|
Michal Ruprich |
d886cd |
diff --git a/README b/README
|
|
Michal Ruprich |
d886cd |
index e905d5e..17c0ddf 100644
|
|
Michal Ruprich |
d886cd |
--- a/README
|
|
Michal Ruprich |
d886cd |
+++ b/README
|
|
Michal Ruprich |
d886cd |
@@ -322,7 +322,7 @@ Building
|
|
Michal Ruprich |
d886cd |
systems.
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
For the server to support DNSSEC, you need to build it
|
|
Michal Ruprich |
d886cd |
- with crypto support. You must have OpenSSL 0.9.5a
|
|
Michal Ruprich |
d886cd |
+ with crypto support. You must have OpenSSL 1.0.1t
|
|
Michal Ruprich |
d886cd |
or newer installed and specify "--with-openssl" on the
|
|
Michal Ruprich |
d886cd |
configure command line. If OpenSSL is installed under
|
|
Michal Ruprich |
d886cd |
a nonstandard prefix, you can tell configure where to
|
|
Michal Ruprich |
d886cd |
diff --git a/bin/named/main.c b/bin/named/main.c
|
|
Michal Ruprich |
d886cd |
index e0dafb1..f716b3f 100644
|
|
Michal Ruprich |
d886cd |
--- a/bin/named/main.c
|
|
Michal Ruprich |
d886cd |
+++ b/bin/named/main.c
|
|
Michal Ruprich |
d886cd |
@@ -688,8 +688,14 @@ parse_command_line(int argc, char *argv[]) {
|
|
Michal Ruprich |
d886cd |
#ifdef OPENSSL
|
|
Michal Ruprich |
d886cd |
printf("compiled with OpenSSL version: %s\n",
|
|
Michal Ruprich |
d886cd |
OPENSSL_VERSION_TEXT);
|
|
Michal Ruprich |
d886cd |
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L /* 1.1.0 or higher */
|
|
Michal Ruprich |
d886cd |
+ printf("linked to OpenSSL version: %s\n",
|
|
Michal Ruprich |
d886cd |
+ OpenSSL_version(OPENSSL_VERSION));
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+#else
|
|
Michal Ruprich |
d886cd |
printf("linked to OpenSSL version: %s\n",
|
|
Michal Ruprich |
d886cd |
SSLeay_version(SSLEAY_VERSION));
|
|
Michal Ruprich |
d886cd |
+#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
|
|
Michal Ruprich |
d886cd |
#endif
|
|
Michal Ruprich |
d886cd |
#ifdef HAVE_LIBXML2
|
|
Michal Ruprich |
d886cd |
printf("compiled with libxml2 version: %s\n",
|
|
Michal Ruprich |
d886cd |
diff --git a/bin/tests/dst/t_dst.c b/bin/tests/dst/t_dst.c
|
|
Michal Ruprich |
d886cd |
index 0bb723d..27da3fd 100644
|
|
Michal Ruprich |
d886cd |
--- a/bin/tests/dst/t_dst.c
|
|
Michal Ruprich |
d886cd |
+++ b/bin/tests/dst/t_dst.c
|
|
Michal Ruprich |
d886cd |
@@ -910,9 +910,42 @@ t2_sigchk(char *datapath, char *sigpath, char *keyname,
|
|
Michal Ruprich |
d886cd |
* signed at some earlier time, possibly with an entire different
|
|
Michal Ruprich |
d886cd |
* version or implementation of the DSA and RSA algorithms
|
|
Michal Ruprich |
d886cd |
*/
|
|
Michal Ruprich |
d886cd |
-static const char *a2 =
|
|
Michal Ruprich |
d886cd |
- "the dst module provides the capability to "
|
|
Michal Ruprich |
d886cd |
- "verify data signed with the RSA and DSA algorithms";
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+isc_mem_t *t2_mctx = NULL;
|
|
Michal Ruprich |
d886cd |
+isc_entropy_t *t2_ectx = NULL;
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+static int
|
|
Michal Ruprich |
d886cd |
+t2_vfy_init(void) {
|
|
Michal Ruprich |
d886cd |
+ isc_result_t isc_result;
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+ t2_mctx = NULL;
|
|
Michal Ruprich |
d886cd |
+ isc_result = isc_mem_create(0, 0, &t2_mctx);
|
|
Michal Ruprich |
d886cd |
+ if (isc_result != ISC_R_SUCCESS) {
|
|
Michal Ruprich |
d886cd |
+ t_info("isc_mem_create failed %s\n",
|
|
Michal Ruprich |
d886cd |
+ isc_result_totext(isc_result));
|
|
Michal Ruprich |
d886cd |
+ return(0);
|
|
Michal Ruprich |
d886cd |
+ }
|
|
Michal Ruprich |
d886cd |
+ t2_ectx = NULL;
|
|
Michal Ruprich |
d886cd |
+ isc_result = isc_entropy_create(t2_mctx, &t2_ectx);
|
|
Michal Ruprich |
d886cd |
+ if (isc_result != ISC_R_SUCCESS) {
|
|
Michal Ruprich |
d886cd |
+ t_info("isc_entropy_create failed %s\n",
|
|
Michal Ruprich |
d886cd |
+ isc_result_totext(isc_result));
|
|
Michal Ruprich |
d886cd |
+ return(0);
|
|
Michal Ruprich |
d886cd |
+ }
|
|
Michal Ruprich |
d886cd |
+ isc_result = isc_entropy_createfilesource(t2_ectx, "randomfile");
|
|
Michal Ruprich |
d886cd |
+ if (isc_result != ISC_R_SUCCESS) {
|
|
Michal Ruprich |
d886cd |
+ t_info("isc_entropy_create failed %s\n",
|
|
Michal Ruprich |
d886cd |
+ isc_result_totext(isc_result));
|
|
Michal Ruprich |
d886cd |
+ return(0);
|
|
Michal Ruprich |
d886cd |
+ }
|
|
Michal Ruprich |
d886cd |
+ isc_result = dst_lib_init(t2_mctx, t2_ectx, ISC_ENTROPY_BLOCKING);
|
|
Michal Ruprich |
d886cd |
+ if (isc_result != ISC_R_SUCCESS) {
|
|
Michal Ruprich |
d886cd |
+ t_info("dst_lib_init failed %s\n",
|
|
Michal Ruprich |
d886cd |
+ isc_result_totext(isc_result));
|
|
Michal Ruprich |
d886cd |
+ return(0);
|
|
Michal Ruprich |
d886cd |
+ }
|
|
Michal Ruprich |
d886cd |
+ return(1);
|
|
Michal Ruprich |
d886cd |
+}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
/*
|
|
Michal Ruprich |
d886cd |
* av == datafile, sigpath, keyname, keyid, alg, exp_result.
|
|
Michal Ruprich |
d886cd |
@@ -929,9 +962,6 @@ t2_vfy(char **av) {
|
|
Michal Ruprich |
d886cd |
char *exp_result;
|
|
Michal Ruprich |
d886cd |
int nfails;
|
|
Michal Ruprich |
d886cd |
int nprobs;
|
|
Michal Ruprich |
d886cd |
- isc_mem_t *mctx;
|
|
Michal Ruprich |
d886cd |
- isc_entropy_t *ectx;
|
|
Michal Ruprich |
d886cd |
- isc_result_t isc_result;
|
|
Michal Ruprich |
d886cd |
int result;
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
datapath = *av++;
|
|
Michal Ruprich |
d886cd |
@@ -953,33 +983,6 @@ t2_vfy(char **av) {
|
|
Michal Ruprich |
d886cd |
return(T_UNRESOLVED);
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
- mctx = NULL;
|
|
Michal Ruprich |
d886cd |
- isc_result = isc_mem_create(0, 0, &mctx);
|
|
Michal Ruprich |
d886cd |
- if (isc_result != ISC_R_SUCCESS) {
|
|
Michal Ruprich |
d886cd |
- t_info("isc_mem_create failed %s\n",
|
|
Michal Ruprich |
d886cd |
- isc_result_totext(isc_result));
|
|
Michal Ruprich |
d886cd |
- return(T_UNRESOLVED);
|
|
Michal Ruprich |
d886cd |
- }
|
|
Michal Ruprich |
d886cd |
- ectx = NULL;
|
|
Michal Ruprich |
d886cd |
- isc_result = isc_entropy_create(mctx, &ectx);
|
|
Michal Ruprich |
d886cd |
- if (isc_result != ISC_R_SUCCESS) {
|
|
Michal Ruprich |
d886cd |
- t_info("isc_entropy_create failed %s\n",
|
|
Michal Ruprich |
d886cd |
- isc_result_totext(isc_result));
|
|
Michal Ruprich |
d886cd |
- return(T_UNRESOLVED);
|
|
Michal Ruprich |
d886cd |
- }
|
|
Michal Ruprich |
d886cd |
- isc_result = isc_entropy_createfilesource(ectx, "randomfile");
|
|
Michal Ruprich |
d886cd |
- if (isc_result != ISC_R_SUCCESS) {
|
|
Michal Ruprich |
d886cd |
- t_info("isc_entropy_create failed %s\n",
|
|
Michal Ruprich |
d886cd |
- isc_result_totext(isc_result));
|
|
Michal Ruprich |
d886cd |
- return(T_UNRESOLVED);
|
|
Michal Ruprich |
d886cd |
- }
|
|
Michal Ruprich |
d886cd |
- isc_result = dst_lib_init(mctx, ectx, ISC_ENTROPY_BLOCKING);
|
|
Michal Ruprich |
d886cd |
- if (isc_result != ISC_R_SUCCESS) {
|
|
Michal Ruprich |
d886cd |
- t_info("dst_lib_init failed %s\n",
|
|
Michal Ruprich |
d886cd |
- isc_result_totext(isc_result));
|
|
Michal Ruprich |
d886cd |
- return(T_UNRESOLVED);
|
|
Michal Ruprich |
d886cd |
- }
|
|
Michal Ruprich |
d886cd |
-
|
|
Michal Ruprich |
d886cd |
if (!dst_algorithm_supported(DST_ALG_RSAMD5)) {
|
|
Michal Ruprich |
d886cd |
dst_lib_destroy();
|
|
Michal Ruprich |
d886cd |
t_info("library built without crypto support\n");
|
|
Michal Ruprich |
d886cd |
@@ -990,15 +993,9 @@ t2_vfy(char **av) {
|
|
Michal Ruprich |
d886cd |
datapath, sigpath, keyname, key, alg, exp_result);
|
|
Michal Ruprich |
d886cd |
t2_sigchk(datapath, sigpath, keyname, keyid,
|
|
Michal Ruprich |
d886cd |
algid, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
|
|
Michal Ruprich |
d886cd |
- mctx, exp_result,
|
|
Michal Ruprich |
d886cd |
+ t2_mctx, exp_result,
|
|
Michal Ruprich |
d886cd |
&nfails, &nprobs);
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
- dst_lib_destroy();
|
|
Michal Ruprich |
d886cd |
-
|
|
Michal Ruprich |
d886cd |
- isc_entropy_detach(&ectx);
|
|
Michal Ruprich |
d886cd |
-
|
|
Michal Ruprich |
d886cd |
- isc_mem_destroy(&mctx);
|
|
Michal Ruprich |
d886cd |
-
|
|
Michal Ruprich |
d886cd |
result = T_UNRESOLVED;
|
|
Michal Ruprich |
d886cd |
if (nfails)
|
|
Michal Ruprich |
d886cd |
result = T_FAIL;
|
|
Michal Ruprich |
d886cd |
@@ -1008,11 +1005,24 @@ t2_vfy(char **av) {
|
|
Michal Ruprich |
d886cd |
return(result);
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
+static const char *a2 =
|
|
Michal Ruprich |
d886cd |
+ "the dst module provides the capability to "
|
|
Michal Ruprich |
d886cd |
+ "verify data signed with the RSA and DSA algorithms";
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
static void
|
|
Michal Ruprich |
d886cd |
t2(void) {
|
|
Michal Ruprich |
d886cd |
int result;
|
|
Michal Ruprich |
d886cd |
t_assert("dst", 2, T_REQUIRED, "%s", a2);
|
|
Michal Ruprich |
d886cd |
- result = t_eval("dst_2_data", t2_vfy, 6);
|
|
Michal Ruprich |
d886cd |
+ if (!t2_vfy_init()) {
|
|
Michal Ruprich |
d886cd |
+ result = T_UNRESOLVED;
|
|
Michal Ruprich |
d886cd |
+ } else {
|
|
Michal Ruprich |
d886cd |
+ result = t_eval("dst_2_data", t2_vfy, 6);
|
|
Michal Ruprich |
d886cd |
+ dst_lib_destroy();
|
|
Michal Ruprich |
d886cd |
+ }
|
|
Michal Ruprich |
d886cd |
+ if (t2_ectx)
|
|
Michal Ruprich |
d886cd |
+ isc_entropy_detach(&t2_ectx);
|
|
Michal Ruprich |
d886cd |
+ if (t2_mctx)
|
|
Michal Ruprich |
d886cd |
+ isc_mem_destroy(&t2_mctx);
|
|
Michal Ruprich |
d886cd |
t_result(result);
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
diff --git a/configure b/configure
|
|
Michal Ruprich |
d886cd |
index 0ea01af..27156e2 100755
|
|
Michal Ruprich |
d886cd |
--- a/configure
|
|
Michal Ruprich |
d886cd |
+++ b/configure
|
|
Michal Ruprich |
d886cd |
@@ -15916,8 +15916,8 @@ $as_echo "using OpenSSL from $use_openssl/lib and $use_openssl/include" >&6; }
|
|
Michal Ruprich |
d886cd |
saved_cc="$CC"
|
|
Michal Ruprich |
d886cd |
saved_cflags="$CFLAGS"
|
|
Michal Ruprich |
d886cd |
saved_libs="$LIBS"
|
|
Michal Ruprich |
d886cd |
- CFLAGS="$CFLAGS $DST_OPENSSL_INC"
|
|
Michal Ruprich |
d886cd |
- LIBS="$LIBS $DST_OPENSSL_LIBS"
|
|
Michal Ruprich |
d886cd |
+ CFLAGS="$DST_OPENSSL_INC $CFLAGS"
|
|
Michal Ruprich |
d886cd |
+ LIBS="$DST_OPENSSL_LIBS $LIBS"
|
|
Michal Ruprich |
d886cd |
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether linking with OpenSSL works" >&5
|
|
Michal Ruprich |
d886cd |
$as_echo_n "checking whether linking with OpenSSL works... " >&6; }
|
|
Michal Ruprich |
d886cd |
if test "$cross_compiling" = yes; then :
|
|
Michal Ruprich |
d886cd |
@@ -15955,13 +15955,24 @@ $as_echo_n "checking whether linking with OpenSSL requires -ldl... " >&6; }
|
|
Michal Ruprich |
d886cd |
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
|
Michal Ruprich |
d886cd |
/* end confdefs.h. */
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
+#include <openssl/opensslv.h>
|
|
Michal Ruprich |
d886cd |
+#if OPENSSL_VERSION_NUMBER >= 0x10100004L
|
|
Michal Ruprich |
d886cd |
+#include <openssl/crypto.h>
|
|
Michal Ruprich |
d886cd |
+#else
|
|
Michal Ruprich |
d886cd |
#include <openssl/err.h>
|
|
Michal Ruprich |
d886cd |
#include <openssl/dso.h>
|
|
Michal Ruprich |
d886cd |
+#endif
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
int
|
|
Michal Ruprich |
d886cd |
main ()
|
|
Michal Ruprich |
d886cd |
{
|
|
Michal Ruprich |
d886cd |
- DSO_METHOD_dlfcn();
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+#if OPENSSL_VERSION_NUMBER >= 0x10100004L
|
|
Michal Ruprich |
d886cd |
+OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL);
|
|
Michal Ruprich |
d886cd |
+#else
|
|
Michal Ruprich |
d886cd |
+DSO_METHOD_dlfcn();
|
|
Michal Ruprich |
d886cd |
+#endif
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
;
|
|
Michal Ruprich |
d886cd |
return 0;
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
@@ -15974,13 +15985,23 @@ else
|
|
Michal Ruprich |
d886cd |
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
|
Michal Ruprich |
d886cd |
/* end confdefs.h. */
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
+#if OPENSSL_VERSION_NUMBER >= 0x10100004L
|
|
Michal Ruprich |
d886cd |
+#include <openssl/crypto.h>
|
|
Michal Ruprich |
d886cd |
+#else
|
|
Michal Ruprich |
d886cd |
#include <openssl/err.h>
|
|
Michal Ruprich |
d886cd |
#include <openssl/dso.h>
|
|
Michal Ruprich |
d886cd |
+#endif
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
int
|
|
Michal Ruprich |
d886cd |
main ()
|
|
Michal Ruprich |
d886cd |
{
|
|
Michal Ruprich |
d886cd |
- DSO_METHOD_dlfcn();
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+#if OPENSSL_VERSION_NUMBER >= 0x10100004L
|
|
Michal Ruprich |
d886cd |
+OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL);
|
|
Michal Ruprich |
d886cd |
+#else
|
|
Michal Ruprich |
d886cd |
+DSO_METHOD_dlfcn();
|
|
Michal Ruprich |
d886cd |
+#endif
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
;
|
|
Michal Ruprich |
d886cd |
return 0;
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
@@ -16027,7 +16048,7 @@ int main() {
|
|
Michal Ruprich |
d886cd |
OPENSSL_VERSION_NUMBER < 0x10002000L) ||
|
|
Michal Ruprich |
d886cd |
OPENSSL_VERSION_NUMBER >= 0x1000205fL)
|
|
Michal Ruprich |
d886cd |
return (0);
|
|
Michal Ruprich |
d886cd |
- printf("\n\nFound OPENSSL_VERSION_NUMBER %#010x\n",
|
|
Michal Ruprich |
d886cd |
+ printf("\n\nFound OPENSSL_VERSION_NUMBER %#010lx\n",
|
|
Michal Ruprich |
d886cd |
OPENSSL_VERSION_NUMBER);
|
|
Michal Ruprich |
d886cd |
printf("Require OPENSSL_VERSION_NUMBER 0x009070cf or greater (0.9.7l)\n"
|
|
Michal Ruprich |
d886cd |
"Require OPENSSL_VERSION_NUMBER 0x0090804f or greater (0.9.8d)\n"
|
|
Michal Ruprich |
d886cd |
@@ -16247,7 +16268,7 @@ else
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
#include <openssl/evp.h>
|
|
Michal Ruprich |
d886cd |
int main() {
|
|
Michal Ruprich |
d886cd |
- EVP_CIPHER *aes128, *aes192, *aes256;
|
|
Michal Ruprich |
d886cd |
+ const EVP_CIPHER *aes128, *aes192, *aes256;
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
aes128 = EVP_aes_128_ecb();
|
|
Michal Ruprich |
d886cd |
aes192 = EVP_aes_192_ecb();
|
|
Michal Ruprich |
d886cd |
@@ -16420,43 +16441,6 @@ $as_echo "yes" >&6; }
|
|
Michal Ruprich |
d886cd |
ISC_PLATFORM_OPENSSLHASH="#define ISC_PLATFORM_OPENSSLHASH 1"
|
|
Michal Ruprich |
d886cd |
ISC_OPENSSL_INC="$DST_OPENSSL_INC"
|
|
Michal Ruprich |
d886cd |
ISC_OPENSSL_LIBS="$DST_OPENSSL_LIBS"
|
|
Michal Ruprich |
d886cd |
- saved_cflags="$CFLAGS"
|
|
Michal Ruprich |
d886cd |
- save_libs="$LIBS"
|
|
Michal Ruprich |
d886cd |
- CFLAGS="$CFLAGS $ISC_OPENSSL_INC"
|
|
Michal Ruprich |
d886cd |
- LIBS="$LIBS $ISC_OPENSSL_LIBS"
|
|
Michal Ruprich |
d886cd |
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking HMAC_Init() return type" >&5
|
|
Michal Ruprich |
d886cd |
-$as_echo_n "checking HMAC_Init() return type... " >&6; }
|
|
Michal Ruprich |
d886cd |
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
|
Michal Ruprich |
d886cd |
-/* end confdefs.h. */
|
|
Michal Ruprich |
d886cd |
-
|
|
Michal Ruprich |
d886cd |
- #include <openssl/hmac.h>
|
|
Michal Ruprich |
d886cd |
-int
|
|
Michal Ruprich |
d886cd |
-main ()
|
|
Michal Ruprich |
d886cd |
-{
|
|
Michal Ruprich |
d886cd |
-
|
|
Michal Ruprich |
d886cd |
- HMAC_CTX ctx;
|
|
Michal Ruprich |
d886cd |
- int n = HMAC_Init(&ctx, NULL, 0, NULL);
|
|
Michal Ruprich |
d886cd |
- n += HMAC_Update(&ctx, NULL, 0);
|
|
Michal Ruprich |
d886cd |
- n += HMAC_Final(&ctx, NULL, NULL);
|
|
Michal Ruprich |
d886cd |
- ;
|
|
Michal Ruprich |
d886cd |
- return 0;
|
|
Michal Ruprich |
d886cd |
-}
|
|
Michal Ruprich |
d886cd |
-_ACEOF
|
|
Michal Ruprich |
d886cd |
-if ac_fn_c_try_compile "$LINENO"; then :
|
|
Michal Ruprich |
d886cd |
-
|
|
Michal Ruprich |
d886cd |
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: int" >&5
|
|
Michal Ruprich |
d886cd |
-$as_echo "int" >&6; }
|
|
Michal Ruprich |
d886cd |
-
|
|
Michal Ruprich |
d886cd |
-$as_echo "#define HMAC_RETURN_INT 1" >>confdefs.h
|
|
Michal Ruprich |
d886cd |
-
|
|
Michal Ruprich |
d886cd |
-else
|
|
Michal Ruprich |
d886cd |
-
|
|
Michal Ruprich |
d886cd |
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: void" >&5
|
|
Michal Ruprich |
d886cd |
-$as_echo "void" >&6; }
|
|
Michal Ruprich |
d886cd |
-fi
|
|
Michal Ruprich |
d886cd |
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
|
|
Michal Ruprich |
d886cd |
- CFLAGS="$saved_cflags"
|
|
Michal Ruprich |
d886cd |
- LIBS="$save_libs"
|
|
Michal Ruprich |
d886cd |
;;
|
|
Michal Ruprich |
d886cd |
no)
|
|
Michal Ruprich |
d886cd |
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
|
|
Michal Ruprich |
d886cd |
diff --git a/configure.in b/configure.in
|
|
Michal Ruprich |
d886cd |
index 82480b5..d78e445 100644
|
|
Michal Ruprich |
d886cd |
--- a/configure.in
|
|
Michal Ruprich |
d886cd |
+++ b/configure.in
|
|
Michal Ruprich |
d886cd |
@@ -1595,8 +1595,8 @@ If you don't want OpenSSL, use --without-openssl])
|
|
Michal Ruprich |
d886cd |
saved_cc="$CC"
|
|
Michal Ruprich |
d886cd |
saved_cflags="$CFLAGS"
|
|
Michal Ruprich |
d886cd |
saved_libs="$LIBS"
|
|
Michal Ruprich |
d886cd |
- CFLAGS="$CFLAGS $DST_OPENSSL_INC"
|
|
Michal Ruprich |
d886cd |
- LIBS="$LIBS $DST_OPENSSL_LIBS"
|
|
Michal Ruprich |
d886cd |
+ CFLAGS="$DST_OPENSSL_INC $CFLAGS"
|
|
Michal Ruprich |
d886cd |
+ LIBS="$DST_OPENSSL_LIBS $LIBS"
|
|
Michal Ruprich |
d886cd |
AC_MSG_CHECKING(whether linking with OpenSSL works)
|
|
Michal Ruprich |
d886cd |
AC_TRY_RUN([
|
|
Michal Ruprich |
d886cd |
#include <openssl/err.h>
|
|
Michal Ruprich |
d886cd |
@@ -1615,16 +1615,38 @@ shared library configuration (e.g., LD_LIBRARY_PATH).)],
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
AC_MSG_CHECKING(whether linking with OpenSSL requires -ldl)
|
|
Michal Ruprich |
d886cd |
AC_TRY_LINK([
|
|
Michal Ruprich |
d886cd |
+#include <openssl/opensslv.h>
|
|
Michal Ruprich |
d886cd |
+#if OPENSSL_VERSION_NUMBER >= 0x10100004L
|
|
Michal Ruprich |
d886cd |
+#include <openssl/crypto.h>
|
|
Michal Ruprich |
d886cd |
+#else
|
|
Michal Ruprich |
d886cd |
#include <openssl/err.h>
|
|
Michal Ruprich |
d886cd |
#include <openssl/dso.h>
|
|
Michal Ruprich |
d886cd |
+#endif
|
|
Michal Ruprich |
d886cd |
+],
|
|
Michal Ruprich |
d886cd |
+[
|
|
Michal Ruprich |
d886cd |
+#if OPENSSL_VERSION_NUMBER >= 0x10100004L
|
|
Michal Ruprich |
d886cd |
+OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL);
|
|
Michal Ruprich |
d886cd |
+#else
|
|
Michal Ruprich |
d886cd |
+DSO_METHOD_dlfcn();
|
|
Michal Ruprich |
d886cd |
+#endif
|
|
Michal Ruprich |
d886cd |
],
|
|
 |
20cebf |
-[ DSO_METHOD_dlfcn(); ],
|
|
Michal Ruprich |
d886cd |
[AC_MSG_RESULT(no)],
|
|
Michal Ruprich |
d886cd |
[LIBS="$LIBS -ldl"
|
|
Michal Ruprich |
d886cd |
AC_TRY_LINK([
|
|
Michal Ruprich |
d886cd |
+#if OPENSSL_VERSION_NUMBER >= 0x10100004L
|
|
Michal Ruprich |
d886cd |
+#include <openssl/crypto.h>
|
|
Michal Ruprich |
d886cd |
+#else
|
|
Michal Ruprich |
d886cd |
#include <openssl/err.h>
|
|
Michal Ruprich |
d886cd |
#include <openssl/dso.h>
|
|
|
20cebf |
-],[ DSO_METHOD_dlfcn(); ],
|
|
Michal Ruprich |
d886cd |
+#endif
|
|
Michal Ruprich |
d886cd |
+],
|
|
Michal Ruprich |
d886cd |
+[
|
|
Michal Ruprich |
d886cd |
+#if OPENSSL_VERSION_NUMBER >= 0x10100004L
|
|
Michal Ruprich |
d886cd |
+OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL);
|
|
Michal Ruprich |
d886cd |
+#else
|
|
Michal Ruprich |
d886cd |
+DSO_METHOD_dlfcn();
|
|
Michal Ruprich |
d886cd |
+#endif
|
|
Michal Ruprich |
d886cd |
+],
|
|
Michal Ruprich |
d886cd |
[AC_MSG_RESULT(yes)
|
|
Michal Ruprich |
d886cd |
DST_OPENSSL_LIBS="$DST_OPENSSL_LIBS -ldl"
|
|
Michal Ruprich |
d886cd |
],
|
|
Michal Ruprich |
d886cd |
@@ -1651,7 +1673,7 @@ int main() {
|
|
Michal Ruprich |
d886cd |
OPENSSL_VERSION_NUMBER < 0x10002000L) ||
|
|
Michal Ruprich |
d886cd |
OPENSSL_VERSION_NUMBER >= 0x1000205fL)
|
|
Michal Ruprich |
d886cd |
return (0);
|
|
Michal Ruprich |
d886cd |
- printf("\n\nFound OPENSSL_VERSION_NUMBER %#010x\n",
|
|
Michal Ruprich |
d886cd |
+ printf("\n\nFound OPENSSL_VERSION_NUMBER %#010lx\n",
|
|
Michal Ruprich |
d886cd |
OPENSSL_VERSION_NUMBER);
|
|
Michal Ruprich |
d886cd |
printf("Require OPENSSL_VERSION_NUMBER 0x009070cf or greater (0.9.7l)\n"
|
|
Michal Ruprich |
d886cd |
"Require OPENSSL_VERSION_NUMBER 0x0090804f or greater (0.9.8d)\n"
|
|
Michal Ruprich |
d886cd |
@@ -1803,7 +1825,7 @@ int main() {
|
|
Michal Ruprich |
d886cd |
AC_TRY_RUN([
|
|
Michal Ruprich |
d886cd |
#include <openssl/evp.h>
|
|
Michal Ruprich |
d886cd |
int main() {
|
|
Michal Ruprich |
d886cd |
- EVP_CIPHER *aes128, *aes192, *aes256;
|
|
Michal Ruprich |
d886cd |
+ const EVP_CIPHER *aes128, *aes192, *aes256;
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
aes128 = EVP_aes_128_ecb();
|
|
Michal Ruprich |
d886cd |
aes192 = EVP_aes_192_ecb();
|
|
Michal Ruprich |
d886cd |
@@ -1953,22 +1975,6 @@ case $want_openssl_hash in
|
|
Michal Ruprich |
d886cd |
ISC_PLATFORM_OPENSSLHASH="#define ISC_PLATFORM_OPENSSLHASH 1"
|
|
Michal Ruprich |
d886cd |
ISC_OPENSSL_INC="$DST_OPENSSL_INC"
|
|
Michal Ruprich |
d886cd |
ISC_OPENSSL_LIBS="$DST_OPENSSL_LIBS"
|
|
Michal Ruprich |
d886cd |
- saved_cflags="$CFLAGS"
|
|
Michal Ruprich |
d886cd |
- save_libs="$LIBS"
|
|
Michal Ruprich |
d886cd |
- CFLAGS="$CFLAGS $ISC_OPENSSL_INC"
|
|
Michal Ruprich |
d886cd |
- LIBS="$LIBS $ISC_OPENSSL_LIBS"
|
|
Michal Ruprich |
d886cd |
- AC_MSG_CHECKING([HMAC_Init() return type])
|
|
Michal Ruprich |
d886cd |
- AC_TRY_COMPILE([
|
|
Michal Ruprich |
d886cd |
- #include <openssl/hmac.h>],[
|
|
Michal Ruprich |
d886cd |
- HMAC_CTX ctx;
|
|
Michal Ruprich |
d886cd |
- int n = HMAC_Init(&ctx, NULL, 0, NULL);
|
|
Michal Ruprich |
d886cd |
- n += HMAC_Update(&ctx, NULL, 0);
|
|
Michal Ruprich |
d886cd |
- n += HMAC_Final(&ctx, NULL, NULL);],[
|
|
Michal Ruprich |
d886cd |
- AC_MSG_RESULT(int)
|
|
Michal Ruprich |
d886cd |
- AC_DEFINE(HMAC_RETURN_INT, 1, [HMAC_*() return ints])],[
|
|
Michal Ruprich |
d886cd |
- AC_MSG_RESULT(void)])
|
|
Michal Ruprich |
d886cd |
- CFLAGS="$saved_cflags"
|
|
Michal Ruprich |
d886cd |
- LIBS="$save_libs"
|
|
Michal Ruprich |
d886cd |
;;
|
|
Michal Ruprich |
d886cd |
no)
|
|
Michal Ruprich |
d886cd |
AC_MSG_RESULT(no)
|
|
Michal Ruprich |
d886cd |
diff --git a/lib/dns/dst_gost.h b/lib/dns/dst_gost.h
|
|
Michal Ruprich |
d886cd |
index da6dcf5..86dda8b 100644
|
|
Michal Ruprich |
d886cd |
--- a/lib/dns/dst_gost.h
|
|
Michal Ruprich |
d886cd |
+++ b/lib/dns/dst_gost.h
|
|
Michal Ruprich |
d886cd |
@@ -18,7 +18,13 @@
|
|
Michal Ruprich |
d886cd |
#ifdef HAVE_OPENSSL_GOST
|
|
Michal Ruprich |
d886cd |
#include <openssl/evp.h>
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
-typedef EVP_MD_CTX isc_gost_t;
|
|
Michal Ruprich |
d886cd |
+typedef struct {
|
|
Michal Ruprich |
d886cd |
+ EVP_MD_CTX *ctx;
|
|
Michal Ruprich |
d886cd |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
Michal Ruprich |
d886cd |
+ EVP_MD_CTX _ctx;
|
|
Michal Ruprich |
d886cd |
+#endif
|
|
Michal Ruprich |
d886cd |
+} isc_gost_t;
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
#endif
|
|
Michal Ruprich |
d886cd |
#ifdef HAVE_PKCS11_GOST
|
|
Michal Ruprich |
d886cd |
#include <pk11/pk11.h>
|
|
Michal Ruprich |
d886cd |
diff --git a/lib/dns/dst_openssl.h b/lib/dns/dst_openssl.h
|
|
Michal Ruprich |
d886cd |
index d7dd0e8..f8a3057 100644
|
|
Michal Ruprich |
d886cd |
--- a/lib/dns/dst_openssl.h
|
|
Michal Ruprich |
d886cd |
+++ b/lib/dns/dst_openssl.h
|
|
Michal Ruprich |
d886cd |
@@ -22,8 +22,10 @@
|
|
|
20cebf |
#include <openssl/crypto.h>
|
|
|
20cebf |
#include <openssl/bn.h>
|
|
|
20cebf |
|
|
|
20cebf |
-#if !defined(OPENSSL_NO_ENGINE) && defined(CRYPTO_LOCK_ENGINE) && \
|
|
Michal Ruprich |
d886cd |
- (OPENSSL_VERSION_NUMBER >= 0x0090707f)
|
|
Michal Ruprich |
d886cd |
+#if !defined(OPENSSL_NO_ENGINE) && \
|
|
Michal Ruprich |
d886cd |
+ ((defined(CRYPTO_LOCK_ENGINE) && \
|
|
Michal Ruprich |
d886cd |
+ (OPENSSL_VERSION_NUMBER >= 0x0090707f)) || \
|
|
Michal Ruprich |
d886cd |
+ (OPENSSL_VERSION_NUMBER >= 0x10100000L))
|
|
|
20cebf |
#define USE_ENGINE 1
|
|
|
20cebf |
#endif
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
@@ -41,6 +43,15 @@
|
|
Michal Ruprich |
d886cd |
#define BN_GENCB_get_arg(x) ((x)->arg)
|
|
Michal Ruprich |
d886cd |
#endif
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
Michal Ruprich |
d886cd |
+/*
|
|
Michal Ruprich |
d886cd |
+ * EVP_dss1() is a version of EVP_sha1() that was needed prior to
|
|
Michal Ruprich |
d886cd |
+ * 1.1.0 because there was a link between digests and signing algorithms;
|
|
Michal Ruprich |
d886cd |
+ * the link has been eliminated and EVP_sha1() can be used now instead.
