dst_sig_size changes

lib/dns/dnssec.c

@@ -16,7 +16,7 @@
  */
 
 /*
- * $Id: dnssec.c,v 1.10 1999/10/17 21:33:03 tale Exp $
+ * $Id: dnssec.c,v 1.11 1999/10/26 19:31:52 bwelling Exp $
  * Principal Author: Brian Wellington
  */
 
@@ -156,9 +156,6 @@ rdataset_to_sortedarray(dns_rdataset_t *set, isc_mem_t *mctx,
 		dns_rdataset_current(set, &data[i++]);
 	} while (dns_rdataset_next(set) == ISC_R_SUCCESS);
 
-	/* This better not change.  Should this be locked somehow? XXXBEW */
-	INSIST(i == n);
-
 	/* sort the array */
 	qsort(data, n, sizeof(dns_rdata_t), rdata_compare_wrapper);
 	*rdata = data;
@@ -240,6 +237,7 @@ dns_dnssec_sign(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
 	unsigned char data[300];
 	digestctx_t dctx;
 	isc_uint32_t flags;
+	unsigned int sigsize;
 
 	REQUIRE(name != NULL);
 	REQUIRE(set != NULL);
@@ -277,11 +275,10 @@ dns_dnssec_sign(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
 	sig.timesigned = *inception;
 	sig.timeexpire = *expire;
 	sig.keyid = dst_key_id(key);
-	if (dst_sig_size(key) < 0) {
-		/* close enough for now */
-		return (DNS_R_KEYUNAUTHORIZED);
-	}
-	sig.siglen = dst_sig_size(key);
+	ret = dst_sig_size(key, &sigsize);
+	if (ret != ISC_R_SUCCESS)
+		return (ret);
+	sig.siglen = sigsize;
 	sig.signature = isc_mem_get(mctx, sig.siglen);
 	if (sig.signature == NULL)
 		goto cleanup_name;

lib/dns/sec/dst/dst_api.c

@@ -17,7 +17,7 @@
 
 /*
  * Principal Author: Brian Wellington
- * $Id: dst_api.c,v 1.18 1999/10/25 21:04:53 bwelling Exp $
+ * $Id: dst_api.c,v 1.19 1999/10/26 19:31:52 bwelling Exp $
  */
 
 #include <config.h>
@@ -718,30 +718,36 @@ dst_key_isprivate(const dst_key_t *key) {
  *	Computes the maximum size of a signature generated by the given key
  * Parameters
  *	key	The DST key
+ *	n 	Stores the number of bytes necessary to hold a signature
+ *		with the key.
  * Returns
- *	n 	The number of bytes necessary to hold a signature with the key.
+ *	ISC_R_SUCCESS
+ *	DST_R_UNSUPPORTEDALG
  */
-int
-dst_sig_size(const dst_key_t *key) {
+isc_result_t
+dst_sig_size(const dst_key_t *key, unsigned int *n) {
 	RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
 	REQUIRE(VALID_KEY(key));
-	REQUIRE(dst_supported_algorithm(key->key_alg) == ISC_TRUE);
+	REQUIRE(n != NULL);
 
 	switch (key->key_alg) {
 		case DST_ALG_RSA:
-			return (key->key_size + 7) / 8;
+			*n = (key->key_size + 7) / 8;
+			break;
 		case DST_ALG_DSA:
-			return (DNS_SIG_DSASIGSIZE);
+			*n = DNS_SIG_DSASIGSIZE;
+			break;
 		case DST_ALG_HMACMD5:
-			return (16);
+			*n = 16;
+			break;
 		case DST_ALG_HMACSHA1:
-			return (20);
+			*n = 20;
+			break;
 		case DST_ALG_DH:
-			return (-1);
 		default:
-			REQUIRE(ISC_FALSE);
-			return (-1);
+			return (DST_R_UNSUPPORTEDALG);
 	}
+	return (ISC_R_SUCCESS);
 }
 
