From: Matthijs Mekking Date: Fri, 23 Oct 2020 12:56:04 +0000 (+0200) Subject: Move generate_salt function to lib/dns/nsec3 X-Git-Tag: v9.17.8~27^2~14 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=84a4273074ce74a18d07aa652e620107ebf8ed32;p=thirdparty%2Fbind9.git Move generate_salt function to lib/dns/nsec3 We will be using this function also on reconfig, so it should have a wider availability than just bin/named/server. --- diff --git a/bin/named/server.c b/bin/named/server.c index 7964cd20fa5..e580bc8a21f 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -14408,34 +14408,6 @@ newzone_cfgctx_destroy(void **cfgp) { *cfgp = NULL; } -static isc_result_t -generate_salt(unsigned char *salt, size_t saltlen) { - unsigned char text[512 + 1]; - isc_region_t r; - isc_buffer_t buf; - isc_result_t result; - - if (saltlen > 256U) { - return (ISC_R_RANGE); - } - - isc_nonce_buf(salt, saltlen); - - r.base = salt; - r.length = (unsigned int)saltlen; - - isc_buffer_init(&buf, text, sizeof(text)); - result = isc_hex_totext(&r, 2, "", &buf); - RUNTIME_CHECK(result == ISC_R_SUCCESS); - text[saltlen * 2] = 0; - - isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, - NAMED_LOGMODULE_SERVER, ISC_LOG_INFO, - "generated salt: %s", text); - - return (ISC_R_SUCCESS); -} - isc_result_t named_server_signing(named_server_t *server, isc_lex_t *lex, isc_buffer_t **text) { @@ -14508,7 +14480,6 @@ named_server_signing(named_server_t *server, isc_lex_t *lex, return (ISC_R_UNEXPECTEDEND); } strlcpy(iterbuf, ptr, sizeof(iterbuf)); - n = snprintf(nbuf, sizeof(nbuf), "%s %s %s", hashbuf, flagbuf, iterbuf); if (n == sizeof(nbuf)) { @@ -14534,7 +14505,7 @@ named_server_signing(named_server_t *server, isc_lex_t *lex, * configurable. */ saltlen = 8; - CHECK(generate_salt(salt, saltlen)); + CHECK(dns_nsec3_generate_salt(salt, saltlen)); } else if (strcmp(ptr, "-") != 0) { isc_buffer_t buf; diff --git a/lib/dns/include/dns/nsec3.h b/lib/dns/include/dns/nsec3.h index 70aacb15bfb..a2f22e0fc88 100644 --- a/lib/dns/include/dns/nsec3.h +++ b/lib/dns/include/dns/nsec3.h @@ -72,6 +72,12 @@ dns_nsec3_typepresent(dns_rdata_t *nsec, dns_rdatatype_t type); * 'nsec' points to a valid rdataset of type NSEC3 */ +isc_result_t +dns_nsec3_generate_salt(unsigned char *salt, size_t saltlen); +/*% + * Generate a salt with the given salt length. + */ + isc_result_t dns_nsec3_hashname(dns_fixedname_t *result, unsigned char rethash[NSEC3_MAX_HASH_LENGTH], diff --git a/lib/dns/nsec3.c b/lib/dns/nsec3.c index 9ab770b240e..3feda0ec4e4 100644 --- a/lib/dns/nsec3.c +++ b/lib/dns/nsec3.c @@ -16,8 +16,8 @@ #include #include #include -#include #include +#include #include #include #include @@ -27,6 +27,7 @@ #include #include #include +#include #include #include #include @@ -226,6 +227,33 @@ dns_nsec3_typepresent(dns_rdata_t *rdata, dns_rdatatype_t type) { return (present); } +isc_result_t +dns_nsec3_generate_salt(unsigned char *salt, size_t saltlen) { + unsigned char text[255 * 2 + 1]; + isc_region_t r; + isc_buffer_t buf; + isc_result_t result; + + if (saltlen > 255U) { + return (ISC_R_RANGE); + } + + isc_nonce_buf(salt, saltlen); + + r.base = salt; + r.length = (unsigned int)saltlen; + + isc_buffer_init(&buf, text, sizeof(text)); + result = isc_hex_totext(&r, 2, "", &buf); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + text[saltlen * 2] = 0; + + isc_log_write(dns_lctx, DNS_LOGCATEGORY_DNSSEC, DNS_LOGMODULE_DNSSEC, + ISC_LOG_INFO, "generated salt: %s", text); + + return (ISC_R_SUCCESS); +} + isc_result_t dns_nsec3_hashname(dns_fixedname_t *result, unsigned char rethash[NSEC3_MAX_HASH_LENGTH], diff --git a/lib/dns/win32/libdns.def.in b/lib/dns/win32/libdns.def.in index b9de1fee66f..dbd2a020d93 100644 --- a/lib/dns/win32/libdns.def.in +++ b/lib/dns/win32/libdns.def.in @@ -645,6 +645,7 @@ dns_nsec3_buildrdata dns_nsec3_delnsec3 dns_nsec3_delnsec3s dns_nsec3_delnsec3sx +dns_nsec3_generate_salt dns_nsec3_hashlength dns_nsec3_hashname dns_nsec3_maxiterations