situations. This would be most common on systems
with user-space threads. [RT #1131]
+ 802. [bug] DNSSEC key tags were computed incorrectly in almost
+ all cases. [RT #1146]
+
800. [bug] dnssec-signzone produced incorrect statistics for
large zones. [RT #1133]
-dh. IN KEY 0 2 2 AAEBAAAAYIHI/wjtOagNga9GILSoS02IVelgLilPE/TfhtvShsiDAXqb IfxQcj2JkuOnNLs5ttb2WZXWl5/jsSjIxHMwMF2XY4gwt/lwHBf/vgYH r7aIxnKXov1jk9rymTLHGKIOtg==
-Private-key-format: v1.2
-Algorithm: 2 (DH)
-Prime(p): ///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxObIlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjo2IP//////////
-Generator(g): Ag==
-Private_value(x): bpdsGQ1jbV3f2CGN/0Pk5KM1MlkFmMryPO1J1zoGn585fRmc9Ygw6l/HKmi2ViiDNorvd9/eV9uyYO6lYZC82R3D7rST1mAqCwbg/8gNE5dXBRbRIIq3qIl6GUYYs8mK
-Public_value(y): gcj/CO05qA2Br0YgtKhLTYhV6WAuKU8T9N+G29KGyIMBepsh/FByPYmS46c0uzm21vZZldaXn+OxKMjEczAwXZdjiDC3+XAcF/++BgevtojGcpei/WOT2vKZMscYog62
-dh. IN KEY 0 2 2 AAEBAAAAYOuaKjyMXYame2F6/ZFdEmXv0a2edB+69PEZgrExA6SJlivn 4KqAsfBHr/+0BCb+7nfWeMDSh2BXnSzWkXF1wMaCHMuz9EleG1gKFKeV Q9gKli88Cb8/jbovWChrGBNp2w==
-Private-key-format: v1.2
-Algorithm: 2 (DH)
-Prime(p): ///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxObIlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjo2IP//////////
-Generator(g): Ag==
-Private_value(x): WJG0moh+QoZV+DYhqW7Z6O6TYpYGtSlN0Ym6JV6VRnzeH69OqMUFivqZorj3a3ofR/4zogNVyy5KLLj2NFTaLGP4Hcvt7uETJik6HrjLMhGf40QPXYgVK57Im0rv88Ca
-Public_value(y): 65oqPIxdhqZ7YXr9kV0SZe/RrZ50H7r08RmCsTEDpImWK+fgqoCx8Eev/7QEJv7ud9Z4wNKHYFedLNaRcXXAxoIcy7P0SV4bWAoUp5VD2AqWLzwJvz+Nui9YKGsYE2nb
+++ /dev/null
-test. IN KEY 49152 2 1
+++ /dev/null
-test. IN KEY 49152 2 3
-test. IN KEY 16641 3 3 ANp1//lqDlEfTavcFI+cyudNfgEz73V/K7fSDvkA0eDYcGg/kSvEjAEO/oLWCERltkuC55ZcM/mSv17WF1d/wR6kww/pLI9eXwkjftAYqs5sNxk+mbEGl6zwve9wq5z7IoTY5/J4l7XLCKftg/wGvrzXQhggIkRvEh3myhxd+ouILcpfvTIthWlTKiH59tSJpmgmiSMTE7nDYaf10iVRWN6DMSprgejiH05/fpmyZAt44tyAh4m1wXS5u4tam1PXDJYJozn7EfQ8e2weIv1yC+t6PHSx
# NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
# WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.26.4.1 2001/01/09 22:34:08 bwelling Exp $
+# $Id: Makefile.in,v 1.26.4.2 2001/04/10 01:10:16 gson Exp $
srcdir = @srcdir@
VPATH = @srcdir@
${LIBTOOL} ${CC} -o $@ t_dst.@O@ ${TLIB} ${LIBS}
test: t_dst
- ../genrandom 50 randomfile
+ ../genrandom 100 randomfile
-@ ./t_dst -b @srcdir@ -q 1800 -a
clean distclean::
# format:
# datafile, sigpath, keyname, keyid, alg, exp_result
#
-t2_data_1 t2_dsasig test. 6204 DST_ALG_DSA ISC_R_SUCCESS
+t2_data_1 t2_dsasig test. 23616 DST_ALG_DSA ISC_R_SUCCESS
t2_data_1 t2_rsasig test. 54622 DST_ALG_RSAMD5 ISC_R_SUCCESS
# wrong sig
t2_data_1 t2_dsasig test. 54622 DST_ALG_RSAMD5 !ISC_R_SUCCESS
# wrong key
#t2_data_1 t2_dsasig test. 54622 DST_ALG_DSA !ISC_R_SUCCESS
# wrong alg
-#t2_data_1 t2_dsasig test. 6204 DST_ALG_RSAMD5 !ISC_R_SUCCESS
+#t2_data_1 t2_dsasig test. 23616 DST_ALG_RSAMD5 !ISC_R_SUCCESS
# wrong data
-t2_data_2 t2_dsasig test. 6204 DST_ALG_DSA !ISC_R_SUCCESS
+t2_data_2 t2_dsasig test. 23616 DST_ALG_DSA !ISC_R_SUCCESS
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dst_test.c,v 1.35.4.1 2001/01/09 22:34:09 bwelling Exp $ */