|
|
Michal Ruprich |
d886cd |
+ */
|
|
Michal Ruprich |
d886cd |
+#define EVP_dss1 EVP_sha1
|
|
Michal Ruprich |
d886cd |
+#endif
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
ISC_LANG_BEGINDECLS
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
isc_result_t
|
|
Michal Ruprich |
d886cd |
diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c
|
|
Michal Ruprich |
d886cd |
index 2e8bcf6..58df04d 100644
|
|
Michal Ruprich |
d886cd |
--- a/lib/dns/openssl_link.c
|
|
Michal Ruprich |
d886cd |
+++ b/lib/dns/openssl_link.c
|
|
Michal Ruprich |
d886cd |
@@ -102,6 +102,7 @@ entropy_add(const void *buf, int num, double entropy) {
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
#endif
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
Michal Ruprich |
d886cd |
static void
|
|
Michal Ruprich |
d886cd |
lock_callback(int mode, int type, const char *file, int line) {
|
|
Michal Ruprich |
d886cd |
UNUSED(file);
|
|
Michal Ruprich |
d886cd |
@@ -112,45 +113,59 @@ lock_callback(int mode, int type, const char *file, int line) {
|
|
Michal Ruprich |
d886cd |
UNLOCK(&locks[type]);
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
Michal Ruprich |
d886cd |
static unsigned long
|
|
Michal Ruprich |
d886cd |
id_callback(void) {
|
|
Michal Ruprich |
d886cd |
return ((unsigned long)isc_thread_self());
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
#endif
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
Michal Ruprich |
d886cd |
+#define FLARG_PASS , __FILE__, __LINE__
|
|
Michal Ruprich |
d886cd |
+#define FLARG
|
|
Michal Ruprich |
d886cd |
+#define FILELINE
|
|
Michal Ruprich |
d886cd |
+#else
|
|
Michal Ruprich |
d886cd |
+#define FLARG , const char *file, int line
|
|
Michal Ruprich |
d886cd |
+#define FILELINE , __FILE__, __LINE__
|
|
Michal Ruprich |
d886cd |
+#if ISC_MEM_TRACKLINES
|
|
Michal Ruprich |
d886cd |
+#define FLARG_PASS , file, line
|
|
Michal Ruprich |
d886cd |
+#else
|
|
Michal Ruprich |
d886cd |
+#define FLARG_PASS
|
|
Michal Ruprich |
d886cd |
+#endif
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+#endif
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
static void *
|
|
Michal Ruprich |
d886cd |
-mem_alloc(size_t size) {
|
|
Michal Ruprich |
d886cd |
+mem_alloc(size_t size FLARG) {
|
|
Michal Ruprich |
d886cd |
#ifdef OPENSSL_LEAKS
|
|
Michal Ruprich |
d886cd |
void *ptr;
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
INSIST(dst__memory_pool != NULL);
|
|
Michal Ruprich |
d886cd |
- ptr = isc_mem_allocate(dst__memory_pool, size);
|
|
Michal Ruprich |
d886cd |
+ ptr = isc__mem_allocate(dst__memory_pool, size FLARG_PASS);
|
|
Michal Ruprich |
d886cd |
return (ptr);
|
|
Michal Ruprich |
d886cd |
#else
|
|
Michal Ruprich |
d886cd |
INSIST(dst__memory_pool != NULL);
|
|
Michal Ruprich |
d886cd |
- return (isc_mem_allocate(dst__memory_pool, size));
|
|
Michal Ruprich |
d886cd |
+ return (isc__mem_allocate(dst__memory_pool, size FLARG_PASS));
|
|
Michal Ruprich |
d886cd |
#endif
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
static void
|
|
Michal Ruprich |
d886cd |
-mem_free(void *ptr) {
|
|
Michal Ruprich |
d886cd |
+mem_free(void *ptr FLARG) {
|
|
Michal Ruprich |
d886cd |
INSIST(dst__memory_pool != NULL);
|
|
Michal Ruprich |
d886cd |
if (ptr != NULL)
|
|
Michal Ruprich |
d886cd |
- isc_mem_free(dst__memory_pool, ptr);
|
|
Michal Ruprich |
d886cd |
+ isc__mem_free(dst__memory_pool, ptr FLARG_PASS);
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
static void *
|
|
Michal Ruprich |
d886cd |
-mem_realloc(void *ptr, size_t size) {
|
|
Michal Ruprich |
d886cd |
+mem_realloc(void *ptr, size_t size FLARG) {
|
|
Michal Ruprich |
d886cd |
#ifdef OPENSSL_LEAKS
|
|
Michal Ruprich |
d886cd |
void *rptr;
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
INSIST(dst__memory_pool != NULL);
|
|
Michal Ruprich |
d886cd |
- rptr = isc_mem_reallocate(dst__memory_pool, ptr, size);
|
|
Michal Ruprich |
d886cd |
+ rptr = isc__mem_reallocate(dst__memory_pool, ptr, size FLARG_PASS);
|
|
Michal Ruprich |
d886cd |
return (rptr);
|
|
Michal Ruprich |
d886cd |
#else
|
|
Michal Ruprich |
d886cd |
INSIST(dst__memory_pool != NULL);
|
|
Michal Ruprich |
d886cd |
- return (isc_mem_reallocate(dst__memory_pool, ptr, size));
|
|
Michal Ruprich |
d886cd |
+ return (isc__mem_reallocate(dst__memory_pool, ptr, size FLARG_PASS));
|
|
Michal Ruprich |
d886cd |
#endif
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
@@ -171,20 +186,20 @@ dst__openssl_init(const char *engine) {
|
|
Michal Ruprich |
d886cd |
#endif
|
|
Michal Ruprich |
d886cd |
CRYPTO_set_mem_functions(mem_alloc, mem_realloc, mem_free);
|
|
Michal Ruprich |
d886cd |
nlocks = CRYPTO_num_locks();
|
|
Michal Ruprich |
d886cd |
- locks = mem_alloc(sizeof(isc_mutex_t) * nlocks);
|
|
Michal Ruprich |
d886cd |
+ locks = mem_alloc(sizeof(isc_mutex_t) * nlocks FILELINE);
|
|
Michal Ruprich |
d886cd |
if (locks == NULL)
|
|
Michal Ruprich |
d886cd |
return (ISC_R_NOMEMORY);
|
|
Michal Ruprich |
d886cd |
result = isc_mutexblock_init(locks, nlocks);
|
|
Michal Ruprich |
d886cd |
if (result != ISC_R_SUCCESS)
|
|
Michal Ruprich |
d886cd |
goto cleanup_mutexalloc;
|
|
Michal Ruprich |
d886cd |
- CRYPTO_set_locking_callback(lock_callback);
|
|
Michal Ruprich |
d886cd |
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
Michal Ruprich |
d886cd |
+ CRYPTO_set_locking_callback(lock_callback);
|
|
Michal Ruprich |
d886cd |
CRYPTO_set_id_callback(id_callback);
|
|
Michal Ruprich |
d886cd |
#endif
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
ERR_load_crypto_strings();
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
- rm = mem_alloc(sizeof(RAND_METHOD));
|
|
Michal Ruprich |
d886cd |
+ rm = mem_alloc(sizeof(RAND_METHOD) FILELINE);
|
|
Michal Ruprich |
d886cd |
if (rm == NULL) {
|
|
Michal Ruprich |
d886cd |
result = ISC_R_NOMEMORY;
|
|
Michal Ruprich |
d886cd |
goto cleanup_mutexinit;
|
|
Michal Ruprich |
d886cd |
@@ -250,20 +265,27 @@ dst__openssl_init(const char *engine) {
|
|
Michal Ruprich |
d886cd |
if (e != NULL)
|
|
Michal Ruprich |
d886cd |
ENGINE_free(e);
|
|
Michal Ruprich |
d886cd |
e = NULL;
|
|
Michal Ruprich |
d886cd |
- mem_free(rm);
|
|
Michal Ruprich |
d886cd |
+ mem_free(rm FILELINE);
|
|
Michal Ruprich |
d886cd |
rm = NULL;
|
|
Michal Ruprich |
d886cd |
#endif
|
|
Michal Ruprich |
d886cd |
cleanup_mutexinit:
|
|
Michal Ruprich |
d886cd |
CRYPTO_set_locking_callback(NULL);
|
|
Michal Ruprich |
d886cd |
DESTROYMUTEXBLOCK(locks, nlocks);
|
|
Michal Ruprich |
d886cd |
cleanup_mutexalloc:
|
|
Michal Ruprich |
d886cd |
- mem_free(locks);
|
|
Michal Ruprich |
d886cd |
+ mem_free(locks FILELINE);
|
|
Michal Ruprich |
d886cd |
locks = NULL;
|
|
Michal Ruprich |
d886cd |
return (result);
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
dst__openssl_destroy(void) {
|
|
Michal Ruprich |
d886cd |
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
Michal Ruprich |
d886cd |
+ OPENSSL_cleanup();
|
|
Michal Ruprich |
d886cd |
+ if (rm != NULL) {
|
|
Michal Ruprich |
d886cd |
+ mem_free(rm FILELINE);
|
|
Michal Ruprich |
d886cd |
+ rm = NULL;
|
|
Michal Ruprich |
d886cd |
+ }
|
|
Michal Ruprich |
d886cd |
+#else
|
|
Michal Ruprich |
d886cd |
/*
|
|
Michal Ruprich |
d886cd |
* Sequence taken from apps_shutdown() in <apps/apps.h>.
|
|
Michal Ruprich |
d886cd |
*/
|
|
Michal Ruprich |
d886cd |
@@ -271,7 +293,7 @@ dst__openssl_destroy(void) {
|
|
Michal Ruprich |
d886cd |
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
|
|
Michal Ruprich |
d886cd |
RAND_cleanup();
|
|
Michal Ruprich |
d886cd |
#endif
|
|
Michal Ruprich |
d886cd |
- mem_free(rm);
|
|
Michal Ruprich |
d886cd |
+ mem_free(rm FILELINE);
|
|
Michal Ruprich |
d886cd |
rm = NULL;
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
|
|
Michal Ruprich |
d886cd |
@@ -303,16 +325,18 @@ dst__openssl_destroy(void) {
|
|
Michal Ruprich |
d886cd |
if (locks != NULL) {
|
|
Michal Ruprich |
d886cd |
CRYPTO_set_locking_callback(NULL);
|
|
Michal Ruprich |
d886cd |
DESTROYMUTEXBLOCK(locks, nlocks);
|
|
Michal Ruprich |
d886cd |
- mem_free(locks);
|
|
Michal Ruprich |
d886cd |
+ mem_free(locks FILELINE);
|
|
Michal Ruprich |
d886cd |
locks = NULL;
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
+#endif
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
static isc_result_t
|
|
Michal Ruprich |
d886cd |
toresult(isc_result_t fallback) {
|
|
Michal Ruprich |
d886cd |
isc_result_t result = fallback;
|
|
Michal Ruprich |
d886cd |
unsigned long err = ERR_get_error();
|
|
Michal Ruprich |
d886cd |
-#ifdef HAVE_OPENSSL_ECDSA
|
|
Michal Ruprich |
d886cd |
+#if defined(HAVE_OPENSSL_ECDSA) && \
|
|
Michal Ruprich |
d886cd |
+ defined(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED)
|
|
Michal Ruprich |
d886cd |
int lib = ERR_GET_LIB(err);
|
|
Michal Ruprich |
d886cd |
#endif
|
|
Michal Ruprich |
d886cd |
int reason = ERR_GET_REASON(err);
|
|
Michal Ruprich |
d886cd |
@@ -326,7 +350,8 @@ toresult(isc_result_t fallback) {
|
|
Michal Ruprich |
d886cd |
result = ISC_R_NOMEMORY;
|
|
Michal Ruprich |
d886cd |
break;
|
|
Michal Ruprich |
d886cd |
default:
|
|
Michal Ruprich |
d886cd |
-#ifdef HAVE_OPENSSL_ECDSA
|
|
Michal Ruprich |
d886cd |
+#if defined(HAVE_OPENSSL_ECDSA) && \
|
|
Michal Ruprich |
d886cd |
+ defined(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED)
|
|
Michal Ruprich |
d886cd |
if (lib == ERR_R_ECDSA_LIB &&
|
|
Michal Ruprich |
d886cd |
reason == ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED) {
|
|
Michal Ruprich |
d886cd |
result = ISC_R_NOENTROPY;
|
|
Michal Ruprich |
d886cd |
diff --git a/lib/dns/openssldh_link.c b/lib/dns/openssldh_link.c
|
|
Michal Ruprich |
d886cd |
index 4237ad0..dec5b3c 100644
|
|
Michal Ruprich |
d886cd |
--- a/lib/dns/openssldh_link.c
|
|
Michal Ruprich |
d886cd |
+++ b/lib/dns/openssldh_link.c
|
|
Michal Ruprich |
d886cd |
@@ -68,11 +68,74 @@ static isc_result_t openssldh_todns(const dst_key_t *key, isc_buffer_t *data);
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
static BIGNUM *bn2, *bn768, *bn1024, *bn1536;
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
Michal Ruprich |
d886cd |
+/*
|
|
Michal Ruprich |
d886cd |
+ * DH_get0_key, DH_set0_key, DH_get0_pqg and DH_set0_pqg
|
|
Michal Ruprich |
d886cd |
+ * are from OpenSSL 1.1.0.
|
|
Michal Ruprich |
d886cd |
+ */
|
|
Michal Ruprich |
d886cd |
+static void
|
|
Michal Ruprich |
d886cd |
+DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) {
|
|
Michal Ruprich |
d886cd |
+ if (pub_key != NULL)
|
|
Michal Ruprich |
d886cd |
+ *pub_key = dh->pub_key;
|
|
Michal Ruprich |
d886cd |
+ if (priv_key != NULL)
|
|
Michal Ruprich |
d886cd |
+ *priv_key = dh->priv_key;
|
|
Michal Ruprich |
d886cd |
+}
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+static int
|
|
Michal Ruprich |
d886cd |
+DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) {
|
|
Michal Ruprich |
d886cd |
+ /* Note that it is valid for priv_key to be NULL */
|
|
Michal Ruprich |
d886cd |
+ if (pub_key == NULL)
|
|
Michal Ruprich |
d886cd |
+ return 0;
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+ BN_free(dh->pub_key);
|
|
Michal Ruprich |
d886cd |
+ BN_free(dh->priv_key);
|
|
Michal Ruprich |
d886cd |
+ dh->pub_key = pub_key;
|
|
Michal Ruprich |
d886cd |
+ dh->priv_key = priv_key;
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+ return 1;
|
|
Michal Ruprich |
d886cd |
+}
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+static void
|
|
Michal Ruprich |
d886cd |
+DH_get0_pqg(const DH *dh,
|
|
Michal Ruprich |
d886cd |
+ const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
|
|
Michal Ruprich |
d886cd |
+{
|
|
Michal Ruprich |
d886cd |
+ if (p != NULL)
|
|
Michal Ruprich |
d886cd |
+ *p = dh->p;
|
|
Michal Ruprich |
d886cd |
+ if (q != NULL)
|
|
Michal Ruprich |
d886cd |
+ *q = dh->q;
|
|
Michal Ruprich |
d886cd |
+ if (g != NULL)
|
|
Michal Ruprich |
d886cd |
+ *g = dh->g;
|
|
Michal Ruprich |
d886cd |
+}
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+static int
|
|
Michal Ruprich |
d886cd |
+DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
|
|
Michal Ruprich |
d886cd |
+ /* q is optional */
|
|
Michal Ruprich |
d886cd |
+ if (p == NULL || g == NULL)
|
|
Michal Ruprich |
d886cd |
+ return(0);
|
|
Michal Ruprich |
d886cd |
+ BN_free(dh->p);
|
|
Michal Ruprich |
d886cd |
+ BN_free(dh->q);
|
|
Michal Ruprich |
d886cd |
+ BN_free(dh->g);
|
|
Michal Ruprich |
d886cd |
+ dh->p = p;
|
|
Michal Ruprich |
d886cd |
+ dh->q = q;
|
|
Michal Ruprich |
d886cd |
+ dh->g = g;
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+ if (q != NULL) {
|
|
Michal Ruprich |
d886cd |
+ dh->length = BN_num_bits(q);
|
|
Michal Ruprich |
d886cd |
+ }
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+ return(1);
|
|
Michal Ruprich |
d886cd |
+}
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+#define DH_clear_flags(d, f) (d)->flags &= ~(f)
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+#endif
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
static isc_result_t
|
|
Michal Ruprich |
d886cd |
openssldh_computesecret(const dst_key_t *pub, const dst_key_t *priv,
|
|
Michal Ruprich |
d886cd |
isc_buffer_t *secret)
|
|
Michal Ruprich |
d886cd |
{
|
|
Michal Ruprich |
d886cd |
DH *dhpub, *dhpriv;
|
|
Michal Ruprich |
d886cd |
+ const BIGNUM *pub_key = NULL;
|
|
|
20cebf |
int ret;
|
|
|
20cebf |
isc_region_t r;
|
|
|
20cebf |
unsigned int len;
|
|
Michal Ruprich |
d886cd |
@@ -87,7 +150,9 @@ openssldh_computesecret(const dst_key_t *pub, const dst_key_t *priv,
|
|
|
20cebf |
isc_buffer_availableregion(secret, &r);
|
|
|
20cebf |
if (r.length < len)
|
|
|
20cebf |
return (ISC_R_NOSPACE);
|
|
|
20cebf |
- ret = DH_compute_key(r.base, dhpub->pub_key, dhpriv);
|
|
Michal Ruprich |
d886cd |
+
|
|
|
20cebf |
+ DH_get0_key(dhpub, &pub_key, NULL);
|
|
|
20cebf |
+ ret = DH_compute_key(r.base, pub_key, dhpriv);
|
|
|
20cebf |
if (ret <= 0)
|
|
|
20cebf |
return (dst__openssl_toresult2("DH_compute_key",
|
|
|
20cebf |
DST_R_COMPUTESECRETFAILURE));
|
|
Michal Ruprich |
d886cd |
@@ -97,8 +162,10 @@ openssldh_computesecret(const dst_key_t *pub, const dst_key_t *priv,
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
static isc_boolean_t
|
|
|
20cebf |
openssldh_compare(const dst_key_t *key1, const dst_key_t *key2) {
|
|
Michal Ruprich |
d886cd |
- int status;
|
|
|
20cebf |
DH *dh1, *dh2;
|
|
Michal Ruprich |
d886cd |
+ const BIGNUM *pub_key1 = NULL, *pub_key2 = NULL;
|
|
Michal Ruprich |
d886cd |
+ const BIGNUM *priv_key1 = NULL, *priv_key2 = NULL;
|
|
Michal Ruprich |
d886cd |
+ const BIGNUM *p1 = NULL, *g1 = NULL, *p2 = NULL, *g2 = NULL;
|
|
|
20cebf |
|
|
|
20cebf |
dh1 = key1->keydata.dh;
|
|
|
20cebf |
dh2 = key2->keydata.dh;
|
|
Michal Ruprich |
d886cd |
@@ -108,17 +175,19 @@ openssldh_compare(const dst_key_t *key1, const dst_key_t *key2) {
|
|
|
20cebf |
else if (dh1 == NULL || dh2 == NULL)
|
|
|
20cebf |
return (ISC_FALSE);
|
|
|
20cebf |
|
|
|
20cebf |
- status = BN_cmp(dh1->p, dh2->p) ||
|
|
|
20cebf |
- BN_cmp(dh1->g, dh2->g) ||
|
|
|
20cebf |
- BN_cmp(dh1->pub_key, dh2->pub_key);
|
|
|
20cebf |
+ DH_get0_key(dh1, &pub_key1, &priv_key1);
|
|
|
20cebf |
+ DH_get0_key(dh2, &pub_key2, &priv_key2);
|
|
Michal Ruprich |
d886cd |
+ DH_get0_pqg(dh1, &p1, NULL, &g1;;
|
|
Michal Ruprich |
d886cd |
+ DH_get0_pqg(dh2, &p2, NULL, &g2;;
|
|
|
20cebf |
|
|
Michal Ruprich |
d886cd |
- if (status != 0)
|
|
Michal Ruprich |
d886cd |
+ if (BN_cmp(p1, p2) != 0 || BN_cmp(g1, g2) != 0 ||
|
|
Michal Ruprich |
d886cd |
+ BN_cmp(pub_key1, pub_key2) != 0)
|
|
|
20cebf |
return (ISC_FALSE);
|
|
|
20cebf |
|
|
|
20cebf |
- if (dh1->priv_key != NULL || dh2->priv_key != NULL) {
|
|
|
20cebf |
- if (dh1->priv_key == NULL || dh2->priv_key == NULL)
|
|
|
20cebf |
+ if (priv_key1 != NULL || priv_key2 != NULL) {
|
|
|
20cebf |
+ if (priv_key1 == NULL || priv_key2 == NULL)
|
|
|
20cebf |
return (ISC_FALSE);
|
|
|
20cebf |
- if (BN_cmp(dh1->priv_key, dh2->priv_key) != 0)
|
|
|
20cebf |
+ if (BN_cmp(priv_key1, priv_key2) != 0)
|
|
|
20cebf |
return (ISC_FALSE);
|
|
|
20cebf |
}
|
|
|
20cebf |
return (ISC_TRUE);
|
|
Michal Ruprich |
d886cd |
@@ -126,8 +195,8 @@ openssldh_compare(const dst_key_t *key1, const dst_key_t *key2) {
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
static isc_boolean_t
|
|
|
20cebf |
openssldh_paramcompare(const dst_key_t *key1, const dst_key_t *key2) {
|
|
Michal Ruprich |
d886cd |
- int status;
|
|
|
20cebf |
DH *dh1, *dh2;
|
|
Michal Ruprich |
d886cd |
+ const BIGNUM *p1 = NULL, *g1 = NULL, *p2 = NULL, *g2 = NULL;
|
|
|
20cebf |
|
|
|
20cebf |
dh1 = key1->keydata.dh;
|
|
|
20cebf |
dh2 = key2->keydata.dh;
|
|
Michal Ruprich |
d886cd |
@@ -137,10 +206,10 @@ openssldh_paramcompare(const dst_key_t *key1, const dst_key_t *key2) {
|
|
|
20cebf |
else if (dh1 == NULL || dh2 == NULL)
|
|
|
20cebf |
return (ISC_FALSE);
|
|
|
20cebf |
|
|
|
20cebf |
- status = BN_cmp(dh1->p, dh2->p) ||
|
|
|
20cebf |
- BN_cmp(dh1->g, dh2->g);
|
|
|
20cebf |
+ DH_get0_pqg(dh1, &p1, NULL, &g1;;
|
|
|
20cebf |
+ DH_get0_pqg(dh2, &p2, NULL, &g2;;
|
|
|
20cebf |
|
|
Michal Ruprich |
d886cd |
- if (status != 0)
|
|
Michal Ruprich |
d886cd |
+ if (BN_cmp(p1, p2) != 0 || BN_cmp(g1, g2) != 0)
|
|
|
20cebf |
return (ISC_FALSE);
|
|
Michal Ruprich |
d886cd |
return (ISC_TRUE);
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
@@ -185,16 +254,25 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
|
|
|
20cebf |
key->key_size == 1024 ||
|
|
|
20cebf |
key->key_size == 1536)
|
|
|
20cebf |
{
|
|
|
20cebf |
+ BIGNUM *p, *g;
|
|
|
20cebf |
dh = DH_new();
|
|
Michal Ruprich |
d886cd |
- if (dh == NULL)
|
|
Michal Ruprich |
d886cd |
- return (dst__openssl_toresult(ISC_R_NOMEMORY));
|
|
|
20cebf |
if (key->key_size == 768)
|
|
|
20cebf |
- dh->p = bn768;
|
|
Michal Ruprich |
d886cd |
+ p = BN_dup(bn768);
|
|
|
20cebf |
else if (key->key_size == 1024)
|
|
|
20cebf |
- dh->p = bn1024;
|
|
Michal Ruprich |
d886cd |
+ p = BN_dup(bn1024);
|
|
|
20cebf |
else
|
|
|
20cebf |
- dh->p = bn1536;
|
|
Michal Ruprich |
d886cd |
- dh->g = bn2;
|
|
Michal Ruprich |
d886cd |
+ p = BN_dup(bn1536);
|
|
|
20cebf |
+ g = BN_dup(bn2);
|
|
Michal Ruprich |
d886cd |
+ if (dh == NULL || p == NULL || g == NULL) {
|
|
Michal Ruprich |
d886cd |
+ if (dh != NULL)
|
|
Michal Ruprich |
d886cd |
+ DH_free(dh);
|
|
Michal Ruprich |
d886cd |
+ if (p != NULL)
|
|
Michal Ruprich |
d886cd |
+ BN_free(p);
|
|
Michal Ruprich |
d886cd |
+ if (g != NULL)
|
|
Michal Ruprich |
d886cd |
+ BN_free(g);
|
|
|
20cebf |
+ return (dst__openssl_toresult(ISC_R_NOMEMORY));
|
|
|
20cebf |
+ }
|
|
|
20cebf |
+ DH_set0_pqg(dh, p, NULL, g);
|
|
|
20cebf |
} else
|
|
|
20cebf |
generator = 2;
|
|
|
20cebf |
}
|
|
Michal Ruprich |
d886cd |
@@ -242,8 +320,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
|
|
|
20cebf |
return (dst__openssl_toresult2("DH_generate_key",
|
|
|
20cebf |
DST_R_OPENSSLFAILURE));
|
|
|
20cebf |
}
|
|
Michal Ruprich |
d886cd |
- dh->flags &= ~DH_FLAG_CACHE_MONT_P;
|
|
Michal Ruprich |
d886cd |
-
|
|
|
20cebf |
+ DH_clear_flags(dh, DH_FLAG_CACHE_MONT_P);
|
|
|
20cebf |
key->keydata.dh = dh;
|
|
|
20cebf |
|
|
Michal Ruprich |
d886cd |
return (ISC_R_SUCCESS);
|
|
Michal Ruprich |
d886cd |
@@ -252,7 +329,10 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
|
|
|
20cebf |
static isc_boolean_t
|
|
|
20cebf |
openssldh_isprivate(const dst_key_t *key) {
|
|
|
20cebf |
DH *dh = key->keydata.dh;
|
|
|
20cebf |
- return (ISC_TF(dh != NULL && dh->priv_key != NULL));
|
|
Michal Ruprich |
d886cd |
+ const BIGNUM *priv_key = NULL;
|
|
|
20cebf |
+
|
|
|
20cebf |
+ DH_get0_key(dh, NULL, &priv_key);
|
|
Michal Ruprich |
d886cd |
+ return (ISC_TF(dh != NULL && priv_key != NULL));
|
|
|
20cebf |
}
|
|
|
20cebf |
|
|
|
20cebf |
static void
|
|
Michal Ruprich |
d886cd |
@@ -262,10 +342,6 @@ openssldh_destroy(dst_key_t *key) {
|
|
|
20cebf |
if (dh == NULL)
|
|
|
20cebf |
return;
|
|
|
20cebf |
|
|
Michal Ruprich |
d886cd |
- if (dh->p == bn768 || dh->p == bn1024 || dh->p == bn1536)
|
|
Michal Ruprich |
d886cd |
- dh->p = NULL;
|
|
Michal Ruprich |
d886cd |
- if (dh->g == bn2)
|
|
Michal Ruprich |
d886cd |
- dh->g = NULL;
|
|
|
20cebf |
DH_free(dh);
|
|
|
20cebf |
key->keydata.dh = NULL;
|
|
|
20cebf |
}
|
|
Michal Ruprich |
d886cd |
@@ -294,6 +370,7 @@ uint16_fromregion(isc_region_t *region) {
|
|
|
20cebf |
static isc_result_t
|
|
|
20cebf |
openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
|
|
|
20cebf |
DH *dh;
|
|
Michal Ruprich |
d886cd |
+ const BIGNUM *pub_key = NULL, *p = NULL, *g = NULL;
|
|
|
20cebf |
isc_region_t r;
|
|
|
20cebf |
isc_uint16_t dnslen, plen, glen, publen;
|
|
|
20cebf |
|
|
Michal Ruprich |
d886cd |
@@ -303,40 +380,43 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
|
|
|
20cebf |
|
|
|
20cebf |
isc_buffer_availableregion(data, &r);
|
|
|
20cebf |
|
|
|
20cebf |
- if (dh->g == bn2 &&
|
|
|
20cebf |
- (dh->p == bn768 || dh->p == bn1024 || dh->p == bn1536)) {
|
|
Michal Ruprich |
d886cd |
+ DH_get0_pqg(dh, &p, NULL, &g);
|
|
|
20cebf |
+ if (BN_cmp(g, bn2) == 0 &&
|
|
Michal Ruprich |
d886cd |
+ (BN_cmp(p, bn768) == 0 ||
|
|
Michal Ruprich |
d886cd |
+ BN_cmp(p, bn1024) == 0 ||
|
|
Michal Ruprich |
d886cd |
+ BN_cmp(p, bn1536) == 0)) {
|
|
|
20cebf |
plen = 1;
|
|
|
20cebf |
glen = 0;
|
|
|
20cebf |
}
|
|
|
20cebf |
else {
|
|
|
20cebf |
- plen = BN_num_bytes(dh->p);
|
|
|
20cebf |
- glen = BN_num_bytes(dh->g);
|
|
|
20cebf |
+ plen = BN_num_bytes(p);
|
|
|
20cebf |
+ glen = BN_num_bytes(g);
|
|
|
20cebf |
}
|
|
|
20cebf |
- publen = BN_num_bytes(dh->pub_key);
|
|
Michal Ruprich |
d886cd |
+ DH_get0_key(dh, &pub_key, NULL);
|
|
|
20cebf |
+ publen = BN_num_bytes(pub_key);
|
|
|
20cebf |
dnslen = plen + glen + publen + 6;
|
|
|
20cebf |
if (r.length < (unsigned int) dnslen)
|
|
|
20cebf |
return (ISC_R_NOSPACE);
|
|
|
20cebf |
|
|
|
20cebf |
uint16_toregion(plen, &r);
|
|
|
20cebf |
if (plen == 1) {
|
|
|
20cebf |
- if (dh->p == bn768)
|
|
|
20cebf |
+ if (BN_cmp(p, bn768) == 0)
|
|
|
20cebf |
*r.base = 1;
|
|
|
20cebf |
- else if (dh->p == bn1024)
|
|
|
20cebf |
+ else if (BN_cmp(p, bn1024) == 0)
|
|
|
20cebf |
*r.base = 2;
|
|
|
20cebf |
else
|
|
|
20cebf |
*r.base = 3;
|
|
Michal Ruprich |
d886cd |
- }
|
|
Michal Ruprich |
d886cd |
- else
|
|
|
20cebf |
- BN_bn2bin(dh->p, r.base);
|
|
Michal Ruprich |
d886cd |
+ } else
|
|
|
20cebf |
+ BN_bn2bin(p, r.base);
|
|
|
20cebf |
isc_region_consume(&r, plen);
|
|
|
20cebf |
|
|
|
20cebf |
uint16_toregion(glen, &r);
|
|
|
20cebf |
if (glen > 0)
