+ 802. [bug] DNSSEC key tags were computed incorrectly in almost
+ all cases. [RT #1146]
+
801. [bug] nsupdate should treat lines beginning with ';' as
comments. [RT #1139]
--- /dev/null
+Private-key-format: v1.2
+Algorithm: 3 (DSA)
+Prime(p): 73V/K7fSDvkA0eDYcGg/kSvEjAEO/oLWCERltkuC55ZcM/mSv17WF1d/wR6kww/pLI9eXwkjftAYqs5sNxk+mQ==
+Subprime(q): 2nX/+WoOUR9Nq9wUj5zK501+ATM=
+Base(g): sQaXrPC973CrnPsihNjn8niXtcsIp+2D/Aa+vNdCGCAiRG8SHebKHF36i4gtyl+9Mi2FaVMqIfn21ImmaCaJIw==
+Private_value(x): Nky4tvIwg6xlcyeHXr4k2DEZg0E=
+Public_value(y): ExO5w2Gn9dIlUVjegzEqa4Ho4h9Of36ZsmQLeOLcgIeJtcF0ubuLWptT1wyWCaM5+xH0PHtsHiL9cgvrejx0sQ==
# NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
# WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.28 2001/02/01 23:41:43 sjacob Exp $
+# $Id: Makefile.in,v 1.29 2001/04/04 02:02:47 bwelling Exp $
srcdir = @srcdir@
VPATH = @srcdir@
${LIBTOOL} ${PURIFY} ${CC} -o $@ t_dst.@O@ ${TLIB} ${LIBS}
test: t_dst
- ../genrandom 50 randomfile
+ ../genrandom 100 randomfile
-@ ./t_dst -b @srcdir@ -q 1800 -a
clean distclean::
# format:
# datafile, sigpath, keyname, keyid, alg, exp_result
#
-t2_data_1 t2_dsasig test. 6204 DST_ALG_DSA ISC_R_SUCCESS
+t2_data_1 t2_dsasig test. 23616 DST_ALG_DSA ISC_R_SUCCESS
t2_data_1 t2_rsasig test. 54622 DST_ALG_RSAMD5 ISC_R_SUCCESS
# wrong sig
t2_data_1 t2_dsasig test. 54622 DST_ALG_RSAMD5 !ISC_R_SUCCESS
# wrong key
#t2_data_1 t2_dsasig test. 54622 DST_ALG_DSA !ISC_R_SUCCESS
# wrong alg
-#t2_data_1 t2_dsasig test. 6204 DST_ALG_RSAMD5 !ISC_R_SUCCESS
+#t2_data_1 t2_dsasig test. 23616 DST_ALG_RSAMD5 !ISC_R_SUCCESS
# wrong data
-t2_data_2 t2_dsasig test. 6204 DST_ALG_DSA !ISC_R_SUCCESS
+t2_data_2 t2_dsasig test. 23616 DST_ALG_DSA !ISC_R_SUCCESS
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dst_test.c,v 1.36 2001/01/09 21:41:54 bwelling Exp $ */
+/* $Id: dst_test.c,v 1.37 2001/04/04 02:02:50 bwelling Exp $ */
#include <config.h>
isc_buffer_init(&b, "test.", 5);
isc_buffer_add(&b, 5);
dns_name_fromtext(name, &b, NULL, ISC_FALSE, NULL);
- io(name, 6204, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx);
+ io(name, 23616, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx);
io(name, 54622, DST_ALG_RSAMD5, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
mctx);
- io(name, 0, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx);
- io(name, 0, DST_ALG_RSAMD5, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx);
+ io(name, 49667, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx);
+ io(name, 2, DST_ALG_RSAMD5, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx);
isc_buffer_init(&b, "dh.", 3);
isc_buffer_add(&b, 3);
dns_name_fromtext(name, &b, NULL, ISC_FALSE, NULL);
- dh(name, 18088, name, 48443, mctx);
+ dh(name, 18602, name, 48957, mctx);
generate(DST_ALG_RSAMD5, mctx);
generate(DST_ALG_DH, mctx);
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: t_dst.c,v 1.43 2001/01/09 21:41:55 bwelling Exp $ */
+/* $Id: t_dst.c,v 1.44 2001/04/04 02:02:51 bwelling Exp $ */