+/* $Id: dst_test.c,v 1.35.4.2 2001/04/10 01:10:19 gson Exp $ */
#include <config.h>
isc_buffer_init(&b, "test.", 5);
isc_buffer_add(&b, 5);
dns_name_fromtext(name, &b, NULL, ISC_FALSE, NULL);
- io(name, 6204, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx);
+ io(name, 23616, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx);
io(name, 54622, DST_ALG_RSAMD5, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
mctx);
- io(name, 0, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx);
- io(name, 0, DST_ALG_RSAMD5, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx);
+ io(name, 49667, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx);
+ io(name, 2, DST_ALG_RSAMD5, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx);
isc_buffer_init(&b, "dh.", 3);
isc_buffer_add(&b, 3);
dns_name_fromtext(name, &b, NULL, ISC_FALSE, NULL);
- dh(name, 18088, name, 48443, mctx);
+ dh(name, 18602, name, 48957, mctx);
generate(DST_ALG_RSAMD5, mctx);
generate(DST_ALG_DH, mctx);
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: t_dst.c,v 1.42.4.1 2001/01/09 22:34:10 bwelling Exp $ */
+/* $Id: t_dst.c,v 1.42.4.2 2001/04/10 01:10:20 gson Exp $ */
#include <config.h>
isc_buffer_init(&b, "test.", 5);
isc_buffer_add(&b, 5);
dns_name_fromtext(name, &b, NULL, ISC_FALSE, NULL);
- io(name, 6204, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
+ io(name, 23616, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
mctx, ISC_R_SUCCESS, &nfails, &nprobs);
t_info("testing use of stored keys [2]\n");
io(name, 54622, DST_ALG_RSAMD5, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
mctx, ISC_R_SUCCESS, &nfails, &nprobs);
t_info("testing use of stored keys [3]\n");
- io(name, 0, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
+ io(name, 49667, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
mctx, DST_R_NULLKEY, &nfails, &nprobs);
t_info("testing use of stored keys [4]\n");
- io(name, 0, DST_ALG_RSAMD5, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
+ io(name, 2, DST_ALG_RSAMD5, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
mctx, DST_R_NULLKEY, &nfails, &nprobs);
isc_buffer_init(&b, "dh.", 3);
isc_buffer_add(&b, 3);
dns_name_fromtext(name, &b, NULL, ISC_FALSE, NULL);
- dh(name, 18088, name, 48443, mctx, ISC_R_SUCCESS, &nfails, &nprobs);
+ dh(name, 18602, name, 48957, mctx, ISC_R_SUCCESS, &nfails, &nprobs);
t_info("testing use of generated keys\n");
generate(DST_ALG_RSAMD5, mctx, 512, &nfails);
/*
* Principal Author: Brian Wellington
- * $Id: dst_api.c,v 1.67.2.1 2001/01/09 22:48:18 bwelling Exp $
+ * $Id: dst_api.c,v 1.67.2.2 2001/04/10 01:10:21 gson Exp $
*/
#include <config.h>
const unsigned int type,
const char *directory,
isc_buffer_t *out);
+static isc_result_t computeid(dst_key_t *key);
+static isc_result_t frombuffer(dns_name_t *name,
+ const unsigned int alg,
+ const unsigned int flags,
+ const unsigned int protocol,
+ dns_rdataclass_t rdclass,
+ isc_buffer_t *source,
+ isc_mem_t *mctx,
+ dst_key_t **keyp);
#define RETERR(x) do { \
result = (x); \
if (result != ISC_R_SUCCESS)
return (result);
+ result = computeid(key);
+ if (result != ISC_R_SUCCESS) {
+ dst_key_free(&key);
+ return (result);
+ }
+
if (!dns_name_equal(name, key->key_name) ||
