]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
resolve: make dnssec_rsa_verify_raw() take struct iovec
authorYu Watanabe <watanabe.yu+github@gmail.com>
Tue, 30 Jun 2026 07:21:34 +0000 (16:21 +0900)
committerYu Watanabe <watanabe.yu+github@gmail.com>
Thu, 2 Jul 2026 18:02:56 +0000 (03:02 +0900)
This also
- adds missing assertions,
- moves variable declarations.

No functional change, just refactoring.

src/resolve/resolved-dns-dnssec-crypto.h
src/resolve/resolved-dns-dnssec.c
src/resolve/test-dnssec-crypto.c

index 018bab7ba5a4b780a2d377b757dcb145ebaa06a8..c0b00e6ae2a16d519d38e585346847905634721b 100644 (file)
@@ -8,9 +8,9 @@
 
 int dnssec_rsa_verify_raw(
                 const EVP_MD *hash_algorithm,
-                const void *signature, size_t signature_size,
-                const void *data, size_t data_size,
-                const void *exponent, size_t exponent_size,
-                const void *modulus, size_t modulus_size);
+                const struct iovec *signature,
+                const struct iovec *hash,
+                const struct iovec *exponent,
+                const struct iovec *modulus);
 
 #endif
index 3e370d8d7168bd571a37be5da8368a1b84f7c041..7d07105250825e6b3d0f1548d1d242d9dfc13535 100644 (file)
@@ -75,31 +75,30 @@ static int dnssec_verify_errno(int r) {
 
 int dnssec_rsa_verify_raw(
                 const EVP_MD *hash_algorithm,
-                const void *signature, size_t signature_size,
-                const void *data, size_t data_size,
-                const void *exponent, size_t exponent_size,
-                const void *modulus, size_t modulus_size) {
+                const struct iovec *signature,
+                const struct iovec *hash,
+                const struct iovec *exponent,
+                const struct iovec *modulus) {
 
 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
         DISABLE_WARNING_DEPRECATED_DECLARATIONS;
         int r;
 
-        _cleanup_(RSA_freep) RSA *rpubkey = NULL;
-        _cleanup_(EVP_PKEY_freep) EVP_PKEY *epubkey = NULL;
-        _cleanup_(EVP_PKEY_CTX_freep) EVP_PKEY_CTX *ctx = NULL;
-        _cleanup_(BN_freep) BIGNUM *e = NULL, *m = NULL;
-
         assert(hash_algorithm);
+        assert(iovec_is_set(signature));
+        assert(iovec_is_set(hash));
+        assert(iovec_is_set(exponent));
+        assert(iovec_is_set(modulus));
 
-        e = sym_BN_bin2bn(exponent, exponent_size, NULL);
+        _cleanup_(BN_freep) BIGNUM *e = sym_BN_bin2bn(exponent->iov_base, exponent->iov_len, NULL);
         if (!e)
                 return log_openssl_errors(LOG_DEBUG, "Failed to convert RSA exponent to BIGNUM");
 
-        m = sym_BN_bin2bn(modulus, modulus_size, NULL);
+        _cleanup_(BN_freep) BIGNUM *m = sym_BN_bin2bn(modulus->iov_base, modulus->iov_len, NULL);
         if (!m)
                 return log_openssl_errors(LOG_DEBUG, "Failed to convert RSA modulus to BIGNUM");
 
-        rpubkey = sym_RSA_new();
+        _cleanup_(RSA_freep) RSA *rpubkey = sym_RSA_new();
         if (!rpubkey)
                 return -ENOMEM;
 
@@ -107,17 +106,17 @@ int dnssec_rsa_verify_raw(
                 return log_openssl_errors(LOG_DEBUG, "Failed to set RSA public key");
         e = m = NULL;
 
-        if ((size_t) sym_RSA_size(rpubkey) != signature_size)
+        if ((size_t) sym_RSA_size(rpubkey) != signature->iov_len)
                 return -EINVAL;
 
-        epubkey = sym_EVP_PKEY_new();
+        _cleanup_(EVP_PKEY_freep) EVP_PKEY *epubkey = sym_EVP_PKEY_new();
         if (!epubkey)
                 return -ENOMEM;
 
         if (sym_EVP_PKEY_assign_RSA(epubkey, sym_RSAPublicKey_dup(rpubkey)) <= 0)
                 return log_openssl_errors(LOG_DEBUG, "Failed to assign RSA public key");
 