#include <config.h>
isc_buffer_init(&b, "test.", 5);
isc_buffer_add(&b, 5);
dns_name_fromtext(name, &b, NULL, ISC_FALSE, NULL);
- io(name, 6204, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
+ io(name, 23616, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
mctx, ISC_R_SUCCESS, &nfails, &nprobs);
t_info("testing use of stored keys [2]\n");
io(name, 54622, DST_ALG_RSAMD5, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
mctx, ISC_R_SUCCESS, &nfails, &nprobs);
t_info("testing use of stored keys [3]\n");
- io(name, 0, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
+ io(name, 49667, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
mctx, DST_R_NULLKEY, &nfails, &nprobs);
t_info("testing use of stored keys [4]\n");
- io(name, 0, DST_ALG_RSAMD5, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
+ io(name, 2, DST_ALG_RSAMD5, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
mctx, DST_R_NULLKEY, &nfails, &nprobs);
isc_buffer_init(&b, "dh.", 3);
isc_buffer_add(&b, 3);
dns_name_fromtext(name, &b, NULL, ISC_FALSE, NULL);
- dh(name, 18088, name, 48443, mctx, ISC_R_SUCCESS, &nfails, &nprobs);
+ dh(name, 18602, name, 48957, mctx, ISC_R_SUCCESS, &nfails, &nprobs);
t_info("testing use of generated keys\n");
generate(DST_ALG_RSAMD5, mctx, 512, &nfails);
/*
* Principal Author: Brian Wellington
- * $Id: dst_api.c,v 1.76 2001/03/27 23:43:15 bwelling Exp $
+ * $Id: dst_api.c,v 1.77 2001/04/04 02:02:52 bwelling Exp $
*/
#include <config.h>
const unsigned int type,
const char *directory,
isc_buffer_t *out);
+static isc_result_t computeid(dst_key_t *key);
+static isc_result_t frombuffer(dns_name_t *name,
+ const unsigned int alg,
+ const unsigned int flags,
+ const unsigned int protocol,
+ dns_rdataclass_t rdclass,
+ isc_buffer_t *source,
+ isc_mem_t *mctx,
+ dst_key_t **keyp);
#define RETERR(x) do { \
result = (x); \
if (result != ISC_R_SUCCESS)
return (result);
+ result = computeid(key);
+ if (result != ISC_R_SUCCESS) {
+ dst_key_free(&key);
+ return (result);
+ }
+
if (!dns_name_equal(name, key->key_name) ||
id != key->key_id ||
alg != key->key_alg)
{
dst_key_free(&key);
- return (DST_R_INVALIDPUBLICKEY);
+ return (DST_R_INVALIDPRIVATEKEY);
}
+
*keyp = key;
return (ISC_R_SUCCESS);
}
if (type == DST_TYPE_PUBLIC ||
(pubkey->key_flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY)
{
+ result = computeid(pubkey);
+ if (result != ISC_R_SUCCESS) {
+ dst_key_free(&pubkey);
+ return (result);
+ }
+
*keyp = pubkey;
return (ISC_R_SUCCESS);
}
return (result);
}
+ result = computeid(key);
+ if (result != ISC_R_SUCCESS) {
+ dst_key_free(&key);
+ return (result);
+ }
+
+ if (id != key->key_id) {
+ dst_key_free(&key);
+ return (DST_R_INVALIDPRIVATEKEY);
+ }
+
*keyp = key;
return (ISC_R_SUCCESS);
}
{
isc_uint8_t alg, proto;
isc_uint32_t flags, extflags;
+ dst_key_t *key = NULL;
+ dns_keytag_t id;
+ isc_region_t r;
+ isc_result_t result;
- REQUIRE(dst_initialized == ISC_TRUE);
