mirror of https://github.com/getdnsapi/getdns.git
Sync crypto funcs from Unbound
This commit is contained in:
parent
ecb9de2c29
commit
01715688d7
|
@ -372,6 +372,8 @@ check_function_exists(SSL_set_ciphersuites HAVE_SSL_SET_CIPHERSUITES)
|
|||
|
||||
check_function_exists(OPENSSL_init_crypto HAVE_OPENSSL_INIT_CRYPTO)
|
||||
|
||||
check_function_exists(OSSL_PARAM_BLD_new HAVE_OSSL_PARAM_BLD_NEW)
|
||||
|
||||
check_symbol_exists(SSL_dane_enable "openssl/ssl.h" HAVE_SSL_DANE_ENABLE)
|
||||
check_symbol_exists(SSL_CTX_set1_curves_list "openssl/ssl.h" HAVE_DECL_SSL_CTX_SET1_CURVES_LIST)
|
||||
check_symbol_exists(SSL_set1_curves_list "openssl/ssl.h" HAVE_DECL_SSL_SET1_CURVES_LIST)
|
||||
|
|
|
@ -29,8 +29,15 @@
|
|||
#ifdef HAVE_OPENSSL_BN_H
|
||||
#include <openssl/bn.h>
|
||||
#endif
|
||||
#ifdef HAVE_OPENSSL_RSA_H
|
||||
#include <openssl/rsa.h>
|
||||
#ifdef HAVE_OPENSSL_PARAM_BUILD_H
|
||||
# include <openssl/param_build.h>
|
||||
#else
|
||||
# ifdef HAVE_OPENSSL_RSA_H
|
||||
# include <openssl/rsa.h>
|
||||
# endif
|
||||
# ifdef HAVE_OPENSSL_DSA_H
|
||||
# include <openssl/dsa.h>
|
||||
# endif
|
||||
#endif
|
||||
#ifdef HAVE_OPENSSL_DSA_H
|
||||
#include <openssl/dsa.h>
|
||||
|
@ -77,6 +84,7 @@ gldns_key_EVP_load_gost_id(void)
|
|||
if(!e) {
|
||||
/* load it ourself, in case statically linked */
|
||||
ENGINE_load_builtin_engines();
|
||||
ENGINE_load_dynamic();
|
||||
e = ENGINE_by_id("gost");
|
||||
}
|
||||
if(!e) {
|
||||
|
@ -115,49 +123,71 @@ void gldns_key_EVP_unload_gost(void)
|
|||
#endif /* ifndef OPENSSL_NO_ENGINE */
|
||||
#endif /* USE_GOST */
|
||||
|
||||
DSA *
|
||||
gldns_key_buf2dsa_raw(unsigned char* key, size_t len)
|
||||
/* Retrieve params as BIGNUM from raw buffer */
|
||||
static int
|
||||
gldns_key_dsa_buf_bignum(unsigned char* key, size_t len, BIGNUM** p,
|
||||
BIGNUM** q, BIGNUM** g, BIGNUM** y)
|
||||
{
|
||||
uint8_t T;
|
||||
uint16_t length;
|
||||
uint16_t offset;
|
||||
DSA *dsa;
|
||||
BIGNUM *Q; BIGNUM *P;
|
||||
BIGNUM *G; BIGNUM *Y;
|
||||
|
||||
if(len == 0)
|
||||
return NULL;
|
||||
return 0;
|
||||
T = (uint8_t)key[0];
|
||||
length = (64 + T * 8);
|
||||
offset = 1;
|
||||
|
||||
if (T > 8) {
|
||||
return NULL;
|
||||
return 0;
|
||||
}
|
||||
if(len < (size_t)1 + SHA_DIGEST_LENGTH + 3*length)
|
||||
return NULL;
|
||||
return 0;
|
||||
|
||||
Q = BN_bin2bn(key+offset, SHA_DIGEST_LENGTH, NULL);
|
||||
*q = BN_bin2bn(key+offset, SHA_DIGEST_LENGTH, NULL);
|
||||
offset += SHA_DIGEST_LENGTH;
|
||||
|
||||
P = BN_bin2bn(key+offset, (int)length, NULL);
|
||||
*p = BN_bin2bn(key+offset, (int)length, NULL);
|
||||
offset += length;
|
||||
|
||||
G = BN_bin2bn(key+offset, (int)length, NULL);
|
||||
*g = BN_bin2bn(key+offset, (int)length, NULL);
|
||||
offset += length;
|
||||
|
||||
Y = BN_bin2bn(key+offset, (int)length, NULL);
|
||||
