From d5334bc18380d25e8a7ee804f68f22dc746b9c20 Mon Sep 17 00:00:00 2001 From: Brian Wellington Date: Tue, 26 Oct 1999 19:31:52 +0000 Subject: [PATCH] dst_sig_size changes --- lib/dns/dnssec.c | 15 ++++----- lib/dns/sec/dst/dst_api.c | 51 ++++++++++++++++++------------- lib/dns/sec/dst/include/dst/dst.h | 18 ++++++----- lib/dns/tsig.c | 8 +++-- 4 files changed, 52 insertions(+), 40 deletions(-) diff --git a/lib/dns/dnssec.c b/lib/dns/dnssec.c index bc302b954c..29bbbbb672 100644 --- a/lib/dns/dnssec.c +++ b/lib/dns/dnssec.c @@ -16,7 +16,7 @@ */ /* - * $Id: dnssec.c,v 1.10 1999/10/17 21:33:03 tale Exp $ + * $Id: dnssec.c,v 1.11 1999/10/26 19:31:52 bwelling Exp $ * Principal Author: Brian Wellington */ @@ -156,9 +156,6 @@ rdataset_to_sortedarray(dns_rdataset_t *set, isc_mem_t *mctx, dns_rdataset_current(set, &data[i++]); } while (dns_rdataset_next(set) == ISC_R_SUCCESS); - /* This better not change. Should this be locked somehow? XXXBEW */ - INSIST(i == n); - /* sort the array */ qsort(data, n, sizeof(dns_rdata_t), rdata_compare_wrapper); *rdata = data; @@ -240,6 +237,7 @@ dns_dnssec_sign(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key, unsigned char data[300]; digestctx_t dctx; isc_uint32_t flags; + unsigned int sigsize; REQUIRE(name != NULL); REQUIRE(set != NULL); @@ -277,11 +275,10 @@ dns_dnssec_sign(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key, sig.timesigned = *inception; sig.timeexpire = *expire; sig.keyid = dst_key_id(key); - if (dst_sig_size(key) < 0) { - /* close enough for now */ - return (DNS_R_KEYUNAUTHORIZED); - } - sig.siglen = dst_sig_size(key); + ret = dst_sig_size(key, &sigsize); + if (ret != ISC_R_SUCCESS) + return (ret); + sig.siglen = sigsize; sig.signature = isc_mem_get(mctx, sig.siglen); if (sig.signature == NULL) goto cleanup_name; diff --git a/lib/dns/sec/dst/dst_api.c b/lib/dns/sec/dst/dst_api.c index 24c3dd60c5..f307730844 100644 --- a/lib/dns/sec/dst/dst_api.c +++ b/lib/dns/sec/dst/dst_api.c @@ -17,7 +17,7 @@ /* * Principal Author: Brian Wellington - * $Id: dst_api.c,v 1.18 1999/10/25 21:04:53 bwelling Exp $ + * $Id: dst_api.c,v 1.19 1999/10/26 19:31:52 bwelling Exp $ */ #include @@ -718,30 +718,36 @@ dst_key_isprivate(const dst_key_t *key) { * Computes the maximum size of a signature generated by the given key * Parameters * key The DST key + * n Stores the number of bytes necessary to hold a signature + * with the key. * Returns - * n The number of bytes necessary to hold a signature with the key. + * ISC_R_SUCCESS + * DST_R_UNSUPPORTEDALG */ -int -dst_sig_size(const dst_key_t *key) { +isc_result_t +dst_sig_size(const dst_key_t *key, unsigned int *n) { RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS); REQUIRE(VALID_KEY(key)); - REQUIRE(dst_supported_algorithm(key->key_alg) == ISC_TRUE); + REQUIRE(n != NULL); switch (key->key_alg) { case DST_ALG_RSA: - return (key->key_size + 7) / 8; + *n = (key->key_size + 7) / 8; + break; case DST_ALG_DSA: - return (DNS_SIG_DSASIGSIZE); + *n = DNS_SIG_DSASIGSIZE; + break; case DST_ALG_HMACMD5: - return (16); + *n = 16; + break; case