diff options
Diffstat (limited to 'lib/dns/openssldh_link.c')
| -rw-r--r-- | lib/dns/openssldh_link.c | 156 |
1 files changed, 90 insertions, 66 deletions
diff --git a/lib/dns/openssldh_link.c b/lib/dns/openssldh_link.c index 953e8fd50e4a..4d77c5bf164f 100644 --- a/lib/dns/openssldh_link.c +++ b/lib/dns/openssldh_link.c @@ -1,5 +1,5 @@ /* - * Portions Copyright (C) 2004-2009, 2011-2014 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004-2009, 2011-2015 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -71,7 +71,7 @@ static isc_result_t openssldh_todns(const dst_key_t *key, isc_buffer_t *data); -static BIGNUM bn2, bn768, bn1024, bn1536; +static BIGNUM *bn2, *bn768, *bn1024, *bn1536; static isc_result_t openssldh_computesecret(const dst_key_t *pub, const dst_key_t *priv, @@ -161,7 +161,7 @@ progress_cb(int p, int n, BN_GENCB *cb) UNUSED(n); - u.dptr = cb->arg; + u.dptr = BN_GENCB_get_arg(cb); if (u.fptr != NULL) u.fptr(p); return (1); @@ -172,7 +172,10 @@ static isc_result_t openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) { DH *dh = NULL; #if OPENSSL_VERSION_NUMBER > 0x00908000L - BN_GENCB cb; + BN_GENCB *cb; +#if OPENSSL_VERSION_NUMBER < 0x10100000L + BN_GENCB _cb; +#endif union { void *dptr; void (*fptr)(int); @@ -191,12 +194,12 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) { if (dh == NULL) return (dst__openssl_toresult(ISC_R_NOMEMORY)); if (key->key_size == 768) - dh->p = &bn768; + dh->p = bn768; else if (key->key_size == 1024) - dh->p = &bn1024; + dh->p = bn1024; else - dh->p = &bn1536; - dh->g = &bn2; + dh->p = bn1536; + dh->g = bn2; } else generator = 2; } @@ -206,31 +209,39 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) { dh = DH_new(); if (dh == NULL) return (dst__openssl_toresult(ISC_R_NOMEMORY)); - + cb = BN_GENCB_new(); +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + if (cb == NULL) { + DH_free(dh); + return (dst__openssl_toresult(ISC_R_NOMEMORY)); + } +#endif if (callback == NULL) { - BN_GENCB_set_old(&cb, NULL, NULL); + BN_GENCB_set_old(cb, NULL, NULL); } else { u.fptr = callback; - BN_GENCB_set(&cb, &progress_cb, u.dptr); + BN_GENCB_set(cb, &progress_cb, u.dptr); } if (!DH_generate_parameters_ex(dh, key->key_size, generator, - &cb)) { + cb)) { DH_free(dh); + BN_GENCB_free(cb); return (dst__openssl_toresult2( "DH_generate_parameters_ex", DST_R_OPENSSLFAILURE)); } + BN_GENCB_free(cb); #else dh = DH_generate_parameters(key->key_size, generator, NULL, NULL); + if (dh == NULL) + return (dst__openssl_toresult2( + "DH_generate_parameters", + DST_R_OPENSSLFAILURE)); #endif } - if (dh == NULL) - return (dst__openssl_toresult2("DH_generate_parameters", - DST_R_OPENSSLFAILURE)); - if (DH_generate_key(dh) == 0) { DH_free(dh); return (dst__openssl_toresult2("DH_generate_key", @@ -256,9 +267,9 @@ openssldh_destroy(dst_key_t *key) { if (dh == NULL) return; - if (dh->p == &bn768 || dh->p == &bn1024 || dh->p == &bn1536) + if (dh->p == bn768 || dh->p == bn1024 || dh->p == bn1536) dh->p = NULL; - if (dh->g == &bn2) + if (dh->g == bn2) dh->g = NULL; DH_free(dh); key->keydata.dh = NULL; @@ -266,8 +277,10 @@ openssldh_destroy(dst_key_t *key) { static void uint16_toregion(isc_uint16_t val, isc_region_t *region) { - *region->base++ = (val & 0xff00) >> 8; - *region->base++ = (val & 0x00ff); + *region->base = (val & 0xff00) >> 8; + isc_region_consume(region, 1); + *region->base = (val & 0x00ff); + isc_region_consume(region, 1); } static isc_uint16_t @@ -278,7 +291,8 @@ uint16_fromregion(isc_region_t *region) { val = ((unsigned int)(cp[0])) << 8; val |= ((unsigned int)(cp[1])); - region->base += 2; + isc_region_consume(region, 2); + return (val); } @@ -294,8 +308,8 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) { isc_buffer_availableregion(data, &r); - if (dh->g == &bn2 && - (dh->p == &bn768 || dh->p == &bn1024 || dh->p == &bn1536)) { + if (dh->g == bn2 && + (dh->p == bn768 || dh->p == bn1024 || dh->p == bn1536)) { plen = 1; glen = 0; } @@ -310,25 +324,25 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) { uint16_toregion(plen, &r); if (plen == 1) { - if (dh->p == &bn768) + if (dh->p == bn768) *r.base = 1; - else if (dh->p == &bn1024) + else if (dh->p == bn1024) *r.base = 2; else *r.base = 3; } else BN_bn2bin(dh->p, r.base); - r.base += plen; + isc_region_consume(&r, plen); uint16_toregion(glen, &r); if (glen > 0) BN_bn2bin(dh->g, r.base); - r.base += glen; + isc_region_consume(&r, glen); uint16_toregion(publen, &r); BN_bn2bin(dh->pub_key, r.base); - r.base += publen; + isc_region_consume(&r, publen); isc_buffer_add(data, dnslen); @@ -369,28 +383,29 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) { return (DST_R_INVALIDPUBLICKEY); } if (plen == 1 || plen == 2) { - if (plen == 1) - special = *r.base++; - else + if (plen == 1) { + special = *r.base; + isc_region_consume(&r, 1); + } else { special = uint16_fromregion(&r); + } switch (special) { case 1: - dh->p = &bn768; + dh->p = bn768; break; case 2: - dh->p = &bn1024; + dh->p = bn1024; break; case 3: - dh->p = &bn1536; + dh->p = bn1536; break; default: DH_free(dh); return (DST_R_INVALIDPUBLICKEY); } - } - else { + } else { dh->p = BN_bin2bn(r.base, plen, NULL); - r.base += plen; + isc_region_consume(&r, plen); } /* @@ -409,27 +424,26 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) { } if (special != 0) { if (glen == 0) - dh->g = &bn2; + dh->g = bn2; else { dh->g = BN_bin2bn(r.base, glen, NULL); - if (BN_cmp(dh->g, &bn2) == 0) { + if (BN_cmp(dh->g, bn2) == 0) { BN_free(dh->g); - dh->g = &bn2; + dh->g = bn2; } else { DH_free(dh); return (DST_R_INVALIDPUBLICKEY); } } - } - else { + } else { if (glen == 0) { DH_free(dh); return (DST_R_INVALIDPUBLICKEY); } dh->g = BN_bin2bn(r.base, glen, NULL); } - r.base += glen; + isc_region_consume(&r, glen); if (r.length < 2) { DH_free(dh); @@ -441,7 +455,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) { return (DST_R_INVALIDPUBLICKEY); } dh->pub_key = BN_bin2bn(r.base, publen, NULL); - r.base += publen; + isc_region_consume(&r, publen); key->key_size = BN_num_bits(dh->p); @@ -563,25 +577,25 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) { if ((key->key_size == 768 || key->key_size == 1024 || key->key_size == 1536) && - BN_cmp(dh->g, &bn2) == 0) + BN_cmp(dh->g, bn2) == 0) { - if (key->key_size == 768 && BN_cmp(dh->p, &bn768) == 0) { + if (key->key_size == 768 && BN_cmp(dh->p, bn768) == 0) { BN_free(dh->p); BN_free(dh->g); - dh->p = &bn768; - dh->g = &bn2; + dh->p = bn768; + dh->g = bn2; } else if (key->key_size == 1024 && - BN_cmp(dh->p, &bn1024) == 0) { + BN_cmp(dh->p, bn1024) == 0) { BN_free(dh->p); BN_free(dh->g); - dh->p = &bn1024; - dh->g = &bn2; + dh->p = bn1024; + dh->g = bn2; } else if (key->key_size == 1536 && - BN_cmp(dh->p, &bn1536) == 0) { + BN_cmp(dh->p, bn1536) == 0) { BN_free(dh->p); BN_free(dh->g); - dh->p = &bn1536; - dh->g = &bn2; + dh->p = bn1536; + dh->g = bn2; } } @@ -622,10 +636,10 @@ BN_fromhex(BIGNUM *b, const char *str) { static void openssldh_cleanup(void) { - BN_free(&bn2); - BN_free(&bn768); - BN_free(&bn1024); - BN_free(&bn1536); + BN_free(bn2); + BN_free(bn768); + BN_free(bn1024); + BN_free(bn1536); } static dst_func_t openssldh_functions = { @@ -655,17 +669,27 @@ isc_result_t dst__openssldh_init(dst_func_t **funcp) { REQUIRE(funcp != NULL); if (*funcp == NULL) { - BN_init(&bn2); - BN_init(&bn768); - BN_init(&bn1024); - BN_init(&bn1536); - BN_set_word(&bn2, 2); - BN_fromhex(&bn768, PRIME768); - BN_fromhex(&bn1024, PRIME1024); - BN_fromhex(&bn1536, PRIME1536); + bn2 = BN_new(); + bn768 = BN_new(); + bn1024 = BN_new(); + bn1536 = BN_new(); + if (bn2 == NULL || bn768 == NULL || + bn1024 == NULL || bn1536 == NULL) + goto cleanup; + BN_set_word(bn2, 2); + BN_fromhex(bn768, PRIME768); + BN_fromhex(bn1024, PRIME1024); + BN_fromhex(bn1536, PRIME1536); *funcp = &openssldh_functions; } return (ISC_R_SUCCESS); + + cleanup: + if (bn2 != NULL) BN_free(bn2); + if (bn768 != NULL) BN_free(bn768); + if (bn1024 != NULL) BN_free(bn1024); + if (bn1536 != NULL) BN_free(bn1536); + return (ISC_R_NOMEMORY); } #else /* OPENSSL */ |