AM_CONDITIONAL([HAVE_LIBNGHTTP2], [test -n "$LIBNGHTTP2_LIBS"])
+
#
# flockfile is usually provided by pthreads
#
isc_result_t
dst_key_generate(const dns_name_t *name, unsigned int alg, unsigned int bits,
unsigned int param, unsigned int flags, unsigned int protocol,
- dns_rdataclass_t rdclass, const char *object, isc_mem_t *mctx,
+ dns_rdataclass_t rdclass, const char *label, isc_mem_t *mctx,
dst_key_t **keyp, void (*callback)(int)) {
dst_key_t *key;
isc_result_t ret;
key = get_key_struct(name, alg, flags, protocol, bits, rdclass, 0,
mctx);
- if (object != NULL) {
- key->object = isc_mem_strdup(mctx, object);
+ if (label != NULL) {
+ key->label = isc_mem_strdup(mctx, label);
}
if (bits == 0) { /*%< NULL KEY */
if (key->label != NULL) {
isc_mem_free(mctx, key->label);
}
- if (key->object != NULL) {
- isc_mem_free(mctx, key->object);
- }
dns_name_free(key->key_name, mctx);
isc_mem_put(mctx, key->key_name, sizeof(dns_name_t));
if (key->key_tkeytoken) {
char *directory; /*%< key directory */
char *engine; /*%< engine name (HSM) */
char *label; /*%< engine label (HSM) */
- char *object; /*%< engine object (HSM) */
union {
void *generic;
dns_gss_ctx_id_t gssctx;
isc_result_t
dst_key_generate(const dns_name_t *name, unsigned int alg, unsigned int bits,
unsigned int param, unsigned int flags, unsigned int protocol,
- dns_rdataclass_t rdclass, const char *object, isc_mem_t *mctx,
+ dns_rdataclass_t rdclass, const char *label, isc_mem_t *mctx,
dst_key_t **keyp, void (*callback)(int));
/*%<
char namebuf[DNS_NAME_FORMATSIZE];
char object[DNS_NAME_FORMATSIZE + 26];
- /* Generate the key */
+ /* Create the PKCS11 URI */
isc_time_formatshorttimestamp(&now, timebuf, sizeof(timebuf));
dns_name_format(origin, namebuf, sizeof(namebuf));
snprintf(object, sizeof(object), "%s-%s-%s", namebuf,
ksk ? "ksk" : "zsk", timebuf);
+ len = strlen(object) + strlen(uri) + 10;
+ label = isc_mem_get(mctx, len);
+ sprintf(label, "%s;object=%s;", uri, object);
+ /* Generate the key */
result = dst_key_generate(origin, alg, size, 0, flags,
- DNS_KEYPROTO_DNSSEC, rdclass, object,
+ DNS_KEYPROTO_DNSSEC, rdclass, label,
mctx, &key, NULL);
if (result != ISC_R_SUCCESS) {
isc_log_write(dns_lctx, DNS_LOGCATEGORY_DNSSEC,
dst_key_free(&key);
/* Retrieve generated key from label */
- len = strlen(object) + strlen(uri) + 10;
- label = isc_mem_get(mctx, len);
- sprintf(label, "%s;object=%s;", uri, object);
result = dst_key_fromlabel(
origin, alg, flags, DNS_KEYPROTO_DNSSEC,
dns_rdataclass_in, dns_keystore_engine(keystore), label,
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
static isc_result_t
-opensslecdsa_generate_pkey_with_object(int group_nid, const char *object,
- EVP_PKEY **retkey) {
+opensslecdsa_generate_pkey_with_uri(int group_nid, const char *label,
+ EVP_PKEY **retkey) {
int status;
isc_result_t ret;
- unsigned char id[16];
- char *label = UNCONST(object);
+ char *uri = UNCONST(label);
EVP_PKEY_CTX *ctx = NULL;
- OSSL_PARAM params[3];
+ OSSL_PARAM params[2];
/* Generate the key's parameters. */
- status = RAND_bytes(id, 16);
- if (status != 1) {
- DST_RET(dst__openssl_toresult2("RAND_bytes",
- DST_R_OPENSSLFAILURE));
- }
-
- params[0] = OSSL_PARAM_construct_utf8_string("pkcs11_key_label", label,
- 0);
- params[1] = OSSL_PARAM_construct_octet_string("pkcs11_key_id", id, 16);
- params[2] = OSSL_PARAM_construct_end();
+ params[0] = OSSL_PARAM_construct_utf8_string("pkcs11_uri", uri, 0);
+ params[1] = OSSL_PARAM_construct_end();
ctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", "provider=pkcs11");
if (ctx == NULL) {
}
static isc_result_t
-opensslecdsa_generate_pkey(unsigned int key_alg, const char *object,
+opensslecdsa_generate_pkey(unsigned int key_alg, const char *label,
EVP_PKEY **retkey) {
isc_result_t ret;
EVP_PKEY_CTX *ctx = NULL;
int group_nid = opensslecdsa_key_alg_to_group_nid(key_alg);
int status;
- if (object != NULL) {
- return (opensslecdsa_generate_pkey_with_object(group_nid,
- object, retkey));
+ if (label != NULL) {
+ return (opensslecdsa_generate_pkey_with_uri(group_nid, label,
+ retkey));
}
/* Generate the key's parameters. */
#else
static isc_result_t
-opensslecdsa_generate_pkey(unsigned int key_alg, const char *object,
+opensslecdsa_generate_pkey(unsigned int key_alg, const char *label,
EVP_PKEY **retkey) {
isc_result_t ret;
EC_KEY *eckey = NULL;
EVP_PKEY *pkey = NULL;
int group_nid;
- UNUSED(object);
+ UNUSED(label);
group_nid = opensslecdsa_key_alg_to_group_nid(key_alg);
UNUSED(unused);
UNUSED(callback);
- ret = opensslecdsa_generate_pkey(key->key_alg, key->object, &pkey);
+ ret = opensslecdsa_generate_pkey(key->key_alg, key->label, &pkey);
if (ret != ISC_R_SUCCESS) {
return (ret);
}
}
static isc_result_t
-opensslrsa_generate_pkey(unsigned int key_size, const char *object, BIGNUM *e,
+opensslrsa_generate_pkey(unsigned int key_size, const char *label, BIGNUM *e,
void (*callback)(int), EVP_PKEY **retkey) {
RSA *rsa = NULL;
EVP_PKEY *pkey = NULL;
BN_GENCB *cb = NULL;
isc_result_t ret;
- UNUSED(object);
+ UNUSED(label);
rsa = RSA_new();
pkey = EVP_PKEY_new();
}
static isc_result_t
-opensslrsa_generate_pkey_with_object(size_t key_size, const char *object,
- EVP_PKEY **retkey) {
+opensslrsa_generate_pkey_with_uri(size_t key_size, const char *label,
+ EVP_PKEY **retkey) {
EVP_PKEY_CTX *ctx = NULL;
- OSSL_PARAM params[4];
- unsigned char id[16];
- char *label = UNCONST(object);
+ OSSL_PARAM params[3];
+ char *uri = UNCONST(label);
isc_result_t ret;
int status;
- status = RAND_bytes(id, 16);
- if (status != 1) {
- DST_RET(dst__openssl_toresult2("RAND_bytes",
- DST_R_OPENSSLFAILURE));
- }
-
- params[0] = OSSL_PARAM_construct_utf8_string("pkcs11_key_label", label,
- 0);
- params[1] = OSSL_PARAM_construct_octet_string("pkcs11_key_id", id, 16);
- params[2] = OSSL_PARAM_construct_size_t("rsa_keygen_bits", &key_size);
- params[3] = OSSL_PARAM_construct_end();
+ params[0] = OSSL_PARAM_construct_utf8_string("pkcs11_uri", uri, 0);
+ params[1] = OSSL_PARAM_construct_size_t("rsa_keygen_bits", &key_size);
+ params[2] = OSSL_PARAM_construct_end();
ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", "provider=pkcs11");
if (ctx == NULL) {
}
static isc_result_t
-opensslrsa_generate_pkey(unsigned int key_size, const char *object, BIGNUM *e,
+opensslrsa_generate_pkey(unsigned int key_size, const char *label, BIGNUM *e,
void (*callback)(int), EVP_PKEY **retkey) {
EVP_PKEY_CTX *ctx;
isc_result_t ret;
- if (object != NULL) {
- return (opensslrsa_generate_pkey_with_object(key_size, object,
- retkey));
+ if (label != NULL) {
+ return (opensslrsa_generate_pkey_with_uri(key_size, label,
+ retkey));
}
ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);
BN_set_bit(e, 32);
}
- ret = opensslrsa_generate_pkey(key->key_size, key->object, e, callback,
+ ret = opensslrsa_generate_pkey(key->key_size, key->label, e, callback,
&pkey);
if (ret != ISC_R_SUCCESS) {
goto err;
projects / thirdparty / bind9.git / commitdiff
