diff options
author | Erwin Lansing <erwin@FreeBSD.org> | 2015-10-01 07:47:44 +0000 |
---|---|---|
committer | Erwin Lansing <erwin@FreeBSD.org> | 2015-10-01 07:47:44 +0000 |
commit | ff14d03521a89636be959e65a21374951fe699ba (patch) | |
tree | f50c4271d12b6939db067758ade30df93a038a91 /lib/dns/openssldsa_link.c | |
parent | b04f5d3d3ff49c604e768add0cf35600b9eee074 (diff) |
Notes
Diffstat (limited to 'lib/dns/openssldsa_link.c')
-rw-r--r-- | lib/dns/openssldsa_link.c | 65 |
1 files changed, 42 insertions, 23 deletions
diff --git a/lib/dns/openssldsa_link.c b/lib/dns/openssldsa_link.c index 61e64db0d4a5..34348f07767f 100644 --- a/lib/dns/openssldsa_link.c +++ b/lib/dns/openssldsa_link.c @@ -1,5 +1,5 @@ /* - * Portions Copyright (C) 2004-2009, 2011-2013 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004-2009, 2011-2013, 2015 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -29,8 +29,6 @@ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id$ */ - #ifdef OPENSSL #ifndef USE_EVP #define USE_EVP 1 @@ -137,6 +135,7 @@ openssldsa_sign(dst_context_t *dctx, isc_buffer_t *sig) { DSA *dsa = key->keydata.dsa; isc_region_t r; DSA_SIG *dsasig; + unsigned int klen; #if USE_EVP EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx; EVP_PKEY *pkey; @@ -188,6 +187,7 @@ openssldsa_sign(dst_context_t *dctx, isc_buffer_t *sig) { ISC_R_FAILURE)); } free(sigbuf); + #elif 0 /* Only use EVP for the Digest */ if (!EVP_DigestFinal_ex(evp_md_ctx, digest, &siglen)) { @@ -209,11 +209,17 @@ openssldsa_sign(dst_context_t *dctx, isc_buffer_t *sig) { "DSA_do_sign", DST_R_SIGNFAILURE)); #endif - *r.base++ = (key->key_size - 512)/64; + + klen = (key->key_size - 512)/64; + if (klen > 255) + return (ISC_R_FAILURE); + *r.base = klen; + isc_region_consume(&r, 1); + BN_bn2bin_fixed(dsasig->r, r.base, ISC_SHA1_DIGESTLENGTH); - r.base += ISC_SHA1_DIGESTLENGTH; + isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH); BN_bn2bin_fixed(dsasig->s, r.base, ISC_SHA1_DIGESTLENGTH); - r.base += ISC_SHA1_DIGESTLENGTH; + isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH); DSA_SIG_free(dsasig); isc_buffer_add(sig, ISC_SHA1_DIGESTLENGTH * 2 + 1); @@ -339,7 +345,7 @@ progress_cb(int p, int n, BN_GENCB *cb) UNUSED(n); - u.dptr = cb->arg; + u.dptr = BN_GENCB_get_arg(cb); if (u.fptr != NULL) u.fptr(p); return (1); @@ -352,7 +358,10 @@ openssldsa_generate(dst_key_t *key, int unused, void (*callback)(int)) { unsigned char rand_array[ISC_SHA1_DIGESTLENGTH]; isc_result_t result; #if OPENSSL_VERSION_NUMBER > 0x00908000L - BN_GENCB cb; + BN_GENCB *cb; +#if OPENSSL_VERSION_NUMBER < 0x10100000L + BN_GENCB _cb; +#endif union { void *dptr; void (*fptr)(int); @@ -373,22 +382,30 @@ openssldsa_generate(dst_key_t *key, int unused, void (*callback)(int)) { dsa = DSA_new(); if (dsa == NULL) return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); - + cb = BN_GENCB_new(); +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + if (cb == NULL) { + DSA_free(dsa); + return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); + } +#endif if (callback == NULL) { - BN_GENCB_set_old(&cb, NULL, NULL); + BN_GENCB_set_old(cb, NULL, NULL); } else { u.fptr = callback; - BN_GENCB_set(&cb, &progress_cb, u.dptr); + BN_GENCB_set(cb, &progress_cb, u.dptr); } if (!DSA_generate_parameters_ex(dsa, key->key_size, rand_array, ISC_SHA1_DIGESTLENGTH, NULL, NULL, - &cb)) + cb)) { DSA_free(dsa); + BN_GENCB_free(cb); return (dst__openssl_toresult2("DSA_generate_parameters_ex", DST_R_OPENSSLFAILURE)); } + BN_GENCB_free(cb); #else dsa = DSA_generate_parameters(key->key_size, rand_array, ISC_SHA1_DIGESTLENGTH, NULL, NULL, @@ -446,15 +463,16 @@ openssldsa_todns(const dst_key_t *key, isc_buffer_t *data) { if (r.length < (unsigned int) dnslen) return (ISC_R_NOSPACE); - *r.base++ = t; + *r.base = t; + isc_region_consume(&r, 1); BN_bn2bin_fixed(dsa->q, r.base, ISC_SHA1_DIGESTLENGTH); - r.base += ISC_SHA1_DIGESTLENGTH; + isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH); BN_bn2bin_fixed(dsa->p, r.base, key->key_size/8); - r.base += p_bytes; + isc_region_consume(&r, p_bytes); BN_bn2bin_fixed(dsa->g, r.base, key->key_size/8); - r.base += p_bytes; + isc_region_consume(&r, p_bytes); BN_bn2bin_fixed(dsa->pub_key, r.base, key->key_size/8); - r.base += p_bytes; + isc_region_consume(&r, p_bytes); isc_buffer_add(data, dnslen); @@ -479,29 +497,30 @@ openssldsa_fromdns(dst_key_t *key, isc_buffer_t *data) { return (ISC_R_NOMEMORY); dsa->flags &= ~DSA_FLAG_CACHE_MONT_P; - t = (unsigned int) *r.base++; + t = (unsigned int) *r.base; + isc_region_consume(&r, 1); if (t > 8) { DSA_free(dsa); return (DST_R_INVALIDPUBLICKEY); } p_bytes = 64 + 8 * t; - if (r.length < 1 + ISC_SHA1_DIGESTLENGTH + 3 * p_bytes) { + if (r.length < ISC_SHA1_DIGESTLENGTH + 3 * p_bytes) { DSA_free(dsa); return (DST_R_INVALIDPUBLICKEY); } dsa->q = BN_bin2bn(r.base, ISC_SHA1_DIGESTLENGTH, NULL); - r.base += ISC_SHA1_DIGESTLENGTH; + isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH); dsa->p = BN_bin2bn(r.base, p_bytes, NULL); - r.base += p_bytes; + isc_region_consume(&r, p_bytes); dsa->g = BN_bin2bn(r.base, p_bytes, NULL); - r.base += p_bytes; + isc_region_consume(&r, p_bytes); dsa->pub_key = BN_bin2bn(r.base, p_bytes, NULL); - r.base += p_bytes; + isc_region_consume(&r, p_bytes); key->key_size = p_bytes * 8; |