-        ctx = sym_EVP_PKEY_CTX_new(epubkey, NULL);
+        _cleanup_(EVP_PKEY_CTX_freep) EVP_PKEY_CTX *ctx = sym_EVP_PKEY_CTX_new(epubkey, NULL);
         if (!ctx)
                 return -ENOMEM;
 
@@ -130,7 +129,7 @@ int dnssec_rsa_verify_raw(
         if (sym_EVP_PKEY_CTX_set_signature_md(ctx, hash_algorithm) <= 0)
                 return log_openssl_errors(LOG_DEBUG, "Failed to set RSA signature digest");
 
-        r = sym_EVP_PKEY_verify(ctx, signature, signature_size, data, data_size);
+        r = sym_EVP_PKEY_verify(ctx, signature->iov_base, signature->iov_len, hash->iov_base, hash->iov_len);
         if (r < 0)
                 return log_openssl_errors(LOG_DEBUG, "Signature verification failed");
 
@@ -143,7 +142,7 @@ int dnssec_rsa_verify_raw(
 
 static int dnssec_rsa_verify(
                 const EVP_MD *hash_algorithm,
-                const void *hash, size_t hash_size,
+                const struct iovec *hash,
                 DnsResourceRecord *rrsig,
                 DnsResourceRecord *dnskey) {
 
@@ -151,8 +150,7 @@ static int dnssec_rsa_verify(
         void *exponent, *modulus;
 
         assert(hash_algorithm);
-        assert(hash);
-        assert(hash_size > 0);
+        assert(iovec_is_set(hash));
         assert(rrsig);
         assert(dnskey);
 
@@ -196,10 +194,10 @@ static int dnssec_rsa_verify(
 
         return dnssec_rsa_verify_raw(
                         hash_algorithm,
-                        rrsig->rrsig.signature, rrsig->rrsig.signature_size,
-                        hash, hash_size,
-                        exponent, exponent_size,
-                        modulus, modulus_size);
+                        &IOVEC_MAKE(rrsig->rrsig.signature, rrsig->rrsig.signature_size),
+                        hash,
+                        &IOVEC_MAKE(exponent, exponent_size),
+                        &IOVEC_MAKE(modulus, modulus_size));
 }
 
 static int dnssec_ecdsa_verify_raw(
@@ -687,7 +685,7 @@ static int dnssec_rrset_verify_sig(
         case DNSSEC_ALGORITHM_RSASHA512:
                 return dnssec_verify_errno(dnssec_rsa_verify(
                                 md_algorithm,
-                                hash, hash_size,
+                                &IOVEC_MAKE(hash, hash_size),
                                 rrsig,
                                 dnskey));
 
index 66744795e0f5d65c17050ef1b62f872e30274a69..c8b91bb1bacd244ea1b8f85dcfee83bbe67ba57c 100644 (file)
@@ -182,18 +182,18 @@ TEST(generate_rsa_test_vectors) {
         if (expected >= 0)                                              \
                 ASSERT_OK_EQ(dnssec_rsa_verify_raw(                     \
                                              sym_EVP_sha256(),          \
-                                             signature.iov_base, signature.iov_len, \
-                                             digest.iov_base, digest.iov_len, \
-                                             exponent.iov_base, exponent.iov_len, \
-                                             modulus.iov_base, modulus.iov_len), \
+                                             &signature,                \
+                                             &digest,                   \
+                                             &exponent,                 \
+                                             &modulus),                 \
                              expected);                                 \
         else                                                            \
                 ASSERT_ERROR(dnssec_rsa_verify_raw(                     \
                                              sym_EVP_sha256(),          \
-                                             signature.iov_base, signature.iov_len, \
-                                             digest.iov_base, digest.iov_len, \
-                                             exponent.iov_base, exponent.iov_len, \
-                                             modulus.iov_base, modulus.iov_len), \
+                                             &signature,                \
+                                             &digest,                   \
+                                             &exponent,                 \
+                                             &modulus),                 \
                              -expected);
 
 TEST(dnssec_rsa_verify_raw) {