|
|
|
20cebf |
- BN_bn2bin(dh->g, r.base);
|
|
|
20cebf |
+ BN_bn2bin(g, r.base);
|
|
|
20cebf |
isc_region_consume(&r, glen);
|
|
|
20cebf |
|
|
|
20cebf |
uint16_toregion(publen, &r);
|
|
|
20cebf |
- BN_bn2bin(dh->pub_key, r.base);
|
|
|
20cebf |
+ BN_bn2bin(pub_key, r.base);
|
|
|
20cebf |
isc_region_consume(&r, publen);
|
|
|
20cebf |
|
|
|
20cebf |
isc_buffer_add(data, dnslen);
|
|
Michal Ruprich |
d886cd |
@@ -347,6 +427,7 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
|
|
Michal Ruprich |
d886cd |
static isc_result_t
|
|
Michal Ruprich |
d886cd |
openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
|
|
Michal Ruprich |
d886cd |
DH *dh;
|
|
Michal Ruprich |
d886cd |
+ BIGNUM *pub_key = NULL, *p = NULL, *g = NULL;
|
|
|
20cebf |
isc_region_t r;
|
|
|
20cebf |
isc_uint16_t plen, glen, publen;
|
|
|
20cebf |
int special = 0;
|
|
Michal Ruprich |
d886cd |
@@ -358,7 +439,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
|
|
|
20cebf |
dh = DH_new();
|
|
|
20cebf |
if (dh == NULL)
|
|
|
20cebf |
return (dst__openssl_toresult(ISC_R_NOMEMORY));
|
|
Michal Ruprich |
d886cd |
- dh->flags &= ~DH_FLAG_CACHE_MONT_P;
|
|
|
20cebf |
+ DH_clear_flags(dh, DH_FLAG_CACHE_MONT_P);
|
|
|
20cebf |
|
|
|
20cebf |
/*
|
|
|
20cebf |
* Read the prime length. 1 & 2 are table entries, > 16 means a
|
|
Michal Ruprich |
d886cd |
@@ -386,20 +467,20 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
|
|
|
20cebf |
}
|
|
|
20cebf |
switch (special) {
|
|
|
20cebf |
case 1:
|
|
|
20cebf |
- dh->p = bn768;
|
|
Michal Ruprich |
d886cd |
+ p = BN_dup(bn768);
|
|
|
20cebf |
break;
|
|
|
20cebf |
case 2:
|
|
|
20cebf |
- dh->p = bn1024;
|
|
Michal Ruprich |
d886cd |
+ p = BN_dup(bn1024);
|
|
|
20cebf |
break;
|
|
|
20cebf |
case 3:
|
|
|
20cebf |
- dh->p = bn1536;
|
|
Michal Ruprich |
d886cd |
+ p = BN_dup(bn1536);
|
|
|
20cebf |
break;
|
|
|
20cebf |
default:
|
|
Michal Ruprich |
d886cd |
DH_free(dh);
|
|
Michal Ruprich |
d886cd |
return (DST_R_INVALIDPUBLICKEY);
|
|
|
20cebf |
}
|
|
|
20cebf |
} else {
|
|
|
20cebf |
- dh->p = BN_bin2bn(r.base, plen, NULL);
|
|
|
20cebf |
+ p = BN_bin2bn(r.base, plen, NULL);
|
|
|
20cebf |
isc_region_consume(&r, plen);
|
|
|
20cebf |
}
|
|
|
20cebf |
|
|
Michal Ruprich |
d886cd |
@@ -419,15 +500,12 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
|
|
|
20cebf |
}
|
|
|
20cebf |
if (special != 0) {
|
|
Michal Ruprich |
d886cd |
if (glen == 0)
|
|
|
20cebf |
- dh->g = bn2;
|
|
Michal Ruprich |
d886cd |
+ g = BN_dup(bn2);
|
|
Michal Ruprich |
d886cd |
else {
|
|
|
20cebf |
- dh->g = BN_bin2bn(r.base, glen, NULL);
|
|
|
20cebf |
- if (BN_cmp(dh->g, bn2) == 0) {
|
|
|
20cebf |
- BN_free(dh->g);
|
|
|
20cebf |
- dh->g = bn2;
|
|
|
20cebf |
- }
|
|
|
20cebf |
- else {
|
|
|
20cebf |
+ g = BN_bin2bn(r.base, glen, NULL);
|
|
Michal Ruprich |
d886cd |
+ if (g != NULL && BN_cmp(g, bn2) != 0) {
|
|
Michal Ruprich |
d886cd |
DH_free(dh);
|
|
Michal Ruprich |
d886cd |
+ BN_free(g);
|
|
Michal Ruprich |
d886cd |
return (DST_R_INVALIDPUBLICKEY);
|
|
|
20cebf |
}
|
|
|
20cebf |
}
|
|
Michal Ruprich |
d886cd |
@@ -436,10 +514,20 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
|
|
Michal Ruprich |
d886cd |
DH_free(dh);
|
|
Michal Ruprich |
d886cd |
return (DST_R_INVALIDPUBLICKEY);
|
|
|
20cebf |
}
|
|
|
20cebf |
- dh->g = BN_bin2bn(r.base, glen, NULL);
|
|
|
20cebf |
+ g = BN_bin2bn(r.base, glen, NULL);
|
|
|
20cebf |
}
|
|
|
20cebf |
isc_region_consume(&r, glen);
|
|
|
20cebf |
|
|
Michal Ruprich |
d886cd |
+ if (p == NULL || g == NULL) {
|
|
Michal Ruprich |
d886cd |
+ DH_free(dh);
|
|
Michal Ruprich |
d886cd |
+ if (p != NULL)
|
|
Michal Ruprich |
d886cd |
+ BN_free(p);
|
|
Michal Ruprich |
d886cd |
+ if (g != NULL)
|
|
Michal Ruprich |
d886cd |
+ BN_free(g);
|
|
Michal Ruprich |
d886cd |
+ return (dst__openssl_toresult(ISC_R_NOMEMORY));
|
|
Michal Ruprich |
d886cd |
+ }
|
|
Michal Ruprich |
d886cd |
+ DH_set0_pqg(dh, p, NULL, g);
|
|
Michal Ruprich |
d886cd |
+
|
|
|
20cebf |
if (r.length < 2) {
|
|
Michal Ruprich |
d886cd |
DH_free(dh);
|
|
Michal Ruprich |
d886cd |
return (DST_R_INVALIDPUBLICKEY);
|
|
Michal Ruprich |
d886cd |
@@ -449,10 +537,15 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
|
|
Michal Ruprich |
d886cd |
DH_free(dh);
|
|
Michal Ruprich |
d886cd |
return (DST_R_INVALIDPUBLICKEY);
|
|
|
20cebf |
}
|
|
|
20cebf |
- dh->pub_key = BN_bin2bn(r.base, publen, NULL);
|
|
|
20cebf |
+ pub_key = BN_bin2bn(r.base, publen, NULL);
|
|
Michal Ruprich |
d886cd |
+ if (pub_key == NULL) {
|
|
Michal Ruprich |
d886cd |
+ DH_free(dh);
|
|
Michal Ruprich |
d886cd |
+ return (dst__openssl_toresult(ISC_R_NOMEMORY));
|
|
Michal Ruprich |
d886cd |
+ }
|
|
Michal Ruprich |
d886cd |
+ DH_set0_key(dh, pub_key, NULL);
|
|
|
20cebf |
isc_region_consume(&r, publen);
|
|
|
20cebf |
|
|
|
20cebf |
- key->key_size = BN_num_bits(dh->p);
|
|
|
20cebf |
+ key->key_size = BN_num_bits(p);
|
|
|
20cebf |
|
|
|
20cebf |
isc_buffer_forward(data, plen + glen + publen + 6);
|
|
|
20cebf |
|
|
Michal Ruprich |
d886cd |
@@ -465,6 +558,7 @@ static isc_result_t
|
|
|
20cebf |
openssldh_tofile(const dst_key_t *key, const char *directory) {
|
|
|
20cebf |
int i;
|
|
|
20cebf |
DH *dh;
|
|
Michal Ruprich |
d886cd |
+ const BIGNUM *pub_key = NULL, *priv_key = NULL, *p = NULL, *g = NULL;
|
|
|
20cebf |
dst_private_t priv;
|
|
|
20cebf |
unsigned char *bufs[4];
|
|
|
20cebf |
isc_result_t result;
|
|
Michal Ruprich |
d886cd |
@@ -476,10 +570,12 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
|
|
Michal Ruprich |
d886cd |
return (DST_R_EXTERNALKEY);
|
|
|
20cebf |
|
|
|
20cebf |
dh = key->keydata.dh;
|
|
|
20cebf |
+ DH_get0_key(dh, &pub_key, &priv_key);
|
|
Michal Ruprich |
d886cd |
+ DH_get0_pqg(dh, &p, NULL, &g);
|
|
Michal Ruprich |
d886cd |
|
|
|
20cebf |
memset(bufs, 0, sizeof(bufs));
|
|
|
20cebf |
for (i = 0; i < 4; i++) {
|
|
|
20cebf |
- bufs[i] = isc_mem_get(key->mctx, BN_num_bytes(dh->p));
|
|
|
20cebf |
+ bufs[i] = isc_mem_get(key->mctx, BN_num_bytes(p));
|
|
|
20cebf |
if (bufs[i] == NULL) {
|
|
|
20cebf |
result = ISC_R_NOMEMORY;
|
|
|
20cebf |
goto fail;
|
|
Michal Ruprich |
d886cd |
@@ -489,26 +585,26 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
|
|
|
20cebf |
i = 0;
|
|
|
20cebf |
|
|
|
20cebf |
priv.elements[i].tag = TAG_DH_PRIME;
|
|
|
20cebf |
- priv.elements[i].length = BN_num_bytes(dh->p);
|
|
|
20cebf |
- BN_bn2bin(dh->p, bufs[i]);
|
|
|
20cebf |
+ priv.elements[i].length = BN_num_bytes(p);
|
|
|
20cebf |
+ BN_bn2bin(p, bufs[i]);
|
|
|
20cebf |
priv.elements[i].data = bufs[i];
|
|
|
20cebf |
i++;
|
|
|
20cebf |
|
|
|
20cebf |
priv.elements[i].tag = TAG_DH_GENERATOR;
|
|
|
20cebf |
- priv.elements[i].length = BN_num_bytes(dh->g);
|
|
|
20cebf |
- BN_bn2bin(dh->g, bufs[i]);
|
|
|
20cebf |
+ priv.elements[i].length = BN_num_bytes(g);
|
|
|
20cebf |
+ BN_bn2bin(g, bufs[i]);
|
|
|
20cebf |
priv.elements[i].data = bufs[i];
|
|
|
20cebf |
i++;
|
|
|
20cebf |
|
|
|
20cebf |
priv.elements[i].tag = TAG_DH_PRIVATE;
|
|
|
20cebf |
- priv.elements[i].length = BN_num_bytes(dh->priv_key);
|
|
|
20cebf |
- BN_bn2bin(dh->priv_key, bufs[i]);
|
|
|
20cebf |
+ priv.elements[i].length = BN_num_bytes(priv_key);
|
|
|
20cebf |
+ BN_bn2bin(priv_key, bufs[i]);
|
|
|
20cebf |
priv.elements[i].data = bufs[i];
|
|
|
20cebf |
i++;
|
|
|
20cebf |
|
|
|
20cebf |
priv.elements[i].tag = TAG_DH_PUBLIC;
|
|
|
20cebf |
- priv.elements[i].length = BN_num_bytes(dh->pub_key);
|
|
|
20cebf |
- BN_bn2bin(dh->pub_key, bufs[i]);
|
|
|
20cebf |
+ priv.elements[i].length = BN_num_bytes(pub_key);
|
|
|
20cebf |
+ BN_bn2bin(pub_key, bufs[i]);
|
|
|
20cebf |
priv.elements[i].data = bufs[i];
|
|
|
20cebf |
i++;
|
|
|
20cebf |
|
|
Michal Ruprich |
d886cd |
@@ -518,7 +614,7 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
|
|
|
20cebf |
for (i = 0; i < 4; i++) {
|
|
|
20cebf |
if (bufs[i] == NULL)
|
|
|
20cebf |
break;
|
|
|
20cebf |
- isc_mem_put(key->mctx, bufs[i], BN_num_bytes(dh->p));
|
|
|
20cebf |
+ isc_mem_put(key->mctx, bufs[i], BN_num_bytes(p));
|
|
|
20cebf |
}
|
|
|
20cebf |
return (result);
|
|
|
20cebf |
}
|
|
Michal Ruprich |
d886cd |
@@ -529,6 +625,7 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
|
|
|
20cebf |
isc_result_t ret;
|
|
|
20cebf |
int i;
|
|
|
20cebf |
DH *dh = NULL;
|
|
Michal Ruprich |
d886cd |
+ BIGNUM *pub_key = NULL, *priv_key = NULL, *p = NULL, *g = NULL;
|
|
|
20cebf |
isc_mem_t *mctx;
|
|
|
20cebf |
#define DST_RET(a) {ret = a; goto err;}
|
|
|
20cebf |
|
|
Michal Ruprich |
d886cd |
@@ -546,63 +643,47 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
|
|
|
20cebf |
dh = DH_new();
|
|
|
20cebf |
if (dh == NULL)
|
|
|
20cebf |
DST_RET(ISC_R_NOMEMORY);
|
|
Michal Ruprich |
d886cd |
- dh->flags &= ~DH_FLAG_CACHE_MONT_P;
|
|
|
20cebf |
+ DH_clear_flags(dh, DH_FLAG_CACHE_MONT_P);
|
|
|
20cebf |
key->keydata.dh = dh;
|
|
|
20cebf |
|
|
|
20cebf |
for (i = 0; i < priv.nelements; i++) {
|
|
Michal Ruprich |
d886cd |
BIGNUM *bn;
|
|
Michal Ruprich |
d886cd |
bn = BN_bin2bn(priv.elements[i].data,
|
|
Michal Ruprich |
d886cd |
priv.elements[i].length, NULL);
|
|
Michal Ruprich |
d886cd |
- if (bn == NULL)
|
|
Michal Ruprich |
d886cd |
+ if (bn == NULL)
|
|
Michal Ruprich |
d886cd |
DST_RET(ISC_R_NOMEMORY);
|
|
|
20cebf |
|
|
|
20cebf |
switch (priv.elements[i].tag) {
|
|
|
20cebf |
case TAG_DH_PRIME:
|
|
|
20cebf |
- dh->p = bn;
|
|
|
20cebf |
+ p = bn;
|
|
|
20cebf |
break;
|
|
|
20cebf |
case TAG_DH_GENERATOR:
|
|
|
20cebf |
- dh->g = bn;
|
|
|
20cebf |
+ g = bn;
|
|
|
20cebf |
break;
|
|
|
20cebf |
case TAG_DH_PRIVATE:
|
|
|
20cebf |
- dh->priv_key = bn;
|
|
|
20cebf |
+ priv_key = bn;
|
|
|
20cebf |
break;
|
|
|
20cebf |
case TAG_DH_PUBLIC:
|
|
|
20cebf |
- dh->pub_key = bn;
|
|
|
20cebf |
+ pub_key = bn;
|
|
|
20cebf |
break;
|
|
|
20cebf |
}
|
|
|
20cebf |
}
|
|
|
20cebf |
dst__privstruct_free(&priv, mctx);
|
|
Michal Ruprich |
d886cd |
+ DH_set0_key(dh, pub_key, priv_key);
|
|
Michal Ruprich |
d886cd |
+ DH_set0_pqg(dh, p, NULL, g);
|
|
|
20cebf |
|
|
|
20cebf |
- key->key_size = BN_num_bits(dh->p);
|
|
Michal Ruprich |
d886cd |
-
|
|
Michal Ruprich |
d886cd |
- if ((key->key_size == 768 ||
|
|
Michal Ruprich |
d886cd |
- key->key_size == 1024 ||
|
|
Michal Ruprich |
d886cd |
- key->key_size == 1536) &&
|
|
|
20cebf |
- BN_cmp(dh->g, bn2) == 0)
|
|
Michal Ruprich |
d886cd |
- {
|
|
|
20cebf |
- if (key->key_size == 768 && BN_cmp(dh->p, bn768) == 0) {
|
|
|
20cebf |
- BN_free(dh->p);
|
|
|
20cebf |
- BN_free(dh->g);
|
|
Michal Ruprich |
d886cd |
- dh->p = bn768;
|
|
Michal Ruprich |
d886cd |
- dh->g = bn2;
|
|
Michal Ruprich |
d886cd |
- } else if (key->key_size == 1024 &&
|
|
|
20cebf |
- BN_cmp(dh->p, bn1024) == 0) {
|
|
|
20cebf |
- BN_free(dh->p);
|
|
|
20cebf |
- BN_free(dh->g);
|
|
Michal Ruprich |
d886cd |
- dh->p = bn1024;
|
|
Michal Ruprich |
d886cd |
- dh->g = bn2;
|
|
Michal Ruprich |
d886cd |
- } else if (key->key_size == 1536 &&
|
|
|
20cebf |
- BN_cmp(dh->p, bn1536) == 0) {
|
|
|
20cebf |
- BN_free(dh->p);
|
|
|
20cebf |
- BN_free(dh->g);
|
|
Michal Ruprich |
d886cd |
- dh->p = bn1536;
|
|
Michal Ruprich |
d886cd |
- dh->g = bn2;
|
|
Michal Ruprich |
d886cd |
- }
|
|
Michal Ruprich |
d886cd |
- }
|
|
|
20cebf |
-
|
|
Michal Ruprich |
d886cd |
+ key->key_size = BN_num_bits(p);
|
|
|
20cebf |
return (ISC_R_SUCCESS);
|
|
|
20cebf |
|
|
|
20cebf |
err:
|
|
Michal Ruprich |
d886cd |
+ if (p != NULL)
|
|
Michal Ruprich |
d886cd |
+ BN_free(p);
|
|
Michal Ruprich |
d886cd |
+ if (g != NULL)
|
|
Michal Ruprich |
d886cd |
+ BN_free(g);
|
|
Michal Ruprich |
d886cd |
+ if (pub_key != NULL)
|
|
Michal Ruprich |
d886cd |
+ BN_free(pub_key);
|
|
Michal Ruprich |
d886cd |
+ if (priv_key != NULL)
|
|
Michal Ruprich |
d886cd |
+ BN_free(priv_key);
|
|
|
20cebf |
openssldh_destroy(key);
|
|
|
20cebf |
dst__privstruct_free(&priv, mctx);
|
|
|
20cebf |
memset(&priv, 0, sizeof(priv));
|
|
Michal Ruprich |
d886cd |
diff --git a/lib/dns/openssldsa_link.c b/lib/dns/openssldsa_link.c
|
|
Michal Ruprich |
d886cd |
index 184c163..2b55bc4 100644
|
|
Michal Ruprich |
d886cd |
--- a/lib/dns/openssldsa_link.c
|
|
Michal Ruprich |
d886cd |
+++ b/lib/dns/openssldsa_link.c
|
|
Michal Ruprich |
d886cd |
@@ -48,6 +48,79 @@
|
|
|
20cebf |
|
|
Michal Ruprich |
d886cd |
static isc_result_t openssldsa_todns(const dst_key_t *key, isc_buffer_t *data);
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
Michal Ruprich |
d886cd |
+static void
|
|
Michal Ruprich |
d886cd |
+DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q,
|
|
Michal Ruprich |
d886cd |
+ const BIGNUM **g)
|
|
Michal Ruprich |
d886cd |
+{
|
|
Michal Ruprich |
d886cd |
+ if (p != NULL)
|
|
Michal Ruprich |
d886cd |
+ *p = d->p;
|
|
Michal Ruprich |
d886cd |
+ if (q != NULL)
|
|
Michal Ruprich |
d886cd |
+ *q = d->q;
|
|
Michal Ruprich |
d886cd |
+ if (g != NULL)
|
|
Michal Ruprich |
d886cd |
+ *g = d->g;
|
|
Michal Ruprich |
d886cd |
+}
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+static int
|
|
Michal Ruprich |
d886cd |
+DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
|
|
Michal Ruprich |
d886cd |
+ if (p == NULL || q == NULL || g == NULL)
|
|
Michal Ruprich |
d886cd |
+ return 0;
|
|
Michal Ruprich |
d886cd |
+ BN_free(d->p);
|
|
Michal Ruprich |
d886cd |
+ BN_free(d->q);
|
|
Michal Ruprich |
d886cd |
+ BN_free(d->g);
|
|
Michal Ruprich |
d886cd |
+ d->p = p;
|
|
Michal Ruprich |
d886cd |
+ d->q = q;
|
|
Michal Ruprich |
d886cd |
+ d->g = g;
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+ return 1;
|
|
Michal Ruprich |
d886cd |
+}
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+static void
|
|
Michal Ruprich |
d886cd |
+DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key) {
|
|
Michal Ruprich |
d886cd |
+ if (pub_key != NULL)
|
|
Michal Ruprich |
d886cd |
+ *pub_key = d->pub_key;
|
|
Michal Ruprich |
d886cd |
+ if (priv_key != NULL)
|
|
Michal Ruprich |
d886cd |
+ *priv_key = d->priv_key;
|
|
Michal Ruprich |
d886cd |
+}
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+static int
|
|
Michal Ruprich |
d886cd |
+DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key) {
|
|
Michal Ruprich |
d886cd |
+ /* Note that it is valid for priv_key to be NULL */
|
|
Michal Ruprich |
d886cd |
+ if (pub_key == NULL)
|
|
Michal Ruprich |
d886cd |
+ return 0;
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+ BN_free(d->pub_key);
|
|
Michal Ruprich |
d886cd |
+ BN_free(d->priv_key);
|
|
Michal Ruprich |
d886cd |
+ d->pub_key = pub_key;
|
|
Michal Ruprich |
d886cd |
+ d->priv_key = priv_key;
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+ return 1;
|
|
Michal Ruprich |
d886cd |
+}
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+static void
|
|
Michal Ruprich |
d886cd |
+DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) {
|
|
Michal Ruprich |
d886cd |
+ *pr = sig->r;
|
|
Michal Ruprich |
d886cd |
+ *ps = sig->s;
|
|
Michal Ruprich |
d886cd |
+}
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+static int
|
|
Michal Ruprich |
d886cd |
+DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s) {
|
|
Michal Ruprich |
d886cd |
+ if (r == NULL || s == NULL)
|
|
Michal Ruprich |
d886cd |
+ return 0;
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+ BN_clear_free(sig->r);
|
|
Michal Ruprich |
d886cd |
+ BN_clear_free(sig->s);
|
|
Michal Ruprich |
d886cd |
+ sig->r = r;
|
|
Michal Ruprich |
d886cd |
+ sig->s = s;
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+ return 1;
|
|
Michal Ruprich |
d886cd |
+}
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+#define DSA_clear_flags(d, x) (d)->flags &= ~(x)
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+#endif
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
static isc_result_t
|
|
Michal Ruprich |
d886cd |
openssldsa_createctx(dst_key_t *key, dst_context_t *dctx) {
|
|
Michal Ruprich |
d886cd |
#if USE_EVP
|
|
Michal Ruprich |
d886cd |
@@ -118,7 +191,7 @@ openssldsa_adddata(dst_context_t *dctx, const isc_region_t *data) {
|
|
|
20cebf |
}
|
|
|
20cebf |
|
|
|
20cebf |
static int
|
|
|
20cebf |
-BN_bn2bin_fixed(BIGNUM *bn, unsigned char *buf, int size) {
|
|
|
20cebf |
+BN_bn2bin_fixed(const BIGNUM *bn, unsigned char *buf, int size) {
|
|
|
20cebf |
int bytes = size - BN_num_bytes(bn);
|
|
|
20cebf |
while (bytes-- > 0)
|
|
|
20cebf |
*buf++ = 0;
|
|
Michal Ruprich |
d886cd |
@@ -130,8 +203,9 @@ static isc_result_t
|
|
Michal Ruprich |
d886cd |
openssldsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
|
|
Michal Ruprich |
d886cd |
dst_key_t *key = dctx->key;
|
|
|
20cebf |
DSA *dsa = key->keydata.dsa;
|
|
Michal Ruprich |
d886cd |
- isc_region_t r;
|
|
Michal Ruprich |
d886cd |
+ isc_region_t region;
|
|
|
20cebf |
DSA_SIG *dsasig;
|
|
Michal Ruprich |
d886cd |
+ const BIGNUM *r = 0, *s = NULL;
|
|
|
20cebf |
unsigned int klen;
|
|
|
20cebf |
#if USE_EVP
|
|
|
20cebf |
EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
|
|
Michal Ruprich |
d886cd |
@@ -144,8 +218,8 @@ openssldsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
|
|
Michal Ruprich |
d886cd |
unsigned char digest[ISC_SHA1_DIGESTLENGTH];
|
|
Michal Ruprich |
d886cd |
#endif
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
- isc_buffer_availableregion(sig, &r);
|
|
Michal Ruprich |
d886cd |
- if (r.length < ISC_SHA1_DIGESTLENGTH * 2 + 1)
|
|
Michal Ruprich |
d886cd |
+ isc_buffer_availableregion(sig, ®ion);
|
|
Michal Ruprich |
d886cd |
+ if (region.length < ISC_SHA1_DIGESTLENGTH * 2 + 1)
|
|
Michal Ruprich |
d886cd |
return (ISC_R_NOSPACE);
|
|
|
20cebf |
|
|
Michal Ruprich |
d886cd |
#if USE_EVP
|
|
Michal Ruprich |
d886cd |
@@ -210,13 +284,14 @@ openssldsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
|
|
Michal Ruprich |
d886cd |
klen = (key->key_size - 512)/64;
|
|
Michal Ruprich |
d886cd |
if (klen > 255)
|
|
Michal Ruprich |
d886cd |
return (ISC_R_FAILURE);
|
|
Michal Ruprich |
d886cd |
- *r.base = klen;
|
|
Michal Ruprich |
d886cd |
- isc_region_consume(&r, 1);
|
|
Michal Ruprich |
d886cd |
-
|
|
|
20cebf |
- BN_bn2bin_fixed(dsasig->r, r.base, ISC_SHA1_DIGESTLENGTH);
|
|
Michal Ruprich |
d886cd |
- isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH);
|
|
|
20cebf |
- BN_bn2bin_fixed(dsasig->s, r.base, ISC_SHA1_DIGESTLENGTH);
|
|
Michal Ruprich |
d886cd |
- isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH);
|
|
Michal Ruprich |
d886cd |
+ *region.base = klen;
|
|
Michal Ruprich |
d886cd |
+ isc_region_consume(®ion, 1);
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+ DSA_SIG_get0(dsasig, &r, &s);
|
|
Michal Ruprich |
d886cd |
+ BN_bn2bin_fixed(r, region.base, ISC_SHA1_DIGESTLENGTH);
|
|
Michal Ruprich |
d886cd |
+ isc_region_consume(®ion, ISC_SHA1_DIGESTLENGTH);
|
|
Michal Ruprich |
d886cd |
+ BN_bn2bin_fixed(s, region.base, ISC_SHA1_DIGESTLENGTH);
|
|
Michal Ruprich |
d886cd |
+ isc_region_consume(®ion, ISC_SHA1_DIGESTLENGTH);
|
|
|
20cebf |
DSA_SIG_free(dsasig);
|
|
|
20cebf |
isc_buffer_add(sig, ISC_SHA1_DIGESTLENGTH * 2 + 1);
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
@@ -227,6 +302,7 @@ static isc_result_t
|
|
Michal Ruprich |
d886cd |
openssldsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
|
|
Michal Ruprich |
d886cd |
dst_key_t *key = dctx->key;
|
|
Michal Ruprich |
d886cd |
DSA *dsa = key->keydata.dsa;
|
|
Michal Ruprich |
d886cd |
+ BIGNUM *r = NULL, *s = NULL;
|
|
|
20cebf |
int status = 0;
|
|
|
20cebf |
unsigned char *cp = sig->base;
|
|
|
20cebf |
DSA_SIG *dsasig;
|
|
Michal Ruprich |
d886cd |
@@ -262,9 +338,10 @@ openssldsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
|
|
|
20cebf |
dsasig = DSA_SIG_new();
|
|
|
20cebf |
if (dsasig == NULL)
|
|
|
20cebf |
return (ISC_R_NOMEMORY);
|
|
|
20cebf |
- dsasig->r = BN_bin2bn(cp, ISC_SHA1_DIGESTLENGTH, NULL);
|
|
Michal Ruprich |
d886cd |
+ r = BN_bin2bn(cp, ISC_SHA1_DIGESTLENGTH, NULL);
|
|
|
20cebf |
cp += ISC_SHA1_DIGESTLENGTH;
|
|
|
20cebf |
- dsasig->s = BN_bin2bn(cp, ISC_SHA1_DIGESTLENGTH, NULL);
|
|
Michal Ruprich |
d886cd |
+ s = BN_bin2bn(cp, ISC_SHA1_DIGESTLENGTH, NULL);
|
|
Michal Ruprich |
d886cd |
+ DSA_SIG_set0(dsasig, r, s);
|
|
|
20cebf |
|
|
|
20cebf |
#if 0
|
|
|
20cebf |
pkey = EVP_PKEY_new();
|
|
Michal Ruprich |
d886cd |
@@ -303,8 +380,11 @@ openssldsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
static isc_boolean_t
|
|
|
20cebf |
openssldsa_compare(const dst_key_t *key1, const dst_key_t *key2) {
|
|
Michal Ruprich |
d886cd |
- int status;
|
|
|
20cebf |
DSA *dsa1, *dsa2;
|
|
Michal Ruprich |
d886cd |
+ const BIGNUM *pub_key1 = NULL, *priv_key1 = NULL;
|
|
Michal Ruprich |
d886cd |
+ const BIGNUM *pub_key2 = NULL, *priv_key2 = NULL;
|
|
Michal Ruprich |
d886cd |
+ const BIGNUM *p1 = NULL, *q1 = NULL, *g1 = NULL;
|
|
Michal Ruprich |
d886cd |
+ const BIGNUM *p2 = NULL, *q2 = NULL, *g2 = NULL;
|
|
|
20cebf |
|
|
|
20cebf |
dsa1 = key1->keydata.dsa;
|
|
|
20cebf |
dsa2 = key2->keydata.dsa;
|
|
Michal Ruprich |
d886cd |
@@ -314,18 +394,19 @@ openssldsa_compare(const dst_key_t *key1, const dst_key_t *key2) {
|
|
|
20cebf |
else if (dsa1 == NULL || dsa2 == NULL)
|
|
|
20cebf |
return (ISC_FALSE);
|
|
|
20cebf |
|
|
|
20cebf |
- status = BN_cmp(dsa1->p, dsa2->p) ||
|
|
|
20cebf |
- BN_cmp(dsa1->q, dsa2->q) ||
|
|
|
20cebf |
- BN_cmp(dsa1->g, dsa2->g) ||
|
|
|
20cebf |
- BN_cmp(dsa1->pub_key, dsa2->pub_key);
|
|
|
20cebf |
+ DSA_get0_key(dsa1, &pub_key1, &priv_key1);
|
|
|
20cebf |
+ DSA_get0_key(dsa2, &pub_key2, &priv_key2);
|
|
Michal Ruprich |
d886cd |
+ DSA_get0_pqg(dsa1, &p1, &q1, &g1;;
|
|
Michal Ruprich |
d886cd |
+ DSA_get0_pqg(dsa2, &p2, &q2, &g2;;
|
|
|
20cebf |
|
|
Michal Ruprich |
d886cd |
- if (status != 0)
|
|
Michal Ruprich |
d886cd |
+ if (BN_cmp(p1, p2) != 0 || BN_cmp(q1, q2) != 0 ||
|
|
Michal Ruprich |
d886cd |
+ BN_cmp(g1, g2) != 0 || BN_cmp(pub_key1, pub_key2) != 0)
|
|
|
20cebf |
return (ISC_FALSE);
|
|
|
20cebf |
|
|
|
20cebf |
- if (dsa1->priv_key != NULL || dsa2->priv_key != NULL) {
|
|
|
20cebf |
- if (dsa1->priv_key == NULL || dsa2->priv_key == NULL)
|
|
|
20cebf |
+ if (priv_key1 != NULL || priv_key2 != NULL) {
|
|
|
20cebf |
+ if (priv_key1 == NULL || priv_key2 == NULL)
|
|
|
20cebf |
return (ISC_FALSE);
|
|
|
20cebf |
- if (BN_cmp(dsa1->priv_key, dsa2->priv_key))
|
|
Michal Ruprich |
d886cd |
+ if (BN_cmp(priv_key1, priv_key2))
|
|
|
20cebf |
return (ISC_FALSE);
|
|
|
20cebf |
}
|
|
|
20cebf |
return (ISC_TRUE);
|
|
Michal Ruprich |
d886cd |
@@ -417,7 +498,8 @@ openssldsa_generate(dst_key_t *key, int unused, void (*callback)(int)) {
|
|
|
20cebf |
return (dst__openssl_toresult2("DSA_generate_key",