*y = BN_bin2bn(key+offset, (int)length, NULL);
|
||||
|
||||
/* create the key and set its properties */
|
||||
if(!Q || !P || !G || !Y || !(dsa = DSA_new())) {
|
||||
BN_free(Q);
|
||||
BN_free(P);
|
||||
BN_free(G);
|
||||
BN_free(Y);
|
||||
if(!*q || !*p || !*g || !*y) {
|
||||
BN_free(*q);
|
||||
BN_free(*p);
|
||||
BN_free(*g);
|
||||
BN_free(*y);
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
#ifndef HAVE_OSSL_PARAM_BLD_NEW
|
||||
DSA *
|
||||
gldns_key_buf2dsa_raw(unsigned char* key, size_t len)
|
||||
{
|
||||
DSA *dsa;
|
||||
BIGNUM *Q=NULL, *P=NULL, *G=NULL, *Y=NULL;
|
||||
if(!gldns_key_dsa_buf_bignum(key, len, &P, &Q, &G, &Y)) {
|
||||
return NULL;
|
||||
}
|
||||
/* create the key and set its properties */
|
||||
if(!(dsa = DSA_new())) {
|
||||
return NULL;
|
||||
}
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000 || \
|
||||
(defined(HAVE_LIBRESSL) && LIBRESSL_VERSION_NUMBER < 0x02070000f)
|
||||
#ifndef S_SPLINT_S
|
||||
dsa->p = P;
|
||||
dsa->q = Q;
|
||||
dsa->g = G;
|
||||
dsa->pub_key = Y;
|
||||
#endif /* splint */
|
||||
|
||||
#if defined(HAVE_DSA_SET0_PQG) && defined(HAVE_DSA_SET0_KEY)
|
||||
#else /* OPENSSL_VERSION_NUMBER */
|
||||
if (!DSA_set0_pqg(dsa, P, Q, G)) {
|
||||
/* QPG not yet attached, need to free */
|
||||
BN_free(Q);
|
||||
|
@ -174,33 +204,115 @@ gldns_key_buf2dsa_raw(unsigned char* key, size_t len)
|
|||
BN_free(Y);
|
||||
return NULL;
|
||||
}
|
||||
#else
|
||||
# ifndef S_SPLINT_S
|
||||
dsa->p = P;
|
||||
dsa->q = Q;
|
||||
dsa->g = G;
|
||||
dsa->pub_key = Y;
|
||||
# endif /* splint */
|
||||
#endif
|
||||
|
||||
return dsa;
|
||||
}
|
||||
#endif /* HAVE_OSSL_PARAM_BLD_NEW */
|
||||
|
||||
RSA *
|
||||
gldns_key_buf2rsa_raw(unsigned char* key, size_t len)
|
||||
EVP_PKEY *gldns_key_dsa2pkey_raw(unsigned char* key, size_t len)
|
||||
{
|
||||
#ifdef HAVE_OSSL_PARAM_BLD_NEW
|
||||
EVP_PKEY* evp_key = NULL;
|
||||
EVP_PKEY_CTX* ctx;
|
||||
BIGNUM *p=NULL, *q=NULL, *g=NULL, *y=NULL;
|
||||
OSSL_PARAM_BLD* param_bld;
|
||||
OSSL_PARAM* params = NULL;
|
||||
if(!gldns_key_dsa_buf_bignum(key, len, &p, &q, &g, &y)) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
param_bld = OSSL_PARAM_BLD_new();
|
||||
if(!param_bld) {
|
||||
BN_free(p);
|
||||
BN_free(q);
|
||||
BN_free(g);
|
||||
BN_free(y);
|
||||
return NULL;
|
||||
}
|
||||
if(!OSSL_PARAM_BLD_push_BN(param_bld, "p", p) ||
|
||||
!OSSL_PARAM_BLD_push_BN(param_bld, "g", g) ||
|
||||
!OSSL_PARAM_BLD_push_BN(param_bld, "q", q) ||
|
||||
!OSSL_PARAM_BLD_push_BN(param_bld, "pub", y)) {
|
||||
OSSL_PARAM_BLD_free(param_bld);
|
||||
BN_free(p);
|
||||
BN_free(q);
|
||||
BN_free(g);
|
||||
BN_free(y);
|
||||
return NULL;
|
||||
}
|
||||
params = OSSL_PARAM_BLD_to_param(param_bld);
|
||||
OSSL_PARAM_BLD_free(param_bld);
|
||||
|
||||
ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL);
|
||||
if(!ctx) {
