg, DST_TYPE_PUBLIC, mctx, &key); check_result(result, "dst_key_fromfile"); if (dst_key_iszonekey(key)) { dst_key_t *zonekey = NULL; - result = dst_key_fromfile(namestr, id, alg, + result = dst_key_fromfile(name, id, alg, DST_TYPE_PRIVATE, mctx, &zonekey); @@ -351,12 +356,9 @@ main(int argc, char *argv[]) { dns_rdata_fromregion(rdata, dns_rdataclass_in, dns_rdatatype_key, &r); ISC_LIST_APPEND(rdatalist.rdata, rdata, link); - isc_mem_put(mctx, namestr, strlen(namestr) + 1); dst_key_free(&key); } - isc_mem_free(mctx, savedname); - dns_rdataset_init(&rdataset); result = dns_rdatalist_tordataset(&rdatalist, &rdataset); check_result(result, "dns_rdatalist_tordataset()"); @@ -387,7 +389,7 @@ main(int argc, char *argv[]) { rdata); if (result != ISC_R_SUCCESS) fatal("failed to sign keyset with key %s/%s/%d: %s", - dst_key_name(keynode->key), + nametostr(dst_key_name(keynode->key)), algtostr(dst_key_alg(keynode->key)), dst_key_id(keynode->key), isc_result_totext(result)); diff --git a/bin/dnssec/dnssec-signkey.c b/bin/dnssec/dnssec-signkey.c index 091d8d4698..39c9ca8120 100644 --- a/bin/dnssec/dnssec-signkey.c +++ b/bin/dnssec/dnssec-signkey.c @@ -335,23 +335,24 @@ main(int argc, char *argv[]) { for (i = 0; i < argc; i++) { isc_uint16_t id; int alg; - char *namestr = NULL; + dns_fixedname_t fname; + dns_name_t *name; isc_buffer_init(&b, argv[i], strlen(argv[i])); isc_buffer_add(&b, strlen(argv[i])); - result = dst_key_parsefilename(&b, mctx, &namestr, &id, &alg, - NULL); + dns_fixedname_init(&fname); + name = dns_fixedname_name(&fname); + result = dst_key_parsefilename(&b, mctx, name, &id, &alg, NULL); if (result != ISC_R_SUCCESS) usage(); key = NULL; - result = dst_key_fromfile(namestr, id, alg, DST_TYPE_PRIVATE, + result = dst_key_fromfile(name, id, alg, DST_TYPE_PRIVATE, mctx, &key); if (result != ISC_R_SUCCESS) fatal("failed to read key %s/%s/%d from disk: %s", dst_key_name(key), algtostr(dst_key_alg(key)), dst_key_id(key), isc_result_totext(result)); - isc_mem_put(mctx, namestr, strlen(namestr) + 1); rdata = isc_mem_get(mctx, sizeof(dns_rdata_t)); if (rdata == NULL) diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c index 24a8a5486c..bbd27e6220 100644 --- a/bin/dnssec/dnssec-signzone.c +++ b/bin/dnssec/dnssec-signzone.c @@ -176,7 +176,7 @@ signwithkey(dns_name_t *name, dns_rdataset_t *rdataset, dns_rdata_t *rdata, mctx, b, rdata); if (result != ISC_R_SUCCESS) fatal("key '%s/%s/%d' failed to sign data: %s", - dst_key_name(key), algtostr(dst_key_alg(key)), + nametostr(dst_key_name(key)), algtostr(dst_key_alg(key)), dst_key_id(key), isc_result_totext(result)); if (tryverify) { @@ -196,17 +196,9 @@ issigningkey(signer_key_t *key) { static inline isc_boolean_t iszonekey(signer_key_t *key, dns_db_t *db) { - char origin[1024]; - isc_buffer_t b; - isc_result_t result; - - isc_buffer_init(&b, origin, sizeof(origin)); - result = dns_name_totext(dns_db_origin(db), ISC_FALSE, &b); - check_result(result, "dns_name_totext()"); - - return (ISC_TF(strcasecmp(dst_key_name(key->key), origin) == 0 && + return (dns_name_equal(dst_key_name(key->key), dns_db_origin(db)) && (dst_key_flags(key->key) & DNS_KEYFLAG_OWNERMASK) == - DNS_KEYOWNER_ZONE)); + DNS_KEYOWNER_ZONE); } /* @@ -215,23 +207,20 @@ iszonekey(signer_key_t *key, dns_db_t *db) { */ static signer_key_t * keythatsigned(dns_rdata_sig_t *sig) { - char *keyname; isc_result_t result; dst_key_t *pubkey = NULL, *privkey = NULL; signer_key_t *key; - keyname = nametostr(&sig->signer); - key = ISC_LIST_HEAD(keylist); while (key != NULL) { if (sig->keyid == dst_key_id(key->key) && sig->algorithm == dst_key_alg(key->key) && - strcasecmp(keyname, dst_key_name(key->key)) == 0) + dns_name_equal(&sig->signer, dst_key_name(key->key))) return key; key = ISC_LIST_NEXT(key, link); } - result = dst_key_fromfile(keyname, sig->keyid, sig->algorithm, + result = dst_key_fromfile(&sig->signer, sig->keyid, sig->algorithm, DST_TYPE_PUBLIC, mctx, &pubkey); if (result != ISC_R_SUCCESS) return (NULL); @@ -240,7 +229,7 @@ keythatsigned(dns_rdata_sig_t *sig) { if (key == NULL) fatal("out of memory"); - result = dst_key_fromfile(keyname, sig->keyid, sig->algorithm, + result = dst_key_fromfile(&sig->signer, sig->keyid, sig->algorithm, DST_TYPE_PRIVATE, mctx, &privkey); if (result == ISC_R_SUCCESS) { key->key = privkey; @@ -465,7 +454,7 @@ signset(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node, else if (resign) { allocbufferandrdata; vbprintf(1, "\tresigning with key %s/%s/%d\n", - dst_key_name(key->key), + nametostr(dst_key_name(key->key)), algtostr(dst_key_alg(key->key)), dst_key_id(key->key)); signwithkey(name, set, trdata, key->key, &b); @@ -496,7 +485,7 @@ signset(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node, { allocbufferandrdata; vbprintf(1, "\tsigning with key %s/%s/%d\n", - dst_key_name(key->key), + nametostr(dst_key_name(key->key)), algtostr(dst_key_alg(key->key)), dst_key_id(key->key)); signwithkey(name, set, trdata, key->key, &b); @@ -889,7 +878,7 @@ signname(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node, dns_rdatalist_init(&keyrdatalist); dstkey = NULL; - result = dst_key_generate("", DNS_KEYALG_DSA, + result = dst_key_generate(name, DNS_KEYALG_DSA, 0, 0, DNS_KEYTYPE_NOKEY | DNS_KEYOWNER_ZONE, @@ -1489,12 +1478,15 @@ main(int argc, char *argv[]) { for (i = 0; i < argc; i++) { isc_uint16_t id; int alg; - char *namestr = NULL; + dns_fixedname_t fname; + dns_name_t *name; isc_buffer_t b; isc_buffer_init(&b, argv[i], strlen(argv[i])); isc_buffer_add(&b, strlen(argv[i])); - result = dst_key_parsefilename(&b, mctx, &namestr, + dns_fixedname_init(&fname); + name = dns_fixedname_name(&fname); + result = dst_key_parsefilename(&b, mctx, name, &id, &alg, NULL); if (result != ISC_R_SUCCESS) usage(); @@ -1504,31 +1496,30 @@ main(int argc, char *argv[]) { dst_key_t *dkey = key->key; if (dst_key_id(dkey) == id && dst_key_alg(dkey) == alg && - strcasecmp(namestr, - dst_key_name(dkey)) == 0) + dns_name_equal(name, dst_key_name(dkey))) { key->isdefault = ISC_TRUE; if (!dst_key_isprivate(dkey)) fatal("cannot sign zone with " "non-private key " "'%s/%s/%d'", - dst_key_name(dkey), - algtostr(dst_key_alg(dkey)), - dst_key_id(dkey)); + nametostr(dst_key_name(dkey)), + algtostr(dst_key_alg(dkey)), + dst_key_id(dkey)); break; } key = ISC_LIST_NEXT(key, link); } if (key == NULL) { dst_key_t *dkey = NULL; - result = dst_key_fromfile(namestr, id, alg, + result = dst_key_fromfile(name, id, alg, DST_TYPE_PRIVATE, mctx, &dkey); if (result != ISC_R_SUCCESS) fatal("failed to load key '%s/%s/%d' " - "from disk: %s", namestr, - algtostr(alg), id, - isc_result_totext(result)); + "from disk: %s", + nametostr(name), algtostr(alg), + id, isc_result_totext(result)); key = isc_mem_get(mctx, sizeof(signer_key_t)); if (key == NULL) fatal("out of memory"); @@ -1536,7 +1527,6 @@ main(int argc, char *argv[]) { key->isdefault = ISC_TRUE; ISC_LIST_APPEND(keylist, key, link); } - isc_mem_put(mctx, namestr, strlen(namestr) + 1); } } diff --git a/bin/named/server.c b/bin/named/server.c index af1172f84a..0cb300ce52 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -199,6 +199,9 @@ configure_view_dnsseckeys(dns_c_ctx_t *cctx, unsigned char rrdata[4096]; isc_buffer_t rrdatabuf; isc_region_t r; + dns_fixedname_t fkeyname; + dns_name_t *keyname; + isc_buffer_t namebuf; if (cview == NULL) viewclass = dns_rdataclass_in; @@ -241,7 +244,14 @@ configure_view_dnsseckeys(dns_c_ctx_t *cctx, keystruct.common.rdclass, keystruct.common.rdtype, &keystruct, &rrdatabuf)); - CHECK(dst_key_fromdns(ckey->domain, &rrdatabuf, mctx, + dns_fixedname_init(&fkeyname); + keyname = dns_fixedname_name(&fkeyname); + isc_buffer_init(&namebuf, ckey->domain, + strlen(ckey->domain)); + isc_buffer_add(&namebuf, strlen(ckey->domain)); + CHECK(dns_name_fromtext(keyname, &namebuf, + dns_rootname, ISC_FALSE, NULL)); + CHECK(dst_key_fromdns(keyname, &rrdatabuf, mctx, &dstkey)); CHECK(dns_keytable_add(keytable, &dstkey)); diff --git a/bin/named/tkeyconf.c b/bin/named/tkeyconf.c index 67cba3629a..0331572045 100644 --- a/bin/named/tkeyconf.c +++ b/bin/named/tkeyconf.c @@ -43,7 +43,7 @@ dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx, int n; isc_buffer_t b, namebuf; unsigned char data[1024]; - dns_name_t domain; + dns_name_t domain, keyname; result = dns_tkeyctx_create(mctx, &tctx); if (result != ISC_R_SUCCESS) @@ -55,7 +55,12 @@ dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx, *tctxp = tctx; return (ISC_R_SUCCESS); } - RETERR(dst_key_fromfile(s, n, DNS_KEYALG_DH, + isc_buffer_init(&namebuf, data, sizeof(data)); + dns_name_init(&keyname, NULL); + isc_buffer_init(&b, s, strlen(s)); + isc_buffer_add(&b, strlen(s)); + dns_name_fromtext(&keyname, &b, dns_rootname, ISC_FALSE, &namebuf); + RETERR(dst_key_fromfile(&keyname, n, DNS_KEYALG_DH, DST_TYPE_PUBLIC|DST_TYPE_PRIVATE, mctx, &tctx->dhkey)); s = NULL; @@ -69,7 +74,6 @@ dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx, dns_name_init(tctx->domain, NULL); isc_buffer_init(&b, s, strlen(s)); isc_buffer_add(&b, strlen(s)); - isc_buffer_init(&namebuf, data, sizeof(data)); RETERR(dns_name_fromtext(&domain, &b, dns_rootname, ISC_FALSE, &namebuf)); RETERR(dns_name_dup(&domain, mctx, tctx->domain)); diff --git a/bin/tests/dst/dst_test.c b/bin/tests/dst/dst_test.c index fc8d35e32b..1d61794f97 100644 --- a/bin/tests/dst/dst_test.c +++ b/bin/tests/dst/dst_test.c @@ -26,6 +26,8 @@ #include #include /* Required for HP/UX (and others?) */ +#include +#include #include #include @@ -97,7 +99,7 @@ dns(dst_key_t *key, isc_mem_t *mctx) { } static void -io(char *name, int id, int alg, int type, isc_mem_t *mctx) { +io(dns_name_t *name, int id, int alg, int type, isc_mem_t *mctx) { dst_key_t *key = NULL; isc_result_t ret; @@ -117,7 +119,7 @@ io(char *name, int id, int alg, int type, isc_mem_t *mctx) { } static void -dh(char *name1, int id1, char *name2, int id2, isc_mem_t *mctx) { +dh(dns_name_t *name1, int id1, dns_name_t *name2, int id2, isc_mem_t *mctx) { dst_key_t *key1 = NULL, *key2 = NULL; isc_result_t ret; isc_buffer_t b1, b2; @@ -183,7 +185,7 @@ generate(int alg, isc_mem_t *mctx) { isc_result_t ret; dst_key_t *key = NULL; - ret = dst_key_generate("test.", alg, 512, 0, 0, 0, mctx, &key); + ret = dst_key_generate(dns_rootname, alg, 512, 0, 0, 0, mctx, &key); printf("generate(%d) returned: %s\n", alg, isc_result_totext(ret)); if (alg != DST_ALG_DH) @@ -210,6 +212,9 @@ get_random(void) { int main(void) { isc_mem_t *mctx = NULL; + isc_buffer_t b; + dns_fixedname_t fname; + dns_name_t *name; isc_mem_create(0, 0, &mctx); @@ -219,14 +224,19 @@ main(void) { dns_result_register(); dst_result_register(); - io("test.", 6204, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx); - io("test.", 54622, DST_ALG_RSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, - mctx); + dns_fixedname_init(&fname); + name = dns_fixedname_name(&fname); + isc_buffer_init(&b, "test.", 5); + dns_name_fromtext(name, &b, NULL, ISC_FALSE, NULL); + io(name, 6204, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx); + io(name, 54622, DST_ALG_RSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx); - io("test.", 0, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx); - io("test.", 