|
|
|
20cebf |
DST_R_OPENSSLFAILURE));
|
|
|
20cebf |
}
|
|
Michal Ruprich |
d886cd |
- dsa->flags &= ~DSA_FLAG_CACHE_MONT_P;
|
|
Michal Ruprich |
d886cd |
+
|
|
|
20cebf |
+ DSA_clear_flags(dsa, DSA_FLAG_CACHE_MONT_P);
|
|
|
20cebf |
|
|
|
20cebf |
key->keydata.dsa = dsa;
|
|
|
20cebf |
|
|
Michal Ruprich |
d886cd |
@@ -427,7 +509,10 @@ openssldsa_generate(dst_key_t *key, int unused, void (*callback)(int)) {
|
|
|
20cebf |
static isc_boolean_t
|
|
|
20cebf |
openssldsa_isprivate(const dst_key_t *key) {
|
|
|
20cebf |
DSA *dsa = key->keydata.dsa;
|
|
|
20cebf |
- return (ISC_TF(dsa != NULL && dsa->priv_key != NULL));
|
|
Michal Ruprich |
d886cd |
+ const BIGNUM *priv_key = NULL;
|
|
|
20cebf |
+
|
|
Michal Ruprich |
d886cd |
+ DSA_get0_key(dsa, NULL, &priv_key);
|
|
Michal Ruprich |
d886cd |
+ return (ISC_TF(dsa != NULL && priv_key != NULL));
|
|
|
20cebf |
}
|
|
|
20cebf |
|
|
|
20cebf |
static void
|
|
Michal Ruprich |
d886cd |
@@ -441,6 +526,7 @@ openssldsa_destroy(dst_key_t *key) {
|
|
|
20cebf |
static isc_result_t
|
|
|
20cebf |
openssldsa_todns(const dst_key_t *key, isc_buffer_t *data) {
|
|
|
20cebf |
DSA *dsa;
|
|
Michal Ruprich |
d886cd |
+ const BIGNUM *pub_key, *p = NULL, *q = NULL, *g = NULL;
|
|
|
20cebf |
isc_region_t r;
|
|
|
20cebf |
int dnslen;
|
|
|
20cebf |
unsigned int t, p_bytes;
|
|
Michal Ruprich |
d886cd |
@@ -451,7 +537,10 @@ openssldsa_todns(const dst_key_t *key, isc_buffer_t *data) {
|
|
|
20cebf |
|
|
|
20cebf |
isc_buffer_availableregion(data, &r);
|
|
|
20cebf |
|
|
|
20cebf |
- t = (BN_num_bytes(dsa->p) - 64) / 8;
|
|
|
20cebf |
+ DSA_get0_key(dsa, &pub_key, NULL);
|
|
Michal Ruprich |
d886cd |
+ DSA_get0_pqg(dsa, &p, &q, &g);
|
|
|
20cebf |
+
|
|
|
20cebf |
+ t = (BN_num_bytes(p) - 64) / 8;
|
|
|
20cebf |
if (t > 8)
|
|
|
20cebf |
return (DST_R_INVALIDPUBLICKEY);
|
|
|
20cebf |
p_bytes = 64 + 8 * t;
|
|
Michal Ruprich |
d886cd |
@@ -462,13 +551,14 @@ openssldsa_todns(const dst_key_t *key, isc_buffer_t *data) {
|
|
|
20cebf |
|
|
|
20cebf |
*r.base = t;
|
|
|
20cebf |
isc_region_consume(&r, 1);
|
|
|
20cebf |
- BN_bn2bin_fixed(dsa->q, r.base, ISC_SHA1_DIGESTLENGTH);
|
|
Michal Ruprich |
d886cd |
+
|
|
|
20cebf |
+ BN_bn2bin_fixed(q, r.base, ISC_SHA1_DIGESTLENGTH);
|
|
|
20cebf |
isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH);
|
|
|
20cebf |
- BN_bn2bin_fixed(dsa->p, r.base, key->key_size/8);
|
|
|
20cebf |
+ BN_bn2bin_fixed(p, r.base, key->key_size/8);
|
|
|
20cebf |
isc_region_consume(&r, p_bytes);
|
|
|
20cebf |
- BN_bn2bin_fixed(dsa->g, r.base, key->key_size/8);
|
|
|
20cebf |
+ BN_bn2bin_fixed(g, r.base, key->key_size/8);
|
|
|
20cebf |
isc_region_consume(&r, p_bytes);
|
|
|
20cebf |
- BN_bn2bin_fixed(dsa->pub_key, r.base, key->key_size/8);
|
|
|
20cebf |
+ BN_bn2bin_fixed(pub_key, r.base, key->key_size/8);
|
|
|
20cebf |
isc_region_consume(&r, p_bytes);
|
|
|
20cebf |
|
|
|
20cebf |
isc_buffer_add(data, dnslen);
|
|
Michal Ruprich |
d886cd |
@@ -479,6 +569,7 @@ openssldsa_todns(const dst_key_t *key, isc_buffer_t *data) {
|
|
|
20cebf |
static isc_result_t
|
|
|
20cebf |
openssldsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
|
|
|
20cebf |
DSA *dsa;
|
|
Michal Ruprich |
d886cd |
+ BIGNUM *pub_key, *p, *q, *g;
|
|
|
20cebf |
isc_region_t r;
|
|
|
20cebf |
unsigned int t, p_bytes;
|
|
|
20cebf |
isc_mem_t *mctx = key->mctx;
|
|
Michal Ruprich |
d886cd |
@@ -492,7 +583,7 @@ openssldsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
|
|
|
20cebf |
dsa = DSA_new();
|
|
|
20cebf |
if (dsa == NULL)
|
|
|
20cebf |
return (ISC_R_NOMEMORY);
|
|
Michal Ruprich |
d886cd |
- dsa->flags &= ~DSA_FLAG_CACHE_MONT_P;
|
|
|
20cebf |
+ DSA_clear_flags(dsa, DSA_FLAG_CACHE_MONT_P);
|
|
|
20cebf |
|
|
|
20cebf |
t = (unsigned int) *r.base;
|
|
|
20cebf |
isc_region_consume(&r, 1);
|
|
Michal Ruprich |
d886cd |
@@ -507,18 +598,29 @@ openssldsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
|
|
|
20cebf |
return (DST_R_INVALIDPUBLICKEY);
|
|
|
20cebf |
}
|
|
|
20cebf |
|
|
|
20cebf |
- dsa->q = BN_bin2bn(r.base, ISC_SHA1_DIGESTLENGTH, NULL);
|
|
|
20cebf |
+ q = BN_bin2bn(r.base, ISC_SHA1_DIGESTLENGTH, NULL);
|
|
|
20cebf |
isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH);
|
|
|
20cebf |
|
|
|
20cebf |
- dsa->p = BN_bin2bn(r.base, p_bytes, NULL);
|
|
|
20cebf |
+ p = BN_bin2bn(r.base, p_bytes, NULL);
|
|
|
20cebf |
isc_region_consume(&r, p_bytes);
|
|
|
20cebf |
|
|
|
20cebf |
- dsa->g = BN_bin2bn(r.base, p_bytes, NULL);
|
|
|
20cebf |
+ g = BN_bin2bn(r.base, p_bytes, NULL);
|
|
|
20cebf |
isc_region_consume(&r, p_bytes);
|
|
|
20cebf |
|
|
|
20cebf |
- dsa->pub_key = BN_bin2bn(r.base, p_bytes, NULL);
|
|
|
20cebf |
+ pub_key = BN_bin2bn(r.base, p_bytes, NULL);
|
|
|
20cebf |
isc_region_consume(&r, p_bytes);
|
|
|
20cebf |
|
|
Michal Ruprich |
d886cd |
+ if (pub_key == NULL || p == NULL || q == NULL || g == NULL) {
|
|
|
20cebf |
+ DSA_free(dsa);
|
|
Michal Ruprich |
d886cd |
+ if (p != NULL) BN_free(p);
|
|
Michal Ruprich |
d886cd |
+ if (q != NULL) BN_free(q);
|
|
Michal Ruprich |
d886cd |
+ if (g != NULL) BN_free(g);
|
|
Michal Ruprich |
d886cd |
+ return (ISC_R_NOMEMORY);
|
|
|
20cebf |
+ }
|
|
|
20cebf |
+
|
|
|
20cebf |
+ DSA_set0_key(dsa, pub_key, NULL);
|
|
Michal Ruprich |
d886cd |
+ DSA_set0_pqg(dsa, p, q, g);
|
|
|
20cebf |
+
|
|
Michal Ruprich |
d886cd |
key->key_size = p_bytes * 8;
|
|
|
20cebf |
|
|
Michal Ruprich |
d886cd |
isc_buffer_forward(data, 1 + ISC_SHA1_DIGESTLENGTH + 3 * p_bytes);
|
|
Michal Ruprich |
d886cd |
@@ -533,6 +635,8 @@ static isc_result_t
|
|
|
20cebf |
openssldsa_tofile(const dst_key_t *key, const char *directory) {
|
|
|
20cebf |
int cnt = 0;
|
|
|
20cebf |
DSA *dsa;
|
|
Michal Ruprich |
d886cd |
+ const BIGNUM *pub_key = NULL, *priv_key = NULL;
|
|
Michal Ruprich |
d886cd |
+ const BIGNUM *p = NULL, *q = NULL, *g = NULL;
|
|
|
20cebf |
dst_private_t priv;
|
|
|
20cebf |
unsigned char bufs[5][128];
|
|
|
20cebf |
|
|
Michal Ruprich |
d886cd |
@@ -546,33 +650,36 @@ openssldsa_tofile(const dst_key_t *key, const char *directory) {
|
|
|
20cebf |
|
|
|
20cebf |
dsa = key->keydata.dsa;
|
|
|
20cebf |
|
|
|
20cebf |
+ DSA_get0_key(dsa, &pub_key, &priv_key);
|
|
Michal Ruprich |
d886cd |
+ DSA_get0_pqg(dsa, &p, &q, &g);
|
|
|
20cebf |
+
|
|
|
20cebf |
priv.elements[cnt].tag = TAG_DSA_PRIME;
|
|
|
20cebf |
- priv.elements[cnt].length = BN_num_bytes(dsa->p);
|
|
|
20cebf |
- BN_bn2bin(dsa->p, bufs[cnt]);
|
|
|
20cebf |
+ priv.elements[cnt].length = BN_num_bytes(p);
|
|
|
20cebf |
+ BN_bn2bin(p, bufs[cnt]);
|
|
|
20cebf |
priv.elements[cnt].data = bufs[cnt];
|
|
|
20cebf |
cnt++;
|
|
|
20cebf |
|
|
|
20cebf |
priv.elements[cnt].tag = TAG_DSA_SUBPRIME;
|
|
|
20cebf |
- priv.elements[cnt].length = BN_num_bytes(dsa->q);
|
|
|
20cebf |
- BN_bn2bin(dsa->q, bufs[cnt]);
|
|
|
20cebf |
+ priv.elements[cnt].length = BN_num_bytes(q);
|
|
|
20cebf |
+ BN_bn2bin(q, bufs[cnt]);
|
|
|
20cebf |
priv.elements[cnt].data = bufs[cnt];
|
|
|
20cebf |
cnt++;
|
|
|
20cebf |
|
|
|
20cebf |
priv.elements[cnt].tag = TAG_DSA_BASE;
|
|
|
20cebf |
- priv.elements[cnt].length = BN_num_bytes(dsa->g);
|
|
|
20cebf |
- BN_bn2bin(dsa->g, bufs[cnt]);
|
|
|
20cebf |
+ priv.elements[cnt].length = BN_num_bytes(g);
|
|
|
20cebf |
+ BN_bn2bin(g, bufs[cnt]);
|
|
|
20cebf |
priv.elements[cnt].data = bufs[cnt];
|
|
|
20cebf |
cnt++;
|
|
|
20cebf |
|
|
|
20cebf |
priv.elements[cnt].tag = TAG_DSA_PRIVATE;
|
|
|
20cebf |
- priv.elements[cnt].length = BN_num_bytes(dsa->priv_key);
|
|
|
20cebf |
- BN_bn2bin(dsa->priv_key, bufs[cnt]);
|
|
|
20cebf |
+ priv.elements[cnt].length = BN_num_bytes(priv_key);
|
|
|
20cebf |
+ BN_bn2bin(priv_key, bufs[cnt]);
|
|
|
20cebf |
priv.elements[cnt].data = bufs[cnt];
|
|
|
20cebf |
cnt++;
|
|
|
20cebf |
|
|
|
20cebf |
priv.elements[cnt].tag = TAG_DSA_PUBLIC;
|
|
|
20cebf |
- priv.elements[cnt].length = BN_num_bytes(dsa->pub_key);
|
|
|
20cebf |
- BN_bn2bin(dsa->pub_key, bufs[cnt]);
|
|
|
20cebf |
+ priv.elements[cnt].length = BN_num_bytes(pub_key);
|
|
|
20cebf |
+ BN_bn2bin(pub_key, bufs[cnt]);
|
|
|
20cebf |
priv.elements[cnt].data = bufs[cnt];
|
|
|
20cebf |
cnt++;
|
|
|
20cebf |
|
|
Michal Ruprich |
d886cd |
@@ -586,6 +693,8 @@ openssldsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
|
|
|
20cebf |
isc_result_t ret;
|
|
|
20cebf |
int i;
|
|
|
20cebf |
DSA *dsa = NULL;
|
|
Michal Ruprich |
d886cd |
+ BIGNUM *pub_key = NULL, *priv_key = NULL;
|
|
Michal Ruprich |
d886cd |
+ BIGNUM *p = NULL, *q = NULL, *g = NULL;
|
|
|
20cebf |
isc_mem_t *mctx = key->mctx;
|
|
|
20cebf |
#define DST_RET(a) {ret = a; goto err;}
|
|
|
20cebf |
|
|
Michal Ruprich |
d886cd |
@@ -610,7 +719,7 @@ openssldsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
|
|
|
20cebf |
dsa = DSA_new();
|
|
|
20cebf |
if (dsa == NULL)
|
|
|
20cebf |
DST_RET(ISC_R_NOMEMORY);
|
|
Michal Ruprich |
d886cd |
- dsa->flags &= ~DSA_FLAG_CACHE_MONT_P;
|
|
|
20cebf |
+ DSA_clear_flags(dsa, DSA_FLAG_CACHE_MONT_P);
|
|
|
20cebf |
key->keydata.dsa = dsa;
|
|
|
20cebf |
|
|
|
20cebf |
for (i = 0; i < priv.nelements; i++) {
|
|
Michal Ruprich |
d886cd |
@@ -622,28 +731,36 @@ openssldsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
|
|
|
20cebf |
|
|
|
20cebf |
switch (priv.elements[i].tag) {
|
|
|
20cebf |
case TAG_DSA_PRIME:
|
|
|
20cebf |
- dsa->p = bn;
|
|
|
20cebf |
+ p = bn;
|
|
|
20cebf |
break;
|
|
|
20cebf |
case TAG_DSA_SUBPRIME:
|
|
|
20cebf |
- dsa->q = bn;
|
|
|
20cebf |
+ q = bn;
|
|
|
20cebf |
break;
|
|
|
20cebf |
case TAG_DSA_BASE:
|
|
|
20cebf |
- dsa->g = bn;
|
|
|
20cebf |
+ g = bn;
|
|
|
20cebf |
break;
|
|
|
20cebf |
case TAG_DSA_PRIVATE:
|
|
|
20cebf |
- dsa->priv_key = bn;
|
|
|
20cebf |
+ priv_key = bn;
|
|
|
20cebf |
break;
|
|
|
20cebf |
case TAG_DSA_PUBLIC:
|
|
|
20cebf |
- dsa->pub_key = bn;
|
|
|
20cebf |
+ pub_key = bn;
|
|
|
20cebf |
break;
|
|
|
20cebf |
}
|
|
|
20cebf |
}
|
|
|
20cebf |
dst__privstruct_free(&priv, mctx);
|
|
|
20cebf |
memset(&priv, 0, sizeof(priv));
|
|
|
20cebf |
- key->key_size = BN_num_bits(dsa->p);
|
|
|
20cebf |
+ DSA_set0_key(dsa, pub_key, priv_key);
|
|
Michal Ruprich |
d886cd |
+ DSA_set0_pqg(dsa, p, q, g);
|
|
Michal Ruprich |
d886cd |
+ key->key_size = BN_num_bits(p);
|
|
|
20cebf |
return (ISC_R_SUCCESS);
|
|
|
20cebf |
|
|
|
20cebf |
err:
|
|
Michal Ruprich |
d886cd |
+ if (p != NULL)
|
|
Michal Ruprich |
d886cd |
+ BN_free(p);
|
|
Michal Ruprich |
d886cd |
+ if (q != NULL)
|
|
Michal Ruprich |
d886cd |
+ BN_free(q);
|
|
Michal Ruprich |
d886cd |
+ if (g != NULL)
|
|
Michal Ruprich |
d886cd |
+ BN_free(g);
|
|
|
20cebf |
openssldsa_destroy(key);
|
|
|
20cebf |
dst__privstruct_free(&priv, mctx);
|
|
|
20cebf |
memset(&priv, 0, sizeof(priv));
|
|
Michal Ruprich |
d886cd |
diff --git a/lib/dns/opensslecdsa_link.c b/lib/dns/opensslecdsa_link.c
|
|
Michal Ruprich |
d886cd |
index a967736..76d5a9d 100644
|
|
Michal Ruprich |
d886cd |
--- a/lib/dns/opensslecdsa_link.c
|
|
Michal Ruprich |
d886cd |
+++ b/lib/dns/opensslecdsa_link.c
|
|
Michal Ruprich |
d886cd |
@@ -41,6 +41,30 @@
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
#define DST_RET(a) {ret = a; goto err;}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
Michal Ruprich |
d886cd |
+/* From OpenSSL 1.1 */
|
|
Michal Ruprich |
d886cd |
+static void
|
|
Michal Ruprich |
d886cd |
+ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) {
|
|
Michal Ruprich |
d886cd |
+ if (pr != NULL)
|
|
Michal Ruprich |
d886cd |
+ *pr = sig->r;
|
|
Michal Ruprich |
d886cd |
+ if (ps != NULL)
|
|
Michal Ruprich |
d886cd |
+ *ps = sig->s;
|
|
Michal Ruprich |
d886cd |
+}
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+static int
|
|
Michal Ruprich |
d886cd |
+ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) {
|
|
Michal Ruprich |
d886cd |
+ if (r == NULL || s == NULL)
|
|
Michal Ruprich |
d886cd |
+ return 0;
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+ BN_clear_free(sig->r);
|
|
Michal Ruprich |
d886cd |
+ BN_clear_free(sig->s);
|
|
Michal Ruprich |
d886cd |
+ sig->r = r;
|
|
Michal Ruprich |
d886cd |
+ sig->s = s;
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+ return 1;
|
|
Michal Ruprich |
d886cd |
+}
|
|
Michal Ruprich |
d886cd |
+#endif
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
static isc_result_t opensslecdsa_todns(const dst_key_t *key,
|
|
Michal Ruprich |
d886cd |
isc_buffer_t *data);
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
@@ -102,7 +126,7 @@ opensslecdsa_adddata(dst_context_t *dctx, const isc_region_t *data) {
|
|
|
20cebf |
}
|
|
|
20cebf |
|
|
|
20cebf |
static int
|
|
|
20cebf |
-BN_bn2bin_fixed(BIGNUM *bn, unsigned char *buf, int size) {
|
|
|
20cebf |
+BN_bn2bin_fixed(const BIGNUM *bn, unsigned char *buf, int size) {
|
|
|
20cebf |
int bytes = size - BN_num_bytes(bn);
|
|
|
20cebf |
|
|
|
20cebf |
while (bytes-- > 0)
|
|
Michal Ruprich |
d886cd |
@@ -115,13 +139,14 @@ static isc_result_t
|
|
Michal Ruprich |
d886cd |
opensslecdsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
|
|
Michal Ruprich |
d886cd |
isc_result_t ret;
|
|
|
20cebf |
dst_key_t *key = dctx->key;
|
|
Michal Ruprich |
d886cd |
- isc_region_t r;
|
|
Michal Ruprich |
d886cd |
+ isc_region_t region;
|
|
|
20cebf |
ECDSA_SIG *ecdsasig;
|
|
|
20cebf |
EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
|
|
|
20cebf |
EVP_PKEY *pkey = key->keydata.pkey;
|
|
|
20cebf |
EC_KEY *eckey = EVP_PKEY_get1_EC_KEY(pkey);
|
|
Michal Ruprich |
d886cd |
unsigned int dgstlen, siglen;
|
|
Michal Ruprich |
d886cd |
unsigned char digest[EVP_MAX_MD_SIZE];
|
|
Michal Ruprich |
d886cd |
+ const BIGNUM *r, *s;
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
REQUIRE(key->key_alg == DST_ALG_ECDSA256 ||
|
|
Michal Ruprich |
d886cd |
key->key_alg == DST_ALG_ECDSA384);
|
|
Michal Ruprich |
d886cd |
@@ -134,8 +159,8 @@ opensslecdsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
|
|
Michal Ruprich |
d886cd |
else
|
|
Michal Ruprich |
d886cd |
siglen = DNS_SIG_ECDSA384SIZE;
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
- isc_buffer_availableregion(sig, &r);
|
|
Michal Ruprich |
d886cd |
- if (r.length < siglen)
|
|
Michal Ruprich |
d886cd |
+ isc_buffer_availableregion(sig, ®ion);
|
|
Michal Ruprich |
d886cd |
+ if (region.length < siglen)
|
|
Michal Ruprich |
d886cd |
DST_RET(ISC_R_NOSPACE);
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
if (!EVP_DigestFinal(evp_md_ctx, digest, &dgstlen))
|
|
Michal Ruprich |
d886cd |
@@ -148,10 +173,11 @@ opensslecdsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
|
|
|
20cebf |
DST_RET(dst__openssl_toresult3(dctx->category,
|
|
|
20cebf |
"ECDSA_do_sign",
|
|
|
20cebf |
DST_R_SIGNFAILURE));
|
|
|
20cebf |
- BN_bn2bin_fixed(ecdsasig->r, r.base, siglen / 2);
|
|
Michal Ruprich |
d886cd |
- isc_region_consume(&r, siglen / 2);
|
|
|
20cebf |
- BN_bn2bin_fixed(ecdsasig->s, r.base, siglen / 2);
|
|
Michal Ruprich |
d886cd |
- isc_region_consume(&r, siglen / 2);
|
|
Michal Ruprich |
d886cd |
+ ECDSA_SIG_get0(ecdsasig, &r, &s);
|
|
Michal Ruprich |
d886cd |
+ BN_bn2bin_fixed(r, region.base, siglen / 2);
|
|
Michal Ruprich |
d886cd |
+ isc_region_consume(®ion, siglen / 2);
|
|
Michal Ruprich |
d886cd |
+ BN_bn2bin_fixed(s, region.base, siglen / 2);
|
|
Michal Ruprich |
d886cd |
+ isc_region_consume(®ion, siglen / 2);
|
|
|
20cebf |
ECDSA_SIG_free(ecdsasig);
|
|
|
20cebf |
isc_buffer_add(sig, siglen);
|
|
Michal Ruprich |
d886cd |
ret = ISC_R_SUCCESS;
|
|
Michal Ruprich |
d886cd |
@@ -174,6 +200,7 @@ opensslecdsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
|
|
|
20cebf |
EC_KEY *eckey = EVP_PKEY_get1_EC_KEY(pkey);
|
|
Michal Ruprich |
d886cd |
unsigned int dgstlen, siglen;
|
|
Michal Ruprich |
d886cd |
unsigned char digest[EVP_MAX_MD_SIZE];
|
|
Michal Ruprich |
d886cd |
+ BIGNUM *r = NULL, *s = NULL ;
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
REQUIRE(key->key_alg == DST_ALG_ECDSA256 ||
|
|
Michal Ruprich |
d886cd |
key->key_alg == DST_ALG_ECDSA384);
|
|
Michal Ruprich |
d886cd |
@@ -197,13 +224,10 @@ opensslecdsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
|
|
|
20cebf |
ecdsasig = ECDSA_SIG_new();
|
|
|
20cebf |
if (ecdsasig == NULL)
|
|
|
20cebf |
DST_RET (ISC_R_NOMEMORY);
|
|
Michal Ruprich |
d886cd |
- if (ecdsasig->r != NULL)
|
|
Michal Ruprich |
d886cd |
- BN_free(ecdsasig->r);
|
|
|
20cebf |
- ecdsasig->r = BN_bin2bn(cp, siglen / 2, NULL);
|
|
Michal Ruprich |
d886cd |
+ r = BN_bin2bn(cp, siglen / 2, NULL);
|
|
Michal Ruprich |
d886cd |
cp += siglen / 2;
|
|
Michal Ruprich |
d886cd |
- if (ecdsasig->s != NULL)
|
|
Michal Ruprich |
d886cd |
- BN_free(ecdsasig->s);
|
|
|
20cebf |
- ecdsasig->s = BN_bin2bn(cp, siglen / 2, NULL);
|
|
Michal Ruprich |
d886cd |
+ s = BN_bin2bn(cp, siglen / 2, NULL);
|
|
Michal Ruprich |
d886cd |
+ ECDSA_SIG_set0(ecdsasig, r, s);
|
|
|
20cebf |
/* cp += siglen / 2; */
|
|
|
20cebf |
|
|
|
20cebf |
status = ECDSA_do_verify(digest, dgstlen, ecdsasig, eckey);
|
|
Michal Ruprich |
d886cd |
diff --git a/lib/dns/opensslgost_link.c b/lib/dns/opensslgost_link.c
|
|
Michal Ruprich |
d886cd |
index 6b04f7b..62d7238 100644
|
|
Michal Ruprich |
d886cd |
--- a/lib/dns/opensslgost_link.c
|
|
Michal Ruprich |
d886cd |
+++ b/lib/dns/opensslgost_link.c
|
|
Michal Ruprich |
d886cd |
@@ -28,6 +28,11 @@
|
|
Michal Ruprich |
d886cd |
#include <openssl/rsa.h>
|
|
Michal Ruprich |
d886cd |
#include <openssl/engine.h>
|
|
|
20cebf |
|
|
|
20cebf |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
Michal Ruprich |
d886cd |
+#define EVP_MD_CTX_new() &(ctx->_ctx), EVP_MD_CTX_init(&(ctx->_ctx))
|
|
Michal Ruprich |
d886cd |
+#define EVP_MD_CTX_free(ptr) EVP_MD_CTX_cleanup(ptr)
|
|
|
20cebf |
+#endif
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
static ENGINE *e = NULL;
|
|
Michal Ruprich |
d886cd |
static const EVP_MD *opensslgost_digest;
|
|
Michal Ruprich |
d886cd |
extern const EVP_MD *EVP_gost(void);
|
|
Michal Ruprich |
d886cd |
@@ -48,8 +53,10 @@ isc_gost_init(isc_gost_t *ctx) {
|
|
Michal Ruprich |
d886cd |
md = EVP_gost();
|
|
Michal Ruprich |
d886cd |
if (md == NULL)
|
|
Michal Ruprich |
d886cd |
return (DST_R_CRYPTOFAILURE);
|
|
Michal Ruprich |
d886cd |
- EVP_MD_CTX_init(ctx);
|
|
Michal Ruprich |
d886cd |
- ret = EVP_DigestInit(ctx, md);
|
|
Michal Ruprich |
d886cd |
+ ctx->ctx = EVP_MD_CTX_new();
|
|
Michal Ruprich |
d886cd |
+ if (ctx->ctx == NULL)
|
|
Michal Ruprich |
d886cd |
+ return (ISC_R_NOMEMORY);
|
|
Michal Ruprich |
d886cd |
+ ret = EVP_DigestInit(ctx->ctx, md);
|
|
Michal Ruprich |
d886cd |
if (ret != 1)
|
|
Michal Ruprich |
d886cd |
return (DST_R_CRYPTOFAILURE);
|
|
Michal Ruprich |
d886cd |
return (ISC_R_SUCCESS);
|
|
Michal Ruprich |
d886cd |
@@ -57,7 +64,8 @@ isc_gost_init(isc_gost_t *ctx) {
|
|
|
20cebf |
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
isc_gost_invalidate(isc_gost_t *ctx) {
|
|
Michal Ruprich |
d886cd |
- EVP_MD_CTX_cleanup(ctx);
|
|
Michal Ruprich |
d886cd |
+ EVP_MD_CTX_free(ctx->ctx);
|
|
Michal Ruprich |
d886cd |
+ ctx->ctx = NULL;
|
|
|
20cebf |
}
|
|
|
20cebf |
|
|
|
20cebf |
isc_result_t
|
|
Michal Ruprich |
d886cd |
@@ -67,9 +75,10 @@ isc_gost_update(isc_gost_t *ctx, const unsigned char *data,
|
|
Michal Ruprich |
d886cd |
int ret;
|
|
|
20cebf |
|
|
Michal Ruprich |
d886cd |
INSIST(ctx != NULL);
|
|
Michal Ruprich |
d886cd |
+ INSIST(ctx->ctx != NULL);
|
|
Michal Ruprich |
d886cd |
INSIST(data != NULL);
|
|
|
20cebf |
|
|
Michal Ruprich |
d886cd |
- ret = EVP_DigestUpdate(ctx, (const void *) data, (size_t) len);
|
|
Michal Ruprich |
d886cd |
+ ret = EVP_DigestUpdate(ctx->ctx, (const void *) data, (size_t) len);
|
|
Michal Ruprich |
d886cd |
if (ret != 1)
|
|
Michal Ruprich |
d886cd |
return (DST_R_CRYPTOFAILURE);
|
|
Michal Ruprich |
d886cd |
return (ISC_R_SUCCESS);
|
|
Michal Ruprich |
d886cd |
@@ -80,9 +89,12 @@ isc_gost_final(isc_gost_t *ctx, unsigned char *digest) {
|
|
Michal Ruprich |
d886cd |
int ret;
|
|
|
20cebf |
|
|
Michal Ruprich |
d886cd |
INSIST(ctx != NULL);
|
|
Michal Ruprich |
d886cd |
+ INSIST(ctx->ctx != NULL);
|
|
Michal Ruprich |
d886cd |
INSIST(digest != NULL);
|
|
|
20cebf |
|
|
Michal Ruprich |
d886cd |
- ret = EVP_DigestFinal(ctx, digest, NULL);
|
|
Michal Ruprich |
d886cd |
+ ret = EVP_DigestFinal(ctx->ctx, digest, NULL);
|
|
Michal Ruprich |
d886cd |
+ EVP_MD_CTX_free(ctx->ctx);
|
|
Michal Ruprich |
d886cd |
+ ctx->ctx = NULL;
|
|
Michal Ruprich |
d886cd |
if (ret != 1)
|
|
Michal Ruprich |
d886cd |
return (DST_R_CRYPTOFAILURE);
|
|
Michal Ruprich |
d886cd |
return (ISC_R_SUCCESS);
|
|
Michal Ruprich |
d886cd |
diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c
|
|
Michal Ruprich |
d886cd |
index b5ad913..89b4975 100644
|
|
Michal Ruprich |
d886cd |
--- a/lib/dns/opensslrsa_link.c
|
|
Michal Ruprich |
d886cd |
+++ b/lib/dns/opensslrsa_link.c
|
|
Michal Ruprich |
d886cd |
@@ -99,7 +99,8 @@
|
|
Michal Ruprich |
d886cd |
(rsa)->flags &= ~(RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE); \
|
|
|
20cebf |
(rsa)->flags &= ~RSA_FLAG_BLINDING; \
|
|
|
20cebf |
} while (0)
|
|
Michal Ruprich |
d886cd |
-#elif defined(RSA_FLAG_NO_BLINDING)
|
|
Michal Ruprich |
d886cd |
+#elif OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
Michal Ruprich |
d886cd |
+#if defined(RSA_FLAG_NO_BLINDING)
|
|
|
20cebf |
#define SET_FLAGS(rsa) \
|
|
|
20cebf |
do { \
|
|
|
20cebf |
(rsa)->flags &= ~RSA_FLAG_BLINDING; \
|
|
Michal Ruprich |
d886cd |
@@ -111,9 +112,132 @@
|
|
|
20cebf |
(rsa)->flags &= ~RSA_FLAG_BLINDING; \
|
|
|
20cebf |
} while (0)
|
|
|
20cebf |
#endif
|
|
Michal Ruprich |
d886cd |
-
|
|
Michal Ruprich |
d886cd |
+#else
|
|
Michal Ruprich |
d886cd |
+#define SET_FLAGS(rsa) \
|
|
Michal Ruprich |
d886cd |
+ do { \
|
|
Michal Ruprich |
d886cd |
+ RSA_clear_flags(rsa, RSA_FLAG_BLINDING); \
|
|
Michal Ruprich |
d886cd |
+ RSA_set_flags(rsa, RSA_FLAG_NO_BLINDING); \
|
|
Michal Ruprich |
d886cd |
+ } while (0)
|
|
Michal Ruprich |
d886cd |
+#endif
|
|
Michal Ruprich |
d886cd |
#define DST_RET(a) {ret = a; goto err;}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
Michal Ruprich |
d886cd |
+/* From OpenSSL 1.1.0 */
|
|
Michal Ruprich |
d886cd |
+static int
|
|
Michal Ruprich |
d886cd |
+RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) {
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+ /*
|
|
Michal Ruprich |
d886cd |
+ * If the fields n and e in r are NULL, the corresponding input
|
|
Michal Ruprich |
d886cd |
+ * parameters MUST be non-NULL for n and e. d may be
|
|
Michal Ruprich |
d886cd |
+ * left NULL (in case only the public key is used).
