ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

Allow private keys to be read if public keys are not present. This isn't

Browse Source 
too useful for anything other than HMAC-MD5 shared keys, since the key's
flags and protocol are stored in the public file.

Also some miscellaneous cleanup.
This commit is contained in:
Brian Wellington
1999-10-14 18:32:49 +00:00
parent df7899248f
commit 3efd14644c
1 changed files with 75 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

143
lib/dns/sec/dst/dst_api.c
View File

@@ -17,7 +17,7 @@
/*
* Principal Author: Brian Wellington
* $Id: dst_api.c,v 1.13 1999/10/08 22:24:06 tale Exp $
* $Id: dst_api.c,v 1.14 1999/10/14 18:32:49 bwelling Exp $
*/
#include <config.h>
@@ -103,8 +103,8 @@ dst_supported_algorithm(const int alg) {
* data The data to be signed.
* sig The buffer to which the signature will be written.
* Return
* DST_R_SUCCESS Success
* !DST_R_SUCCESS Failure
* ISC_R_SUCCESS Success
* !ISC_R_SUCCESS Failure
*/
dst_result_t
dst_sign(const unsigned int mode, dst_key_t *key, dst_context_t *context,
@@ -151,8 +151,8 @@ dst_sign(const unsigned int mode, dst_key_t *key, dst_context_t *context,
* data The data to be digested.
* sig The signature.
* Returns
* DST_R_SUCCESS Success
* !DST_R_SUCCESS Failure
* ISC_R_SUCCESS Success
* !ISC_R_SUCCESS Failure
*/
dst_result_t
@@ -188,8 +188,8 @@ dst_verify(const unsigned int mode, dst_key_t *key, dst_context_t *context,
* priv The private key
* secret A buffer into which the secret is written
* Returns
* DST_R_SUCCESS Success
* !DST_R_SUCCESS Failure
* ISC_R_SUCCESS Success
* !ISC_R_SUCCESS Failure
*/
dst_result_t
dst_computesecret(const dst_key_t *pub, const dst_key_t *priv,
@@ -226,12 +226,12 @@ dst_computesecret(const dst_key_t *pub, const dst_key_t *priv,
* key The key to be written.
* type Either DST_PUBLIC or DST_PRIVATE, or both
* Returns
* DST_R_SUCCESS Success
* !DST_R_SUCCESS Failure
* ISC_R_SUCCESS Success
* !ISC_R_SUCCESS Failure
*/
dst_result_t
dst_key_tofile(const dst_key_t *key, const int type) {
int ret = DST_R_SUCCESS;
int ret = ISC_R_SUCCESS;
RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
REQUIRE(VALID_KEY(key));
@@ -243,14 +243,14 @@ dst_key_tofile(const dst_key_t *key, const int type) {
return (DST_R_UNSUPPORTEDTYPE);
if (type & DST_TYPE_PUBLIC)
if ((ret = write_public_key(key)) != DST_R_SUCCESS)
if ((ret = write_public_key(key)) != ISC_R_SUCCESS)
return (ret);
if ((type & DST_TYPE_PRIVATE) &&
(key->key_flags & DNS_KEYFLAG_TYPEMASK) != DNS_KEYTYPE_NOKEY)
{
ret = key->func->to_file(key);
if (ret != DST_R_SUCCESS)
if (ret != ISC_R_SUCCESS)
return (ret);
}
@@ -269,8 +269,8 @@ dst_key_tofile(const dst_key_t *key, const int type) {
* mctx Memory context used to allocate key structure
* keyp Returns the new key
* Returns
* DST_R_SUCCESS Success
* !DST_R_SUCCESS Failure
* ISC_R_SUCCESS Success
* !ISC_R_SUCCESS Failure
*/
dst_result_t
dst_key_fromfile(const char *name, const isc_uint16_t id, const int alg,
@@ -292,31 +292,36 @@ dst_key_fromfile(const char *name, const isc_uint16_t id, const int alg,
return (DST_R_UNSUPPORTEDTYPE);
ret = read_public_key(name, id, alg, mctx, &pubkey);
if (ret != DST_R_SUCCESS)
if (ret == ISC_R_NOTFOUND && (type & DST_TYPE_PUBLIC) == 0)
key = get_key_struct(name, alg, 0, 0, 0, mctx);
else if (ret != ISC_R_SUCCESS)
return (ret);
if (type == DST_TYPE_PUBLIC ||
(pubkey->key_flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY)
{
*keyp = pubkey;
return (DST_R_SUCCESS);
else {
if (type == DST_TYPE_PUBLIC ||
(pubkey->key_flags & DNS_KEYFLAG_TYPEMASK) ==
