]> git.ipfire.org Git - thirdparty/unbound.git/commitdiff
projects / thirdparty / unbound.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c858743)
DSA signature compatibility.
authorWouter Wijngaards <wouter@nlnetlabs.nl>
Tue, 15 Apr 2008 19:51:28 +0000 (19:51 +0000)
committerWouter Wijngaards <wouter@nlnetlabs.nl>
Tue, 15 Apr 2008 19:51:28 +0000 (19:51 +0000)
git-svn-id: file:///svn/unbound/trunk@1053 be551aaa-1e26-0410-a405-d3ace91eadb9

doc/Changelog patch | blob | blame | history
testcode/unitmain.c patch | blob | blame | history
testcode/unitverify.c patch | blob | blame | history
validator/val_sigcrypt.c patch | blob | blame | history

diff --git a/doc/Changelog b/doc/Changelog
index 3f3612852fadac6e9e128d1e1f61bfc7ffb93ce6..f245351fa65c496f40ca651b71ff45ec120822d1 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -7,6 +7,8 @@
        - documented 'gcc: unrecognized -KPIC option' errors on Solaris.
        - example.conf values changed to /usr/local/etc/unbound
        - DSA test work.
+       - DSA signatures: unbound is compatible with both encodings found.
+         It will detect and convert when necessary.
 
 14 April 2008: Wouter
        - got update for parseunbound.pl statistics script from Kai Storbeck.
diff --git a/testcode/unitmain.c b/testcode/unitmain.c
index 651859ab4e987305ebf5887fc067984dc54121bb..f109ad5e94f21e166fc9618f4fc27c091a0b515f 100644 (file)
--- a/testcode/unitmain.c
+++ b/testcode/unitmain.c
@@ -394,6 +394,7 @@ main(int argc, char* argv[])
                return 1;
        }
        printf("Start of %s unit test.\n", PACKAGE_STRING);
+       ERR_load_crypto_strings();
        checklock_start();
        rnd_test();
        verify_test();
@@ -411,5 +412,7 @@ main(int argc, char* argv[])
        printf("%d checks ok.\n", testcount);
        EVP_cleanup();
        CRYPTO_cleanup_all_ex_data();
+       ERR_remove_state(0);
+       ERR_free_strings();
        return 0;
 }
diff --git a/testcode/unitverify.c b/testcode/unitverify.c
index 8d8ee200cded1e7cdb0d832c90ce540915005696..43ec4a1c6e10f4829662fc3ee3c6c5b88be9c19c 100644 (file)
--- a/testcode/unitverify.c
+++ b/testcode/unitverify.c
@@ -461,22 +461,12 @@ verify_test()
 {
        printf("verify test\n");
        verifytest_file("testdata/test_signatures.1", "20070818005004");
-       log_info("test_signatures.2");
-       verbosity=3;
-       /*
        verifytest_file("testdata/test_signatures.2", "20080414005004");
-       log_info("test_signatures.3");
        verifytest_file("testdata/test_signatures.3", "20080416005004");
-       log_info("test_signatures.4");
        verifytest_file("testdata/test_signatures.4", "20080416005004");
-       */
-       log_info("test_signatures.5");
        verifytest_file("testdata/test_signatures.5", "20080416005004");
-       log_info("test_signatures.6");
        verifytest_file("testdata/test_signatures.6", "20080416005004");
-       log_info("test_signatures.7");
        verifytest_file("testdata/test_signatures.7", "20070829144150");
-       log_info("test_signatures.8");
        verifytest_file("testdata/test_signatures.8", "20070829144150");
        dstest_file("testdata/test_ds_sig.1");
        nsectest();
diff --git a/validator/val_sigcrypt.c b/validator/val_sigcrypt.c
index 00c704fdd3229ef4ea4b0fd1275abd9445cfe0c9..8dd5a6891ff71da2d4d0127a6c6434bc787326e3 100644 (file)
--- a/validator/val_sigcrypt.c
+++ b/validator/val_sigcrypt.c
@@ -1329,17 +1329,16 @@ verify_canonrrset(ldns_buffer* buf, int algo, unsigned char* sigblock,
                EVP_PKEY_free(evp_key);
                return sec_status_bogus;
        }
-       /* if it is a DSA signature in XXX format, convert to DER format */
+       /* if it is a DSA signature in bind format, convert to DER format */
        if((algo == LDNS_DSA || algo == LDNS_DSA_NSEC3) && 
-               0) { /*sigblock_len > 0 && sigblock[0] == 0) {*/
-               log_info("setup_dsa_sig_needed");
+               sigblock_len == 1+2*SHA_DIGEST_LENGTH) {
                if(!setup_dsa_sig(&sigblock, &sigblock_len)) {
                        verbose(VERB_QUERY, "verify: failed to setup DSA sig");
+                       EVP_PKEY_free(evp_key);
                        return sec_status_bogus;
                }
                dofree = 1;
-       } else if(algo == LDNS_DSA || algo == LDNS_DSA_NSEC3)
-               log_info("setup_dsa_sig_nope");
+       } 
 
        /* do the signature cryptography work */
        EVP_MD_CTX_init(&ctx);
Mirror of https://github.com/NLnetLabs/unbound.git