|
|
Michal Ruprich |
d886cd |
+ */
|
|
Michal Ruprich |
d886cd |
+ if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL))
|
|
Michal Ruprich |
d886cd |
+ return 0;
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+ if (n != NULL) {
|
|
Michal Ruprich |
d886cd |
+ BN_free(r->n);
|
|
Michal Ruprich |
d886cd |
+ r->n = n;
|
|
Michal Ruprich |
d886cd |
+ }
|
|
Michal Ruprich |
d886cd |
+ if (e != NULL) {
|
|
Michal Ruprich |
d886cd |
+ BN_free(r->e);
|
|
Michal Ruprich |
d886cd |
+ r->e = e;
|
|
Michal Ruprich |
d886cd |
+ }
|
|
Michal Ruprich |
d886cd |
+ if (d != NULL) {
|
|
Michal Ruprich |
d886cd |
+ BN_free(r->d);
|
|
Michal Ruprich |
d886cd |
+ r->d = d;
|
|
Michal Ruprich |
d886cd |
+ }
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+ return 1;
|
|
Michal Ruprich |
d886cd |
+}
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+static int
|
|
Michal Ruprich |
d886cd |
+RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) {
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+ /*
|
|
Michal Ruprich |
d886cd |
+ * If the fields p and q in r are NULL, the corresponding input
|
|
Michal Ruprich |
d886cd |
+ * parameters MUST be non-NULL.
|
|
Michal Ruprich |
d886cd |
+ */
|
|
Michal Ruprich |
d886cd |
+ if ((r->p == NULL && p == NULL) || (r->q == NULL && q == NULL))
|
|
Michal Ruprich |
d886cd |
+ return 0;
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+ if (p != NULL) {
|
|
Michal Ruprich |
d886cd |
+ BN_free(r->p);
|
|
Michal Ruprich |
d886cd |
+ r->p = p;
|
|
Michal Ruprich |
d886cd |
+ }
|
|
Michal Ruprich |
d886cd |
+ if (q != NULL) {
|
|
Michal Ruprich |
d886cd |
+ BN_free(r->q);
|
|
Michal Ruprich |
d886cd |
+ r->q = q;
|
|
Michal Ruprich |
d886cd |
+ }
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+ return 1;
|
|
Michal Ruprich |
d886cd |
+}
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+static int
|
|
Michal Ruprich |
d886cd |
+RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) {
|
|
Michal Ruprich |
d886cd |
+ /*
|
|
Michal Ruprich |
d886cd |
+ * If the fields dmp1, dmq1 and iqmp in r are NULL, the
|
|
Michal Ruprich |
d886cd |
+ * corresponding input parameters MUST be non-NULL.
|
|
Michal Ruprich |
d886cd |
+ */
|
|
Michal Ruprich |
d886cd |
+ if ((r->dmp1 == NULL && dmp1 == NULL) ||
|
|
Michal Ruprich |
d886cd |
+ (r->dmq1 == NULL && dmq1 == NULL) ||
|
|
Michal Ruprich |
d886cd |
+ (r->iqmp == NULL && iqmp == NULL))
|
|
Michal Ruprich |
d886cd |
+ return 0;
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+ if (dmp1 != NULL) {
|
|
Michal Ruprich |
d886cd |
+ BN_free(r->dmp1);
|
|
Michal Ruprich |
d886cd |
+ r->dmp1 = dmp1;
|
|
Michal Ruprich |
d886cd |
+ }
|
|
Michal Ruprich |
d886cd |
+ if (dmq1 != NULL) {
|
|
Michal Ruprich |
d886cd |
+ BN_free(r->dmq1);
|
|
Michal Ruprich |
d886cd |
+ r->dmq1 = dmq1;
|
|
Michal Ruprich |
d886cd |
+ }
|
|
Michal Ruprich |
d886cd |
+ if (iqmp != NULL) {
|
|
Michal Ruprich |
d886cd |
+ BN_free(r->iqmp);
|
|
Michal Ruprich |
d886cd |
+ r->iqmp = iqmp;
|
|
Michal Ruprich |
d886cd |
+ }
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+ return 1;
|
|
Michal Ruprich |
d886cd |
+}
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+static void
|
|
Michal Ruprich |
d886cd |
+RSA_get0_key(const RSA *r,
|
|
Michal Ruprich |
d886cd |
+ const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
|
|
Michal Ruprich |
d886cd |
+{
|
|
Michal Ruprich |
d886cd |
+ if (n != NULL)
|
|
Michal Ruprich |
d886cd |
+ *n = r->n;
|
|
Michal Ruprich |
d886cd |
+ if (e != NULL)
|
|
Michal Ruprich |
d886cd |
+ *e = r->e;
|
|
Michal Ruprich |
d886cd |
+ if (d != NULL)
|
|
Michal Ruprich |
d886cd |
+ *d = r->d;
|
|
Michal Ruprich |
d886cd |
+}
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+static void
|
|
Michal Ruprich |
d886cd |
+RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) {
|
|
Michal Ruprich |
d886cd |
+ if (p != NULL)
|
|
Michal Ruprich |
d886cd |
+ *p = r->p;
|
|
Michal Ruprich |
d886cd |
+ if (q != NULL)
|
|
Michal Ruprich |
d886cd |
+ *q = r->q;
|
|
Michal Ruprich |
d886cd |
+}
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+static void
|
|
Michal Ruprich |
d886cd |
+RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1,
|
|
Michal Ruprich |
d886cd |
+ const BIGNUM **iqmp)
|
|
Michal Ruprich |
d886cd |
+{
|
|
Michal Ruprich |
d886cd |
+ if (dmp1 != NULL)
|
|
Michal Ruprich |
d886cd |
+ *dmp1 = r->dmp1;
|
|
Michal Ruprich |
d886cd |
+ if (dmq1 != NULL)
|
|
Michal Ruprich |
d886cd |
+ *dmq1 = r->dmq1;
|
|
Michal Ruprich |
d886cd |
+ if (iqmp != NULL)
|
|
Michal Ruprich |
d886cd |
+ *iqmp = r->iqmp;
|
|
Michal Ruprich |
d886cd |
+}
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+static int
|
|
Michal Ruprich |
d886cd |
+RSA_test_flags(const RSA *r, int flags) {
|
|
Michal Ruprich |
d886cd |
+ return (r->flags & flags);
|
|
Michal Ruprich |
d886cd |
+}
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+#endif
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
static isc_result_t opensslrsa_todns(const dst_key_t *key, isc_buffer_t *data);
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
static isc_result_t
|
|
Michal Ruprich |
d886cd |
@@ -553,6 +677,7 @@ opensslrsa_verify2(dst_context_t *dctx, int maxbits, const isc_region_t *sig) {
|
|
|
20cebf |
EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
|
|
|
20cebf |
EVP_PKEY *pkey = key->keydata.pkey;
|
|
|
20cebf |
RSA *rsa;
|
|
Michal Ruprich |
d886cd |
+ const BIGNUM *e = NULL;
|
|
|
20cebf |
int bits;
|
|
|
20cebf |
#else
|
|
|
20cebf |
/* note: ISC_SHA512_DIGESTLENGTH >= ISC_*_DIGESTLENGTH */
|
|
Michal Ruprich |
d886cd |
@@ -583,7 +708,8 @@ opensslrsa_verify2(dst_context_t *dctx, int maxbits, const isc_region_t *sig) {
|
|
|
20cebf |
rsa = EVP_PKEY_get1_RSA(pkey);
|
|
|
20cebf |
if (rsa == NULL)
|
|
|
20cebf |
return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
|
|
|
20cebf |
- bits = BN_num_bits(rsa->e);
|
|
|
20cebf |
+ RSA_get0_key(rsa, NULL, &e, NULL);
|
|
|
20cebf |
+ bits = BN_num_bits(e);
|
|
|
20cebf |
RSA_free(rsa);
|
|
|
20cebf |
if (bits > maxbits && maxbits != 0)
|
|
|
20cebf |
return (DST_R_VERIFYFAILURE);
|
|
Michal Ruprich |
d886cd |
@@ -600,7 +726,8 @@ opensslrsa_verify2(dst_context_t *dctx, int maxbits, const isc_region_t *sig) {
|
|
Michal Ruprich |
d886cd |
DST_R_VERIFYFAILURE));
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
#else
|
|
Michal Ruprich |
d886cd |
- if (BN_num_bits(rsa->e) > maxbits && maxbits != 0)
|
|
Michal Ruprich |
d886cd |
+ RSA_get0_key(rsa, NULL, &e, NULL);
|
|
Michal Ruprich |
d886cd |
+ if (BN_num_bits(e) > maxbits && maxbits != 0)
|
|
Michal Ruprich |
d886cd |
return (DST_R_VERIFYFAILURE);
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
switch (dctx->key->key_alg) {
|
|
Michal Ruprich |
d886cd |
@@ -729,6 +856,11 @@ static isc_boolean_t
|
|
|
20cebf |
opensslrsa_compare(const dst_key_t *key1, const dst_key_t *key2) {
|
|
|
20cebf |
int status;
|
|
|
20cebf |
RSA *rsa1 = NULL, *rsa2 = NULL;
|
|
Michal Ruprich |
d886cd |
+ const BIGNUM *n1 = NULL, *n2 = NULL;
|
|
Michal Ruprich |
d886cd |
+ const BIGNUM *e1 = NULL, *e2 = NULL;
|
|
Michal Ruprich |
d886cd |
+ const BIGNUM *d1 = NULL, *d2 = NULL;
|
|
Michal Ruprich |
d886cd |
+ const BIGNUM *p1 = NULL, *p2 = NULL;
|
|
Michal Ruprich |
d886cd |
+ const BIGNUM *q1 = NULL, *q2 = NULL;
|
|
|
20cebf |
#if USE_EVP
|
|
|
20cebf |
EVP_PKEY *pkey1, *pkey2;
|
|
|
20cebf |
#endif
|
|
Michal Ruprich |
d886cd |
@@ -758,17 +890,18 @@ opensslrsa_compare(const dst_key_t *key1, const dst_key_t *key2) {
|
|
|
20cebf |
else if (rsa1 == NULL || rsa2 == NULL)
|
|
|
20cebf |
return (ISC_FALSE);
|
|
|
20cebf |
|
|
|
20cebf |
- status = BN_cmp(rsa1->n, rsa2->n) ||
|
|
|
20cebf |
- BN_cmp(rsa1->e, rsa2->e);
|
|
|
20cebf |
+ RSA_get0_key(rsa1, &n1, &e1, &d1;;
|
|
|
20cebf |
+ RSA_get0_key(rsa2, &n2, &e2, &d2;;
|
|
Michal Ruprich |
d886cd |
+ status = BN_cmp(n1, n2) || BN_cmp(e1, e2);
|
|
|
20cebf |
|
|
|
20cebf |
if (status != 0)
|
|
|
20cebf |
return (ISC_FALSE);
|
|
|
20cebf |
|
|
|
20cebf |
#if USE_EVP
|
|
Michal Ruprich |
d886cd |
- if ((rsa1->flags & RSA_FLAG_EXT_PKEY) != 0 ||
|
|
Michal Ruprich |
d886cd |
- (rsa2->flags & RSA_FLAG_EXT_PKEY) != 0) {
|
|
Michal Ruprich |
d886cd |
- if ((rsa1->flags & RSA_FLAG_EXT_PKEY) == 0 ||
|
|
Michal Ruprich |
d886cd |
- (rsa2->flags & RSA_FLAG_EXT_PKEY) == 0)
|
|
|
20cebf |
+ if (RSA_test_flags(rsa1, RSA_FLAG_EXT_PKEY) != 0 ||
|
|
|
20cebf |
+ RSA_test_flags(rsa2, RSA_FLAG_EXT_PKEY) != 0) {
|
|
|
20cebf |
+ if (RSA_test_flags(rsa1, RSA_FLAG_EXT_PKEY) == 0 ||
|
|
|
20cebf |
+ RSA_test_flags(rsa2, RSA_FLAG_EXT_PKEY) == 0)
|
|
Michal Ruprich |
d886cd |
return (ISC_FALSE);
|
|
Michal Ruprich |
d886cd |
/*
|
|
Michal Ruprich |
d886cd |
* Can't compare private parameters, BTW does it make sense?
|
|
Michal Ruprich |
d886cd |
@@ -777,12 +910,12 @@ opensslrsa_compare(const dst_key_t *key1, const dst_key_t *key2) {
|
|
Michal Ruprich |
d886cd |
}
|
|
|
20cebf |
#endif
|
|
|
20cebf |
|
|
|
20cebf |
- if (rsa1->d != NULL || rsa2->d != NULL) {
|
|
|
20cebf |
- if (rsa1->d == NULL || rsa2->d == NULL)
|
|
|
20cebf |
+ if (d1 != NULL || d2 != NULL) {
|
|
|
20cebf |
+ if (d1 == NULL || d2 == NULL)
|
|
|
20cebf |
return (ISC_FALSE);
|
|
|
20cebf |
- status = BN_cmp(rsa1->d, rsa2->d) ||
|
|
|
20cebf |
- BN_cmp(rsa1->p, rsa2->p) ||
|
|
|
20cebf |
- BN_cmp(rsa1->q, rsa2->q);
|
|
Michal Ruprich |
d886cd |
+ RSA_get0_factors(rsa1, &p1, &q1;;
|
|
Michal Ruprich |
d886cd |
+ RSA_get0_factors(rsa2, &p2, &q2;;
|
|
Michal Ruprich |
d886cd |
+ status = BN_cmp(d1, d2) || BN_cmp(p1, p1) || BN_cmp(q1, q2);
|
|
|
20cebf |
|
|
|
20cebf |
if (status != 0)
|
|
|
20cebf |
return (ISC_FALSE);
|
|
Michal Ruprich |
d886cd |
@@ -868,7 +1001,7 @@ opensslrsa_generate(dst_key_t *key, int exp, void (*callback)(int)) {
|
|
Michal Ruprich |
d886cd |
ret = dst__openssl_toresult2("RSA_generate_key_ex",
|
|
Michal Ruprich |
d886cd |
DST_R_OPENSSLFAILURE);
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
-err:
|
|
Michal Ruprich |
d886cd |
+ err:
|
|
Michal Ruprich |
d886cd |
#if USE_EVP
|
|
Michal Ruprich |
d886cd |
if (pkey != NULL)
|
|
Michal Ruprich |
d886cd |
EVP_PKEY_free(pkey);
|
|
Michal Ruprich |
d886cd |
@@ -925,6 +1058,7 @@ err:
|
|
Michal Ruprich |
d886cd |
|
|
|
20cebf |
static isc_boolean_t
|
|
|
20cebf |
opensslrsa_isprivate(const dst_key_t *key) {
|
|
Michal Ruprich |
d886cd |
+ const BIGNUM *d = NULL;
|
|
|
20cebf |
#if USE_EVP
|
|
|
20cebf |
RSA *rsa = EVP_PKEY_get1_RSA(key->keydata.pkey);
|
|
|
20cebf |
INSIST(rsa != NULL);
|
|
Michal Ruprich |
d886cd |
@@ -933,9 +1067,10 @@ opensslrsa_isprivate(const dst_key_t *key) {
|
|
|
20cebf |
#else
|
|
|
20cebf |
RSA *rsa = key->keydata.rsa;
|
|
|
20cebf |
#endif
|
|
|
20cebf |
- if (rsa != NULL && (rsa->flags & RSA_FLAG_EXT_PKEY) != 0)
|
|
Michal Ruprich |
d886cd |
+ if (rsa != NULL && RSA_test_flags(rsa, RSA_FLAG_EXT_PKEY) != 0)
|
|
|
20cebf |
return (ISC_TRUE);
|
|
Michal Ruprich |
d886cd |
- return (ISC_TF(rsa != NULL && rsa->d != NULL));
|
|
|
20cebf |
+ RSA_get0_key(rsa, NULL, NULL, &d);
|
|
Michal Ruprich |
d886cd |
+ return (ISC_TF(rsa != NULL && d != NULL));
|
|
|
20cebf |
}
|
|
|
20cebf |
|
|
|
20cebf |
static void
|
|
Michal Ruprich |
d886cd |
@@ -951,7 +1086,6 @@ opensslrsa_destroy(dst_key_t *key) {
|
|
Michal Ruprich |
d886cd |
#endif
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
-
|
|
Michal Ruprich |
d886cd |
static isc_result_t
|
|
Michal Ruprich |
d886cd |
opensslrsa_todns(const dst_key_t *key, isc_buffer_t *data) {
|
|
Michal Ruprich |
d886cd |
isc_region_t r;
|
|
Michal Ruprich |
d886cd |
@@ -962,6 +1096,7 @@ opensslrsa_todns(const dst_key_t *key, isc_buffer_t *data) {
|
|
|
20cebf |
#if USE_EVP
|
|
|
20cebf |
EVP_PKEY *pkey;
|
|
|
20cebf |
#endif
|
|
Michal Ruprich |
d886cd |
+ const BIGNUM *e = NULL, *n = NULL;
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
#if USE_EVP
|
|
Michal Ruprich |
d886cd |
REQUIRE(key->keydata.pkey != NULL);
|
|
Michal Ruprich |
d886cd |
@@ -980,8 +1115,9 @@ opensslrsa_todns(const dst_key_t *key, isc_buffer_t *data) {
|
|
|
20cebf |
|
|
|
20cebf |
isc_buffer_availableregion(data, &r);
|
|
|
20cebf |
|
|
|
20cebf |
- e_bytes = BN_num_bytes(rsa->e);
|
|
|
20cebf |
- mod_bytes = BN_num_bytes(rsa->n);
|
|
|
20cebf |
+ RSA_get0_key(rsa, &n, &e, NULL);
|
|
|
20cebf |
+ mod_bytes = BN_num_bytes(n);
|
|
Michal Ruprich |
d886cd |
+ e_bytes = BN_num_bytes(e);
|
|
|
20cebf |
|
|
|
20cebf |
if (e_bytes < 256) { /*%< key exponent is <= 2040 bits */
|
|
|
20cebf |
if (r.length < 1)
|
|
Michal Ruprich |
d886cd |
@@ -999,9 +1135,10 @@ opensslrsa_todns(const dst_key_t *key, isc_buffer_t *data) {
|
|
|
20cebf |
if (r.length < e_bytes + mod_bytes)
|
|
|
20cebf |
DST_RET(ISC_R_NOSPACE);
|
|
|
20cebf |
|
|
|
20cebf |
- BN_bn2bin(rsa->e, r.base);
|
|
Michal Ruprich |
d886cd |
+ RSA_get0_key(rsa, &n, &e, NULL);
|
|
|
20cebf |
+ BN_bn2bin(e, r.base);
|
|
|
20cebf |
isc_region_consume(&r, e_bytes);
|
|
|
20cebf |
- BN_bn2bin(rsa->n, r.base);
|
|
|
20cebf |
+ BN_bn2bin(n, r.base);
|
|
|
20cebf |
|
|
|
20cebf |
isc_buffer_add(data, e_bytes + mod_bytes);
|
|
|
20cebf |
|
|
Michal Ruprich |
d886cd |
@@ -1023,6 +1160,7 @@ opensslrsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
|
|
Michal Ruprich |
d886cd |
#if USE_EVP
|
|
Michal Ruprich |
d886cd |
EVP_PKEY *pkey;
|
|
Michal Ruprich |
d886cd |
#endif
|
|
Michal Ruprich |
d886cd |
+ BIGNUM *e = NULL, *n = NULL;
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
isc_buffer_remainingregion(data, &r);
|
|
Michal Ruprich |
d886cd |
if (r.length == 0)
|
|
Michal Ruprich |
d886cd |
@@ -1056,12 +1194,16 @@ opensslrsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
|
|
|
20cebf |
RSA_free(rsa);
|
|
|
20cebf |
return (DST_R_INVALIDPUBLICKEY);
|
|
|
20cebf |
}
|
|
|
20cebf |
- rsa->e = BN_bin2bn(r.base, e_bytes, NULL);
|
|
|
20cebf |
+ e = BN_bin2bn(r.base, e_bytes, NULL);
|
|
|
20cebf |
isc_region_consume(&r, e_bytes);
|
|
Michal Ruprich |
d886cd |
-
|
|
|
20cebf |
- rsa->n = BN_bin2bn(r.base, r.length, NULL);
|
|
Michal Ruprich |
d886cd |
-
|
|
|
20cebf |
- key->key_size = BN_num_bits(rsa->n);
|
|
Michal Ruprich |
d886cd |
+ n = BN_bin2bn(r.base, r.length, NULL);
|
|
Michal Ruprich |
d886cd |
+ if (RSA_set0_key(rsa, n, e, NULL) == 0) {
|
|
Michal Ruprich |
d886cd |
+ if (n != NULL) BN_free(n);
|
|
Michal Ruprich |
d886cd |
+ if (e != NULL) BN_free(e);
|
|
Michal Ruprich |
d886cd |
+ RSA_free(rsa);
|
|
Michal Ruprich |
d886cd |
+ return (ISC_R_NOMEMORY);
|
|
Michal Ruprich |
d886cd |
+ }
|
|
|
20cebf |
+ key->key_size = BN_num_bits(n);
|
|
|
20cebf |
|
|
|
20cebf |
isc_buffer_forward(data, length);
|
|
|
20cebf |
|
|
Michal Ruprich |
d886cd |
@@ -1092,6 +1234,9 @@ opensslrsa_tofile(const dst_key_t *key, const char *directory) {
|
|
|
20cebf |
dst_private_t priv;
|
|
|
20cebf |
unsigned char *bufs[8];
|
|
|
20cebf |
isc_result_t result;
|
|
Michal Ruprich |
d886cd |
+ const BIGNUM *n = NULL, *e = NULL, *d = NULL;
|
|
Michal Ruprich |
d886cd |
+ const BIGNUM *p = NULL, *q = NULL;
|
|
Michal Ruprich |
d886cd |
+ const BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
#if USE_EVP
|
|
Michal Ruprich |
d886cd |
if (key->keydata.pkey == NULL)
|
|
Michal Ruprich |
d886cd |
@@ -1106,6 +1251,10 @@ opensslrsa_tofile(const dst_key_t *key, const char *directory) {
|
|
Michal Ruprich |
d886cd |
#endif
|
|
Michal Ruprich |
d886cd |
memset(bufs, 0, sizeof(bufs));
|
|
|
20cebf |
|
|
|
20cebf |
+ RSA_get0_key(rsa, &n, &e, &d);
|
|
|
20cebf |
+ RSA_get0_factors(rsa, &p, &q);
|
|
|
20cebf |
+ RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
|
|
|
20cebf |
+
|
|
Michal Ruprich |
d886cd |
if (key->external) {
|
|
Michal Ruprich |
d886cd |
priv.nelements = 0;
|
|
Michal Ruprich |
d886cd |
result = dst__privstruct_writefile(key, &priv, directory);
|
|
Michal Ruprich |
d886cd |
@@ -1113,7 +1262,7 @@ opensslrsa_tofile(const dst_key_t *key, const char *directory) {
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
|
20cebf |
for (i = 0; i < 8; i++) {
|
|
|
20cebf |
- bufs[i] = isc_mem_get(key->mctx, BN_num_bytes(rsa->n));
|
|
|
20cebf |
+ bufs[i] = isc_mem_get(key->mctx, BN_num_bytes(n));
|
|
|
20cebf |
if (bufs[i] == NULL) {
|
|
|
20cebf |
result = ISC_R_NOMEMORY;
|
|
|
20cebf |
goto fail;
|
|
Michal Ruprich |
d886cd |
@@ -1123,61 +1272,61 @@ opensslrsa_tofile(const dst_key_t *key, const char *directory) {
|
|
|
20cebf |
i = 0;
|
|
|
20cebf |
|
|
|
20cebf |
priv.elements[i].tag = TAG_RSA_MODULUS;
|
|
|
20cebf |
- priv.elements[i].length = BN_num_bytes(rsa->n);
|
|
|
20cebf |
- BN_bn2bin(rsa->n, bufs[i]);
|
|
|
20cebf |
+ priv.elements[i].length = BN_num_bytes(n);
|
|
|
20cebf |
+ BN_bn2bin(n, bufs[i]);
|
|
|
20cebf |
priv.elements[i].data = bufs[i];
|
|
|
20cebf |
i++;
|
|
|
20cebf |
|
|
|
20cebf |
priv.elements[i].tag = TAG_RSA_PUBLICEXPONENT;
|
|
|
20cebf |
- priv.elements[i].length = BN_num_bytes(rsa->e);
|
|
|
20cebf |
- BN_bn2bin(rsa->e, bufs[i]);
|
|
|
20cebf |
+ priv.elements[i].length = BN_num_bytes(e);
|
|
|
20cebf |
+ BN_bn2bin(e, bufs[i]);
|
|
|
20cebf |
priv.elements[i].data = bufs[i];
|
|
|
20cebf |
i++;
|
|
|
20cebf |
|
|
|
20cebf |
- if (rsa->d != NULL) {
|
|
|
20cebf |
+ if (d != NULL) {
|
|
|
20cebf |
priv.elements[i].tag = TAG_RSA_PRIVATEEXPONENT;
|
|
|
20cebf |
- priv.elements[i].length = BN_num_bytes(rsa->d);
|
|
|
20cebf |
- BN_bn2bin(rsa->d, bufs[i]);
|
|
|
20cebf |
+ priv.elements[i].length = BN_num_bytes(d);
|
|
|
20cebf |
+ BN_bn2bin(d, bufs[i]);
|
|
|
20cebf |
priv.elements[i].data = bufs[i];
|
|
|
20cebf |
i++;
|
|
|
20cebf |
}
|
|
|
20cebf |
|
|
|
20cebf |
- if (rsa->p != NULL) {
|
|
|
20cebf |
+ if (p != NULL) {
|
|
|
20cebf |
priv.elements[i].tag = TAG_RSA_PRIME1;
|
|
|
20cebf |
- priv.elements[i].length = BN_num_bytes(rsa->p);
|
|
|
20cebf |
- BN_bn2bin(rsa->p, bufs[i]);
|
|
|
20cebf |
+ priv.elements[i].length = BN_num_bytes(p);
|
|
|
20cebf |
+ BN_bn2bin(p, bufs[i]);
|
|
|
20cebf |
priv.elements[i].data = bufs[i];
|
|
|
20cebf |
i++;
|
|
|
20cebf |
}
|
|
|
20cebf |
|
|
|
20cebf |
- if (rsa->q != NULL) {
|
|
|
20cebf |
+ if (q != NULL) {
|
|
|
20cebf |
priv.elements[i].tag = TAG_RSA_PRIME2;
|
|
|
20cebf |
- priv.elements[i].length = BN_num_bytes(rsa->q);
|
|
|
20cebf |
- BN_bn2bin(rsa->q, bufs[i]);
|
|
|
20cebf |
+ priv.elements[i].length = BN_num_bytes(q);
|
|
|
20cebf |
+ BN_bn2bin(q, bufs[i]);
|
|
|
20cebf |
priv.elements[i].data = bufs[i];
|
|
|
20cebf |
i++;
|
|
|
20cebf |
}
|
|
|
20cebf |
|
|
|
20cebf |
- if (rsa->dmp1 != NULL) {
|
|
|
20cebf |
+ if (dmp1 != NULL) {
|
|
|
20cebf |
priv.elements[i].tag = TAG_RSA_EXPONENT1;
|
|
|
20cebf |
- priv.elements[i].length = BN_num_bytes(rsa->dmp1);
|
|
|
20cebf |
- BN_bn2bin(rsa->dmp1, bufs[i]);
|
|
|
20cebf |
+ priv.elements[i].length = BN_num_bytes(dmp1);
|
|
|
20cebf |
+ BN_bn2bin(dmp1, bufs[i]);
|
|
|
20cebf |
priv.elements[i].data = bufs[i];
|
|
|
20cebf |
i++;
|
|
|
20cebf |
}
|
|
|
20cebf |
|
|
|
20cebf |
- if (rsa->dmq1 != NULL) {
|
|
|
20cebf |
+ if (dmq1 != NULL) {
|
|
|
20cebf |
priv.elements[i].tag = TAG_RSA_EXPONENT2;
|
|
|
20cebf |
- priv.elements[i].length = BN_num_bytes(rsa->dmq1);
|
|
|
20cebf |
- BN_bn2bin(rsa->dmq1, bufs[i]);
|
|
|
20cebf |
+ priv.elements[i].length = BN_num_bytes(dmq1);
|
|
|
20cebf |
+ BN_bn2bin(dmq1, bufs[i]);
|
|
|
20cebf |
priv.elements[i].data = bufs[i];
|
|
|
20cebf |
i++;
|
|
|
20cebf |
}
|
|
|
20cebf |
|
|
|
20cebf |
- if (rsa->iqmp != NULL) {
|
|
|
20cebf |
+ if (iqmp != NULL) {
|
|
|
20cebf |
priv.elements[i].tag = TAG_RSA_COEFFICIENT;
|
|
|
20cebf |
- priv.elements[i].length = BN_num_bytes(rsa->iqmp);
|
|
|
20cebf |
- BN_bn2bin(rsa->iqmp, bufs[i]);
|
|
|
20cebf |
+ priv.elements[i].length = BN_num_bytes(iqmp);
|
|
|
20cebf |
+ BN_bn2bin(iqmp, bufs[i]);
|
|
|
20cebf |
priv.elements[i].data = bufs[i];
|
|
|
20cebf |
i++;
|
|
|
20cebf |
}
|
|
Michal Ruprich |
d886cd |
@@ -1208,33 +1357,45 @@ opensslrsa_tofile(const dst_key_t *key, const char *directory) {
|
|
|
20cebf |
for (i = 0; i < 8; i++) {
|
|
|
20cebf |
if (bufs[i] == NULL)
|
|
|
20cebf |
break;
|
|
|
20cebf |
- isc_mem_put(key->mctx, bufs[i], BN_num_bytes(rsa->n));
|
|
|
20cebf |
+ isc_mem_put(key->mctx, bufs[i], BN_num_bytes(n));
|
|
|
20cebf |
}
|
|
|
20cebf |
return (result);
|
|
|
20cebf |
}
|
|
|
20cebf |
|
|
Michal Ruprich |
d886cd |
static isc_result_t
|
|
Michal Ruprich |
d886cd |
-rsa_check(RSA *rsa, RSA *pub)
|
|
Michal Ruprich |
d886cd |
-{
|
|
Michal Ruprich |
d886cd |
- /* Public parameters should be the same but if they are not set
|
|
Michal Ruprich |
d886cd |
- * copy them from the public key. */
|
|
Michal Ruprich |
d886cd |
+rsa_check(RSA *rsa, RSA *pub) {
|
|
Michal Ruprich |
d886cd |
+ const BIGNUM *n1 = NULL, *n2 = NULL;
|
|
Michal Ruprich |
d886cd |
+ const BIGNUM *e1 = NULL, *e2 = NULL;
|
|
Michal Ruprich |
d886cd |
+ BIGNUM *n = NULL, *e = NULL;
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+ /*
|
|
Michal Ruprich |
d886cd |
+ * Public parameters should be the same but if they are not set
|
|
Michal Ruprich |
d886cd |
+ * copy them from the public key.