0, DST_ALG_RSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx); + io(name, 0, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx); + io(name, 0, DST_ALG_RSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx); - dh("dh.", 18088, "dh.", 48443, mctx); + isc_buffer_init(&b, "dh.", 3); + dns_name_fromtext(name, &b, NULL, ISC_FALSE, NULL); + dh(name, 18088, name, 48443, mctx); generate(DST_ALG_RSA, mctx); generate(DST_ALG_DH, mctx); diff --git a/bin/tests/dst/t_dst.c b/bin/tests/dst/t_dst.c index d7b28cca97..564145e034 100644 --- a/bin/tests/dst/t_dst.c +++ b/bin/tests/dst/t_dst.c @@ -34,6 +34,9 @@ #include #include +#include +#include + #include #include @@ -109,7 +112,7 @@ use(dst_key_t *key, isc_result_t exp_result, int *nfails) { } static void -dh(char *name1, int id1, char *name2, int id2, isc_mem_t *mctx, +dh(dns_name_t *name1, int id1, dns_name_t *name2, int id2, isc_mem_t *mctx, isc_result_t exp_result, int *nfails, int *nprobs) { dst_key_t *key1 = NULL, *key2 = NULL; @@ -228,7 +231,7 @@ dh(char *name1, int id1, char *name2, int id2, isc_mem_t *mctx, } static void -io(char *name, int id, int alg, int type, isc_mem_t *mctx, +io(dns_name_t *name, int id, int alg, int type, isc_mem_t *mctx, isc_result_t exp_result, int *nfails, int *nprobs) { dst_key_t *key = NULL; @@ -302,7 +305,7 @@ generate(int alg, isc_mem_t *mctx, int size, int *nfails) { isc_result_t ret; dst_key_t *key = NULL; - ret = dst_key_generate("test.", alg, size, 0, 0, 0, mctx, &key); + ret = dst_key_generate(dns_rootname, alg, size, 0, 0, 0, mctx, &key); if (ret != ISC_R_SUCCESS) { t_info("dst_key_generate(%d) returned: %s\n", alg, dst_result_totext(ret)); @@ -369,6 +372,9 @@ t1(void) { int nprobs; int result; isc_result_t isc_result; + dns_fixedname_t fname; + dns_name_t *name; + isc_buffer_t b; t_assert("dst", 1, T_REQUIRED, a1); @@ -384,20 +390,28 @@ t1(void) { } t_info("testing use of stored keys [1]\n"); - io("test.", 6204, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, + + dns_fixedname_init(&fname); + name = dns_fixedname_name(&fname); + isc_buffer_init(&b, "test.", 5); + dns_name_fromtext(name, &b, NULL, ISC_FALSE, NULL); + io(name, 6204, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx, ISC_R_SUCCESS, &nfails, &nprobs); t_info("testing use of stored keys [2]\n"); - io("test.", 54622, DST_ALG_RSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, + io(name, 54622, DST_ALG_RSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx, ISC_R_SUCCESS, &nfails, &nprobs); t_info("testing use of stored keys [3]\n"); - io("test.", 0, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, + io(name, 0, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx, DST_R_NULLKEY, &nfails, &nprobs); t_info("testing use of stored keys [4]\n"); - io("test.", 0, DST_ALG_RSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, + io(name, 0, DST_ALG_RSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx, DST_R_NULLKEY, &nfails, &nprobs); - dh("dh.", 18088, "dh.", 48443, mctx, ISC_R_SUCCESS, &nfails, &nprobs); + isc_buffer_init(&b, "dh.", 3); + dns_name_fromtext(name, &b, NULL, ISC_FALSE, NULL); + + dh(name, 18088, name, 48443, mctx, ISC_R_SUCCESS, &nfails, &nprobs); t_info("testing use of generated keys\n"); generate(DST_ALG_RSA, mctx, 512, &nfails); @@ -599,6 +613,9 @@ t2_sigchk(char *datapath, char *sigpath, char *keyname, isc_buffer_t sigbuf; isc_region_t datareg; isc_region_t sigreg; + dns_fixedname_t fname; + dns_name_t *name; + isc_buffer_t b; /* * Read data from file in a form usable by dst_verify. @@ -639,7 +656,11 @@ t2_sigchk(char *datapath, char *sigpath, char *keyname, /* * Read key from file in a form usable by dst_verify. */ - isc_result = dst_key_fromfile(keyname, id, alg, type, mctx, &key); + dns_fixedname_init(&fname); + name = dns_fixedname_name(&fname); + isc_buffer_init(&b, keyname, strlen(keyname)); + dns_name_fromtext(name, &b, dns_rootname, ISC_FALSE, NULL); + isc_result = dst_key_fromfile(name, id, alg, type, mctx, &key); if (isc_result != ISC_R_SUCCESS) { t_info("dst_key_fromfile failed %s\n", isc_result_totext(isc_result)); diff --git a/lib/dns/dnssec.c b/lib/dns/dnssec.c index 402b42e6fd..fd9ed943fa 100644 --- a/lib/dns/dnssec.c +++ b/lib/dns/dnssec.c @@ -16,7 +16,7 @@ */ /* - * $Id: dnssec.c,v 1.38 2000/05/20 01:27:28 bwelling Exp $ + * $Id: dnssec.c,v 1.39 2000/05/24 23:13:19 bwelling Exp $ * Principal Author: Brian Wellington */ @@ -62,9 +62,6 @@ typedef struct digestctx { static isc_result_t digest_callback(void *arg, isc_region_t *data); -static isc_result_t -keyname_to_name(char *keyname, isc_mem_t *mctx, dns_name_t *name); - static int rdata_compare_wrapper(const void *rdata1, const void *rdata2); @@ -88,30 +85,6 @@ digest_callback(void *arg, isc_region_t *data) { return (result); } -/* - * Converts the name of a key into a canonical dns_name_t. - */ -static isc_result_t -keyname_to_name(char *keyname, isc_mem_t *mctx, dns_name_t *name) { - isc_buffer_t src, dst; - unsigned char data[1024]; - isc_result_t ret; - dns_name_t tname; - - dns_name_init(name, NULL); - dns_name_init(&tname, NULL); - isc_buffer_init(&src, keyname, strlen(keyname)); - isc_buffer_add(&src, strlen(keyname)); - isc_buffer_init(&dst, data, sizeof(data)); - ret = dns_name_fromtext(&tname, &src, NULL, ISC_TRUE, &dst); - if (ret != ISC_R_SUCCESS) - return (ret); - - ret = dns_name_dup(&tname, mctx, name); - dns_name_downcase(name, name, NULL); - return (ret); -} - /* * Make qsort happy. */ @@ -168,10 +141,8 @@ isc_result_t dns_dnssec_keyfromrdata(dns_name_t *name, dns_rdata_t *rdata, isc_mem_t *mctx, dst_key_t **key) { - isc_buffer_t b, namebuf; + isc_buffer_t