id != key->key_id ||
alg != key->key_alg)
{
dst_key_free(&key);
- return (DST_R_INVALIDPUBLICKEY);
+ return (DST_R_INVALIDPRIVATEKEY);
}
+
*keyp = key;
return (ISC_R_SUCCESS);
}
if (type == DST_TYPE_PUBLIC ||
(pubkey->key_flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY)
{
+ result = computeid(pubkey);
+ if (result != ISC_R_SUCCESS) {
+ dst_key_free(&pubkey);
+ return (result);
+ }
+
*keyp = pubkey;
return (ISC_R_SUCCESS);
}
return (result);
}
+ result = computeid(key);
+ if (result != ISC_R_SUCCESS) {
+ dst_key_free(&key);
+ return (result);
+ }
+
+ if (id != key->key_id) {
+ dst_key_free(&key);
+ return (DST_R_INVALIDPRIVATEKEY);
+ }
+
*keyp = key;
return (ISC_R_SUCCESS);
}
{
isc_uint8_t alg, proto;
isc_uint32_t flags, extflags;
+ dst_key_t *key = NULL;
+ dns_keytag_t id;
+ isc_region_t r;
+ isc_result_t result;
- REQUIRE(dst_initialized == ISC_TRUE);
- REQUIRE(dns_name_isabsolute(name));
- REQUIRE(source != NULL);
- REQUIRE(mctx != NULL);
- REQUIRE(keyp != NULL && *keyp == NULL);
+ REQUIRE(dst_initialized);
+
+ isc_buffer_remainingregion(source, &r);
if (isc_buffer_remaininglength(source) < 4)
return (DST_R_INVALIDPUBLICKEY);
if (!dst_algorithm_supported(alg))
return (DST_R_UNSUPPORTEDALG);
+ id = dst_region_computeid(&r, alg);
+
if (flags & DNS_KEYFLAG_EXTENDED) {
if (isc_buffer_remaininglength(source) < 2)
return (DST_R_INVALIDPUBLICKEY);
flags |= (extflags << 16);
}
- return (dst_key_frombuffer(name, alg, flags, proto, rdclass,
- source, mctx, keyp));
+ result = frombuffer(name, alg, flags, proto, rdclass, source,
+ mctx, &key);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ key->key_id = id;
+
+ *keyp = key;
+ return (ISC_R_SUCCESS);
}
isc_result_t
dns_rdataclass_t rdclass,
isc_buffer_t *source, isc_mem_t *mctx, dst_key_t **keyp)
{
- dst_key_t *key;
- isc_result_t ret;
+ dst_key_t *key = NULL;
+ isc_result_t result;
- REQUIRE(dst_initialized == ISC_TRUE);
- REQUIRE(dns_name_isabsolute(name));
- REQUIRE(source != NULL);
- REQUIRE(mctx != NULL);
- REQUIRE(keyp != NULL && *keyp == NULL);
+ REQUIRE(dst_initialized);
- if (dst_algorithm_supported(alg) == ISC_FALSE)
+ if (!dst_algorithm_supported(alg))
return (DST_R_UNSUPPORTEDALG);
- key = get_key_struct(name, alg, flags, protocol, 0, rdclass, mctx);
- if (key == NULL)
- return (ISC_R_NOMEMORY);
-
- if (key->func->fromdns == NULL) {
- dst_key_free(&key);
- return (DST_R_UNSUPPORTEDALG);
- }
+ result = frombuffer(name, alg, flags, protocol, rdclass, source,
+ mctx, &key);
+ if (result != ISC_R_SUCCESS)
+ return (result);
- ret = key->func->fromdns(key, source);
- if (ret != ISC_R_SUCCESS) {
+ result = computeid(key);
+ if (result != ISC_R_SUCCESS) {
dst_key_free(&key);
- return (ret);
+ return (result);
}
*keyp = key;
return (ret);
}
+ ret = computeid(key);
+ if (ret != ISC_R_SUCCESS) {
+ dst_key_free(&key);
+ return (ret);
+ }
+
*keyp = key;
return (ISC_R_SUCCESS);
}
int size;
REQUIRE(source != NULL);
-
- if (source->length < 4)
- return (0);
+ REQUIRE(source->length >= 4);
p = source->base;
size = source->length;
return (ISC_R_SUCCESS);
}
+static isc_result_t
+computeid(dst_key_t *key) {
+ isc_buffer_t dnsbuf;
+ unsigned char dns_array[DST_KEY_MAXSIZE];
+ isc_region_t r;
+ isc_result_t ret;