|
||||
OSSL_PARAM_free(params);
|
||||
BN_free(p);
|
||||
BN_free(q);
|
||||
BN_free(g);
|
||||
BN_free(y);
|
||||
return NULL;
|
||||
}
|
||||
if(EVP_PKEY_fromdata_init(ctx) <= 0) {
|
||||
EVP_PKEY_CTX_free(ctx);
|
||||
OSSL_PARAM_free(params);
|
||||
BN_free(p);
|
||||
BN_free(q);
|
||||
BN_free(g);
|
||||
BN_free(y);
|
||||
return NULL;
|
||||
}
|
||||
if(EVP_PKEY_fromdata(ctx, &evp_key, EVP_PKEY_PUBLIC_KEY, params) <= 0) {
|
||||
EVP_PKEY_CTX_free(ctx);
|
||||
OSSL_PARAM_free(params);
|
||||
BN_free(p);
|
||||
BN_free(q);
|
||||
BN_free(g);
|
||||
BN_free(y);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
EVP_PKEY_CTX_free(ctx);
|
||||
OSSL_PARAM_free(params);
|
||||
BN_free(p);
|
||||
BN_free(q);
|
||||
BN_free(g);
|
||||
BN_free(y);
|
||||
return evp_key;
|
||||
#else
|
||||
DSA* dsa;
|
||||
EVP_PKEY* evp_key = EVP_PKEY_new();
|
||||
if(!evp_key) {
|
||||
return NULL;
|
||||
}
|
||||
dsa = gldns_key_buf2dsa_raw(key, len);
|
||||
if(!dsa) {
|
||||
EVP_PKEY_free(evp_key);
|
||||
return NULL;
|
||||
}
|
||||
if(EVP_PKEY_assign_DSA(evp_key, dsa) == 0) {
|
||||
DSA_free(dsa);
|
||||
EVP_PKEY_free(evp_key);
|
||||
return NULL;
|
||||
}
|
||||
return evp_key;
|
||||
#endif
|
||||
}
|
||||
|
||||
/* Retrieve params as BIGNUM from raw buffer, n is modulus, e is exponent */
|
||||
static int
|
||||
gldns_key_rsa_buf_bignum(unsigned char* key, size_t len, BIGNUM** n,
|
||||
BIGNUM** e)
|
||||
{
|
||||
uint16_t offset;
|
||||
uint16_t exp;
|
||||
uint16_t int16;
|
||||
RSA *rsa;
|
||||
BIGNUM *modulus;
|
||||
BIGNUM *exponent;
|
||||
|
||||
if (len == 0)
|
||||
return NULL;
|
||||
return 0;
|
||||
if (key[0] == 0) {
|
||||
if(len < 3)
|
||||
return NULL;
|
||||
return 0;
|
||||
memmove(&int16, key+1, 2);
|
||||
exp = ntohs(int16);
|
||||
offset = 3;
|
||||
|
@ -211,46 +323,140 @@ gldns_key_buf2rsa_raw(unsigned char* key, size_t len)
|
|||
|
||||
/* key length at least one */
|
||||
if(len < (size_t)offset + exp + 1)
|
||||
return NULL;
|
||||
return 0;
|
||||
|
||||
/* Exponent */
|
||||
exponent = BN_new();
|
||||
if(!exponent) return NULL;
|
||||
(void) BN_bin2bn(key+offset, (int)exp, exponent);
|
||||
*e = BN_new();
|
||||
if(!*e) return 0;
|
||||
(void) BN_bin2bn(key+offset, (int)exp, *e);
|
||||
offset += exp;
|
||||
|
||||
/* Modulus */
|
||||
modulus = BN_new();
|
||||
if(!modulus) {
|
||||
BN_free(exponent);
|
||||
return NULL;
|
||||
*n = BN_new();
|
||||
if(!*n) {
|
||||
BN_free(*e);
|
||||
return 0;
|
||||
}
|
||||
/* length of the buffer must match the key length! */
|
||||
(void) BN_bin2bn(key+offset, (int)(len - offset), modulus);
|
||||
(void) BN_bin2bn(key+offset, (int)(len - offset), *n);
|
||||
return 1;
|
||||
}
|
||||
|
||||
#ifndef HAVE_OSSL_PARAM_BLD_NEW
|
||||
RSA *
|
||||
gldns_key_buf2rsa_raw(unsigned char* key, size_t len)
|
||||
{
|
||||
BIGNUM* modulus = NULL;
|
||||