- REQUIRE(dns_name_isabsolute(name));
- REQUIRE(source != NULL);
- REQUIRE(mctx != NULL);
- REQUIRE(keyp != NULL && *keyp == NULL);
+ REQUIRE(dst_initialized);
+
+ isc_buffer_remainingregion(source, &r);
if (isc_buffer_remaininglength(source) < 4)
return (DST_R_INVALIDPUBLICKEY);
if (!dst_algorithm_supported(alg))
return (DST_R_UNSUPPORTEDALG);
+ id = dst_region_computeid(&r, alg);
+
if (flags & DNS_KEYFLAG_EXTENDED) {
if (isc_buffer_remaininglength(source) < 2)
return (DST_R_INVALIDPUBLICKEY);
flags |= (extflags << 16);
}
- return (dst_key_frombuffer(name, alg, flags, proto, rdclass,
- source, mctx, keyp));
+ result = frombuffer(name, alg, flags, proto, rdclass, source,
+ mctx, &key);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ key->key_id = id;
+
+ *keyp = key;
+ return (ISC_R_SUCCESS);
}
isc_result_t
dns_rdataclass_t rdclass,
isc_buffer_t *source, isc_mem_t *mctx, dst_key_t **keyp)
{
- dst_key_t *key;
- isc_result_t ret;
+ dst_key_t *key = NULL;
+ isc_result_t result;
- REQUIRE(dst_initialized == ISC_TRUE);
- REQUIRE(dns_name_isabsolute(name));
- REQUIRE(source != NULL);
- REQUIRE(mctx != NULL);
- REQUIRE(keyp != NULL && *keyp == NULL);
+ REQUIRE(dst_initialized);
- if (dst_algorithm_supported(alg) == ISC_FALSE)
+ if (!dst_algorithm_supported(alg))
return (DST_R_UNSUPPORTEDALG);
- key = get_key_struct(name, alg, flags, protocol, 0, rdclass, mctx);
- if (key == NULL)
- return (ISC_R_NOMEMORY);
-
- if (key->func->fromdns == NULL) {
- dst_key_free(&key);
- return (DST_R_UNSUPPORTEDALG);
- }
+ result = frombuffer(name, alg, flags, protocol, rdclass, source,
+ mctx, &key);
+ if (result != ISC_R_SUCCESS)
+ return (result);
- ret = key->func->fromdns(key, source);
- if (ret != ISC_R_SUCCESS) {
+ result = computeid(key);
+ if (result != ISC_R_SUCCESS) {
dst_key_free(&key);
- return (ret);
+ return (result);
}
*keyp = key;
return (ret);
}
+ ret = computeid(key);
+ if (ret != ISC_R_SUCCESS) {
+ dst_key_free(&key);
+ return (ret);
+ }
+
*keyp = key;
return (ISC_R_SUCCESS);
}
return (ISC_R_SUCCESS);
}
+static isc_result_t
+computeid(dst_key_t *key) {
+ isc_buffer_t dnsbuf;
+ unsigned char dns_array[DST_KEY_MAXSIZE];
+ isc_region_t r;
+ isc_result_t ret;
+
+ isc_buffer_init(&dnsbuf, dns_array, sizeof(dns_array));
+ ret = dst_key_todns(key, &dnsbuf);
+ if (ret != ISC_R_SUCCESS) {
+ dst_key_free(&key);
+ return (ret);
+ }
+
+ isc_buffer_usedregion(&dnsbuf, &r);
+ key->key_id = dst_region_computeid(&r, key->key_alg);
+ return (ISC_R_SUCCESS);
+}
+
+isc_result_t
+frombuffer(dns_name_t *name, const unsigned int alg, const unsigned int flags,
+ const unsigned int protocol, dns_rdataclass_t rdclass,
+ isc_buffer_t *source, isc_mem_t *mctx, dst_key_t **keyp)
+{
+ dst_key_t *key;
+ isc_result_t ret;
+
+ REQUIRE(dns_name_isabsolute(name));
+ REQUIRE(source != NULL);
+ REQUIRE(mctx != NULL);
+ REQUIRE(keyp != NULL && *keyp == NULL);
+
+ key = get_key_struct(name, alg, flags, protocol, 0, rdclass, mctx);
+ if (key == NULL)
+ return (ISC_R_NOMEMORY);