+
+ isc_buffer_init(&dnsbuf, dns_array, sizeof(dns_array));
+ ret = dst_key_todns(key, &dnsbuf);
+ if (ret != ISC_R_SUCCESS) {
+ dst_key_free(&key);
+ return (ret);
+ }
+
+ isc_buffer_usedregion(&dnsbuf, &r);
+ key->key_id = dst_region_computeid(&r, key->key_alg);
+ return (ISC_R_SUCCESS);
+}
+
+isc_result_t
+frombuffer(dns_name_t *name, const unsigned int alg, const unsigned int flags,
+ const unsigned int protocol, dns_rdataclass_t rdclass,
+ isc_buffer_t *source, isc_mem_t *mctx, dst_key_t **keyp)
+{
+ dst_key_t *key;
+ isc_result_t ret;
+
+ REQUIRE(dns_name_isabsolute(name));
+ REQUIRE(source != NULL);
+ REQUIRE(mctx != NULL);
+ REQUIRE(keyp != NULL && *keyp == NULL);
+
+ key = get_key_struct(name, alg, flags, protocol, 0, rdclass, mctx);
+ if (key == NULL)
+ return (ISC_R_NOMEMORY);
+
+ if (key->func->fromdns == NULL) {
+ dst_key_free(&key);
+ return (DST_R_UNSUPPORTEDALG);
+ }
+
+ ret = key->func->fromdns(key, source);
+ if (ret != ISC_R_SUCCESS) {
+ dst_key_free(&key);
+ return (ret);
+ }
+
+ *keyp = key;
+ return (ISC_R_SUCCESS);
+}
+
void *
dst__mem_alloc(size_t size) {
INSIST(dst_memory_pool != NULL);
/*
* Principal Author: Brian Wellington
- * $Id: hmac_link.c,v 1.45.4.1 2001/01/09 22:48:27 bwelling Exp $
+ * $Id: hmac_link.c,v 1.45.4.2 2001/04/10 01:10:22 gson Exp $
*/
#include <config.h>
keylen = r.length;
}
- r.base = hkey->key;
- r.length = keylen;
- key->key_id = dst_region_computeid(&r, key->key_alg);
key->key_size = keylen * 8;
key->opaque = hkey;
/*
* Principal Author: Brian Wellington
- * $Id: openssl_link.c,v 1.39.4.1 2001/01/09 22:48:28 bwelling Exp $
+ * $Id: openssl_link.c,v 1.39.4.2 2001/04/10 01:10:25 gson Exp $
*/
#if defined(OPENSSL)
static isc_result_t
openssldsa_generate(dst_key_t *key, int unused) {
DSA *dsa;
- unsigned char dns_array[DST_KEY_MAXSIZE];
unsigned char rand_array[ISC_SHA1_DIGESTLENGTH];
- isc_buffer_t dns;
isc_result_t result;
- isc_region_t r;
UNUSED(unused);
key->opaque = dsa;
- isc_buffer_init(&dns, dns_array, sizeof(dns_array));
- result = openssldsa_todns(key, &dns);
- if (result != ISC_R_SUCCESS) {
- DSA_free(dsa);
- return (result);
- }
- isc_buffer_usedregion(&dns, &r);
- key->key_id = dst_region_computeid(&r, key->key_alg);
-
return (ISC_R_SUCCESS);
}
dsa->pub_key = BN_bin2bn(r.base, p_bytes, NULL);
r.base += p_bytes;
- isc_buffer_remainingregion(data, &r);
- r.length = 1 + ISC_SHA1_DIGESTLENGTH + 3 * p_bytes;
- key->key_id = dst_region_computeid(&r, key->key_alg);
key->key_size = p_bytes * 8;
isc_buffer_forward(data, 1 + ISC_SHA1_DIGESTLENGTH + 3 * p_bytes);
{
dst_private_t priv;
isc_result_t ret;
- isc_buffer_t dns;
- isc_region_t r;
- unsigned char dns_array[1024];
int i;
DSA *dsa = NULL;
isc_mem_t *mctx = key->mctx;
dst__privstruct_free(&priv, mctx);
key->key_size = BN_num_bits(dsa->p);
- isc_buffer_init(&dns, dns_array, sizeof(dns_array));
- ret = openssldsa_todns(key, &dns);
- if (ret != ISC_R_SUCCESS)
- DST_RET(ret);
- isc_buffer_usedregion(&dns, &r);
- key->key_id = dst_region_computeid(&r, key->key_alg);
-
- if (key->key_id != id)
- DST_RET(DST_R_INVALIDPRIVATEKEY);
return (ISC_R_SUCCESS);
/*
* Principal Author: Brian Wellington
- * $Id: openssldh_link.c,v 1.32.4.1 2001/01/09 22:48:29 bwelling Exp $