BIGNUM* exponent = NULL;
|
||||
RSA *rsa;
|
||||
if(!gldns_key_rsa_buf_bignum(key, len, &modulus, &exponent))
|
||||
return NULL;
|
||||
rsa = RSA_new();
|
||||
if(!rsa) {
|
||||
BN_free(exponent);
|
||||
BN_free(modulus);
|
||||
return NULL;
|
||||
}
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000 || \
|
||||
(defined(HAVE_LIBRESSL) && LIBRESSL_VERSION_NUMBER < 0x02070000f)
|
||||
#ifndef S_SPLINT_S
|
||||
rsa->n = modulus;
|
||||
rsa->e = exponent;
|
||||
#endif /* splint */
|
||||
|
||||
#if defined(HAVE_RSA_SET0_KEY)
|
||||
#else /* OPENSSL_VERSION_NUMBER */
|
||||
if (!RSA_set0_key(rsa, modulus, exponent, NULL)) {
|
||||
BN_free(exponent);
|
||||
BN_free(modulus);
|
||||
RSA_free(rsa);
|
||||
return NULL;
|
||||
}
|
||||
#else
|
||||
# ifndef S_SPLINT_S
|
||||
rsa->n = modulus;
|
||||
rsa->e = exponent;
|
||||
# endif /* splint */
|
||||
#endif
|
||||
|
||||
return rsa;
|
||||
}
|
||||
#endif /* HAVE_OSSL_PARAM_BLD_NEW */
|
||||
|
||||
EVP_PKEY* gldns_key_rsa2pkey_raw(unsigned char* key, size_t len)
|
||||
{
|
||||
#ifdef HAVE_OSSL_PARAM_BLD_NEW
|
||||
EVP_PKEY* evp_key = NULL;
|
||||
EVP_PKEY_CTX* ctx;
|
||||
BIGNUM *n=NULL, *e=NULL;
|
||||
OSSL_PARAM_BLD* param_bld;
|
||||
OSSL_PARAM* params = NULL;
|
||||
|
||||
if(!gldns_key_rsa_buf_bignum(key, len, &n, &e)) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
param_bld = OSSL_PARAM_BLD_new();
|
||||
if(!param_bld) {
|
||||
BN_free(n);
|
||||
BN_free(e);
|
||||
return NULL;
|
||||
}
|
||||
if(!OSSL_PARAM_BLD_push_BN(param_bld, "n", n)) {
|
||||
OSSL_PARAM_BLD_free(param_bld);
|
||||
BN_free(n);
|
||||
BN_free(e);
|
||||
return NULL;
|
||||
}
|
||||
if(!OSSL_PARAM_BLD_push_BN(param_bld, "e", e)) {
|
||||
OSSL_PARAM_BLD_free(param_bld);
|
||||
BN_free(n);
|
||||
BN_free(e);
|
||||
return NULL;
|
||||
}
|
||||
params = OSSL_PARAM_BLD_to_param(param_bld);
|
||||
OSSL_PARAM_BLD_free(param_bld);
|
||||
|
||||
ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);
|
||||
if(!ctx) {
|
||||
OSSL_PARAM_free(params);
|
||||
BN_free(n);
|
||||
BN_free(e);
|
||||
return NULL;
|
||||
}
|
||||
if(EVP_PKEY_fromdata_init(ctx) <= 0) {
|
||||
EVP_PKEY_CTX_free(ctx);
|
||||
OSSL_PARAM_free(params);
|
||||
BN_free(n);
|
||||
BN_free(e);
|
||||
return NULL;
|
||||
}
|
||||
if(EVP_PKEY_fromdata(ctx, &evp_key, EVP_PKEY_PUBLIC_KEY, params) <= 0) {
|
||||
EVP_PKEY_CTX_free(ctx);
|
||||
OSSL_PARAM_free(params);
|
||||
BN_free(n);
|
||||
BN_free(e);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
EVP_PKEY_CTX_free(ctx);
|
||||
OSSL_PARAM_free(params);
|
||||
BN_free(n);
|
||||
BN_free(e);
|
||||
return evp_key;
|
||||
#else
|
||||
RSA* rsa;
|
||||
EVP_PKEY *evp_key = EVP_PKEY_new();
|
||||
if(!evp_key) {
|
||||
return NULL;
|
||||
}
|
||||
rsa = gldns_key_buf2rsa_raw(key, len);
|
||||
if(!rsa) {
|
||||
EVP_PKEY_free(evp_key);
|
||||
return NULL;
|
||||