b; isc_region_t r; - isc_result_t ret; - char namestr[1024]; INSIST(name != NULL); INSIST(rdata != NULL); @@ -179,16 +150,10 @@ dns_dnssec_keyfromrdata(dns_name_t *name, dns_rdata_t *rdata, isc_mem_t *mctx, INSIST(key != NULL); INSIST(*key == NULL); - isc_buffer_init(&namebuf, namestr, sizeof(namestr) - 1); - ret = dns_name_totext(name, ISC_FALSE, &namebuf); - if (ret != ISC_R_SUCCESS) - return ret; - isc_buffer_usedregion(&namebuf, &r); - namestr[r.length] = 0; dns_rdata_toregion(rdata, &r); isc_buffer_init(&b, r.base, r.length); isc_buffer_add(&b, r.length); - return (dst_key_fromdns(namestr, &b, mctx, key)); + return (dst_key_fromdns(name, &b, mctx, key)); } isc_result_t @@ -234,9 +199,8 @@ dns_dnssec_sign(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key, sig.common.rdtype = dns_rdatatype_sig; ISC_LINK_INIT(&sig.common, link); - ret = keyname_to_name(dst_key_name(key), mctx, &sig.signer); - if (ret != ISC_R_SUCCESS) - return (ret); + dns_name_init(&sig.signer, NULL); + dns_name_clone(dst_key_name(key), &sig.signer); sig.covered = set->type; sig.algorithm = dst_key_alg(key); @@ -253,7 +217,7 @@ dns_dnssec_sign(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key, sig.siglen = sigsize; sig.signature = isc_mem_get(mctx, sig.siglen); if (sig.signature == NULL) - goto cleanup_name; + return (ISC_R_NOMEMORY); isc_buffer_init(&b, data, sizeof(data)); ret = dns_rdata_fromstruct(NULL, sig.common.rdclass, @@ -344,8 +308,6 @@ cleanup_array: isc_mem_put(mctx, rdatas, nrdatas * sizeof(dns_rdata_t)); cleanup_signature: isc_mem_put(mctx, sig.signature, sig.siglen); -cleanup_name: - dns_name_free(&sig.signer, mctx); return (ret); } @@ -564,7 +526,6 @@ dns_dnssec_signmessage(dns_message_t *msg, dst_key_t *key) { isc_buffer_t headerbuf, databuf, sigbuf; unsigned int sigsize; isc_buffer_t *dynbuf; - dns_name_t signer; dns_rdata_t *rdata; dns_rdatalist_t *datalist; dns_rdataset_t *dataset; @@ -601,8 +562,8 @@ dns_dnssec_signmessage(dns_message_t *msg, dst_key_t *key) { sig.keyid = dst_key_id(key); - dns_name_init(&signer, NULL); - RETERR(keyname_to_name(dst_key_name(key), mctx, &sig.signer)); + dns_name_init(&sig.signer, NULL); + dns_name_clone(dst_key_name(key), &sig.signer); sig.siglen = 0; sig.signature = NULL; @@ -660,7 +621,6 @@ dns_dnssec_signmessage(dns_message_t *msg, dst_key_t *key) { dns_rdatatype_sig, &sig, dynbuf)); isc_mem_put(mctx, sig.signature, sig.siglen); - dns_name_free(&sig.signer, mctx); signeedsfree = ISC_FALSE; dns_message_takebuffer(msg, &dynbuf); @@ -684,10 +644,8 @@ dns_dnssec_signmessage(dns_message_t *msg, dst_key_t *key) { failure: if (dynbuf != NULL) isc_buffer_free(&dynbuf); - if (signeedsfree) { + if (signeedsfree) isc_mem_put(mctx, sig.signature, sig.siglen); - dns_name_free(&sig.signer, mctx); - } return (result); } diff --git a/lib/dns/keytable.c b/lib/dns/keytable.c index 847f508709..0b05687250 100644 --- a/lib/dns/keytable.c +++ b/lib/dns/keytable.c @@ -184,10 +184,7 @@ dns_keytable_add(dns_keytable_t *keytable, dst_key_t **keyp) { isc_result_t result; dns_keynode_t *knode; dns_rbtnode_t *node; - dns_fixedname_t fname; - char *keyname; - isc_buffer_t buffer; - size_t len; + dns_name_t *keyname; /* * Add '*keyp' to 'keytable'. @@ -197,15 +194,6 @@ dns_keytable_add(dns_keytable_t *keytable, dst_key_t **keyp) { REQUIRE(keyp != NULL); keyname = dst_key_name(*keyp); - INSIST(keyname != NULL); - len = strlen(keyname); - isc_buffer_init(&buffer, keyname, len); - isc_buffer_add(&buffer, len); - dns_fixedname_init(&fname); - result = dns_name_fromtext(dns_fixedname_name(&fname), &buffer, - dns_rootname, ISC_FALSE, NULL); - if (result != ISC_R_SUCCESS) - return (result); knode = isc_mem_get(keytable->mctx, sizeof *knode); if (knode == NULL) @@ -214,8 +202,7 @@ dns_keytable_add(dns_keytable_t *keytable, dst_key_t **keyp) { RWLOCK(&keytable->rwlock, isc_rwlocktype_write); node = NULL; - result = dns_rbt_addnode(keytable->table, dns_fixedname_name(&fname), - &node); + result = dns_rbt_addnode(keytable->table, keyname, &node); if (result == ISC_R_SUCCESS || result == ISC_R_EXISTS) { knode->magic = KEYNODE_MAGIC; diff --git a/lib/dns/message.c b/lib/dns/message.c index 3df2d277e9..51ff3dd8ef 100644 --- a/lib/dns/message.c +++ b/lib/dns/message.c @@ -2385,11 +2385,8 @@ dns_message_checksig(dns_message_t *msg, dns_view_t *view) { isc_buffer_init(&b, rdata.data, rdata.length); isc_buffer_add(&b, rdata.length); - /* - * XXXBEW should actually pass in the key name, - * but it's not used anyway. - */ - result = dst_key_fromdns("", &b, view->mctx, &key); + result = dst_key_fromdns(&sig.signer, &b, view->mctx, + &key); if (result != ISC_R_SUCCESS) continue; if (dst_key_alg(key) != sig.algorithm || diff --git a/lib/dns/sec/dst/dst_api.c b/lib/dns/sec/dst/dst_api.c index fbbec2646c..846079fc62 100644 --- a/lib/dns/sec/dst/dst_api.c +++ b/lib/dns/sec/dst/dst_api.c @@ -19,7 +19,7 @@ /* * Principal Author: Brian Wellington - * $Id: dst_api.c,v 1.40 2000/05/24 05:09:36 tale Exp $ + * $Id: dst_api.c,v 1.41 2000/05/24 23:13:28 bwelling Exp $ */ #include @@ -36,6 +36,7 @@ #include #include +#include #include #include @@ -56,10 +57,10 @@ static isc_mutex_t random_lock; /* Static functions */ static void initialize(void); -static dst_key_t * get_key_struct(const char *name, const int alg, +static dst_key_t * get_key_struct(dns_name_t *name, const int alg, const int flags, const int protocol, const int bits, isc_mem_t *mctx); -static isc_result_t read_public_key(const char *name, +static isc_result_t read_public_key(dns_name_t *name, const isc_uint16_t id, int in_alg, isc_mem_t *mctx, dst_key_t **keyp); static isc_result_t write_public_key(const dst_key_t *key); @@ -314,14 +315,14 @@ dst_key_tofile(const dst_key_t *key, const int type) { * !ISC_R_SUCCESS Failure */ isc_result_t -dst_key_fromfile(const char *name, const isc_uint16_t id, const int alg, +dst_key_fromfile(dns_name_t *name, const isc_uint16_t id, const int alg, const int type, isc_mem_t *mctx, dst_key_t **keyp) { dst_key_t *key = NULL, *pubkey = NULL; isc_result_t ret; RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS); - REQUIRE(name != NULL); + REQUIRE(dns_name_isabsolute(name)); REQUIRE(mctx != NULL); REQUIRE(keyp != NULL && *keyp == NULL); @@ -346,7 +347,7 @@ dst_key_fromfile(const char *name, const isc_uint16_t id, const int alg, } key = get_key_struct(name, pubkey->key_alg, pubkey->key_flags, - pubkey->key_proto, 0, mctx); + pubkey->key_proto, 0, mctx); dst_key_free(&pubkey); } @@ -423,7 +424,7 @@ dst_key_todns(const dst_key_t *key, isc_buffer_t *target) { */ isc_result_t -dst_key_fromdns(const char *name, isc_buffer_t *source, isc_mem_t *mctx, +dst_key_fromdns(dns_name_t *name, isc_buffer_t *source, isc_mem_t *mctx, dst_key_t **keyp) { isc_region_t r; @@ -433,7 +434,7 @@ dst_key_fromdns(const char *name, isc_buffer_t *source, isc_mem_t *mctx, dst_key_t *key = NULL; RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS); - REQUIRE(name != NULL); + REQUIRE(dns_name_isabsolute(name)); REQUIRE(source != NULL); REQUIRE(mctx != NULL); REQUIRE(keyp != NULL && *keyp == NULL); @@ -488,7 +489,7 @@ dst_key_fromdns(const char *name, isc_buffer_t *source, isc_mem_t *mctx, * !ISC_R_SUCCESS Failure */ isc_result_t -dst_key_frombuffer(const char *name, const int alg, const int flags, +dst_key_frombuffer(dns_name_t *name, const int alg, const int flags, const int protocol, isc_buffer_t *source, isc_mem_t *mctx, dst_key_t **keyp) { @@ -496,7 +497,7 @@ dst_key_frombuffer(const char *name, const int alg, const int flags, isc_result_t ret; RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS); - REQUIRE(name != NULL); + REQUIRE(dns_name_isabsolute(name)); REQUIRE(source != NULL); REQUIRE(mctx != NULL); REQUIRE(keyp != NULL && *keyp == NULL); @@ -570,7 +571,7 @@ dst_key_tobuffer(const dst_key_t *key, isc_buffer_t *target) { * !ISC_R_SUCCESS Failure */ isc_result_t -dst_key_generate(const char *name, const int alg, const int bits, +dst_key_generate(dns_name_t *name, const int alg, const int bits, const int exp, const int flags, const int protocol, isc_mem_t *mctx, dst_key_t **keyp) { @@ -578,7 +579,7 @@ dst_key_generate(const char *name, const int alg, const int bits, isc_result_t ret; RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS); - REQUIRE(name != NULL); + REQUIRE(dns_name_isabsolute(name)); REQUIRE(mctx != NULL); REQUIRE(keyp != NULL && *keyp == NULL); @@ -680,13 +681,14 @@ dst_key_free(dst_key_t **keyp) { if (key->opaque != NULL) key->func->destroy(key->opaque, mctx); - isc_mem_free(mctx, key->key_name); + dns_name_free(key->key_name, mctx); + isc_mem_put(mctx, key->key_name, sizeof(dns_name_t)); memset(key, 0, sizeof(dst_key_t)); isc_mem_put(mctx, key, sizeof(dst_key_t)); *keyp = NULL; } -char * +dns_name_t * dst_key_name(const dst_key_t *key) { REQUIRE(VALID_KEY(key)); return (key->key_name); @@ -757,11 +759,10 @@ dst_key_isnullkey(const dst_key_t *key) { } isc_result_t -dst_key_buildfilename(const dst_key_t *key, const int type, isc_buffer_t *out) -{ +dst_key_buildfilename(const dst_key_t *key, const int type, isc_buffer_t *out) { char *suffix; - unsigned int namelen; - isc_region_t r; + unsigned int len; + isc_result_t result; REQUIRE(VALID_KEY(key)); REQUIRE(type == DST_TYPE_PRIVATE || type == DST_TYPE_PUBLIC || @@ -773,32 +774,35 @@ dst_key_buildfilename(const dst_key_t *key, const int type, isc_buffer_t *out) suffix = ".private"; else suffix = ".key"; - namelen = 1 + strlen(key->key_name) + 1 + 3 + 1 + 5 + 1 + - strlen(suffix); - isc_buffer_availableregion(out, &r); - if (namelen >= r.length) + if (isc_buffer_availablelength(out) < 1) return (ISC_R_NOSPACE); - if (namelen >= ISC_DIR_NAMEMAX) - return (ISC_R_INVALIDFILE); - sprintf((char *) r.base, "K%s+%03d+%05d%s", key->key_name, + isc_buffer_putstr(out, "K"); + result = dns_name_totext(key->key_name, ISC_FALSE, out); + if (result != ISC_R_SUCCESS) + return (result); + len = 1 + 3 + 1 + 5 + strlen(suffix) + 1; + if (isc_buffer_availablelength(out) < len) + return (ISC_R_NOSPACE); + sprintf((char *) isc_buffer_used(out), "+%03d+%05d%s", key->key_alg, key->key_id, suffix); - isc_buffer_add(out, namelen); + isc_buffer_add(out, len); return (ISC_R_SUCCESS); } isc_result_t -dst_key_parsefilename(isc_buffer_t *source, isc_mem_t *mctx, char **name, +dst_key_parsefilename(isc_buffer_t *source, isc_mem_t *mctx, dns_name_t *name, isc_uint16_t *id, int *alg, char **suffix) { isc_result_t result = ISC_R_SUCCESS; char c, str[6], *p, *endp; isc_region_t r; + isc_buffer_t b; unsigned int length; long l; REQUIRE(source != NULL); REQUIRE(mctx != NULL); - REQUIRE(name != NULL && *name == NULL); + REQUIRE(dns_name_hasbuffer(name)); REQUIRE(id != NULL); REQUIRE(alg != NULL); REQUIRE(suffix == NULL || *suffix == NULL); @@ -806,10 +810,9 @@ dst_key_parsefilename(isc_buffer_t *source, isc_mem_t *mctx, char **name, if (isc_buffer_remaininglength(source) < 1) return (ISC_R_UNEXPECTEDEND); c = (char) isc_buffer_getuint8(source); - if (c != 'K') { - result = ISC_R_INVALIDFILE; - goto fail; - } + if (c != 'K') + return (ISC_R_INVALIDFILE); + isc_buffer_remainingregion(source, &r); p = (char *)r.base; length = r.length; @@ -819,45 +822,35 @@ dst_key_parsefilename(isc_buffer_t *source, isc_mem_t *mctx, char **name, } if (length == 0) return (ISC_R_UNEXPECTEDEND); - length = p - (char *) r.base; - *name = isc_mem_get(mctx, length + 1); - if (*name == NULL) - return (ISC_R_NOMEMORY); - memcpy(*name, r.base, length); - (*name)[length] = 0; + length = p - (char *)r.base; + isc_buffer_init(&b, r.base, length); + isc_buffer_add(&b, length); + result = dns_name_fromtext(name, &b, dns_rootname, ISC_FALSE, NULL); + if (result != ISC_R_SUCCESS) + return (result); isc_buffer_forward(source, length); - if (isc_buffer_remaininglength(source) < 1 + 3 + 1 + 5) { - result = ISC_R_UNEXPECTEDEND; - goto fail; - } + if (isc_buffer_remaininglength(source) < 1 + 3 + 1 + 5) + return (ISC_R_UNEXPECTEDEND); c = (char) isc_buffer_getuint8(source); - if (c != '+') { - result = ISC_R_INVALIDFILE; - goto fail; - } + if (c != '+') + return (ISC_R_INVALIDFILE); isc_buffer_remainingregion(source, &r); memcpy(str, r.base, 3); str[3] = 0; *alg = strtol(str, &endp, 10); - if (*endp != '\0') { - result = ISC_R_INVALIDFILE; - goto fail; - } + if (*endp != '\0') + return (ISC_R_INVALIDFILE); isc_buffer_forward(source, 3); c = (char) isc_buffer_getuint8(source); - if (c != '+') { - result = ISC_R_INVALIDFILE; - goto fail; - } + if (c != '+') + return (ISC_R_INVALIDFILE); isc_buffer_remainingregion(source, &r); memcpy(str, r.base, 5); str[5] = 0; l = strtol(str, &endp, 10); - if (*endp != '\0' || l > (isc_uint16_t)-1) { - result = ISC_R_INVALIDFILE; - goto fail; - } + if (*endp != '\0' || l > (isc_uint16_t)-1) + return (ISC_R_INVALIDFILE); *id = (isc_uint16_t)l; isc_buffer_forward(source, 5); @@ -865,20 +858,12 @@ dst_key_parsefilename(isc_buffer_t *source, isc_mem_t *mctx, char **name, return (ISC_R_SUCCESS); isc_buffer_remainingregion(source, &r); *suffix = isc_mem_get(mctx, r.length + 1); - if (*suffix == NULL) { - result = ISC_R_NOMEMORY; - goto fail; - } + if (*suffix == NULL) + return (ISC_R_NOMEMORY); if (r.length > 0) memcpy(*suffix, r.base, r.length); (*suffix)[r.length] = 0; return (ISC_R_SUCCESS); - - fail: - if (*name != NULL) - isc_mem_put(mctx, name, strlen(*name) + 1); - return (result); - } /* @@ -1051,10 +1036,11 @@ initialize(void) { * valid pointer otherwise */ static dst_key_t * -get_key_struct(const char *name, const int alg, const int flags, +get_key_struct(dns_name_t *name, const int alg, const int flags, const int protocol, const int bits, isc_mem_t *mctx) { dst_key_t *key; + isc_result_t result; REQUIRE(dst_algorithm_supported(alg) != ISC_FALSE); @@ -1064,20 +1050,18 @@ get_key_struct(const char *name, const int alg, const int flags, memset(key, 0, sizeof(dst_key_t)); key->magic = KEY_MAGIC; - if (name[strlen(name) - 1] == '.') { - key->key_name = isc_mem_strdup(mctx, name); - if (key->key_name == NULL) { - isc_mem_free(mctx, key); - return (NULL); - } + + key->key_name = isc_mem_get(mctx, sizeof(dns_name_t)); + if (key->key_name == NULL) { + isc_mem_put(mctx, key, sizeof(dst_key_t)); + return (NULL); } - else { - key->key_name = isc_mem_allocate(mctx, strlen(name) + 2); - if (key->key_name == NULL) { - isc_mem_free(mctx, key); - return (NULL); - } - sprintf(key->key_name, "%s.", name); + dns_name_init(key->key_name, NULL); + result = dns_name_dup(name, mctx, key->key_name); + if (result != ISC_R_SUCCESS) { + isc_mem_put(mctx, key->key_name, sizeof(dns_name_t)); + isc_mem_put(mctx, key, sizeof(dst_key_t)); + return (NULL); } key->key_alg = alg; key->key_flags = flags; @@ -1090,7 +1074,7 @@ get_key_struct(const char *name, const int alg, const int flags, } /* - * dst_read_public_key + * read_public_key * Read a public key from disk * Parameters * name The name @@ -1104,7 +1088,7 @@ get_key_struct(const char *name, const int alg, const int flags, */ static isc_result_t -read_public_key(const char *name, const isc_uint16_t id, int alg, +read_public_key(dns_name_t *name, const isc_uint16_t id, int alg, isc_mem_t *mctx, dst_key_t **keyp) { char filename[ISC_DIR_NAMEMAX]; @@ -1258,7 +1242,11 @@ write_public_key(const dst_key_t *key) { if ((fp = fopen(filename, "w")) == NULL) return (DST_R_WRITEERROR); - fprintf(fp, "%s IN KEY ", key->key_name); + ret = dns_name_print(key->key_name, fp); + if (ret != ISC_R_SUCCESS) + return (ret); + + fprintf(fp, " IN KEY "); fwrite(r.base, 1, r.length, fp); fputc('\n', fp); fclose(fp); diff --git a/lib/dns/sec/dst/dst_internal.h b/lib/dns/sec/dst/dst_internal.h index db864f3e58..cc0571e14b 100644 --- a/lib/dns/sec/dst/dst_internal.h +++ b/lib/dns/sec/dst/dst_internal.h @@ -47,7 +47,7 @@ typedef struct dst_func dst_func; struct dst_key { unsigned int magic; - char * key_name; /* name of the key */ + dns_name_t * key_name; /* name of the key */ int key_size; /* size of the key in bits */ int key_proto; /* protocols this key is used for */ int key_alg; /* algorithm of the key */ diff --git a/lib/dns/sec/dst/include/dst/dst.h b/lib/dns/sec/dst/include/dst/dst.h index 4a89a03aed..cf6684fe38 100644 --- a/lib/dns/sec/dst/include/dst/dst.h +++ b/lib/dns/sec/dst/include/dst/dst.h @@ -4,6 +4,8 @@ #include #include +#include + ISC_LANG_BEGINDECLS /*** @@ -132,13 +134,13 @@ dst_key_computesecret(const dst_key_t *pub, const dst_key_t *priv, */ isc_result_t -dst_key_fromfile(const char *name, const isc_uint16_t id, const int alg, +dst_key_fromfile(dns_name_t *name, const isc_uint16_t id, const int alg, const int type, isc_mem_t *mctx, dst_key_t **keyp); /* * Reads a key from permanent storage. * * Requires: - * "name" is not NULL. + * "name" is a valid absolute dns name. * "id" is a valid key tag identifier. * "alg" is a supported key algorithm. * "type" is either DST_TYPE_PUBLIC or