|
|
Michal Ruprich |
d886cd |
+ */
|
|
Michal Ruprich |
d886cd |
+ RSA_get0_key(rsa, &n1, &e1, NULL);
|
|
Michal Ruprich |
d886cd |
if (pub != NULL) {
|
|
Michal Ruprich |
d886cd |
- if (rsa->n != NULL) {
|
|
|
20cebf |
- if (BN_cmp(rsa->n, pub->n) != 0)
|
|
Michal Ruprich |
d886cd |
+ RSA_get0_key(pub, &n2, &e2, NULL);
|
|
Michal Ruprich |
d886cd |
+ if (n1 != NULL) {
|
|
Michal Ruprich |
d886cd |
+ if (BN_cmp(n1, n2) != 0)
|
|
|
20cebf |
return (DST_R_INVALIDPRIVATEKEY);
|
|
|
20cebf |
} else {
|
|
|
20cebf |
- rsa->n = pub->n;
|
|
|
20cebf |
- pub->n = NULL;
|
|
Michal Ruprich |
d886cd |
+ n = BN_dup(n2);
|
|
|
20cebf |
}
|
|
|
20cebf |
- if (rsa->e != NULL) {
|
|
|
20cebf |
- if (BN_cmp(rsa->e, pub->e) != 0)
|
|
Michal Ruprich |
d886cd |
+ if (e1 != NULL) {
|
|
Michal Ruprich |
d886cd |
+ if (BN_cmp(e1, e2) != 0)
|
|
|
20cebf |
return (DST_R_INVALIDPRIVATEKEY);
|
|
|
20cebf |
} else {
|
|
|
20cebf |
- rsa->e = pub->e;
|
|
|
20cebf |
- pub->e = NULL;
|
|
Michal Ruprich |
d886cd |
+ e = BN_dup(e2);
|
|
|
20cebf |
+ }
|
|
Michal Ruprich |
d886cd |
+ if (RSA_set0_key(rsa, n, e, NULL) == 0) {
|
|
Michal Ruprich |
d886cd |
+ if (n != NULL)
|
|
Michal Ruprich |
d886cd |
+ BN_free(n);
|
|
Michal Ruprich |
d886cd |
+ if (e != NULL)
|
|
Michal Ruprich |
d886cd |
+ BN_free(e);
|
|
|
20cebf |
}
|
|
|
20cebf |
}
|
|
|
20cebf |
- if (rsa->n == NULL || rsa->e == NULL)
|
|
Michal Ruprich |
d886cd |
+ RSA_get0_key(rsa, &n1, &e1, NULL);
|
|
Michal Ruprich |
d886cd |
+ if (n1 == NULL || e1 == NULL)
|
|
|
20cebf |
return (DST_R_INVALIDPRIVATEKEY);
|
|
|
20cebf |
return (ISC_R_SUCCESS);
|
|
|
20cebf |
}
|
|
Michal Ruprich |
d886cd |
@@ -1246,13 +1407,17 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
|
|
|
20cebf |
int i;
|
|
|
20cebf |
RSA *rsa = NULL, *pubrsa = NULL;
|
|
|
20cebf |
#ifdef USE_ENGINE
|
|
|
20cebf |
- ENGINE *e = NULL;
|
|
Michal Ruprich |
d886cd |
+ ENGINE *ep = NULL;
|
|
Michal Ruprich |
d886cd |
+ const BIGNUM *ex = NULL;
|
|
|
20cebf |
#endif
|
|
|
20cebf |
isc_mem_t *mctx = key->mctx;
|
|
|
20cebf |
const char *engine = NULL, *label = NULL;
|
|
Michal Ruprich |
d886cd |
#if defined(USE_ENGINE) || USE_EVP
|
|
Michal Ruprich |
d886cd |
EVP_PKEY *pkey = NULL;
|
|
Michal Ruprich |
d886cd |
#endif
|
|
Michal Ruprich |
d886cd |
+ BIGNUM *n = NULL, *e = NULL, *d = NULL;
|
|
Michal Ruprich |
d886cd |
+ BIGNUM *p = NULL, *q = NULL;
|
|
Michal Ruprich |
d886cd |
+ BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
/* read private key file */
|
|
Michal Ruprich |
d886cd |
ret = dst__privstruct_parse(key, DST_ALG_RSA, lexer, mctx, &priv;;
|
|
Michal Ruprich |
d886cd |
@@ -1303,10 +1468,10 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
|
|
|
20cebf |
#ifdef USE_ENGINE
|
|
|
20cebf |
if (engine == NULL)
|
|
|
20cebf |
DST_RET(DST_R_NOENGINE);
|
|
|
20cebf |
- e = dst__openssl_getengine(engine);
|
|
|
20cebf |
- if (e == NULL)
|
|
Michal Ruprich |
d886cd |
+ ep = dst__openssl_getengine(engine);
|
|
Michal Ruprich |
d886cd |
+ if (ep == NULL)
|
|
|
20cebf |
DST_RET(DST_R_NOENGINE);
|
|
|
20cebf |
- pkey = ENGINE_load_private_key(e, label, NULL, NULL);
|
|
Michal Ruprich |
d886cd |
+ pkey = ENGINE_load_private_key(ep, label, NULL, NULL);
|
|
|
20cebf |
if (pkey == NULL)
|
|
|
20cebf |
DST_RET(dst__openssl_toresult2(
|
|
|
20cebf |
"ENGINE_load_private_key",
|
|
Michal Ruprich |
d886cd |
@@ -1322,7 +1487,8 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
|
|
|
20cebf |
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
|
|
|
20cebf |
if (rsa_check(rsa, pubrsa) != ISC_R_SUCCESS)
|
|
|
20cebf |
DST_RET(DST_R_INVALIDPRIVATEKEY);
|
|
|
20cebf |
- if (BN_num_bits(rsa->e) > RSA_MAX_PUBEXP_BITS)
|
|
Michal Ruprich |
d886cd |
+ RSA_get0_key(rsa, NULL, &ex, NULL);
|
|
Michal Ruprich |
d886cd |
+ if (BN_num_bits(ex) > RSA_MAX_PUBEXP_BITS)
|
|
|
20cebf |
DST_RET(ISC_R_RANGE);
|
|
|
20cebf |
if (pubrsa != NULL)
|
|
|
20cebf |
RSA_free(pubrsa);
|
|
Michal Ruprich |
d886cd |
@@ -1370,43 +1536,57 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
|
|
Michal Ruprich |
d886cd |
priv.elements[i].length, NULL);
|
|
Michal Ruprich |
d886cd |
if (bn == NULL)
|
|
Michal Ruprich |
d886cd |
DST_RET(ISC_R_NOMEMORY);
|
|
Michal Ruprich |
d886cd |
- }
|
|
Michal Ruprich |
d886cd |
-
|
|
Michal Ruprich |
d886cd |
- switch (priv.elements[i].tag) {
|
|
Michal Ruprich |
d886cd |
+ switch (priv.elements[i].tag) {
|
|
|
20cebf |
case TAG_RSA_MODULUS:
|
|
|
20cebf |
- rsa->n = bn;
|
|
|
20cebf |
+ n = bn;
|
|
|
20cebf |
break;
|
|
|
20cebf |
case TAG_RSA_PUBLICEXPONENT:
|
|
|
20cebf |
- rsa->e = bn;
|
|
|
20cebf |
+ e = bn;
|
|
|
20cebf |
break;
|
|
|
20cebf |
case TAG_RSA_PRIVATEEXPONENT:
|
|
|
20cebf |
- rsa->d = bn;
|
|
|
20cebf |
+ d = bn;
|
|
|
20cebf |
break;
|
|
|
20cebf |
case TAG_RSA_PRIME1:
|
|
|
20cebf |
- rsa->p = bn;
|
|
|
20cebf |
+ p = bn;
|
|
|
20cebf |
break;
|
|
|
20cebf |
case TAG_RSA_PRIME2:
|
|
|
20cebf |
- rsa->q = bn;
|
|
|
20cebf |
+ q = bn;
|
|
|
20cebf |
break;
|
|
|
20cebf |
case TAG_RSA_EXPONENT1:
|
|
|
20cebf |
- rsa->dmp1 = bn;
|
|
|
20cebf |
+ dmp1 = bn;
|
|
|
20cebf |
break;
|
|
|
20cebf |
case TAG_RSA_EXPONENT2:
|
|
|
20cebf |
- rsa->dmq1 = bn;
|
|
|
20cebf |
+ dmq1 = bn;
|
|
|
20cebf |
break;
|
|
|
20cebf |
case TAG_RSA_COEFFICIENT:
|
|
|
20cebf |
- rsa->iqmp = bn;
|
|
|
20cebf |
+ iqmp = bn;
|
|
|
20cebf |
break;
|
|
Michal Ruprich |
d886cd |
+ }
|
|
|
20cebf |
}
|
|
|
20cebf |
}
|
|
|
20cebf |
dst__privstruct_free(&priv, mctx);
|
|
|
20cebf |
memset(&priv, 0, sizeof(priv));
|
|
|
20cebf |
|
|
Michal Ruprich |
d886cd |
+ if (RSA_set0_key(rsa, n, e, d) == 0) {
|
|
Michal Ruprich |
d886cd |
+ if (n != NULL) BN_free(n);
|
|
Michal Ruprich |
d886cd |
+ if (e != NULL) BN_free(e);
|
|
Michal Ruprich |
d886cd |
+ if (d != NULL) BN_free(d);
|
|
|
20cebf |
+ }
|
|
Michal Ruprich |
d886cd |
+ if (RSA_set0_factors(rsa, p, q) == 0) {
|
|
Michal Ruprich |
d886cd |
+ if (p != NULL) BN_free(p);
|
|
Michal Ruprich |
d886cd |
+ if (q != NULL) BN_free(q);
|
|
Michal Ruprich |
d886cd |
+ }
|
|
Michal Ruprich |
d886cd |
+ if (RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp) == 0) {
|
|
Michal Ruprich |
d886cd |
+ if (dmp1 != NULL) BN_free(dmp1);
|
|
Michal Ruprich |
d886cd |
+ if (dmq1 != NULL) BN_free(dmq1);
|
|
Michal Ruprich |
d886cd |
+ if (iqmp != NULL) BN_free(iqmp);
|
|
Michal Ruprich |
d886cd |
+ }
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
if (rsa_check(rsa, pubrsa) != ISC_R_SUCCESS)
|
|
|
20cebf |
DST_RET(DST_R_INVALIDPRIVATEKEY);
|
|
|
20cebf |
- if (BN_num_bits(rsa->e) > RSA_MAX_PUBEXP_BITS)
|
|
Michal Ruprich |
d886cd |
+ if (BN_num_bits(e) > RSA_MAX_PUBEXP_BITS)
|
|
Michal Ruprich |
d886cd |
DST_RET(ISC_R_RANGE);
|
|
|
20cebf |
- key->key_size = BN_num_bits(rsa->n);
|
|
Michal Ruprich |
d886cd |
+ key->key_size = BN_num_bits(n);
|
|
|
20cebf |
if (pubrsa != NULL)
|
|
|
20cebf |
RSA_free(pubrsa);
|
|
|
20cebf |
#if USE_EVP
|
|
Michal Ruprich |
d886cd |
@@ -1440,6 +1620,7 @@ opensslrsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
|
|
|
20cebf |
EVP_PKEY *pkey = NULL;
|
|
|
20cebf |
RSA *rsa = NULL, *pubrsa = NULL;
|
|
|
20cebf |
char *colon, *tmpengine = NULL;
|
|
Michal Ruprich |
d886cd |
+ const BIGNUM *ex = NULL;
|
|
|
20cebf |
|
|
|
20cebf |
UNUSED(pin);
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
@@ -1483,7 +1664,8 @@ opensslrsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
|
|
|
20cebf |
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
|
|
|
20cebf |
if (rsa_check(rsa, pubrsa) != ISC_R_SUCCESS)
|
|
|
20cebf |
DST_RET(DST_R_INVALIDPRIVATEKEY);
|
|
|
20cebf |
- if (BN_num_bits(rsa->e) > RSA_MAX_PUBEXP_BITS)
|
|
Michal Ruprich |
d886cd |
+ RSA_get0_key(rsa, NULL, &ex, NULL);
|
|
Michal Ruprich |
d886cd |
+ if (BN_num_bits(ex) > RSA_MAX_PUBEXP_BITS)
|
|
|
20cebf |
DST_RET(ISC_R_RANGE);
|
|
|
20cebf |
if (pubrsa != NULL)
|
|
|
20cebf |
RSA_free(pubrsa);
|
|
Michal Ruprich |
d886cd |
diff --git a/lib/isc/aes.c b/lib/isc/aes.c
|
|
Michal Ruprich |
d886cd |
index a4a61b3..e47ecf3 100644
|
|
Michal Ruprich |
d886cd |
--- a/lib/isc/aes.c
|
|
Michal Ruprich |
d886cd |
+++ b/lib/isc/aes.c
|
|
Michal Ruprich |
d886cd |
@@ -22,54 +22,72 @@
|
|
Michal Ruprich |
d886cd |
#ifdef ISC_PLATFORM_WANTAES
|
|
Michal Ruprich |
d886cd |
#if HAVE_OPENSSL_EVP_AES
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
+#include <openssl/opensslv.h>
|
|
Michal Ruprich |
d886cd |
#include <openssl/evp.h>
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
Michal Ruprich |
d886cd |
+#define EVP_CIPHER_CTX_new() &(_context), EVP_CIPHER_CTX_init(&_context)
|
|
Michal Ruprich |
d886cd |
+#define EVP_CIPHER_CTX_free(c) RUNTIME_CHECK(EVP_CIPHER_CTX_cleanup(c) == 1)
|
|
Michal Ruprich |
d886cd |
+#endif
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
isc_aes128_crypt(const unsigned char *key, const unsigned char *in,
|
|
Michal Ruprich |
d886cd |
unsigned char *out)
|
|
Michal Ruprich |
d886cd |
{
|
|
Michal Ruprich |
d886cd |
- EVP_CIPHER_CTX c;
|
|
Michal Ruprich |
d886cd |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
Michal Ruprich |
d886cd |
+ EVP_CIPHER_CTX _context;
|
|
Michal Ruprich |
d886cd |
+#endif
|
|
Michal Ruprich |
d886cd |
+ EVP_CIPHER_CTX *c;
|
|
Michal Ruprich |
d886cd |
int len;
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
- EVP_CIPHER_CTX_init(&c);
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(EVP_EncryptInit(&c, EVP_aes_128_ecb(), key, NULL) == 1);
|
|
Michal Ruprich |
d886cd |
- EVP_CIPHER_CTX_set_padding(&c, 0);
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(EVP_EncryptUpdate(&c, out, &len, in,
|
|
Michal Ruprich |
d886cd |
+ c = EVP_CIPHER_CTX_new();
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(c != NULL);
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(EVP_EncryptInit(c, EVP_aes_128_ecb(), key, NULL) == 1);
|
|
Michal Ruprich |
d886cd |
+ EVP_CIPHER_CTX_set_padding(c, 0);
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(EVP_EncryptUpdate(c, out, &len, in,
|
|
Michal Ruprich |
d886cd |
ISC_AES_BLOCK_LENGTH) == 1);
|
|
Michal Ruprich |
d886cd |
RUNTIME_CHECK(len == ISC_AES_BLOCK_LENGTH);
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(EVP_CIPHER_CTX_cleanup(&c) == 1);
|
|
Michal Ruprich |
d886cd |
+ EVP_CIPHER_CTX_free(c);
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
isc_aes192_crypt(const unsigned char *key, const unsigned char *in,
|
|
Michal Ruprich |
d886cd |
unsigned char *out)
|
|
Michal Ruprich |
d886cd |
{
|
|
Michal Ruprich |
d886cd |
- EVP_CIPHER_CTX c;
|
|
Michal Ruprich |
d886cd |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
Michal Ruprich |
d886cd |
+ EVP_CIPHER_CTX _context;
|
|
Michal Ruprich |
d886cd |
+#endif
|
|
Michal Ruprich |
d886cd |
+ EVP_CIPHER_CTX *c;
|
|
Michal Ruprich |
d886cd |
int len;
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
- EVP_CIPHER_CTX_init(&c);
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(EVP_EncryptInit(&c, EVP_aes_192_ecb(), key, NULL) == 1);
|
|
Michal Ruprich |
d886cd |
- EVP_CIPHER_CTX_set_padding(&c, 0);
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(EVP_EncryptUpdate(&c, out, &len, in,
|
|
Michal Ruprich |
d886cd |
+ c = EVP_CIPHER_CTX_new();
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(c != NULL);
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(EVP_EncryptInit(c, EVP_aes_192_ecb(), key, NULL) == 1);
|
|
Michal Ruprich |
d886cd |
+ EVP_CIPHER_CTX_set_padding(c, 0);
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(EVP_EncryptUpdate(c, out, &len, in,
|
|
Michal Ruprich |
d886cd |
ISC_AES_BLOCK_LENGTH) == 1);
|
|
Michal Ruprich |
d886cd |
RUNTIME_CHECK(len == ISC_AES_BLOCK_LENGTH);
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(EVP_CIPHER_CTX_cleanup(&c) == 1);
|
|
Michal Ruprich |
d886cd |
+ EVP_CIPHER_CTX_free(c);
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
isc_aes256_crypt(const unsigned char *key, const unsigned char *in,
|
|
Michal Ruprich |
d886cd |
unsigned char *out)
|
|
Michal Ruprich |
d886cd |
{
|
|
Michal Ruprich |
d886cd |
- EVP_CIPHER_CTX c;
|
|
Michal Ruprich |
d886cd |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
Michal Ruprich |
d886cd |
+ EVP_CIPHER_CTX _context;
|
|
Michal Ruprich |
d886cd |
+#endif
|
|
Michal Ruprich |
d886cd |
+ EVP_CIPHER_CTX *c;
|
|
Michal Ruprich |
d886cd |
int len;
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
- EVP_CIPHER_CTX_init(&c);
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(EVP_EncryptInit(&c, EVP_aes_256_ecb(), key, NULL) == 1);
|
|
Michal Ruprich |
d886cd |
- EVP_CIPHER_CTX_set_padding(&c, 0);
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(EVP_EncryptUpdate(&c, out, &len, in,
|
|
Michal Ruprich |
d886cd |
+ c = EVP_CIPHER_CTX_new();
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(c != NULL);
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(EVP_EncryptInit(c, EVP_aes_256_ecb(), key, NULL) == 1);
|
|
Michal Ruprich |
d886cd |
+ EVP_CIPHER_CTX_set_padding(c, 0);
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(EVP_EncryptUpdate(c, out, &len, in,
|
|
Michal Ruprich |
d886cd |
ISC_AES_BLOCK_LENGTH) == 1);
|
|
Michal Ruprich |
d886cd |
RUNTIME_CHECK(len == ISC_AES_BLOCK_LENGTH);
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(EVP_CIPHER_CTX_cleanup(&c) == 1);
|
|
Michal Ruprich |
d886cd |
+ EVP_CIPHER_CTX_free(c);
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
#elif HAVE_OPENSSL_AES
|
|
Michal Ruprich |
d886cd |
diff --git a/lib/isc/hmacmd5.c b/lib/isc/hmacmd5.c
|
|
Michal Ruprich |
d886cd |
index 621aa3b..1b81293 100644
|
|
Michal Ruprich |
d886cd |
--- a/lib/isc/hmacmd5.c
|
|
Michal Ruprich |
d886cd |
+++ b/lib/isc/hmacmd5.c
|
|
Michal Ruprich |
d886cd |
@@ -34,43 +34,41 @@
|
|
Michal Ruprich |
d886cd |
#endif
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
#ifdef ISC_PLATFORM_OPENSSLHASH
|
|
Michal Ruprich |
d886cd |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
Michal Ruprich |
d886cd |
+#define HMAC_CTX_new() &(ctx->_ctx), HMAC_CTX_init(&(ctx->_ctx))
|
|
Michal Ruprich |
d886cd |
+#define HMAC_CTX_free(ptr) HMAC_CTX_cleanup(ptr)
|
|
Michal Ruprich |
d886cd |
+#endif
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
isc_hmacmd5_init(isc_hmacmd5_t *ctx, const unsigned char *key,
|
|
Michal Ruprich |
d886cd |
unsigned int len)
|
|
Michal Ruprich |
d886cd |
{
|
|
Michal Ruprich |
d886cd |
-#ifdef HMAC_RETURN_INT
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(HMAC_Init(ctx, (const void *) key,
|
|
Michal Ruprich |
d886cd |
- (int) len, EVP_md5()) == 1);
|
|
Michal Ruprich |
d886cd |
-#else
|
|
Michal Ruprich |
d886cd |
- HMAC_Init(ctx, (const void *) key, (int) len, EVP_md5());
|
|
Michal Ruprich |
d886cd |
-#endif
|
|
Michal Ruprich |
d886cd |
+ ctx->ctx = HMAC_CTX_new();
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(ctx->ctx != NULL);
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(HMAC_Init_ex(ctx->ctx, (const void *) key,
|
|
Michal Ruprich |
d886cd |
+ (int) len, EVP_md5(), NULL) == 1);
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
isc_hmacmd5_invalidate(isc_hmacmd5_t *ctx) {
|
|
Michal Ruprich |
d886cd |
- HMAC_CTX_cleanup(ctx);
|
|
Michal Ruprich |
d886cd |
+ if (ctx->ctx == NULL)
|
|
Michal Ruprich |
d886cd |
+ return;
|
|
Michal Ruprich |
d886cd |
+ HMAC_CTX_free(ctx->ctx);
|
|
Michal Ruprich |
d886cd |
+ ctx->ctx = NULL;
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
isc_hmacmd5_update(isc_hmacmd5_t *ctx, const unsigned char *buf,
|
|
Michal Ruprich |
d886cd |
unsigned int len)
|
|
Michal Ruprich |
d886cd |
{
|
|
Michal Ruprich |
d886cd |
-#ifdef HMAC_RETURN_INT
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(HMAC_Update(ctx, buf, (int) len) == 1);
|
|
Michal Ruprich |
d886cd |
-#else
|
|
Michal Ruprich |
d886cd |
- HMAC_Update(ctx, buf, (int) len);
|
|
Michal Ruprich |
d886cd |
-#endif
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(HMAC_Update(ctx->ctx, buf, (int) len) == 1);
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
isc_hmacmd5_sign(isc_hmacmd5_t *ctx, unsigned char *digest) {
|
|
Michal Ruprich |
d886cd |
-#ifdef HMAC_RETURN_INT
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(HMAC_Final(ctx, digest, NULL) == 1);
|
|
Michal Ruprich |
d886cd |
-#else
|
|
Michal Ruprich |
d886cd |
- HMAC_Final(ctx, digest, NULL);
|
|
Michal Ruprich |
d886cd |
-#endif
|
|
Michal Ruprich |
d886cd |
- HMAC_CTX_cleanup(ctx);
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(HMAC_Final(ctx->ctx, digest, NULL) == 1);
|
|
Michal Ruprich |
d886cd |
+ HMAC_CTX_free(ctx->ctx);
|
|
Michal Ruprich |
d886cd |
+ ctx->ctx = NULL;
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
#elif PKCS11CRYPTO
|
|
Michal Ruprich |
d886cd |
diff --git a/lib/isc/hmacsha.c b/lib/isc/hmacsha.c
|
|
Michal Ruprich |
d886cd |
index ef1b8f0..c132aa2 100644
|
|
Michal Ruprich |
d886cd |
--- a/lib/isc/hmacsha.c
|
|
Michal Ruprich |
d886cd |
+++ b/lib/isc/hmacsha.c
|
|
Michal Ruprich |
d886cd |
@@ -32,32 +32,34 @@
|
|
Michal Ruprich |
d886cd |
#endif
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
#ifdef ISC_PLATFORM_OPENSSLHASH
|
|
Michal Ruprich |
d886cd |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
Michal Ruprich |
d886cd |
+#define HMAC_CTX_new() &(ctx->_ctx), HMAC_CTX_init(&(ctx->_ctx))
|
|
Michal Ruprich |
d886cd |
+#define HMAC_CTX_free(ptr) HMAC_CTX_cleanup(ptr)
|
|
Michal Ruprich |
d886cd |
+#endif
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
isc_hmacsha1_init(isc_hmacsha1_t *ctx, const unsigned char *key,
|
|
Michal Ruprich |
d886cd |
unsigned int len)
|
|
Michal Ruprich |
d886cd |
{
|
|
Michal Ruprich |
d886cd |
-#ifdef HMAC_RETURN_INT
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(HMAC_Init(ctx, (const void *) key,
|
|
Michal Ruprich |
d886cd |
- (int) len, EVP_sha1()) == 1);
|
|
Michal Ruprich |
d886cd |
-#else
|
|
Michal Ruprich |
d886cd |
- HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha1());
|
|
Michal Ruprich |
d886cd |
-#endif
|
|
Michal Ruprich |
d886cd |
+ ctx->ctx = HMAC_CTX_new();
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(ctx->ctx != NULL);
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(HMAC_Init_ex(ctx->ctx, (const void *) key,
|
|
Michal Ruprich |
d886cd |
+ (int) len, EVP_sha1(), NULL) == 1);
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
isc_hmacsha1_invalidate(isc_hmacsha1_t *ctx) {
|
|
Michal Ruprich |
d886cd |
- HMAC_CTX_cleanup(ctx);
|
|
Michal Ruprich |
d886cd |
+ if (ctx->ctx == NULL)
|
|
Michal Ruprich |
d886cd |
+ return;
|
|
Michal Ruprich |
d886cd |
+ HMAC_CTX_free(ctx->ctx);
|
|
Michal Ruprich |
d886cd |
+ ctx->ctx = NULL;
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
isc_hmacsha1_update(isc_hmacsha1_t *ctx, const unsigned char *buf,
|
|
Michal Ruprich |
d886cd |
unsigned int len)
|
|
Michal Ruprich |
d886cd |
{
|
|
Michal Ruprich |
d886cd |
-#ifdef HMAC_RETURN_INT
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(HMAC_Update(ctx, buf, (int) len) == 1);
|
|
Michal Ruprich |
d886cd |
-#else
|
|
Michal Ruprich |
d886cd |
- HMAC_Update(ctx, buf, (int) len);
|
|
Michal Ruprich |
d886cd |
-#endif
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(HMAC_Update(ctx->ctx, buf, (int) len) == 1);
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
@@ -66,12 +68,9 @@ isc_hmacsha1_sign(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) {
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
REQUIRE(len <= ISC_SHA1_DIGESTLENGTH);
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
-#ifdef HMAC_RETURN_INT
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(HMAC_Final(ctx, newdigest, NULL) == 1);
|
|
Michal Ruprich |
d886cd |
-#else
|
|
Michal Ruprich |
d886cd |
- HMAC_Final(ctx, newdigest, NULL);
|
|
Michal Ruprich |
d886cd |
-#endif
|
|
Michal Ruprich |
d886cd |
- HMAC_CTX_cleanup(ctx);
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(HMAC_Final(ctx->ctx, newdigest, NULL) == 1);
|
|
Michal Ruprich |
d886cd |
+ HMAC_CTX_free(ctx->ctx);
|
|
Michal Ruprich |
d886cd |
+ ctx->ctx = NULL;
|
|
Michal Ruprich |
d886cd |
memmove(digest, newdigest, len);
|
|
Michal Ruprich |
d886cd |
memset(newdigest, 0, sizeof(newdigest));
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
@@ -80,28 +79,25 @@ void
|
|
Michal Ruprich |
d886cd |
isc_hmacsha224_init(isc_hmacsha224_t *ctx, const unsigned char *key,
|
|
Michal Ruprich |
d886cd |
unsigned int len)
|
|
Michal Ruprich |
d886cd |
{
|
|
Michal Ruprich |
d886cd |
-#ifdef HMAC_RETURN_INT
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(HMAC_Init(ctx, (const void *) key,
|
|
Michal Ruprich |
d886cd |
- (int) len, EVP_sha224()) == 1);
|
|
Michal Ruprich |
d886cd |
-#else
|
|
Michal Ruprich |
d886cd |
- HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha224());
|
|
Michal Ruprich |
d886cd |
-#endif
|
|
Michal Ruprich |
d886cd |
+ ctx->ctx = HMAC_CTX_new();
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(ctx->ctx != NULL);
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(HMAC_Init_ex(ctx->ctx, (const void *) key,
|
|
Michal Ruprich |
d886cd |
+ (int) len, EVP_sha224(), NULL) == 1);
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
isc_hmacsha224_invalidate(isc_hmacsha224_t *ctx) {
|
|
Michal Ruprich |
d886cd |
- HMAC_CTX_cleanup(ctx);
|
|
Michal Ruprich |
d886cd |
+ if (ctx->ctx == NULL)
|
|
Michal Ruprich |
d886cd |
+ return;
|
|
Michal Ruprich |
d886cd |
+ HMAC_CTX_free(ctx->ctx);
|
|
Michal Ruprich |
d886cd |
+ ctx->ctx = NULL;
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
isc_hmacsha224_update(isc_hmacsha224_t *ctx, const unsigned char *buf,
|
|
Michal Ruprich |
d886cd |
unsigned int len)
|
|
Michal Ruprich |
d886cd |
{
|
|
Michal Ruprich |
d886cd |
-#ifdef HMAC_RETURN_INT
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(HMAC_Update(ctx, buf, (int) len) == 1);