}
|
||||
if(EVP_PKEY_assign_RSA(evp_key, rsa) == 0) {
|
||||
RSA_free(rsa);
|
||||
EVP_PKEY_free(evp_key);
|
||||
return NULL;
|
||||
}
|
||||
return evp_key;
|
||||
#endif
|
||||
}
|
||||
|
||||
#ifdef USE_GOST
|
||||
EVP_PKEY*
|
||||
|
@ -281,6 +487,62 @@ gldns_gost2pkey_raw(unsigned char* key, size_t keylen)
|
|||
EVP_PKEY*
|
||||
gldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo)
|
||||
{
|
||||
#ifdef HAVE_OSSL_PARAM_BLD_NEW
|
||||
unsigned char buf[256+2]; /* sufficient for 2*384/8+1 */
|
||||
EVP_PKEY *evp_key = NULL;
|
||||
EVP_PKEY_CTX* ctx;
|
||||
OSSL_PARAM_BLD* param_bld;
|
||||
OSSL_PARAM* params = NULL;
|
||||
char* group = NULL;
|
||||
|
||||
/* check length, which uncompressed must be 2 bignums */
|
||||
if(algo == GLDNS_ECDSAP256SHA256) {
|
||||
if(keylen != 2*256/8) return NULL;
|
||||
group = "prime256v1";
|
||||
} else if(algo == GLDNS_ECDSAP384SHA384) {
|
||||
if(keylen != 2*384/8) return NULL;
|
||||
group = "P-384";
|
||||
} else {
|
||||
return NULL;
|
||||
}
|
||||
if(keylen+1 > sizeof(buf)) { /* sanity check */
|
||||
return NULL;
|
||||
}
|
||||
/* prepend the 0x04 for uncompressed format */
|
||||
buf[0] = POINT_CONVERSION_UNCOMPRESSED;
|
||||
memmove(buf+1, key, keylen);
|
||||
|
||||
param_bld = OSSL_PARAM_BLD_new();
|
||||
if(!param_bld) {
|
||||
return NULL;
|
||||
}
|
||||
if(!OSSL_PARAM_BLD_push_utf8_string(param_bld, "group", group, 0) ||
|
||||
!OSSL_PARAM_BLD_push_octet_string(param_bld, "pub", buf, keylen+1)) {
|
||||
OSSL_PARAM_BLD_free(param_bld);
|
||||
return NULL;
|
||||
}
|
||||
params = OSSL_PARAM_BLD_to_param(param_bld);
|
||||
OSSL_PARAM_BLD_free(param_bld);
|
||||
|
||||
ctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL);
|
||||
if(!ctx) {
|
||||
OSSL_PARAM_free(params);
|
||||
return NULL;
|
||||
}
|
||||
if(EVP_PKEY_fromdata_init(ctx) <= 0) {
|
||||
EVP_PKEY_CTX_free(ctx);
|
||||
OSSL_PARAM_free(params);
|
||||
return NULL;
|
||||
}
|
||||
if(EVP_PKEY_fromdata(ctx, &evp_key, EVP_PKEY_PUBLIC_KEY, params) <= 0) {
|
||||
EVP_PKEY_CTX_free(ctx);
|
||||
OSSL_PARAM_free(params);
|
||||
return NULL;
|
||||
}
|
||||
EVP_PKEY_CTX_free(ctx);
|
||||
OSSL_PARAM_free(params);
|
||||
return evp_key;
|
||||
#else
|
||||
unsigned char buf[256+2]; /* sufficient for 2*384/8+1 */
|
||||
const unsigned char* pp = buf;
|
||||
EVP_PKEY *evp_key;
|
||||
|
@ -317,6 +579,7 @@ gldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo)
|
|||
return NULL;
|
||||
}
|
||||
return evp_key;
|
||||
#endif /* HAVE_OSSL_PARAM_BLD_NEW */
|
||||
}
|
||||
#endif /* USE_ECDSA */
|
||||
|
||||
|
|
|
@ -37,6 +37,7 @@ int gldns_key_EVP_load_gost_id(void);
|
|||
/** Release the engine reference held for the GOST engine. */
|
||||
void gldns_key_EVP_unload_gost(void);
|
||||
|
||||
#ifndef HAVE_OSSL_PARAM_BLD_NEW
|
||||
/**
|
||||
* Like gldns_key_buf2dsa, but uses raw buffer.