DST_TYPE_PRIVATE. @@ -160,13 +162,13 @@ dst_key_tofile(const dst_key_t *key, const int type); */ isc_result_t -dst_key_fromdns(const char *name, isc_buffer_t *source, isc_mem_t *mctx, +dst_key_fromdns(dns_name_t *name, isc_buffer_t *source, isc_mem_t *mctx, dst_key_t **keyp); /* * Converts a DNS KEY record into a DST key. * * Requires: - * "name" is not NULL. + * "name" is a valid absolute dns name. * "source" is a valid buffer. There must be at least 4 bytes available. * "mctx" is a valid memory context. * "keyp" is not NULL and "*keyp" is NULL. @@ -190,14 +192,14 @@ dst_key_todns(const dst_key_t *key, isc_buffer_t *target); */ isc_result_t -dst_key_frombuffer(const char *name, const int alg, const int flags, +dst_key_frombuffer(dns_name_t *name, const int alg, const int flags, const int protocol, isc_buffer_t *source, isc_mem_t *mctx, dst_key_t **keyp); /* * Converts a buffer containing DNS KEY RDATA into a DST key. * * Requires: - * "name" is not NULL. + * "name" is a valid absolute dns name. * "alg" is a supported key algorithm. * "source" is a valid buffer. * "mctx" is a valid memory context. @@ -222,14 +224,14 @@ dst_key_tobuffer(const dst_key_t *key, isc_buffer_t *target); */ isc_result_t -dst_key_generate(const char *name, const int alg, const int bits, +dst_key_generate(dns_name_t *name, const int alg, const int bits, const int param, const int flags, const int protocol, isc_mem_t *mctx, dst_key_t **keyp); /* * Generate a DST key (or keypair) * * Requires: - * "name" is not NULL + * "name" is a valid absolute dns name. * "alg" is a supported algorithm * "bits" is a valid key size for the given algorithm * "keyp" is not NULL and "*keyp" is NULL. @@ -277,7 +279,7 @@ dst_key_free(dst_key_t **keyp); * Require: * "key" is a valid key. */ -char * +dns_name_t * dst_key_name(const dst_key_t *key); int @@ -320,7 +322,7 @@ dst_key_buildfilename(const dst_key_t *key, const int type, isc_buffer_t *out); */ isc_result_t -dst_key_parsefilename(isc_buffer_t *source, isc_mem_t *mctx, char **name, +dst_key_parsefilename(isc_buffer_t *source, isc_mem_t *mctx, dns_name_t *name, isc_uint16_t *id, int *alg, char **suffix); /* * Parses a dst key filename into its components. @@ -328,7 +330,7 @@ dst_key_parsefilename(isc_buffer_t *source, isc_mem_t *mctx, char **name, * Requires: * "source" is a valid buffer * "mctx" is a valid memory context - * "name" is not NULL and "*name" is NULL + * "name" is a valid name with a dedicated buffer * "id" and "alg" are not NULL * Either "suffix" is NULL or "suffix" is not NULL and "*suffix" is NULL * diff --git a/lib/dns/tkey.c b/lib/dns/tkey.c index 59963f604d..c7f5070afb 100644 --- a/lib/dns/tkey.c +++ b/lib/dns/tkey.c @@ -16,7 +16,7 @@ */ /* - * $Id: tkey.c,v 1.38 2000/05/23 23:36:39 bwelling Exp $ + * $Id: tkey.c,v 1.39 2000/05/24 23:13:23 bwelling Exp $ * Principal Author: Brian Wellington */ @@ -218,11 +218,10 @@ process_dhtkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name, dns_rdata_t keyrdata, ourkeyrdata; isc_boolean_t found_key = ISC_FALSE, found_incompatible = ISC_FALSE; dst_key_t *pubkey = NULL; - isc_buffer_t ourkeybuf, ournamein, ournameout, *shared = NULL; + isc_buffer_t ourkeybuf, *shared = NULL; isc_region_t r, r2, ourkeyr; isc_uint32_t ourttl; unsigned char keydata[DST_KEY_MAXSIZE]; - unsigned char namedata[1024]; unsigned int sharedsize; isc_buffer_t randombuf, secret; unsigned char *randomdata = NULL, secretdata[256]; @@ -285,13 +284,10 @@ process_dhtkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name, isc_buffer_usedregion(&ourkeybuf, &ourkeyr); dns_rdata_fromregion(&ourkeyrdata, dns_rdataclass_any, dns_rdatatype_key, &ourkeyr); - isc_buffer_init(&ournamein, dst_key_name(tctx->dhkey), - strlen(dst_key_name(tctx->dhkey))); - isc_buffer_add(&ournamein, strlen(dst_key_name(tctx->dhkey))); - isc_buffer_init(&ournameout, namedata, sizeof(namedata)); + + dns_name_init(&ourname, NULL); - RETERR(dns_name_fromtext(&ourname, &ournamein, dns_rootname, ISC_FALSE, - &ournameout)); + dns_name_clone(dst_key_name(tctx->dhkey), &ourname); ourttl = 0; #if 0 /* @@ -721,7 +717,7 @@ dns_tkey_builddhquery(dns_message_t *msg, dst_key_t *key, dns_name_t *name, { dns_rdata_tkey_t tkey; dns_rdata_t *rdata = NULL; - isc_buffer_t src, *dynbuf = NULL; + isc_buffer_t *dynbuf = NULL; isc_region_t r; dns_name_t keyname; dns_namelist_t namelist; @@ -769,13 +765,10 @@ dns_tkey_builddhquery(dns_message_t *msg, dst_key_t *key, dns_name_t *name, dns_rdata_fromregion(rdata, dns_rdataclass_any, dns_rdatatype_key, &r); dns_message_takebuffer(msg, &dynbuf); - isc_buffer_init(&src, dst_key_name(key), strlen(dst_key_name(key))); - isc_buffer_add(&src, strlen(dst_key_name(key))); - RETERR(isc_buffer_allocate(msg->mctx, &dynbuf, 1024)); + dns_name_init(&keyname, NULL); - RETERR(dns_name_fromtext(&keyname, &src, dns_rootname, ISC_FALSE, - dynbuf)); - dns_message_takebuffer(msg, &dynbuf); + dns_name_clone(dst_key_name(key), &keyname); + ISC_LIST_INIT(namelist); RETERR(add_rdata_to_list(msg, &keyname, rdata, 0, &namelist)); dns_message_addname(msg, ISC_LIST_HEAD(namelist), @@ -851,9 +844,9 @@ dns_tkey_processdhresponse(dns_message_t *qmsg, dns_message_t *rmsg, dns_rdata_t theirkeyrdata; dst_key_t *theirkey; dns_rdata_tkey_t qtkey, rtkey; - unsigned char keydata[1024], secretdata[256]; + unsigned char secretdata[256]; unsigned int sharedsize; - isc_buffer_t keysrc, keybuf, *shared = NULL, secret; + isc_buffer_t *shared = NULL, secret; isc_region_t r, r2; isc_result_t result; @@ -886,12 +879,8 @@ dns_tkey_processdhresponse(dns_message_t *qmsg, dns_message_t *rmsg, goto