|
|
Michal Ruprich |
d886cd |
-#else
|
|
Michal Ruprich |
d886cd |
- HMAC_Update(ctx, buf, (int) len);
|
|
Michal Ruprich |
d886cd |
-#endif
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(HMAC_Update(ctx->ctx, buf, (int) len) == 1);
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
@@ -110,12 +106,9 @@ isc_hmacsha224_sign(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len) {
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
REQUIRE(len <= ISC_SHA224_DIGESTLENGTH);
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
-#ifdef HMAC_RETURN_INT
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(HMAC_Final(ctx, newdigest, NULL) == 1);
|
|
Michal Ruprich |
d886cd |
-#else
|
|
Michal Ruprich |
d886cd |
- HMAC_Final(ctx, newdigest, NULL);
|
|
Michal Ruprich |
d886cd |
-#endif
|
|
Michal Ruprich |
d886cd |
- HMAC_CTX_cleanup(ctx);
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(HMAC_Final(ctx->ctx, newdigest, NULL) == 1);
|
|
Michal Ruprich |
d886cd |
+ HMAC_CTX_free(ctx->ctx);
|
|
Michal Ruprich |
d886cd |
+ ctx->ctx = NULL;
|
|
Michal Ruprich |
d886cd |
memmove(digest, newdigest, len);
|
|
Michal Ruprich |
d886cd |
memset(newdigest, 0, sizeof(newdigest));
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
@@ -124,28 +117,25 @@ void
|
|
Michal Ruprich |
d886cd |
isc_hmacsha256_init(isc_hmacsha256_t *ctx, const unsigned char *key,
|
|
Michal Ruprich |
d886cd |
unsigned int len)
|
|
Michal Ruprich |
d886cd |
{
|
|
Michal Ruprich |
d886cd |
-#ifdef HMAC_RETURN_INT
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(HMAC_Init(ctx, (const void *) key,
|
|
Michal Ruprich |
d886cd |
- (int) len, EVP_sha256()) == 1);
|
|
Michal Ruprich |
d886cd |
-#else
|
|
Michal Ruprich |
d886cd |
- HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha256());
|
|
Michal Ruprich |
d886cd |
-#endif
|
|
Michal Ruprich |
d886cd |
+ ctx->ctx = HMAC_CTX_new();
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(ctx->ctx != NULL);
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(HMAC_Init_ex(ctx->ctx, (const void *) key,
|
|
Michal Ruprich |
d886cd |
+ (int) len, EVP_sha256(), NULL) == 1);
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
isc_hmacsha256_invalidate(isc_hmacsha256_t *ctx) {
|
|
Michal Ruprich |
d886cd |
- HMAC_CTX_cleanup(ctx);
|
|
Michal Ruprich |
d886cd |
+ if (ctx->ctx == NULL)
|
|
Michal Ruprich |
d886cd |
+ return;
|
|
Michal Ruprich |
d886cd |
+ HMAC_CTX_free(ctx->ctx);
|
|
Michal Ruprich |
d886cd |
+ ctx->ctx = NULL;
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
isc_hmacsha256_update(isc_hmacsha256_t *ctx, const unsigned char *buf,
|
|
Michal Ruprich |
d886cd |
unsigned int len)
|
|
Michal Ruprich |
d886cd |
{
|
|
Michal Ruprich |
d886cd |
-#ifdef HMAC_RETURN_INT
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(HMAC_Update(ctx, buf, (int) len) == 1);
|
|
Michal Ruprich |
d886cd |
-#else
|
|
Michal Ruprich |
d886cd |
- HMAC_Update(ctx, buf, (int) len);
|
|
Michal Ruprich |
d886cd |
-#endif
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(HMAC_Update(ctx->ctx, buf, (int) len) == 1);
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
@@ -154,12 +144,9 @@ isc_hmacsha256_sign(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len) {
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
REQUIRE(len <= ISC_SHA256_DIGESTLENGTH);
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
-#ifdef HMAC_RETURN_INT
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(HMAC_Final(ctx, newdigest, NULL) == 1);
|
|
Michal Ruprich |
d886cd |
-#else
|
|
Michal Ruprich |
d886cd |
- HMAC_Final(ctx, newdigest, NULL);
|
|
Michal Ruprich |
d886cd |
-#endif
|
|
Michal Ruprich |
d886cd |
- HMAC_CTX_cleanup(ctx);
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(HMAC_Final(ctx->ctx, newdigest, NULL) == 1);
|
|
Michal Ruprich |
d886cd |
+ HMAC_CTX_free(ctx->ctx);
|
|
Michal Ruprich |
d886cd |
+ ctx->ctx = NULL;
|
|
Michal Ruprich |
d886cd |
memmove(digest, newdigest, len);
|
|
Michal Ruprich |
d886cd |
memset(newdigest, 0, sizeof(newdigest));
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
@@ -168,28 +155,25 @@ void
|
|
Michal Ruprich |
d886cd |
isc_hmacsha384_init(isc_hmacsha384_t *ctx, const unsigned char *key,
|
|
Michal Ruprich |
d886cd |
unsigned int len)
|
|
Michal Ruprich |
d886cd |
{
|
|
Michal Ruprich |
d886cd |
-#ifdef HMAC_RETURN_INT
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(HMAC_Init(ctx, (const void *) key,
|
|
Michal Ruprich |
d886cd |
- (int) len, EVP_sha384()) == 1);
|
|
Michal Ruprich |
d886cd |
-#else
|
|
Michal Ruprich |
d886cd |
- HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha384());
|
|
Michal Ruprich |
d886cd |
-#endif
|
|
Michal Ruprich |
d886cd |
+ ctx->ctx = HMAC_CTX_new();
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(ctx->ctx != NULL);
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(HMAC_Init_ex(ctx->ctx, (const void *) key,
|
|
Michal Ruprich |
d886cd |
+ (int) len, EVP_sha384(), NULL) == 1);
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
isc_hmacsha384_invalidate(isc_hmacsha384_t *ctx) {
|
|
Michal Ruprich |
d886cd |
- HMAC_CTX_cleanup(ctx);
|
|
Michal Ruprich |
d886cd |
+ if (ctx->ctx == NULL)
|
|
Michal Ruprich |
d886cd |
+ return;
|
|
Michal Ruprich |
d886cd |
+ HMAC_CTX_free(ctx->ctx);
|
|
Michal Ruprich |
d886cd |
+ ctx->ctx = NULL;
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
isc_hmacsha384_update(isc_hmacsha384_t *ctx, const unsigned char *buf,
|
|
Michal Ruprich |
d886cd |
unsigned int len)
|
|
Michal Ruprich |
d886cd |
{
|
|
Michal Ruprich |
d886cd |
-#ifdef HMAC_RETURN_INT
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(HMAC_Update(ctx, buf, (int) len) == 1);
|
|
Michal Ruprich |
d886cd |
-#else
|
|
Michal Ruprich |
d886cd |
- HMAC_Update(ctx, buf, (int) len);
|
|
Michal Ruprich |
d886cd |
-#endif
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(HMAC_Update(ctx->ctx, buf, (int) len) == 1);
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
@@ -198,12 +182,9 @@ isc_hmacsha384_sign(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len) {
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
REQUIRE(len <= ISC_SHA384_DIGESTLENGTH);
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
-#ifdef HMAC_RETURN_INT
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(HMAC_Final(ctx, newdigest, NULL) == 1);
|
|
Michal Ruprich |
d886cd |
-#else
|
|
Michal Ruprich |
d886cd |
- HMAC_Final(ctx, newdigest, NULL);
|
|
Michal Ruprich |
d886cd |
-#endif
|
|
Michal Ruprich |
d886cd |
- HMAC_CTX_cleanup(ctx);
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(HMAC_Final(ctx->ctx, newdigest, NULL) == 1);
|
|
Michal Ruprich |
d886cd |
+ HMAC_CTX_free(ctx->ctx);
|
|
Michal Ruprich |
d886cd |
+ ctx->ctx = NULL;
|
|
Michal Ruprich |
d886cd |
memmove(digest, newdigest, len);
|
|
Michal Ruprich |
d886cd |
memset(newdigest, 0, sizeof(newdigest));
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
@@ -212,28 +193,25 @@ void
|
|
Michal Ruprich |
d886cd |
isc_hmacsha512_init(isc_hmacsha512_t *ctx, const unsigned char *key,
|
|
Michal Ruprich |
d886cd |
unsigned int len)
|
|
Michal Ruprich |
d886cd |
{
|
|
Michal Ruprich |
d886cd |
-#ifdef HMAC_RETURN_INT
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(HMAC_Init(ctx, (const void *) key,
|
|
Michal Ruprich |
d886cd |
- (int) len, EVP_sha512()) == 1);
|
|
Michal Ruprich |
d886cd |
-#else
|
|
Michal Ruprich |
d886cd |
- HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha512());
|
|
Michal Ruprich |
d886cd |
-#endif
|
|
Michal Ruprich |
d886cd |
+ ctx->ctx = HMAC_CTX_new();
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(ctx->ctx != NULL);
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(HMAC_Init_ex(ctx->ctx, (const void *) key,
|
|
Michal Ruprich |
d886cd |
+ (int) len, EVP_sha512(), NULL) == 1);
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
isc_hmacsha512_invalidate(isc_hmacsha512_t *ctx) {
|
|
Michal Ruprich |
d886cd |
- HMAC_CTX_cleanup(ctx);
|
|
Michal Ruprich |
d886cd |
+ if (ctx->ctx == NULL)
|
|
Michal Ruprich |
d886cd |
+ return;
|
|
Michal Ruprich |
d886cd |
+ HMAC_CTX_free(ctx->ctx);
|
|
Michal Ruprich |
d886cd |
+ ctx->ctx = NULL;
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
isc_hmacsha512_update(isc_hmacsha512_t *ctx, const unsigned char *buf,
|
|
Michal Ruprich |
d886cd |
unsigned int len)
|
|
Michal Ruprich |
d886cd |
{
|
|
Michal Ruprich |
d886cd |
-#ifdef HMAC_RETURN_INT
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(HMAC_Update(ctx, buf, (int) len) == 1);
|
|
Michal Ruprich |
d886cd |
-#else
|
|
Michal Ruprich |
d886cd |
- HMAC_Update(ctx, buf, (int) len);
|
|
Michal Ruprich |
d886cd |
-#endif
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(HMAC_Update(ctx->ctx, buf, (int) len) == 1);
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
@@ -242,12 +220,9 @@ isc_hmacsha512_sign(isc_hmacsha512_t *ctx, unsigned char *digest, size_t len) {
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
REQUIRE(len <= ISC_SHA512_DIGESTLENGTH);
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
-#ifdef HMAC_RETURN_INT
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(HMAC_Final(ctx, newdigest, NULL) == 1);
|
|
Michal Ruprich |
d886cd |
-#else
|
|
Michal Ruprich |
d886cd |
- HMAC_Final(ctx, newdigest, NULL);
|
|
Michal Ruprich |
d886cd |
-#endif
|
|
Michal Ruprich |
d886cd |
- HMAC_CTX_cleanup(ctx);
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(HMAC_Final(ctx->ctx, newdigest, NULL) == 1);
|
|
Michal Ruprich |
d886cd |
+ HMAC_CTX_free(ctx->ctx);
|
|
Michal Ruprich |
d886cd |
+ ctx->ctx = NULL;
|
|
Michal Ruprich |
d886cd |
memmove(digest, newdigest, len);
|
|
Michal Ruprich |
d886cd |
memset(newdigest, 0, sizeof(newdigest));
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
diff --git a/lib/isc/include/isc/hmacmd5.h b/lib/isc/include/isc/hmacmd5.h
|
|
Michal Ruprich |
d886cd |
index 9d18b47..1ff0b87 100644
|
|
Michal Ruprich |
d886cd |
--- a/lib/isc/include/isc/hmacmd5.h
|
|
Michal Ruprich |
d886cd |
+++ b/lib/isc/include/isc/hmacmd5.h
|
|
Michal Ruprich |
d886cd |
@@ -28,9 +28,15 @@
|
|
Michal Ruprich |
d886cd |
#define ISC_HMACMD5_KEYLENGTH 64
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
#ifdef ISC_PLATFORM_OPENSSLHASH
|
|
Michal Ruprich |
d886cd |
+#include <openssl/opensslv.h>
|
|
Michal Ruprich |
d886cd |
#include <openssl/hmac.h>
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
-typedef HMAC_CTX isc_hmacmd5_t;
|
|
Michal Ruprich |
d886cd |
+typedef struct {
|
|
Michal Ruprich |
d886cd |
+ HMAC_CTX *ctx;
|
|
Michal Ruprich |
d886cd |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
Michal Ruprich |
d886cd |
+ HMAC_CTX _ctx;
|
|
Michal Ruprich |
d886cd |
+#endif
|
|
Michal Ruprich |
d886cd |
+} isc_hmacmd5_t;
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
#elif PKCS11CRYPTO
|
|
Michal Ruprich |
d886cd |
#include <pk11/pk11.h>
|
|
Michal Ruprich |
d886cd |
diff --git a/lib/isc/include/isc/hmacsha.h b/lib/isc/include/isc/hmacsha.h
|
|
Michal Ruprich |
d886cd |
index 30808fb..d90c194 100644
|
|
Michal Ruprich |
d886cd |
--- a/lib/isc/include/isc/hmacsha.h
|
|
Michal Ruprich |
d886cd |
+++ b/lib/isc/include/isc/hmacsha.h
|
|
Michal Ruprich |
d886cd |
@@ -29,13 +29,21 @@
|
|
Michal Ruprich |
d886cd |
#define ISC_HMACSHA512_KEYLENGTH ISC_SHA512_BLOCK_LENGTH
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
#ifdef ISC_PLATFORM_OPENSSLHASH
|
|
Michal Ruprich |
d886cd |
+#include <openssl/opensslv.h>
|
|
Michal Ruprich |
d886cd |
#include <openssl/hmac.h>
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
-typedef HMAC_CTX isc_hmacsha1_t;
|
|
Michal Ruprich |
d886cd |
-typedef HMAC_CTX isc_hmacsha224_t;
|
|
Michal Ruprich |
d886cd |
-typedef HMAC_CTX isc_hmacsha256_t;
|
|
Michal Ruprich |
d886cd |
-typedef HMAC_CTX isc_hmacsha384_t;
|
|
Michal Ruprich |
d886cd |
-typedef HMAC_CTX isc_hmacsha512_t;
|
|
Michal Ruprich |
d886cd |
+typedef struct {
|
|
Michal Ruprich |
d886cd |
+ HMAC_CTX *ctx;
|
|
Michal Ruprich |
d886cd |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
Michal Ruprich |
d886cd |
+ HMAC_CTX _ctx;
|
|
Michal Ruprich |
d886cd |
+#endif
|
|
Michal Ruprich |
d886cd |
+} isc_hmacsha_t;
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+typedef isc_hmacsha_t isc_hmacsha1_t;
|
|
Michal Ruprich |
d886cd |
+typedef isc_hmacsha_t isc_hmacsha224_t;
|
|
Michal Ruprich |
d886cd |
+typedef isc_hmacsha_t isc_hmacsha256_t;
|
|
Michal Ruprich |
d886cd |
+typedef isc_hmacsha_t isc_hmacsha384_t;
|
|
Michal Ruprich |
d886cd |
+typedef isc_hmacsha_t isc_hmacsha512_t;
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
#elif PKCS11CRYPTO
|
|
Michal Ruprich |
d886cd |
#include <pk11/pk11.h>
|
|
Michal Ruprich |
d886cd |
diff --git a/lib/isc/include/isc/md5.h b/lib/isc/include/isc/md5.h
|
|
Michal Ruprich |
d886cd |
index 0af4e27..b707aa6 100644
|
|
Michal Ruprich |
d886cd |
--- a/lib/isc/include/isc/md5.h
|
|
Michal Ruprich |
d886cd |
+++ b/lib/isc/include/isc/md5.h
|
|
Michal Ruprich |
d886cd |
@@ -46,9 +46,15 @@
|
|
Michal Ruprich |
d886cd |
#define ISC_MD5_BLOCK_LENGTH 64U
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
#ifdef ISC_PLATFORM_OPENSSLHASH
|
|
Michal Ruprich |
d886cd |
+#include <openssl/opensslv.h>
|
|
Michal Ruprich |
d886cd |
#include <openssl/evp.h>
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
-typedef EVP_MD_CTX isc_md5_t;
|
|
Michal Ruprich |
d886cd |
+typedef struct {
|
|
Michal Ruprich |
d886cd |
+ EVP_MD_CTX *ctx;
|
|
Michal Ruprich |
d886cd |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
Michal Ruprich |
d886cd |
+ EVP_MD_CTX _ctx;
|
|
Michal Ruprich |
d886cd |
+#endif
|
|
Michal Ruprich |
d886cd |
+} isc_md5_t;
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
#elif PKCS11CRYPTO
|
|
Michal Ruprich |
d886cd |
#include <pk11/pk11.h>
|
|
Michal Ruprich |
d886cd |
diff --git a/lib/isc/include/isc/sha1.h b/lib/isc/include/isc/sha1.h
|
|
Michal Ruprich |
d886cd |
index c4fbfd3..7160a66 100644
|
|
Michal Ruprich |
d886cd |
--- a/lib/isc/include/isc/sha1.h
|
|
Michal Ruprich |
d886cd |
+++ b/lib/isc/include/isc/sha1.h
|
|
Michal Ruprich |
d886cd |
@@ -27,9 +27,15 @@
|
|
Michal Ruprich |
d886cd |
#define ISC_SHA1_BLOCK_LENGTH 64U
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
#ifdef ISC_PLATFORM_OPENSSLHASH
|
|
Michal Ruprich |
d886cd |
+#include <openssl/opensslv.h>
|
|
Michal Ruprich |
d886cd |
#include <openssl/evp.h>
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
-typedef EVP_MD_CTX isc_sha1_t;
|
|
Michal Ruprich |
d886cd |
+typedef struct {
|
|
Michal Ruprich |
d886cd |
+ EVP_MD_CTX *ctx;
|
|
Michal Ruprich |
d886cd |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
Michal Ruprich |
d886cd |
+ EVP_MD_CTX _ctx;
|
|
Michal Ruprich |
d886cd |
+#endif
|
|
Michal Ruprich |
d886cd |
+} isc_sha1_t;
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
#elif PKCS11CRYPTO
|
|
Michal Ruprich |
d886cd |
#include <pk11/pk11.h>
|
|
Michal Ruprich |
d886cd |
diff --git a/lib/isc/include/isc/sha2.h b/lib/isc/include/isc/sha2.h
|
|
Michal Ruprich |
d886cd |
index 8a28bed..196f120 100644
|
|
Michal Ruprich |
d886cd |
--- a/lib/isc/include/isc/sha2.h
|
|
Michal Ruprich |
d886cd |
+++ b/lib/isc/include/isc/sha2.h
|
|
Michal Ruprich |
d886cd |
@@ -71,10 +71,18 @@
|
|
Michal Ruprich |
d886cd |
/*** SHA-256/384/512 Context Structures *******************************/
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
#ifdef ISC_PLATFORM_OPENSSLHASH
|
|
Michal Ruprich |
d886cd |
+#include <openssl/opensslv.h>
|
|
Michal Ruprich |
d886cd |
#include <openssl/evp.h>
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
-typedef EVP_MD_CTX isc_sha256_t;
|
|
Michal Ruprich |
d886cd |
-typedef EVP_MD_CTX isc_sha512_t;
|
|
Michal Ruprich |
d886cd |
+typedef struct {
|
|
Michal Ruprich |
d886cd |
+ EVP_MD_CTX *ctx;
|
|
Michal Ruprich |
d886cd |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
Michal Ruprich |
d886cd |
+ EVP_MD_CTX _ctx;
|
|
Michal Ruprich |
d886cd |
+#endif
|
|
Michal Ruprich |
d886cd |
+} isc_sha2_t;
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
+typedef isc_sha2_t isc_sha256_t;
|
|
Michal Ruprich |
d886cd |
+typedef isc_sha2_t isc_sha512_t;
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
#elif PKCS11CRYPTO
|
|
Michal Ruprich |
d886cd |
#include <pk11/pk11.h>
|
|
Michal Ruprich |
d886cd |
diff --git a/lib/isc/md5.c b/lib/isc/md5.c
|
|
Michal Ruprich |
d886cd |
index 0a79263..8ada1cc 100644
|
|
Michal Ruprich |
d886cd |
--- a/lib/isc/md5.c
|
|
Michal Ruprich |
d886cd |
+++ b/lib/isc/md5.c
|
|
Michal Ruprich |
d886cd |
@@ -45,28 +45,38 @@
|
|
Michal Ruprich |
d886cd |
#include <isc/util.h>
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
#ifdef ISC_PLATFORM_OPENSSLHASH
|
|
Michal Ruprich |
d886cd |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
Michal Ruprich |
d886cd |
+#define EVP_MD_CTX_new() &(ctx->_ctx)
|
|
Michal Ruprich |
d886cd |
+#define EVP_MD_CTX_free(ptr) EVP_MD_CTX_cleanup(ptr)
|
|
Michal Ruprich |
d886cd |
+#endif
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
isc_md5_init(isc_md5_t *ctx) {
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(EVP_DigestInit(ctx, EVP_md5()) == 1);
|
|
Michal Ruprich |
d886cd |
+ ctx->ctx = EVP_MD_CTX_new();
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(ctx->ctx != NULL);
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(EVP_DigestInit(ctx->ctx, EVP_md5()) == 1);
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
isc_md5_invalidate(isc_md5_t *ctx) {
|
|
Michal Ruprich |
d886cd |
- EVP_MD_CTX_cleanup(ctx);
|
|
Michal Ruprich |
d886cd |
+ EVP_MD_CTX_free(ctx->ctx);
|
|
Michal Ruprich |
d886cd |
+ ctx->ctx = NULL;
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
isc_md5_update(isc_md5_t *ctx, const unsigned char *buf, unsigned int len) {
|
|
Michal Ruprich |
d886cd |
if (len == 0U)
|
|
Michal Ruprich |
d886cd |
return;
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(EVP_DigestUpdate(ctx,
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(EVP_DigestUpdate(ctx->ctx,
|
|
Michal Ruprich |
d886cd |
(const void *) buf,
|
|
Michal Ruprich |
d886cd |
(size_t) len) == 1);
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
isc_md5_final(isc_md5_t *ctx, unsigned char *digest) {
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(EVP_DigestFinal(ctx, digest, NULL) == 1);
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(EVP_DigestFinal(ctx->ctx, digest, NULL) == 1);
|
|
Michal Ruprich |
d886cd |
+ EVP_MD_CTX_free(ctx->ctx);
|
|
Michal Ruprich |
d886cd |
+ ctx->ctx = NULL;
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
#elif PKCS11CRYPTO
|
|
Michal Ruprich |
d886cd |
diff --git a/lib/isc/sha1.c b/lib/isc/sha1.c
|
|
Michal Ruprich |
d886cd |
index e41b17c..1b7bc19 100644
|
|
Michal Ruprich |
d886cd |
--- a/lib/isc/sha1.c
|
|
Michal Ruprich |
d886cd |
+++ b/lib/isc/sha1.c
|
|
Michal Ruprich |
d886cd |
@@ -41,17 +41,25 @@
|
|
Michal Ruprich |
d886cd |
#endif
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
#ifdef ISC_PLATFORM_OPENSSLHASH
|
|
Michal Ruprich |
d886cd |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
Michal Ruprich |
d886cd |
+#define EVP_MD_CTX_new() &(context->_ctx)
|
|
Michal Ruprich |
d886cd |
+#define EVP_MD_CTX_free(ptr) EVP_MD_CTX_cleanup(ptr)
|
|
Michal Ruprich |
d886cd |
+#endif
|
|
Michal Ruprich |
d886cd |
+
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
isc_sha1_init(isc_sha1_t *context)
|
|
Michal Ruprich |
d886cd |
{
|
|
Michal Ruprich |
d886cd |
INSIST(context != NULL);
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(EVP_DigestInit(context, EVP_sha1()) == 1);
|
|
Michal Ruprich |
d886cd |
+ context->ctx = EVP_MD_CTX_new();
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(context->ctx != NULL);
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(EVP_DigestInit(context->ctx, EVP_sha1()) == 1);
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
isc_sha1_invalidate(isc_sha1_t *context) {
|
|
Michal Ruprich |
d886cd |
- EVP_MD_CTX_cleanup(context);
|
|
Michal Ruprich |
d886cd |
+ EVP_MD_CTX_free(context->ctx);
|
|
Michal Ruprich |
d886cd |
+ context->ctx = NULL;
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
@@ -59,9 +67,10 @@ isc_sha1_update(isc_sha1_t *context, const unsigned char *data,
|
|
Michal Ruprich |
d886cd |
unsigned int len)
|
|
Michal Ruprich |
d886cd |
{
|
|
Michal Ruprich |
d886cd |
INSIST(context != 0);
|
|
Michal Ruprich |
d886cd |
+ INSIST(context->ctx != 0);
|
|
Michal Ruprich |
d886cd |
INSIST(data != 0);
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(EVP_DigestUpdate(context,
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(EVP_DigestUpdate(context->ctx,
|
|
Michal Ruprich |
d886cd |
(const void *) data,
|
|
Michal Ruprich |
d886cd |
(size_t) len) == 1);
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
@@ -70,8 +79,11 @@ void
|
|
Michal Ruprich |
d886cd |
isc_sha1_final(isc_sha1_t *context, unsigned char *digest) {
|
|
Michal Ruprich |
d886cd |
INSIST(digest != 0);
|
|
Michal Ruprich |
d886cd |
INSIST(context != 0);
|
|
Michal Ruprich |
d886cd |
+ INSIST(context->ctx != 0);
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(EVP_DigestFinal(context, digest, NULL) == 1);
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(EVP_DigestFinal(context->ctx, digest, NULL) == 1);
|
|
Michal Ruprich |
d886cd |
+ EVP_MD_CTX_free(context->ctx);
|
|
Michal Ruprich |
d886cd |
+ context->ctx = NULL;
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
#elif PKCS11CRYPTO
|
|
Michal Ruprich |
d886cd |
diff --git a/lib/isc/sha2.c b/lib/isc/sha2.c
|
|
Michal Ruprich |
d886cd |
index a3c00c9..26a940a 100644
|
|
Michal Ruprich |
d886cd |
--- a/lib/isc/sha2.c
|
|
Michal Ruprich |
d886cd |