|
||||
* \param[in] key the uncompressed wireformat of the key.
|
||||
|
@ -44,6 +45,15 @@ void gldns_key_EVP_unload_gost(void);
|
|||
* \return a DSA * structure with the key material
|
||||
*/
|
||||
DSA *gldns_key_buf2dsa_raw(unsigned char* key, size_t len);
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Converts a holding buffer with DSA key material to EVP PKEY in openssl.
|
||||
* \param[in] key the uncompressed wireformat of the key.
|
||||
* \param[in] len length of key data
|
||||
* \return the key or NULL on error.
|
||||
*/
|
||||
EVP_PKEY *gldns_key_dsa2pkey_raw(unsigned char* key, size_t len);
|
||||
|
||||
/**
|
||||
* Converts a holding buffer with key material to EVP PKEY in openssl.
|
||||
|
@ -64,6 +74,7 @@ EVP_PKEY* gldns_gost2pkey_raw(unsigned char* key, size_t keylen);
|
|||
*/
|
||||
EVP_PKEY* gldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo);
|
||||
|
||||
#ifndef HAVE_OSSL_PARAM_BLD_NEW
|
||||
/**
|
||||
* Like gldns_key_buf2rsa, but uses raw buffer.
|
||||
* \param[in] key the uncompressed wireformat of the key.
|
||||
|
@ -71,6 +82,15 @@ EVP_PKEY* gldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo);
|
|||
* \return a RSA * structure with the key material
|
||||
*/
|
||||
RSA *gldns_key_buf2rsa_raw(unsigned char* key, size_t len);
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Converts a holding buffer with RSA key material to EVP PKEY in openssl.
|
||||
* \param[in] key the uncompressed wireformat of the key.
|
||||
* \param[in] len length of key data
|
||||
* \return the key or NULL on error.
|
||||
*/
|
||||
EVP_PKEY* gldns_key_rsa2pkey_raw(unsigned char* key, size_t len);
|
||||
|
||||
/**
|
||||
* Converts a holding buffer with key material to EVP PKEY in openssl.
