1.6.x
+ * --enable-gost : use the GOST algorithm.
1.6.0
Additions:
0x02, 0x02, 0x1e, 0x01, 0x03, 0x43, 0x00, 0x04, 0x40};
unsigned char encoded[37+64];
const unsigned char* pp;
- int i;
- if(keylen != 64)
+ if(keylen != 64) {
+ /* key wrong size */
return LDNS_STATUS_CRYPTO_BOGUS;
+ }
/* create evp_key */
- for(i=0; i<37; i++)
- encoded[i] = asn[i];
- for(i=0; i<64; i++)
- encoded[i+37] = key[i];
+ memmove(encoded, asn, 37);
+ memmove(encoded+37, key, 64);
pp = (unsigned char*)&encoded[0];
+
+ (void) ldns_key_EVP_load_gost_id();
+
evp_key = d2i_PUBKEY(NULL, &pp, sizeof(encoded));
+ if(!evp_key) {
+ /* could not convert key */
+ return LDNS_STATUS_CRYPTO_BOGUS;
+ }
/* verify signature */
result = ldns_verify_rrsig_evp_raw(sig, siglen, rrset,
#endif
#ifdef USE_GOST
-/** returns the PKEY id for GOST, loads GOST into openssl */
-static int
-ldns_get_EVP_gost_id()
+int
+ldns_key_EVP_load_gost_id()
{
+ static int gost_id = 0;
const EVP_PKEY_ASN1_METHOD* meth;
- int gost_id;
ENGINE* e;
+ if(gost_id) return gost_id;
+
ENGINE_load_gost();
e = ENGINE_by_id("gost");
if(!e) {
EVP_PKEY* pkey;
ldns_rdf* b64rdf = NULL;
- gost_id = ldns_get_EVP_gost_id();
+ gost_id = ldns_key_EVP_load_gost_id();
if(!gost_id)
return NULL;
if(1) { /* new stack context */
EVP_PKEY_CTX* ctx;
EVP_PKEY* p = NULL;
- int gost_id = ldns_get_EVP_gost_id();
+ int gost_id = ldns_key_EVP_load_gost_id();
if(!gost_id)
return NULL;
ctx = EVP_PKEY_CTX_new_id(gost_id, NULL);
* \param[in] d the dsa data
*/
void ldns_key_set_dsa_key(ldns_key *k, DSA *d);
+
+/**
+ * Get the PKEY id for GOST, loads GOST into openssl as a side effect.
+ * Only available if GOST is compiled into the library and openssl.
+ * \return the gost id for EVP_CTX creation.
+ */
+int ldns_key_EVP_load_gost_id(void);
#endif /* HAVE_SSL */
+
/**
* Set the key's hmac data
* \param[in] k the key
projects / thirdparty / ldns.git / commitdiff