+ * $Id: openssldh_link.c,v 1.32.4.2 2001/04/10 01:10:23 gson Exp $
*/
#if defined(OPENSSL)
static isc_result_t
openssldh_generate(dst_key_t *key, int generator) {
DH *dh = NULL;
- unsigned char dns_array[DST_KEY_MAXSIZE];
- isc_buffer_t dns;
- isc_region_t r;
- isc_result_t result;
if (generator == 0) {
if (key->key_size == 768 || key->key_size == 1024) {
key->opaque = dh;
- isc_buffer_init(&dns, dns_array, sizeof(dns_array));
- result = openssldh_todns(key, &dns);
- if (result != ISC_R_SUCCESS) {
- DH_free(dh);
- return (result);
- }
- isc_buffer_usedregion(&dns, &r);
- key->key_id = dst_region_computeid(&r, key->key_alg);
-
return (ISC_R_SUCCESS);
}
dh->pub_key = BN_bin2bn(r.base, publen, NULL);
r.base += publen;
- isc_buffer_remainingregion(data, &r);
- r.length = plen + glen + publen + 6;
- key->key_id = dst_region_computeid(&r, key->key_alg);
key->key_size = BN_num_bits(dh->p);
isc_buffer_forward(data, plen + glen + publen + 6);
{
dst_private_t priv;
isc_result_t ret;
- isc_buffer_t dns;
- isc_region_t r;
- unsigned char dns_array[1024];
int i;
DH *dh = NULL;
isc_mem_t *mctx;
dh->flags &= ~DH_FLAG_CACHE_MONT_P;
key->opaque = dh;
- for (i=0; i < priv.nelements; i++) {
+ for (i = 0; i < priv.nelements; i++) {
BIGNUM *bn;
bn = BN_bin2bn(priv.elements[i].data,
priv.elements[i].length, NULL);
dh->g = &bn2;
}
}
- isc_buffer_init(&dns, dns_array, sizeof(dns_array));
- ret = openssldh_todns(key, &dns);
- if (ret != ISC_R_SUCCESS)
- DST_RET(ret);
- isc_buffer_usedregion(&dns, &r);
- key->key_id = dst_region_computeid(&r, key->key_alg);
-
- if (key->key_id != id)
- DST_RET(DST_R_INVALIDPRIVATEKEY);
return (ISC_R_SUCCESS);
/*
* Principal Author: Brian Wellington
- * $Id: opensslrsa_link.c,v 1.6.4.1 2001/01/09 22:48:31 bwelling Exp $
+ * $Id: opensslrsa_link.c,v 1.6.4.2 2001/04/10 01:10:26 gson Exp $
*/
#if defined(OPENSSL)
opensslrsa_generate(dst_key_t *key, int exp) {
RSA *rsa;
unsigned long e;
- unsigned char dns_array[DST_KEY_MAXSIZE];
- isc_buffer_t dns;
- isc_result_t result;
- isc_region_t r;
if (exp == 0)
e = RSA_3;
key->opaque = rsa;
- isc_buffer_init(&dns, dns_array, sizeof(dns_array));
- result = opensslrsa_todns(key, &dns);
- if (result != ISC_R_SUCCESS) {
- RSA_free(rsa);
- return (result);
- }
- isc_buffer_usedregion(&dns, &r);
- key->key_id = dst_region_computeid(&r, key->key_alg);
-
return (ISC_R_SUCCESS);
}
rsa->n = BN_bin2bn(r.base, r.length, NULL);
- isc_buffer_remainingregion(data, &r);
- key->key_id = dst_region_computeid(&r, key->key_alg);
key->key_size = BN_num_bits(rsa->n);
isc_buffer_forward(data, r.length);
{
dst_private_t priv;
isc_result_t ret;
- isc_buffer_t dns;
- isc_region_t r;
- unsigned char dns_array[1024];
int i;
RSA *rsa = NULL;
isc_mem_t *mctx = key->mctx;
dst__privstruct_free(&priv, mctx);
key->key_size = BN_num_bits(rsa->n);
- isc_buffer_init(&dns, dns_array, sizeof(dns_array));
- ret = opensslrsa_todns(key, &dns);
- if (ret != ISC_R_SUCCESS)
- DST_RET(ret);
- isc_buffer_usedregion(&dns, &r);
- key->key_id = dst_region_computeid(&r, key->key_alg);
-
- if (key->key_id != id)
- DST_RET(DST_R_INVALIDPRIVATEKEY);
return (ISC_R_SUCCESS);
projects / thirdparty / bind9.git / commitdiff