DNS_KEYTYPE_NOKEY)
{
*keyp = pubkey;
return (ISC_R_SUCCESS);
}
key = get_key_struct(name, pubkey->key_alg, pubkey->key_flags,
pubkey->key_proto, 0, mctx);
dst_key_free(pubkey);
}
key = get_key_struct(name, pubkey->key_alg, pubkey->key_flags,
pubkey->key_proto, 0, mctx);
dst_key_free(pubkey);
if (key == NULL)
return (DST_R_NOMEMORY);
/* Fill in private key and some fields in the general key structure */
ret = key->func->from_file(key, id, mctx);
if (ret != DST_R_SUCCESS) {
if (ret != ISC_R_SUCCESS) {
dst_key_free(key);
return (ret);
}
*keyp = key;
return (DST_R_SUCCESS);
return (ISC_R_SUCCESS);
}
/*
@@ -326,8 +331,8 @@ dst_key_fromfile(const char *name, const isc_uint16_t id, const int alg,
* key Key structure to encode.
* target Buffer to write the encoded key into.
* Returns
* DST_R_SUCCESS Success
* !DST_R_SUCCESS Failure
* ISC_R_SUCCESS Success
* !ISC_R_SUCCESS Failure
*/
dst_result_t
dst_key_todns(const dst_key_t *key, isc_buffer_t *target) {
@@ -357,7 +362,7 @@ dst_key_todns(const dst_key_t *key, isc_buffer_t *target) {
}
if (key->opaque == NULL) /* NULL KEY */
return (DST_R_SUCCESS);
return (ISC_R_SUCCESS);
return (key->func->to_dns(key, target));
}
@@ -371,8 +376,8 @@ dst_key_todns(const dst_key_t *key, isc_buffer_t *target) {
* mctx The memory context used to allocate the key
* keyp Returns the new key
* Returns
* DST_R_SUCCESS Success
* !DST_R_SUCCESS Failure
* ISC_R_SUCCESS Success
* !ISC_R_SUCCESS Failure
*/
dst_result_t
@@ -413,7 +418,7 @@ dst_key_fromdns(const char *name, isc_buffer_t *source, isc_mem_t *mctx,
return(DST_R_NOMEMORY);
ret = (*keyp)->func->from_dns(*keyp, source, mctx);
if (ret != DST_R_SUCCESS)
if (ret != ISC_R_SUCCESS)
dst_key_free((*keyp));
return (ret);
}
@@ -432,8 +437,8 @@ dst_key_fromdns(const char *name, isc_buffer_t *source, isc_mem_t *mctx,
* mctx The memory context used to allocate the key
* keyp Returns the new key
* Returns
* DST_R_SUCCESS Success
* !DST_R_SUCCESS Failure
* ISC_R_SUCCESS Success
* !ISC_R_SUCCESS Failure
*/
dst_result_t
dst_key_frombuffer(const char *name, const int alg, const int flags,
@@ -456,11 +461,11 @@ dst_key_frombuffer(const char *name, const int alg, const int flags,
return (DST_R_NOMEMORY);
ret = (*keyp)->func->from_dns((*keyp), source, mctx);
if (ret != DST_R_SUCCESS) {
if (ret != ISC_R_SUCCESS) {
dst_key_free((*keyp));
return (ret);
}
return (DST_R_SUCCESS);
return (ISC_R_SUCCESS);
}
/*
@@ -471,8 +476,8 @@ dst_key_frombuffer(const char *name, const int alg, const int flags,
* key The key
* target The buffer to be written into.
* Returns
* DST_R_SUCCESS Success
* !DST_R_SUCCESS Failure
* ISC_R_SUCCESS Success
* !ISC_R_SUCCESS Failure
*/
dst_result_t
dst_key_tobuffer(const dst_key_t *key, isc_buffer_t *target) {
@@ -510,8 +515,8 @@ dst_key_tobuffer(const dst_key_t *key, isc_buffer_t *target) {
* keyp Returns the new key
*
* Return
* DST_R_SUCCESS Success
* !DST_R_SUCCESS Failure
* ISC_R_SUCCESS Success
* !ISC_R_SUCCESS Failure
*/
dst_result_t
dst_key_generate(const char *name, const int alg, const int bits,
@@ -534,16 +539,16 @@ dst_key_generate(const char *name, const int alg, const int bits,
if (bits == 0) { /* NULL KEY */
(*keyp)->key_flags |= DNS_KEYTYPE_NOKEY;
return (DST_R_SUCCESS);
return (ISC_R_SUCCESS);
}
ret = (*keyp)->func->generate(*keyp, exp, mctx);
if (ret != DST_R_SUCCESS) {
if (ret != ISC_R_SUCCESS) {
dst_key_free(*keyp);
return (ret);
}
return (DST_R_SUCCESS);
return (ISC_R_SUCCESS);
}
/*
@@ -734,8 +739,8 @@ dst_secret_size(const dst_key_t *key) {
* wanted the number of random bytes requested
