summaryrefslogtreecommitdiff
path: root/lib/dns/openssldsa_link.c
diff options
context:
space:
mode:
authorErwin Lansing <erwin@FreeBSD.org>2015-10-01 07:47:44 +0000
committerErwin Lansing <erwin@FreeBSD.org>2015-10-01 07:47:44 +0000
commitff14d03521a89636be959e65a21374951fe699ba (patch)
treef50c4271d12b6939db067758ade30df93a038a91 /lib/dns/openssldsa_link.c
parentb04f5d3d3ff49c604e768add0cf35600b9eee074 (diff)
Notes
Diffstat (limited to 'lib/dns/openssldsa_link.c')
-rw-r--r--lib/dns/openssldsa_link.c65
1 files changed, 42 insertions, 23 deletions
diff --git a/lib/dns/openssldsa_link.c b/lib/dns/openssldsa_link.c
index 61e64db0d4a5..34348f07767f 100644
--- a/lib/dns/openssldsa_link.c
+++ b/lib/dns/openssldsa_link.c
@@ -1,5 +1,5 @@
/*
- * Portions Copyright (C) 2004-2009, 2011-2013 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004-2009, 2011-2013, 2015 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -29,8 +29,6 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id$ */
-
#ifdef OPENSSL
#ifndef USE_EVP
#define USE_EVP 1
@@ -137,6 +135,7 @@ openssldsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
DSA *dsa = key->keydata.dsa;
isc_region_t r;
DSA_SIG *dsasig;
+ unsigned int klen;
#if USE_EVP
EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
EVP_PKEY *pkey;
@@ -188,6 +187,7 @@ openssldsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
ISC_R_FAILURE));
}
free(sigbuf);
+
#elif 0
/* Only use EVP for the Digest */
if (!EVP_DigestFinal_ex(evp_md_ctx, digest, &siglen)) {
@@ -209,11 +209,17 @@ openssldsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
"DSA_do_sign",
DST_R_SIGNFAILURE));
#endif
- *r.base++ = (key->key_size - 512)/64;
+
+ klen = (key->key_size - 512)/64;
+ if (klen > 255)
+ return (ISC_R_FAILURE);
+ *r.base = klen;
+ isc_region_consume(&r, 1);
+
BN_bn2bin_fixed(dsasig->r, r.base, ISC_SHA1_DIGESTLENGTH);
- r.base += ISC_SHA1_DIGESTLENGTH;
+ isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH);
BN_bn2bin_fixed(dsasig->s, r.base, ISC_SHA1_DIGESTLENGTH);
- r.base += ISC_SHA1_DIGESTLENGTH;
+ isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH);
DSA_SIG_free(dsasig);
isc_buffer_add(sig, ISC_SHA1_DIGESTLENGTH * 2 + 1);
@@ -339,7 +345,7 @@ progress_cb(int p, int n, BN_GENCB *cb)
UNUSED(n);
- u.dptr = cb->arg;
+ u.dptr = BN_GENCB_get_arg(cb);
if (u.fptr != NULL)
u.fptr(p);
return (1);
@@ -352,7 +358,10 @@ openssldsa_generate(dst_key_t *key, int unused, void (*callback)(int)) {
unsigned char rand_array[ISC_SHA1_DIGESTLENGTH];
isc_result_t result;
#if OPENSSL_VERSION_NUMBER > 0x00908000L
- BN_GENCB cb;
+ BN_GENCB *cb;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ BN_GENCB _cb;
+#endif
union {
void *dptr;
void (*fptr)(int);
@@ -373,22 +382,30 @@ openssldsa_generate(dst_key_t *key, int unused, void (*callback)(int)) {
dsa = DSA_new();
if (dsa == NULL)
return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
-
+ cb = BN_GENCB_new();
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ if (cb == NULL) {
+ DSA_free(dsa);
+ return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
+ }
+#endif
if (callback == NULL) {
- BN_GENCB_set_old(&cb, NULL, NULL);
+ BN_GENCB_set_old(cb, NULL, NULL);
} else {
u.fptr = callback;
- BN_GENCB_set(&cb, &progress_cb, u.dptr);
+ BN_GENCB_set(cb, &progress_cb, u.dptr);
}
if (!DSA_generate_parameters_ex(dsa, key->key_size, rand_array,
ISC_SHA1_DIGESTLENGTH, NULL, NULL,
- &cb))
+ cb))
{
DSA_free(dsa);
+ BN_GENCB_free(cb);
return (dst__openssl_toresult2("DSA_generate_parameters_ex",
DST_R_OPENSSLFAILURE));
}
+ BN_GENCB_free(cb);
#else
dsa = DSA_generate_parameters(key->key_size, rand_array,
ISC_SHA1_DIGESTLENGTH, NULL, NULL,
@@ -446,15 +463,16 @@ openssldsa_todns(const dst_key_t *key, isc_buffer_t *data) {
if (r.length < (unsigned int) dnslen)
return (ISC_R_NOSPACE);
- *r.base++ = t;
+ *r.base = t;
+ isc_region_consume(&r, 1);
BN_bn2bin_fixed(dsa->q, r.base, ISC_SHA1_DIGESTLENGTH);
- r.base += ISC_SHA1_DIGESTLENGTH;
+ isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH);
BN_bn2bin_fixed(dsa->p, r.base, key->key_size/8);
- r.base += p_bytes;
+ isc_region_consume(&r, p_bytes);
BN_bn2bin_fixed(dsa->g, r.base, key->key_size/8);
- r.base += p_bytes;
+ isc_region_consume(&r, p_bytes);
BN_bn2bin_fixed(dsa->pub_key, r.base, key->key_size/8);
- r.base += p_bytes;
+ isc_region_consume(&r, p_bytes);
isc_buffer_add(data, dnslen);
@@ -479,29 +497,30 @@ openssldsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
return (ISC_R_NOMEMORY);
dsa->flags &= ~DSA_FLAG_CACHE_MONT_P;
- t = (unsigned int) *r.base++;
+ t = (unsigned int) *r.base;
+ isc_region_consume(&r, 1);
if (t > 8) {
DSA_free(dsa);
return (DST_R_INVALIDPUBLICKEY);
}
p_bytes = 64 + 8 * t;
- if (r.length < 1 + ISC_SHA1_DIGESTLENGTH + 3 * p_bytes) {
+ if (r.length < ISC_SHA1_DIGESTLENGTH + 3 * p_bytes) {
DSA_free(dsa);
return (DST_R_INVALIDPUBLICKEY);
}
dsa->q = BN_bin2bn(r.base, ISC_SHA1_DIGESTLENGTH, NULL);
- r.base += ISC_SHA1_DIGESTLENGTH;
+ isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH);
dsa->p = BN_bin2bn(r.base, p_bytes, NULL);
- r.base += p_bytes;
+ isc_region_consume(&r, p_bytes);
dsa->g = BN_bin2bn(r.base, p_bytes, NULL);
- r.base += p_bytes;
+ isc_region_consume(&r, p_bytes);
dsa->pub_key = BN_bin2bn(r.base, p_bytes, NULL);
- r.base += p_bytes;
+ isc_region_consume(&r, p_bytes);
key->key_size = p_bytes * 8;