+
+ if (key->func->fromdns == NULL) {
+ dst_key_free(&key);
+ return (DST_R_UNSUPPORTEDALG);
+ }
+
+ ret = key->func->fromdns(key, source);
+ if (ret != ISC_R_SUCCESS) {
+ dst_key_free(&key);
+ return (ret);
+ }
+
+ *keyp = key;
+ return (ISC_R_SUCCESS);
+}
+
void *
dst__mem_alloc(size_t size) {
INSIST(dst_memory_pool != NULL);
/*
* Principal Author: Brian Wellington
- * $Id: hmac_link.c,v 1.48 2001/01/24 02:22:56 bwelling Exp $
+ * $Id: hmac_link.c,v 1.49 2001/04/04 02:02:53 bwelling Exp $
*/
#include <config.h>
keylen = r.length;
}
- r.base = hkey->key;
- r.length = keylen;
- key->key_id = dst_region_computeid(&r, key->key_alg);
key->key_size = keylen * 8;
key->opaque = hkey;
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: key.c,v 1.4 2001/03/04 18:38:13 bwelling Exp $ */
+/* $Id: key.c,v 1.5 2001/04/04 02:02:54 bwelling Exp $ */
#include <config.h>
int size;
REQUIRE(source != NULL);
-
- if (source->length < 4)
- return (0);
+ REQUIRE(source->length >= 4);
p = source->base;
size = source->length;
/*
* Principal Author: Brian Wellington
- * $Id: openssldh_link.c,v 1.35 2001/01/24 02:22:59 bwelling Exp $
+ * $Id: openssldh_link.c,v 1.36 2001/04/04 02:02:56 bwelling Exp $
*/
#if defined(OPENSSL)
static isc_result_t
openssldh_generate(dst_key_t *key, int generator) {
DH *dh = NULL;
- unsigned char dns_array[DST_KEY_MAXSIZE];
- isc_buffer_t dns;
- isc_region_t r;
- isc_result_t result;
if (generator == 0) {
if (key->key_size == 768 || key->key_size == 1024) {
key->opaque = dh;
- isc_buffer_init(&dns, dns_array, sizeof(dns_array));
- result = openssldh_todns(key, &dns);
- if (result != ISC_R_SUCCESS) {
- DH_free(dh);
- return (result);
- }
- isc_buffer_usedregion(&dns, &r);
- key->key_id = dst_region_computeid(&r, key->key_alg);
-
return (ISC_R_SUCCESS);
}
dh->pub_key = BN_bin2bn(r.base, publen, NULL);
r.base += publen;
- isc_buffer_remainingregion(data, &r);
- r.length = plen + glen + publen + 6;
- key->key_id = dst_region_computeid(&r, key->key_alg);
key->key_size = BN_num_bits(dh->p);
isc_buffer_forward(data, plen + glen + publen + 6);
{
dst_private_t priv;
isc_result_t ret;
- isc_buffer_t dns;
- isc_region_t r;
- unsigned char dns_array[1024];
int i;
DH *dh = NULL;
isc_mem_t *mctx;
dh->flags &= ~DH_FLAG_CACHE_MONT_P;
key->opaque = dh;
- for (i=0; i < priv.nelements; i++) {
+ for (i = 0; i < priv.nelements; i++) {
BIGNUM *bn;
bn = BN_bin2bn(priv.elements[i].data,
priv.elements[i].length, NULL);
dh->g = &bn2;
}
}
- isc_buffer_init(&dns, dns_array, sizeof(dns_array));
- ret = openssldh_todns(key, &dns);
- if (ret != ISC_R_SUCCESS)
- DST_RET(ret);
- isc_buffer_usedregion(&dns, &r);
- key->key_id = dst_region_computeid(&r, key->key_alg);
-
- if (key->key_id != id)
- DST_RET(DST_R_INVALIDPRIVATEKEY);
return (ISC_R_SUCCESS);
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: openssldsa_link.c,v 1.1 2001/02/14 20:26:48 bwelling Exp $ */
+/* $Id: openssldsa_link.c,v 1.2 2001/04/04 02:02:57 bwelling Exp $ */