* target the buffer to store the random data
* Returns
* DST_R_SUCCESS Success
* !DST_R_SUCCESS Failure
* ISC_R_SUCCESS Success
* !ISC_R_SUCCESS Failure
*/
dst_result_t
dst_random(const unsigned int wanted, isc_buffer_t *target) {
@@ -752,7 +757,7 @@ dst_random(const unsigned int wanted, isc_buffer_t *target) {
RAND_bytes(r.base, wanted);
RUNTIME_CHECK(isc_mutex_unlock((&random_lock)) == ISC_R_SUCCESS);
isc_buffer_add(target, wanted);
return (DST_R_SUCCESS);
return (ISC_R_SUCCESS);
}
/***
@@ -836,8 +841,8 @@ get_key_struct(const char *name, const int alg, const int flags,
* mctx The memory context used to allocate the key
* keyp Returns the new key
* Returns
* DST_R_SUCCESS Success
* !DST_R_SUCCESS Failure
* ISC_R_SUCCESS Success
* !ISC_R_SUCCESS Failure
*/
static dst_result_t
@@ -849,13 +854,12 @@ read_public_key(const char *name, const isc_uint16_t id, int alg,
isc_buffer_t b;
isc_lex_t *lex = NULL;
isc_token_t token;
isc_result_t iret;
dns_result_t dret, ret;
isc_result_t ret;
dns_rdata_t rdata;
unsigned int opt = ISC_LEXOPT_DNSMULTILINE;
if (dst_s_build_filename(filename, name, id, alg, PUBLIC_KEY,
sizeof(filename)) != DST_R_SUCCESS)
sizeof(filename)) != ISC_R_SUCCESS)
return (DST_R_NAMETOOLONG);
/*
@@ -865,17 +869,20 @@ read_public_key(const char *name, const isc_uint16_t id, int alg,
*/
/* 1500 should be large enough for any key */
iret = isc_lex_create(mctx, 1500, &lex);
if (iret != ISC_R_SUCCESS)
ret = isc_lex_create(mctx, 1500, &lex);
if (ret != ISC_R_SUCCESS)
return (DST_R_NOMEMORY);
iret = isc_lex_openfile(lex, filename);
if (iret != ISC_R_SUCCESS)
ret = isc_lex_openfile(lex, filename);
if (ret != ISC_R_SUCCESS) {
if (ret == ISC_R_FAILURE)
ret = ISC_R_NOTFOUND;
goto cleanup;
}
#define NEXTTOKEN(lex, opt, token) { \
iret = isc_lex_gettoken(lex, opt, token); \
if (iret != ISC_R_SUCCESS) \
ret = isc_lex_gettoken(lex, opt, token); \
if (ret != ISC_R_SUCCESS) \
goto cleanup; \
}
@@ -902,26 +909,26 @@ read_public_key(const char *name, const isc_uint16_t id, int alg,
goto cleanup;
isc_buffer_init(&b, rdatabuf, sizeof(rdatabuf), ISC_BUFFERTYPE_BINARY);
dret = dns_rdata_fromtext(&rdata, dns_rdataclass_in, dns_rdatatype_key,
lex, NULL, ISC_FALSE, &b, NULL);
if (dret != DNS_R_SUCCESS)
ret = dns_rdata_fromtext(&rdata, dns_rdataclass_in, dns_rdatatype_key,
lex, NULL, ISC_FALSE, &b, NULL);
if (ret != ISC_R_SUCCESS)
goto cleanup;
ret = dst_key_fromdns(name, &b, mctx, keyp);
if (ret != DST_R_SUCCESS || (*keyp)->key_alg != alg)
if (ret != ISC_R_SUCCESS || (*keyp)->key_alg != alg)
goto cleanup;
isc_lex_close(lex);
isc_lex_destroy(&lex);
return (DST_R_SUCCESS);
return (ISC_R_SUCCESS);
cleanup:
if (lex != NULL) {
isc_lex_close(lex);
isc_lex_destroy(&lex);
}
return (DST_R_INVALIDPUBLICKEY);
return (ret);
}
@@ -931,8 +938,8 @@ cleanup:
* Parameters
* key A DST key
* Returns
* DST_R_SUCCESS Success
* !DST_R_SUCCESS Failure
* ISC_R_SUCCESS Success
* !ISC_R_SUCCESS Failure
*/
static dst_result_t
@@ -955,14 +962,14 @@ write_public_key(const dst_key_t *key) {
ISC_BUFFERTYPE_TEXT);
ret = dst_key_todns(key, &keyb);
if (ret != DST_R_SUCCESS)
if (ret != ISC_R_SUCCESS)
return (ret);
isc_buffer_used(&keyb, &r);
dns_rdata_fromregion(&rdata, dns_rdataclass_in, dns_rdatatype_key, &r);
dnsret = dns_rdata_totext(&rdata, (dns_name_t *) NULL, &textb);
if (dnsret != DNS_R_SUCCESS)
if (dnsret != ISC_R_SUCCESS)
return (DST_R_INVALIDPUBLICKEY);
dns_rdata_freestruct(&rdata);
@@ -987,7 +994,7 @@ write_public_key(const dst_key_t *key) {
fwrite(r.base, 1, r.length, fp);
fputc('\n', fp);
fclose(fp);
return (DST_R_SUCCESS);
return (ISC_R_SUCCESS);
}
void *