failure; } - isc_buffer_init(&keysrc, dst_key_name(key), strlen(dst_key_name(key))); - isc_buffer_add(&keysrc, strlen(dst_key_name(key))); - isc_buffer_init(&keybuf, keydata, sizeof(keydata)); dns_name_init(&keyname, NULL); - RETERR(dns_name_fromtext(&keyname, &keysrc, dns_rootname, - ISC_FALSE, &keybuf)); + dns_name_clone(dst_key_name(key), &keyname); ourkeyname = NULL; ourkeyset = NULL; diff --git a/lib/dns/tkeyconf.c b/lib/dns/tkeyconf.c index 67cba3629a..0331572045 100644 --- a/lib/dns/tkeyconf.c +++ b/lib/dns/tkeyconf.c @@ -43,7 +43,7 @@ dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx, int n; isc_buffer_t b, namebuf; unsigned char data[1024]; - dns_name_t domain; + dns_name_t domain, keyname; result = dns_tkeyctx_create(mctx, &tctx); if (result != ISC_R_SUCCESS) @@ -55,7 +55,12 @@ dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx, *tctxp = tctx; return (ISC_R_SUCCESS); } - RETERR(dst_key_fromfile(s, n, DNS_KEYALG_DH, + isc_buffer_init(&namebuf, data, sizeof(data)); + dns_name_init(&keyname, NULL); + isc_buffer_init(&b, s, strlen(s)); + isc_buffer_add(&b, strlen(s)); + dns_name_fromtext(&keyname, &b, dns_rootname, ISC_FALSE, &namebuf); + RETERR(dst_key_fromfile(&keyname, n, DNS_KEYALG_DH, DST_TYPE_PUBLIC|DST_TYPE_PRIVATE, mctx, &tctx->dhkey)); s = NULL; @@ -69,7 +74,6 @@ dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx, dns_name_init(tctx->domain, NULL); isc_buffer_init(&b, s, strlen(s)); isc_buffer_add(&b, strlen(s)); - isc_buffer_init(&namebuf, data, sizeof(data)); RETERR(dns_name_fromtext(&domain, &b, dns_rootname, ISC_FALSE, &namebuf)); RETERR(dns_name_dup(&domain, mctx, tctx->domain)); diff --git a/lib/dns/tsig.c b/lib/dns/tsig.c index 898cf063b1..ab76194008 100644 --- a/lib/dns/tsig.c +++ b/lib/dns/tsig.c @@ -16,7 +16,7 @@ */ /* - * $Id: tsig.c,v 1.62 2000/05/24 05:09:15 tale Exp $ + * $Id: tsig.c,v 1.63 2000/05/24 23:13:25 bwelling Exp $ * Principal Author: Brian Wellington */ @@ -57,12 +57,10 @@ dns_tsigkey_create(dns_name_t *name, dns_name_t *algorithm, isc_stdtime_t expire, isc_mem_t *mctx, dns_tsig_keyring_t *ring, dns_tsigkey_t **key) { - isc_buffer_t b, nameb; - char namestr[1025]; + isc_buffer_t b; isc_uint16_t alg; dns_tsigkey_t *tkey; isc_result_t ret; - isc_region_t r; REQUIRE(key == NULL || *key == NULL); REQUIRE(name != NULL); @@ -109,14 +107,6 @@ dns_tsigkey_create(dns_name_t *name, dns_name_t *algorithm, else tkey->creator = NULL; - isc_buffer_init(&nameb, namestr, sizeof(namestr) - 1); - ret = dns_name_totext(name, ISC_FALSE, &nameb); - if (ret != ISC_R_SUCCESS) - goto cleanup_algorithm; - - isc_buffer_usedregion(&nameb, &r); - namestr[r.length] = '\0'; - tkey->key = NULL; tkey->ring = NULL; if (length > 0) { @@ -124,7 +114,7 @@ dns_tsigkey_create(dns_name_t *name, dns_name_t *algorithm, isc_buffer_init(&b, secret, length); isc_buffer_add(&b, length); - ret = dst_key_frombuffer(namestr, alg, + ret = dst_key_frombuffer(name, alg, DNS_KEYOWNER_ENTITY, DNS_KEYPROTO_DNSSEC, &b, mctx, &tkey->key); diff --git a/lib/dns/validator.c b/lib/dns/validator.c index b847106eb2..1b39b06f83 100644 --- a/lib/dns/validator.c +++ b/lib/dns/validator.c @@ -558,7 +558,8 @@ containsnullkey(dns_validator_t *val, dns_rdataset_t *rdataset) { * The key name is unimportant, so we can avoid any name/text * conversion. */ - result = dst_key_fromdns("", &b, val->view->mctx, &key); + result = dst_key_fromdns(dns_rootname, &b, val->view->mctx, + &key); if (result != ISC_R_SUCCESS) continue; if (dst_key_isnullkey(key)) @@ -583,7 +584,6 @@ get_dst_key(dns_validator_t *val, dns_siginfo_t *siginfo, isc_result_t result; isc_buffer_t b; dns_rdata_t rdata; - char ntext[1024]; dst_key_t *oldkey = val->key; isc_boolean_t foundold; @@ -599,24 +599,11 @@ get_dst_key(dns_validator_t *val, dns_siginfo_t *siginfo, goto failure; do { dns_rdataset_current(rdataset, &rdata); - /* - * We keep one byte of ntext in reserve so - * we're sure we can NUL terminate. - */ - isc_buffer_init(&b, ntext, sizeof(ntext) - 1); - result = dns_name_totext(&siginfo->signer, ISC_FALSE, &b); - if (result != ISC_R_SUCCESS) - goto failure; - - /* - * NUL-terminate the character string. - */ - isc_buffer_putuint8(&b, 0); isc_buffer_init(&b, rdata.data, rdata.length); isc_buffer_add(&b, rdata.length); INSIST(val->key == NULL); - result = dst_key_fromdns(ntext, &b, val->view->mctx, + result = dst_key_fromdns(&siginfo->signer, &b, val->view->mctx, &val->key); if (result != ISC_R_SUCCESS) goto failure; diff --git a/lib/omapi/auth.c b/lib/omapi/auth.c index 75db9fdbb5..bf553eff13 100644 --- a/lib/omapi/auth.c +++ b/lib/omapi/auth.c @@ -15,7 +15,7 @@ * SOFTWARE. */ -/* $Id: auth.c,v 1.6 2000/05/08 14:38:08 tale Exp $ */ +/* $Id: auth.c,v 1.7 2000/05/24 23:13:32 bwelling Exp $ */ /* Principal Author: DCL */ @@ -110,6 +110,9 @@ auth_makekey(const char *name, unsigned int algorithm, dst_key_t **key) { auth_t *auth = NULL; unsigned int dst_algorithm; unsigned int secret_len; + dns_name_t dnsname; + char namebuf[1025]; + isc_buffer_t srcb, dstb; REQUIRE(name != NULL && algorithm != 0); REQUIRE(key != NULL && *key == NULL); @@ -136,7 +139,14 @@ auth_makekey(const char *name, unsigned int algorithm, dst_key_t **key) { isc_buffer_add(&secret, secret_len); - result = dst_key_frombuffer(auth->name, dst_algorithm, 0, + dns_name_init(&dnsname, NULL); + isc_buffer_init(&srcb, auth->name, strlen(auth->name)); + isc_buffer_init(&dstb, namebuf, sizeof(namebuf)); + result = dns_name_fromtext(&dnsname, &srcb, dns_rootname, + ISC_FALSE, &dstb); + if (result != ISC_R_SUCCESS) + return (result); + result = dst_key_frombuffer(&dnsname, dst_algorithm, 0, 0, &secret, omapi_mctx, key); }