 /*
@@ -749,27 +755,30 @@ dst_sig_size(const dst_key_t *key) {
  *	Computes the maximum size of a shared secret generated by the given key
  * Parameters
  *	key	The DST key
+ *	n 	Stores the number of bytes necessary to hold a shared secret
+ *		generated by the key.
  * Returns
- *	n 	The number of bytes necessary to hold the shared secret
+ *	ISC_R_SUCCESS
+ *	DST_R_UNSUPPORTEDALG
  */
-int
-dst_secret_size(const dst_key_t *key) {
+isc_result_t
+dst_secret_size(const dst_key_t *key, unsigned int *n) {
 	RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
 	REQUIRE(VALID_KEY(key));
-	REQUIRE(dst_supported_algorithm(key->key_alg) == ISC_TRUE);
+	REQUIRE(n != NULL);
 
 	switch (key->key_alg) {
+		case DST_ALG_DH:
+			*n = (key->key_size + 7) / 8;
+			break;
 		case DST_ALG_RSA:
 		case DST_ALG_DSA:
 		case DST_ALG_HMACMD5:
 		case DST_ALG_HMACSHA1:
-			return (-1);
-		case DST_ALG_DH:
-			return (key->key_size + 7) / 8;
 		default:
-			REQUIRE(ISC_FALSE);
-			return (-1);
+			return (DST_R_UNSUPPORTEDALG);
 	}
+	return (ISC_R_SUCCESS);
 }
 
 /* 

lib/dns/sec/dst/include/dst/dst.h

@@ -293,25 +293,27 @@ dst_key_isprivate(const dst_key_t *key);
  *
  * Requires:
  *	"key" is a valid key.
+ *	"n" is not NULL
  *
  * Returns:
- *	n	The size of the signature
- *	-1	The key's algorithm does not support signatures
+ *	ISC_R_SUCCESS
+ *	DST_R_UNSUPPORTEDALG
  */
-int
-dst_sig_size(const dst_key_t *key);
+isc_result_t
+dst_sig_size(const dst_key_t *key, unsigned int *n);
 
 /* Computes the size of a shared secret generated by the given key.
  *
  * Requires:
  *	"key" is a valid key.
+ *	"n" is not NULL
  *
  * Returns:
- *	n	The size of the secret
- *	-1	The key's algorithm does not support shared secrets
+ *	ISC_R_SUCCESS
+ *	DST_R_UNSUPPORTEDALG
  */
-int
-dst_secret_size(const dst_key_t *key);
+isc_result_t
+dst_secret_size(const dst_key_t *key, unsigned int *n);
 
 /* Generate random data.
  *

lib/dns/tsig.c

@@ -16,7 +16,7 @@
  */
 
 /*
- * $Id: tsig.c,v 1.21 1999/10/25 20:55:31 bwelling Exp $
+ * $Id: tsig.c,v 1.22 1999/10/26 19:31:51 bwelling Exp $
  * Principal Author: Brian Wellington
  */
 
@@ -306,6 +306,7 @@ dns_tsig_sign(dns_message_t *msg) {
 	if (!dns_tsigkey_empty(key)) {
 		unsigned char header[DNS_MESSAGE_HEADERLEN];
 		isc_buffer_t headerbuf;
+		unsigned int sigsize;
 
 		/* Digest the header */
 		isc_buffer_init(&headerbuf, header, sizeof header,
@@ -395,7 +396,10 @@ dns_tsig_sign(dns_message_t *msg) {
 			}
 		}
 
-		tsig->siglen = dst_sig_size(key->key);
+		ret = dst_sig_size(key->key, &sigsize);
+		if (ret != ISC_R_SUCCESS)
+			goto cleanup_other;
+		tsig->siglen = sigsize;
 		tsig->signature = (unsigned char *)
 				  isc_mem_get(mctx, tsig->siglen);
 		if (tsig->signature == NULL) {