DST_ALG_HMACSHA1: - return (20); + *n = 20; + break; case DST_ALG_DH: - return (-1); default: - REQUIRE(ISC_FALSE); - return (-1); + return (DST_R_UNSUPPORTEDALG); } + return (ISC_R_SUCCESS); } /* @@ -749,27 +755,30 @@ dst_sig_size(const dst_key_t *key) { * Computes the maximum size of a shared secret generated by the given key * Parameters * key The DST key + * n Stores the number of bytes necessary to hold a shared secret + * generated by the key. * Returns - * n The number of bytes necessary to hold the shared secret + * ISC_R_SUCCESS + * DST_R_UNSUPPORTEDALG */ -int -dst_secret_size(const dst_key_t *key) { +isc_result_t +dst_secret_size(const dst_key_t *key, unsigned int *n) { RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS); REQUIRE(VALID_KEY(key)); - REQUIRE(dst_supported_algorithm(key->key_alg) == ISC_TRUE); + REQUIRE(n != NULL); switch (key->key_alg) { + case DST_ALG_DH: + *n = (key->key_size + 7) / 8; + break; case DST_ALG_RSA: case DST_ALG_DSA: case DST_ALG_HMACMD5: case DST_ALG_HMACSHA1: - return (-1); - case DST_ALG_DH: - return (key->key_size + 7) / 8; default: - REQUIRE(ISC_FALSE); - return (-1); + return (DST_R_UNSUPPORTEDALG); } + return (ISC_R_SUCCESS); } /* diff --git a/lib/dns/sec/dst/include/dst/dst.h b/lib/dns/sec/dst/include/dst/dst.h index 64d4baa9f6..bc013cb6d6 100644 --- a/lib/dns/sec/dst/include/dst/dst.h +++ b/lib/dns/sec/dst/include/dst/dst.h @@ -293,25 +293,27 @@ dst_key_isprivate(const dst_key_t *key); * * Requires: * "key" is a valid key. + * "n" is not NULL * * Returns: - * n The size of the signature - * -1 The key's algorithm does not support signatures + * ISC_R_SUCCESS + * DST_R_UNSUPPORTEDALG */ -int -dst_sig_size(const dst_key_t *key); +isc_result_t +dst_sig_size(const dst_key_t *key, unsigned int *n); /* Computes the size of a shared secret generated by the given key. * * Requires: * "key" is a valid key. + * "n" is not NULL * * Returns: - * n The size of the secret - * -1 The key's algorithm does not support shared secrets + * ISC_R_SUCCESS + * DST_R_UNSUPPORTEDALG */ -int -dst_secret_size(const dst_key_t *key); +isc_result_t +dst_secret_size(const dst_key_t *key, unsigned int *n); /* Generate random data. * diff --git a/lib/dns/tsig.c b/lib/dns/tsig.c index 5f7bd5d75d..2a3153a9d7 100644 --- a/lib/dns/tsig.c +++ b/lib/dns/tsig.c @@ -16,7 +16,7 @@ */ /* - * $Id: tsig.c,v 1.21 1999/10/25 20:55:31 bwelling Exp $ + * $Id: tsig.c,v 1.22 1999/10/26 19:31:51 bwelling Exp $ * Principal Author: Brian Wellington */ @@ -306,6 +306,7 @@ dns_tsig_sign(dns_message_t *msg) { if (!dns_tsigkey_empty(key)) { unsigned char header[DNS_MESSAGE_HEADERLEN]; isc_buffer_t headerbuf; + unsigned int sigsize; /* Digest the header */ isc_buffer_init(&headerbuf, header, sizeof header, @@ -395,7 +396,10 @@ dns_tsig_sign(dns_message_t *msg) { } } - tsig->siglen = dst_sig_size(key->key); + ret = dst_sig_size(key->key, &sigsize); + if (ret != ISC_R_SUCCESS) + goto cleanup_other; + tsig->siglen = sigsize; tsig->signature = (unsigned char *) isc_mem_get(mctx, tsig->siglen); if (tsig->signature == NULL) {