|
||||
|
|
|
@ -514,29 +514,13 @@ static int
|
|||
setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type,
|
||||
unsigned char* key, size_t keylen)
|
||||
{
|
||||
#if defined(USE_DSA) && defined(USE_SHA1)
|
||||
DSA* dsa;
|
||||
#endif
|
||||
RSA* rsa;
|
||||
|
||||
switch(algo) {
|
||||
#if defined(USE_DSA) && defined(USE_SHA1)
|
||||
case LDNS_DSA:
|
||||
case LDNS_DSA_NSEC3:
|
||||
*evp_key = EVP_PKEY_new();
|
||||
*evp_key = sldns_key_dsa2pkey_raw(key, keylen);
|
||||
if(!*evp_key) {
|
||||
log_err("verify: malloc failure in crypto");
|
||||
return 0;
|
||||
}
|
||||
dsa = sldns_key_buf2dsa_raw(key, keylen);
|
||||
if(!dsa) {
|
||||
verbose(VERB_QUERY, "verify: "
|
||||
"sldns_key_buf2dsa_raw failed");
|
||||
return 0;
|
||||
}
|
||||
if(EVP_PKEY_assign_DSA(*evp_key, dsa) == 0) {
|
||||
verbose(VERB_QUERY, "verify: "
|
||||
"EVP_PKEY_assign_DSA failed");
|
||||
verbose(VERB_QUERY, "verify: sldns_key_dsa2pkey failed");
|
||||
return 0;
|
||||
}
|
||||
#ifdef HAVE_EVP_DSS1
|
||||
|
@ -559,20 +543,9 @@ setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type,
|
|||
#if defined(HAVE_EVP_SHA512) && defined(USE_SHA2)
|
||||
case LDNS_RSASHA512:
|
||||
#endif
|
||||
*evp_key = EVP_PKEY_new();
|
||||
*evp_key = sldns_key_rsa2pkey_raw(key, keylen);
|
||||
if(!*evp_key) {
|
||||
log_err("verify: malloc failure in crypto");
|
||||
return 0;
|
||||
}
|
||||
rsa = sldns_key_buf2rsa_raw(key, keylen);
|
||||
if(!rsa) {
|
||||
verbose(VERB_QUERY, "verify: "
|
||||
"sldns_key_buf2rsa_raw SHA failed");
|
||||
return 0;
|
||||
}
|
||||
if(EVP_PKEY_assign_RSA(*evp_key, rsa) == 0) {
|
||||
verbose(VERB_QUERY, "verify: "
|
||||
"EVP_PKEY_assign_RSA SHA failed");
|
||||
verbose(VERB_QUERY, "verify: sldns_key_rsa2pkey SHA failed");
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -596,20 +569,9 @@ setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type,
|
|||
#endif /* defined(USE_SHA1) || (defined(HAVE_EVP_SHA256) && defined(USE_SHA2)) || (defined(HAVE_EVP_SHA512) && defined(USE_SHA2)) */
|
||||
|
||||
case LDNS_RSAMD5:
|
||||
*evp_key = EVP_PKEY_new();
|
||||
*evp_key = sldns_key_rsa2pkey_raw(key, keylen);
|
||||
if(!*evp_key) {
|
||||
log_err("verify: malloc failure in crypto");
|
||||
return 0;
|
||||
}
|
||||
rsa = sldns_key_buf2rsa_raw(key, keylen);
|
||||
if(!rsa) {
|
||||
verbose(VERB_QUERY, "verify: "
|
||||
"sldns_key_buf2rsa_raw MD5 failed");
|
||||
return 0;
|
||||
}
|
||||
if(EVP_PKEY_assign_RSA(*evp_key, rsa) == 0) {
|
||||
verbose(VERB_QUERY, "verify: "
|
||||
"EVP_PKEY_assign_RSA MD5 failed");
|
||||
verbose(VERB_QUERY, "verify: sldns_key_rsa2pkey MD5 failed");
|
||||
return 0;
|
||||
}
|
||||
*digest_type = EVP_md5();
|
||||
|
|
|
@ -47,6 +47,8 @@
|
|||
#define sldns_ecdsa2pkey_raw gldns_ecdsa2pkey_raw
|
||||
#define sldns_buffer_begin gldns_buffer_begin
|
||||
#define sldns_buffer_limit gldns_buffer_limit
|
||||
#define sldns_key_dsa2pkey_raw gldns_key_dsa2pkey_raw
|
||||
#define sldns_key_rsa2pkey_raw gldns_key_rsa2pkey_raw
|
||||
|
||||
#include "util/val_secalgo.h"
|
||||
|
||||
|
|
|
@ -54,6 +54,11 @@ on 1 byte), but shoehorning those bytes into integers efficiently is messy.
|
|||
#include <stdio.h> /* defines printf for tests */
|
||||
#include <time.h> /* defines time_t for timings in the test */
|
||||
|
||||
/*
|
||||
* If our build system provides endianness info, signalled by
|
||||
* HAVE_TARGET_ENDIANNESS and the presence or absence of TARGET_IS_BIG_ENDIAN,
|
||||
* use that. Otherwise try to work out the endianness.