#if defined(OPENSSL)
static isc_result_t
openssldsa_generate(dst_key_t *key, int unused) {
DSA *dsa;
- unsigned char dns_array[DST_KEY_MAXSIZE];
unsigned char rand_array[ISC_SHA1_DIGESTLENGTH];
- isc_buffer_t dns;
isc_result_t result;
- isc_region_t r;
UNUSED(unused);
key->opaque = dsa;
- isc_buffer_init(&dns, dns_array, sizeof(dns_array));
- result = openssldsa_todns(key, &dns);
- if (result != ISC_R_SUCCESS) {
- DSA_free(dsa);
- return (result);
- }
- isc_buffer_usedregion(&dns, &r);
- key->key_id = dst_region_computeid(&r, key->key_alg);
-
return (ISC_R_SUCCESS);
}
dsa->pub_key = BN_bin2bn(r.base, p_bytes, NULL);
r.base += p_bytes;
- isc_buffer_remainingregion(data, &r);
- r.length = 1 + ISC_SHA1_DIGESTLENGTH + 3 * p_bytes;
- key->key_id = dst_region_computeid(&r, key->key_alg);
key->key_size = p_bytes * 8;
isc_buffer_forward(data, 1 + ISC_SHA1_DIGESTLENGTH + 3 * p_bytes);
{
dst_private_t priv;
isc_result_t ret;
- isc_buffer_t dns;
- isc_region_t r;
- unsigned char dns_array[1024];
int i;
DSA *dsa = NULL;
isc_mem_t *mctx = key->mctx;
dst__privstruct_free(&priv, mctx);
key->key_size = BN_num_bits(dsa->p);
- isc_buffer_init(&dns, dns_array, sizeof(dns_array));
- ret = openssldsa_todns(key, &dns);
- if (ret != ISC_R_SUCCESS)
- DST_RET(ret);
- isc_buffer_usedregion(&dns, &r);
- key->key_id = dst_region_computeid(&r, key->key_alg);
-
- if (key->key_id != id)
- DST_RET(DST_R_INVALIDPRIVATEKEY);
return (ISC_R_SUCCESS);
/*
* Principal Author: Brian Wellington
- * $Id: opensslrsa_link.c,v 1.9 2001/01/24 02:23:01 bwelling Exp $
+ * $Id: opensslrsa_link.c,v 1.10 2001/04/04 02:02:58 bwelling Exp $
*/
#if defined(OPENSSL)
opensslrsa_generate(dst_key_t *key, int exp) {
RSA *rsa;
unsigned long e;
- unsigned char dns_array[DST_KEY_MAXSIZE];
- isc_buffer_t dns;
- isc_result_t result;
- isc_region_t r;
if (exp == 0)
e = RSA_3;
key->opaque = rsa;
- isc_buffer_init(&dns, dns_array, sizeof(dns_array));
- result = opensslrsa_todns(key, &dns);
- if (result != ISC_R_SUCCESS) {
- RSA_free(rsa);
- return (result);
- }
- isc_buffer_usedregion(&dns, &r);
- key->key_id = dst_region_computeid(&r, key->key_alg);
-
return (ISC_R_SUCCESS);
}
rsa->n = BN_bin2bn(r.base, r.length, NULL);
- isc_buffer_remainingregion(data, &r);
- key->key_id = dst_region_computeid(&r, key->key_alg);
key->key_size = BN_num_bits(rsa->n);
isc_buffer_forward(data, r.length);
{
dst_private_t priv;
isc_result_t ret;
- isc_buffer_t dns;
- isc_region_t r;
- unsigned char dns_array[1024];
int i;
RSA *rsa = NULL;
isc_mem_t *mctx = key->mctx;
dst__privstruct_free(&priv, mctx);
key->key_size = BN_num_bits(rsa->n);
- isc_buffer_init(&dns, dns_array, sizeof(dns_array));
- ret = opensslrsa_todns(key, &dns);
- if (ret != ISC_R_SUCCESS)
- DST_RET(ret);
- isc_buffer_usedregion(&dns, &r);
- key->key_id = dst_region_computeid(&r, key->key_alg);
-
- if (key->key_id != id)
- DST_RET(DST_R_INVALIDPRIVATEKEY);
return (ISC_R_SUCCESS);
projects / thirdparty / bind9.git / commitdiff