+++ b/lib/isc/sha2.c
|
|
Michal Ruprich |
d886cd |
@@ -61,18 +61,26 @@
|
|
Michal Ruprich |
d886cd |
#endif
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
#ifdef ISC_PLATFORM_OPENSSLHASH
|
|
Michal Ruprich |
d886cd |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
Michal Ruprich |
d886cd |
+#define EVP_MD_CTX_new() &(context->_ctx)
|
|
Michal Ruprich |
d886cd |
+#define EVP_MD_CTX_free(ptr) EVP_MD_CTX_cleanup(ptr)
|
|
Michal Ruprich |
d886cd |
+#define EVP_MD_CTX_reset(c) EVP_MD_CTX_cleanup(c)
|
|
Michal Ruprich |
d886cd |
+#endif
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
isc_sha224_init(isc_sha224_t *context) {
|
|
Michal Ruprich |
d886cd |
if (context == (isc_sha224_t *)0) {
|
|
Michal Ruprich |
d886cd |
return;
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(EVP_DigestInit(context, EVP_sha224()) == 1);
|
|
Michal Ruprich |
d886cd |
+ context->ctx = EVP_MD_CTX_new();
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(context->ctx != NULL);
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(EVP_DigestInit(context->ctx, EVP_sha224()) == 1);
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
isc_sha224_invalidate(isc_sha224_t *context) {
|
|
Michal Ruprich |
d886cd |
- EVP_MD_CTX_cleanup(context);
|
|
Michal Ruprich |
d886cd |
+ EVP_MD_CTX_free(context->ctx);
|
|
Michal Ruprich |
d886cd |
+ context->ctx = NULL;
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
@@ -83,9 +91,11 @@ isc_sha224_update(isc_sha224_t *context, const isc_uint8_t* data, size_t len) {
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
/* Sanity check: */
|
|
Michal Ruprich |
d886cd |
- REQUIRE(context != (isc_sha224_t *)0 && data != (isc_uint8_t*)0);
|
|
Michal Ruprich |
d886cd |
+ REQUIRE(context != (isc_sha224_t *)0);
|
|
Michal Ruprich |
d886cd |
+ REQUIRE(context->ctx != (EVP_MD_CTX *)0);
|
|
Michal Ruprich |
d886cd |
+ REQUIRE(data != (isc_uint8_t*)0);
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(EVP_DigestUpdate(context,
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(EVP_DigestUpdate(context->ctx,
|
|
Michal Ruprich |
d886cd |
(const void *) data, len) == 1);
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
@@ -93,13 +103,14 @@ void
|
|
Michal Ruprich |
d886cd |
isc_sha224_final(isc_uint8_t digest[], isc_sha224_t *context) {
|
|
Michal Ruprich |
d886cd |
/* Sanity check: */
|
|
Michal Ruprich |
d886cd |
REQUIRE(context != (isc_sha224_t *)0);
|
|
Michal Ruprich |
d886cd |
+ REQUIRE(context->ctx != (EVP_MD_CTX *)0);
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
/* If no digest buffer is passed, we don't bother doing this: */
|
|
Michal Ruprich |
d886cd |
- if (digest != (isc_uint8_t*)0) {
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(EVP_DigestFinal(context, digest, NULL) == 1);
|
|
Michal Ruprich |
d886cd |
- } else {
|
|
Michal Ruprich |
d886cd |
- EVP_MD_CTX_cleanup(context);
|
|
Michal Ruprich |
d886cd |
- }
|
|
Michal Ruprich |
d886cd |
+ if (digest != (isc_uint8_t*)0)
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(EVP_DigestFinal(context->ctx,
|
|
Michal Ruprich |
d886cd |
+ digest, NULL) == 1);
|
|
Michal Ruprich |
d886cd |
+ EVP_MD_CTX_free(context->ctx);
|
|
Michal Ruprich |
d886cd |
+ context->ctx = NULL;
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
@@ -107,12 +118,15 @@ isc_sha256_init(isc_sha256_t *context) {
|
|
Michal Ruprich |
d886cd |
if (context == (isc_sha256_t *)0) {
|
|
Michal Ruprich |
d886cd |
return;
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(EVP_DigestInit(context, EVP_sha256()) == 1);
|
|
Michal Ruprich |
d886cd |
+ context->ctx = EVP_MD_CTX_new();
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(context->ctx != NULL);
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(EVP_DigestInit(context->ctx, EVP_sha256()) == 1);
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
isc_sha256_invalidate(isc_sha256_t *context) {
|
|
Michal Ruprich |
d886cd |
- EVP_MD_CTX_cleanup(context);
|
|
Michal Ruprich |
d886cd |
+ EVP_MD_CTX_free(context->ctx);
|
|
Michal Ruprich |
d886cd |
+ context->ctx = NULL;
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
@@ -123,9 +137,11 @@ isc_sha256_update(isc_sha256_t *context, const isc_uint8_t *data, size_t len) {
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
/* Sanity check: */
|
|
Michal Ruprich |
d886cd |
- REQUIRE(context != (isc_sha256_t *)0 && data != (isc_uint8_t*)0);
|
|
Michal Ruprich |
d886cd |
+ REQUIRE(context != (isc_sha256_t *)0);
|
|
Michal Ruprich |
d886cd |
+ REQUIRE(context->ctx != (EVP_MD_CTX *)0);
|
|
Michal Ruprich |
d886cd |
+ REQUIRE(data != (isc_uint8_t*)0);
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(EVP_DigestUpdate(context,
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(EVP_DigestUpdate(context->ctx,
|
|
Michal Ruprich |
d886cd |
(const void *) data, len) == 1);
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
@@ -133,13 +149,14 @@ void
|
|
Michal Ruprich |
d886cd |
isc_sha256_final(isc_uint8_t digest[], isc_sha256_t *context) {
|
|
Michal Ruprich |
d886cd |
/* Sanity check: */
|
|
Michal Ruprich |
d886cd |
REQUIRE(context != (isc_sha256_t *)0);
|
|
Michal Ruprich |
d886cd |
+ REQUIRE(context->ctx != (EVP_MD_CTX *)0);
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
/* If no digest buffer is passed, we don't bother doing this: */
|
|
Michal Ruprich |
d886cd |
- if (digest != (isc_uint8_t*)0) {
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(EVP_DigestFinal(context, digest, NULL) == 1);
|
|
Michal Ruprich |
d886cd |
- } else {
|
|
Michal Ruprich |
d886cd |
- EVP_MD_CTX_cleanup(context);
|
|
Michal Ruprich |
d886cd |
- }
|
|
Michal Ruprich |
d886cd |
+ if (digest != (isc_uint8_t*)0)
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(EVP_DigestFinal(context->ctx,
|
|
Michal Ruprich |
d886cd |
+ digest, NULL) == 1);
|
|
Michal Ruprich |
d886cd |
+ EVP_MD_CTX_free(context->ctx);
|
|
Michal Ruprich |
d886cd |
+ context->ctx = NULL;
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
@@ -147,12 +164,15 @@ isc_sha512_init(isc_sha512_t *context) {
|
|
Michal Ruprich |
d886cd |
if (context == (isc_sha512_t *)0) {
|
|
Michal Ruprich |
d886cd |
return;
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(EVP_DigestInit(context, EVP_sha512()) == 1);
|
|
Michal Ruprich |
d886cd |
+ context->ctx = EVP_MD_CTX_new();
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(context->ctx != NULL);
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(EVP_DigestInit(context->ctx, EVP_sha512()) == 1);
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
isc_sha512_invalidate(isc_sha512_t *context) {
|
|
Michal Ruprich |
d886cd |
- EVP_MD_CTX_cleanup(context);
|
|
Michal Ruprich |
d886cd |
+ EVP_MD_CTX_free(context->ctx);
|
|
Michal Ruprich |
d886cd |
+ context->ctx = NULL;
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
void isc_sha512_update(isc_sha512_t *context, const isc_uint8_t *data, size_t len) {
|
|
Michal Ruprich |
d886cd |
@@ -162,22 +182,25 @@ void isc_sha512_update(isc_sha512_t *context, const isc_uint8_t *data, size_t le
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
/* Sanity check: */
|
|
Michal Ruprich |
d886cd |
- REQUIRE(context != (isc_sha512_t *)0 && data != (isc_uint8_t*)0);
|
|
Michal Ruprich |
d886cd |
+ REQUIRE(context != (isc_sha512_t *)0);
|
|
Michal Ruprich |
d886cd |
+ REQUIRE(context->ctx != (EVP_MD_CTX *)0);
|
|
Michal Ruprich |
d886cd |
+ REQUIRE(data != (isc_uint8_t*)0);
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(EVP_DigestUpdate(context,
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(EVP_DigestUpdate(context->ctx,
|
|
Michal Ruprich |
d886cd |
(const void *) data, len) == 1);
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
void isc_sha512_final(isc_uint8_t digest[], isc_sha512_t *context) {
|
|
Michal Ruprich |
d886cd |
/* Sanity check: */
|
|
Michal Ruprich |
d886cd |
REQUIRE(context != (isc_sha512_t *)0);
|
|
Michal Ruprich |
d886cd |
+ REQUIRE(context->ctx != (EVP_MD_CTX *)0);
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
/* If no digest buffer is passed, we don't bother doing this: */
|
|
Michal Ruprich |
d886cd |
- if (digest != (isc_uint8_t*)0) {
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(EVP_DigestFinal(context, digest, NULL) == 1);
|
|
Michal Ruprich |
d886cd |
- } else {
|
|
Michal Ruprich |
d886cd |
- EVP_MD_CTX_cleanup(context);
|
|
Michal Ruprich |
d886cd |
- }
|
|
Michal Ruprich |
d886cd |
+ if (digest != (isc_uint8_t*)0)
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(EVP_DigestFinal(context->ctx,
|
|
Michal Ruprich |
d886cd |
+ digest, NULL) == 1);
|
|
Michal Ruprich |
d886cd |
+ EVP_MD_CTX_free(context->ctx);
|
|
Michal Ruprich |
d886cd |
+ context->ctx = NULL;
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
@@ -185,12 +208,15 @@ isc_sha384_init(isc_sha384_t *context) {
|
|
Michal Ruprich |
d886cd |
if (context == (isc_sha384_t *)0) {
|
|
Michal Ruprich |
d886cd |
return;
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(EVP_DigestInit(context, EVP_sha384()) == 1);
|
|
Michal Ruprich |
d886cd |
+ context->ctx = EVP_MD_CTX_new();
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(context->ctx != NULL);
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(EVP_DigestInit(context->ctx, EVP_sha384()) == 1);
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
isc_sha384_invalidate(isc_sha384_t *context) {
|
|
Michal Ruprich |
d886cd |
- EVP_MD_CTX_cleanup(context);
|
|
Michal Ruprich |
d886cd |
+ EVP_MD_CTX_free(context->ctx);
|
|
Michal Ruprich |
d886cd |
+ context->ctx = NULL;
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
void
|
|
Michal Ruprich |
d886cd |
@@ -201,9 +227,11 @@ isc_sha384_update(isc_sha384_t *context, const isc_uint8_t* data, size_t len) {
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
/* Sanity check: */
|
|
Michal Ruprich |
d886cd |
- REQUIRE(context != (isc_sha512_t *)0 && data != (isc_uint8_t*)0);
|
|
Michal Ruprich |
d886cd |
+ REQUIRE(context != (isc_sha512_t *)0);
|
|
Michal Ruprich |
d886cd |
+ REQUIRE(context->ctx != (EVP_MD_CTX *)0);
|
|
Michal Ruprich |
d886cd |
+ REQUIRE(data != (isc_uint8_t*)0);
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(EVP_DigestUpdate(context,
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(EVP_DigestUpdate(context->ctx,
|
|
Michal Ruprich |
d886cd |
(const void *) data, len) == 1);
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
@@ -211,13 +239,14 @@ void
|
|
Michal Ruprich |
d886cd |
isc_sha384_final(isc_uint8_t digest[], isc_sha384_t *context) {
|
|
Michal Ruprich |
d886cd |
/* Sanity check: */
|
|
Michal Ruprich |
d886cd |
REQUIRE(context != (isc_sha384_t *)0);
|
|
Michal Ruprich |
d886cd |
+ REQUIRE(context->ctx != (EVP_MD_CTX *)0);
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
/* If no digest buffer is passed, we don't bother doing this: */
|
|
Michal Ruprich |
d886cd |
- if (digest != (isc_uint8_t*)0) {
|
|
Michal Ruprich |
d886cd |
- RUNTIME_CHECK(EVP_DigestFinal(context, digest, NULL) == 1);
|
|
Michal Ruprich |
d886cd |
- } else {
|
|
Michal Ruprich |
d886cd |
- EVP_MD_CTX_cleanup(context);
|
|
Michal Ruprich |
d886cd |
- }
|
|
Michal Ruprich |
d886cd |
+ if (digest != (isc_uint8_t*)0)
|
|
Michal Ruprich |
d886cd |
+ RUNTIME_CHECK(EVP_DigestFinal(context->ctx,
|
|
Michal Ruprich |
d886cd |
+ digest, NULL) == 1);
|
|
Michal Ruprich |
d886cd |
+ EVP_MD_CTX_free(context->ctx);
|
|
Michal Ruprich |
d886cd |
+ context->ctx = NULL;
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
#elif PKCS11CRYPTO
|
|
Michal Ruprich |
d886cd |
@@ -1578,7 +1607,7 @@ isc_sha224_end(isc_sha224_t *context, char buffer[]) {
|
|
Michal Ruprich |
d886cd |
*buffer = (char)0;
|
|
Michal Ruprich |
d886cd |
} else {
|
|
Michal Ruprich |
d886cd |
#ifdef ISC_PLATFORM_OPENSSLHASH
|
|
Michal Ruprich |
d886cd |
- EVP_MD_CTX_cleanup(context);
|
|
Michal Ruprich |
d886cd |
+ EVP_MD_CTX_reset(context->ctx);
|
|
Michal Ruprich |
d886cd |
#elif PKCS11CRYPTO
|
|
Michal Ruprich |
d886cd |
pk11_return_session(context);
|
|
Michal Ruprich |
d886cd |
#else
|
|
Michal Ruprich |
d886cd |
@@ -1619,7 +1648,7 @@ isc_sha256_end(isc_sha256_t *context, char buffer[]) {
|
|
Michal Ruprich |
d886cd |
*buffer = (char)0;
|
|
Michal Ruprich |
d886cd |
} else {
|
|
Michal Ruprich |
d886cd |
#ifdef ISC_PLATFORM_OPENSSLHASH
|
|
Michal Ruprich |
d886cd |
- EVP_MD_CTX_cleanup(context);
|
|
Michal Ruprich |
d886cd |
+ EVP_MD_CTX_reset(context->ctx);
|
|
Michal Ruprich |
d886cd |
#elif PKCS11CRYPTO
|
|
Michal Ruprich |
d886cd |
pk11_return_session(context);
|
|
Michal Ruprich |
d886cd |
#else
|
|
Michal Ruprich |
d886cd |
@@ -1660,7 +1689,7 @@ isc_sha512_end(isc_sha512_t *context, char buffer[]) {
|
|
Michal Ruprich |
d886cd |
*buffer = (char)0;
|
|
Michal Ruprich |
d886cd |
} else {
|
|
Michal Ruprich |
d886cd |
#ifdef ISC_PLATFORM_OPENSSLHASH
|
|
Michal Ruprich |
d886cd |
- EVP_MD_CTX_cleanup(context);
|
|
Michal Ruprich |
d886cd |
+ EVP_MD_CTX_reset(context->ctx);
|
|
Michal Ruprich |
d886cd |
#elif PKCS11CRYPTO
|
|
Michal Ruprich |
d886cd |
pk11_return_session(context);
|
|
Michal Ruprich |
d886cd |
#else
|
|
Michal Ruprich |
d886cd |
@@ -1701,7 +1730,7 @@ isc_sha384_end(isc_sha384_t *context, char buffer[]) {
|
|
Michal Ruprich |
d886cd |
*buffer = (char)0;
|
|
Michal Ruprich |
d886cd |
} else {
|
|
Michal Ruprich |
d886cd |
#ifdef ISC_PLATFORM_OPENSSLHASH
|
|
Michal Ruprich |
d886cd |
- EVP_MD_CTX_cleanup(context);
|
|
Michal Ruprich |
d886cd |
+ EVP_MD_CTX_reset(context->ctx);
|
|
Michal Ruprich |
d886cd |
#elif PKCS11CRYPTO
|
|
Michal Ruprich |
d886cd |
pk11_return_session(context);
|
|
Michal Ruprich |
d886cd |
#else
|
|
Michal Ruprich |
d886cd |
diff --git a/win32utils/Configure b/win32utils/Configure
|
|
Michal Ruprich |
d886cd |
index 9aef5bc..0e2da8e 100644
|
|
Michal Ruprich |
d886cd |
--- a/win32utils/Configure
|
|
Michal Ruprich |
d886cd |
+++ b/win32utils/Configure
|
|
Michal Ruprich |
d886cd |
@@ -432,7 +432,6 @@ my @substdefh = ("AES_CC",
|
|
Michal Ruprich |
d886cd |
"HAVE_PKCS11_GOST",
|
|
Michal Ruprich |
d886cd |
"HAVE_READLINE",
|
|
Michal Ruprich |
d886cd |
"HAVE_ZLIB",
|
|
Michal Ruprich |
d886cd |
- "HMAC_RETURN_INT",
|
|
Michal Ruprich |
d886cd |
"HMAC_SHA1_CC",
|
|
Michal Ruprich |
d886cd |
"HMAC_SHA256_CC",
|
|
Michal Ruprich |
d886cd |
"ISC_LIST_CHECKINIT",
|
|
Michal Ruprich |
d886cd |
@@ -1590,8 +1589,14 @@ if ($use_openssl eq "no") {
|
|
Michal Ruprich |
d886cd |
foreach $file (sort {uc($b) cmp uc($a)} @dirlist) {
|
|
Michal Ruprich |
d886cd |
if (-f File::Spec->catfile($openssl_path,
|
|
Michal Ruprich |
d886cd |
$file,
|
|
Michal Ruprich |
d886cd |
- "inc32\\openssl",
|
|
Michal Ruprich |
d886cd |
- "opensslv.h")) {
|
|
Michal Ruprich |
d886cd |
+ "inc32\\openssl\\opensslv.h")) {
|
|
Michal Ruprich |
d886cd |
+ $openssl_path = File::Spec->catdir($openssl_path, $file);
|
|
Michal Ruprich |
d886cd |
+ $use_openssl = "yes";
|
|
Michal Ruprich |
d886cd |
+ last;
|
|
Michal Ruprich |
d886cd |
+ }
|
|
Michal Ruprich |
d886cd |
+ if (-f File::Spec->catfile($openssl_path,
|
|
Michal Ruprich |
d886cd |
+ $file,
|
|
Michal Ruprich |
d886cd |
+ "include\\openssl\\opensslv.h")) {
|
|
Michal Ruprich |
d886cd |
$openssl_path = File::Spec->catdir($openssl_path, $file);
|
|
Michal Ruprich |
d886cd |
$use_openssl = "yes";
|
|
Michal Ruprich |
d886cd |
last;
|
|
Michal Ruprich |
d886cd |
@@ -1609,21 +1614,50 @@ if ($use_openssl eq "yes") {
|
|
Michal Ruprich |
d886cd |
if ($verbose) {
|
|
Michal Ruprich |
d886cd |
print "checking for OpenSSL built directory at \"$openssl_path\"\n";
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
+ my $openssl_new = 0;
|
|
Michal Ruprich |
d886cd |
if (!-f File::Spec->catfile($openssl_path,
|
|
Michal Ruprich |
d886cd |
- "inc32\\openssl",
|
|
Michal Ruprich |
d886cd |
- "opensslv.h")) {
|
|
Michal Ruprich |
d886cd |
- die "can't find OpenSSL opensslv.h include\n";
|
|
Michal Ruprich |
d886cd |
- }
|
|
Michal Ruprich |
d886cd |
- if (!-f File::Spec->catfile($openssl_path, "out32dll", "libeay32.lib")) {
|
|
Michal Ruprich |
d886cd |
- die "can't find OpenSSL libeay32.lib library\n";
|
|
Michal Ruprich |
d886cd |
- }
|
|
Michal Ruprich |
d886cd |
- if (!-f File::Spec->catfile($openssl_path, "out32dll", "libeay32.dll")) {
|
|
Michal Ruprich |
d886cd |
- die "can't find OpenSSL libeay32.dll DLL\n";
|
|
Michal Ruprich |
d886cd |
+ "inc32\\openssl\\opensslv.h")) {
|
|
Michal Ruprich |
d886cd |
+ $openssl_new = 1;
|
|
Michal Ruprich |
d886cd |
+ if (!-f File::Spec->catfile($openssl_path,
|
|
Michal Ruprich |
d886cd |
+ "include\\openssl\\opensslv.h")) {
|
|
Michal Ruprich |
d886cd |
+ die "can't find OpenSSL opensslv.h include\n";
|
|
Michal Ruprich |
d886cd |
+ }
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
my $openssl_inc = File::Spec->catdir($openssl_path, "inc32");
|
|
Michal Ruprich |
d886cd |
my $openssl_libdir = File::Spec->catdir($openssl_path, "out32dll");
|
|
Michal Ruprich |
d886cd |
my $openssl_lib = File::Spec->catfile($openssl_libdir, "libeay32.lib");
|
|
Michal Ruprich |
d886cd |
my $openssl_dll = File::Spec->catfile($openssl_libdir, "libeay32.dll");
|
|
Michal Ruprich |
d886cd |
+ if (!$openssl_new) {
|
|
Michal Ruprich |
d886cd |
+ # Check libraries are where we expect
|
|
Michal Ruprich |
d886cd |
+ if (!-f $openssl_lib) {
|
|
Michal Ruprich |
d886cd |
+ die "can't find OpenSSL libeay32.lib library\n";
|
|
Michal Ruprich |
d886cd |
+ }
|
|
Michal Ruprich |
d886cd |
+ if (!-f $openssl_dll) {
|
|
Michal Ruprich |
d886cd |
+ die "can't find OpenSSL libeay32.dll DLL\n";
|
|
Michal Ruprich |
d886cd |
+ }
|
|
Michal Ruprich |
d886cd |
+ } else {
|
|
Michal Ruprich |
d886cd |
+ # OpenSSL >= 1.1 is easier at the exception of the DLL
|
|
Michal Ruprich |
d886cd |
+ if ($verbose) {
|
|
Michal Ruprich |
d886cd |
+ print "new (>= 1.1) OpenSSL version\n";
|
|
Michal Ruprich |
d886cd |
+ }
|
|
Michal Ruprich |
d886cd |
+ $openssl_inc = File::Spec->catdir($openssl_path, "include");
|
|
Michal Ruprich |
d886cd |
+ $openssl_libdir = $openssl_path;
|
|
Michal Ruprich |
d886cd |
+ $openssl_lib = File::Spec->catfile($openssl_path, "libcrypto.lib");
|
|
Michal Ruprich |
d886cd |
+ if (!-f $openssl_lib) {
|
|
Michal Ruprich |
d886cd |
+ die "can't find OpenSSL libcrypto.lib library\n";
|
|
Michal Ruprich |
d886cd |
+ }
|
|
Michal Ruprich |
d886cd |
+ opendir DIR, $openssl_path || die "No Directory: $!\n";
|
|
Michal Ruprich |
d886cd |
+ my @dirlist = grep (/^libcrypto-[^.]+\.dll$/i, readdir(DIR));
|
|
Michal Ruprich |
d886cd |
+ closedir(DIR);
|
|
Michal Ruprich |
d886cd |
+ # We must get one file only
|
|
Michal Ruprich |
d886cd |
+ if (scalar(@dirlist) == 0) {
|
|
Michal Ruprich |
d886cd |
+ die "can't find OpenSSL libcrypto-*.dll DLL\n";
|
|
Michal Ruprich |
d886cd |
+ }
|
|
Michal Ruprich |
d886cd |
+ if (scalar(@dirlist) != 1) {
|
|
Michal Ruprich |
d886cd |
+ die "find more than one OpenSSL libcrypto-*.dll DLL candidate\n";
|
|
Michal Ruprich |
d886cd |
+ }
|
|
Michal Ruprich |
d886cd |
+ $openssl_dll = File::Spec->catdir($openssl_path, "@dirlist[0]");
|
|
Michal Ruprich |
d886cd |
+ }
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
$configcond{"OPENSSL"} = 1;
|
|
Michal Ruprich |
d886cd |
$configdefd{"CRYPTO"} = "OPENSSL";
|
|
Michal Ruprich |
d886cd |
@@ -2055,30 +2089,6 @@ if ($enable_openssl_hash eq "yes") {
|
|
Michal Ruprich |
d886cd |
die "No OpenSSL for hash functions\n";
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
$configdefp{"ISC_PLATFORM_OPENSSLHASH"} = 1;
|
|
Michal Ruprich |
d886cd |
- if ($verbose) {
|
|
Michal Ruprich |
d886cd |
- print "checking HMAC_Init() return type\n";
|
|
Michal Ruprich |
d886cd |
- }
|
|
Michal Ruprich |
d886cd |
- open F, ">testhmac.c" || die $!;
|
|
Michal Ruprich |
d886cd |
- print F << 'EOF';
|
|
Michal Ruprich |
d886cd |
-#include <openssl/hmac.h>
|
|
Michal Ruprich |
d886cd |
-
|
|
Michal Ruprich |
d886cd |
-int
|
|
Michal Ruprich |
d886cd |
-main(void)
|
|
Michal Ruprich |
d886cd |
-{
|
|
Michal Ruprich |
d886cd |
- HMAC_CTX ctx;
|
|
Michal Ruprich |
d886cd |
- int n = HMAC_Init(&ctx, NULL, 0, NULL);
|
|
Michal Ruprich |
d886cd |
- n += HMAC_Update(&ctx, NULL, 0);
|
|
Michal Ruprich |
d886cd |
- n += HMAC_Final(&ctx, NULL, NULL);
|
|
Michal Ruprich |
d886cd |
- return(n);
|
|
Michal Ruprich |
d886cd |
-}
|
|
Michal Ruprich |
d886cd |
-EOF
|
|
Michal Ruprich |
d886cd |
- close F;
|
|
Michal Ruprich |
d886cd |
- my $include = $configinc{"OPENSSL_INC"};
|
|
Michal Ruprich |
d886cd |
- my $library = $configlib{"OPENSSL_LIB"};
|
|
Michal Ruprich |
d886cd |
- $compret = `cl /nologo /MD /I "$include" testhmac.c "$library"`;
|
|
Michal Ruprich |
d886cd |
- if (grep { -f and -x } ".\\testhmac.exe") {
|
|
Michal Ruprich |
d886cd |
- $configdefh{"HMAC_RETURN_INT"} = 1;
|
|
Michal Ruprich |
d886cd |
- }
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
# with-pkcs11
|
|
Michal Ruprich |
d886cd |
@@ -3186,7 +3196,11 @@ sub makeinstallfile {
|
|
Michal Ruprich |
d886cd |
print LOUT "liblwres.dll-BCFT\n";
|
|
Michal Ruprich |
d886cd |
print LOUT "libirs.dll-BCFT\n";
|
|
Michal Ruprich |
d886cd |
if ($use_openssl eq "yes") {
|
|
Michal Ruprich |
d886cd |
- print LOUT "libeay32.dll-BCFT\n";
|
|
Michal Ruprich |
d886cd |
+ my $v;
|
|
Michal Ruprich |
d886cd |
+ my $d;
|
|
Michal Ruprich |
d886cd |
+ my $name;
|
|
Michal Ruprich |
d886cd |
+ ($v, $d, $name) =File::Spec->splitpath($configdll{"OPENSSL_DLL"});
|
|
Michal Ruprich |
d886cd |
+ print LOUT "${name}-BCFT\n";
|
|
Michal Ruprich |
d886cd |
}
|
|
Michal Ruprich |
d886cd |
if ($use_libxml2 eq "yes") {
|
|
Michal Ruprich |
d886cd |
print LOUT "libxml2.dll-BCFT\n";
|
|
Michal Ruprich |
d886cd |
--
|
|
Michal Ruprich |
d886cd |
2.9.0
|
|
Michal Ruprich |
d886cd |
|
|
Michal Ruprich |
d886cd |
|