|
||||
*/
|
||||
#if defined(HAVE_TARGET_ENDIANNESS)
|
||||
# if defined(TARGET_IS_BIG_ENDIAN)
|
||||
# define HASH_LITTLE_ENDIAN 0
|
||||
|
@ -63,9 +68,55 @@ on 1 byte), but shoehorning those bytes into integers efficiently is messy.
|
|||
# define HASH_BIG_ENDIAN 0
|
||||
# endif
|
||||
#else
|
||||
# error "Target endianness required."
|
||||
# include <sys/param.h> /* attempt to define endianness */
|
||||
# ifdef HAVE_SYS_TYPES_H
|
||||
# include <sys/types.h> /* attempt to define endianness (solaris) */
|
||||
# endif
|
||||
# if defined(linux) || defined(__OpenBSD__)
|
||||
# ifdef HAVE_ENDIAN_H
|
||||
# include <endian.h> /* attempt to define endianness */
|
||||
# else
|
||||
# include <machine/endian.h> /* on older OpenBSD */
|
||||
# endif
|
||||
# endif
|
||||
# if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__DragonFly__)
|
||||
# include <sys/endian.h> /* attempt to define endianness */
|
||||
# endif
|
||||
/*
|
||||
* My best guess at if you are big-endian or little-endian. This may
|
||||
* need adjustment.
|
||||
*/
|
||||
# if (defined(__BYTE_ORDER) && defined(__LITTLE_ENDIAN) && \
|
||||
__BYTE_ORDER == __LITTLE_ENDIAN) || \
|
||||
(defined(i386) || defined(__i386__) || defined(__i486__) || \
|
||||
defined(__i586__) || defined(__i686__) || defined(vax) || defined(MIPSEL) || defined(__x86))
|
||||
# define HASH_LITTLE_ENDIAN 1
|
||||
# define HASH_BIG_ENDIAN 0
|
||||
# elif (defined(__BYTE_ORDER) && defined(__BIG_ENDIAN) && \
|
||||
__BYTE_ORDER == __BIG_ENDIAN) || \
|
||||
(defined(sparc) || defined(__sparc) || defined(__sparc__) || defined(POWERPC) || defined(mc68000) || defined(sel))
|
||||
# define HASH_LITTLE_ENDIAN 0
|
||||
# define HASH_BIG_ENDIAN 1
|
||||
# elif defined(_MACHINE_ENDIAN_H_)
|
||||
/* test for machine_endian_h protects failure if some are empty strings */
|
||||
# if defined(_BYTE_ORDER) && defined(_BIG_ENDIAN) && _BYTE_ORDER == _BIG_ENDIAN
|
||||
# define HASH_LITTLE_ENDIAN 0
|
||||
# define HASH_BIG_ENDIAN 1
|
||||
# endif
|
||||
# if defined(_BYTE_ORDER) && defined(_LITTLE_ENDIAN) && _BYTE_ORDER == _LITTLE_ENDIAN
|
||||
# define HASH_LITTLE_ENDIAN 1
|
||||
# define HASH_BIG_ENDIAN 0
|
||||
# endif /* _MACHINE_ENDIAN_H_ */
|
||||
# else
|
||||
# define HASH_LITTLE_ENDIAN 0
|
||||
# define HASH_BIG_ENDIAN 0
|
||||
# endif
|
||||
#endif /* defined(HAVE_TARGET_ENDIANNESS) */
|
||||
|
||||
#define hashsize(n) ((uint32_t)1<<(n))
|
||||
#define hashmask(n) (hashsize(n)-1)
|
||||
#define rot(x,k) (((x)<<(k)) | ((x)>>(32-(k))))
|
||||
|
||||
/* random initial value */
|
||||
static uint32_t raninit = (uint32_t)0xdeadbeef;
|
||||
|
||||
|
@ -75,10 +126,6 @@ hash_set_raninit(uint32_t v)
|
|||
raninit = v;
|
||||
}
|
||||
|
||||
#define hashsize(n) ((uint32_t)1<<(n))
|
||||
#define hashmask(n) (hashsize(n)-1)
|
||||
#define rot(x,k) (((x)<<(k)) | ((x)>>(32-(k))))
|
||||
|
||||
/*
|
||||
-------------------------------------------------------------------------------
|
||||
mix -- mix 3 32-bit values reversibly.
|
||||
|
|
Loading…
Reference in New Issue