aboutsummaryrefslogtreecommitdiff
path: root/contrib/bind9/lib/dns/hmac_link.c
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/bind9/lib/dns/hmac_link.c')
-rw-r--r--contrib/bind9/lib/dns/hmac_link.c211
1 files changed, 126 insertions, 85 deletions
diff --git a/contrib/bind9/lib/dns/hmac_link.c b/contrib/bind9/lib/dns/hmac_link.c
index 5d6dce78c2bc..ecc4089888da 100644
--- a/contrib/bind9/lib/dns/hmac_link.c
+++ b/contrib/bind9/lib/dns/hmac_link.c
@@ -1,5 +1,5 @@
/*
- * Portions Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -31,7 +31,7 @@
/*
* Principal Author: Brian Wellington
- * $Id: hmac_link.c,v 1.11 2008-04-01 23:47:10 tbox Exp $
+ * $Id: hmac_link.c,v 1.19 2011-01-11 23:47:13 tbox Exp $
*/
#include <config.h>
@@ -50,14 +50,10 @@
#include "dst_internal.h"
#include "dst_parse.h"
-#define HMAC_LEN 64
-#define HMAC_IPAD 0x36
-#define HMAC_OPAD 0x5c
-
static isc_result_t hmacmd5_fromdns(dst_key_t *key, isc_buffer_t *data);
struct dst_hmacmd5_key {
- unsigned char key[HMAC_LEN];
+ unsigned char key[ISC_MD5_BLOCK_LENGTH];
};
static isc_result_t
@@ -79,7 +75,7 @@ hmacmd5_createctx(dst_key_t *key, dst_context_t *dctx) {
hmacmd5ctx = isc_mem_get(dctx->mctx, sizeof(isc_hmacmd5_t));
if (hmacmd5ctx == NULL)
return (ISC_R_NOMEMORY);
- isc_hmacmd5_init(hmacmd5ctx, hkey->key, HMAC_LEN);
+ isc_hmacmd5_init(hmacmd5ctx, hkey->key, ISC_SHA1_BLOCK_LENGTH);
dctx->ctxdata.hmacmd5ctx = hmacmd5ctx;
return (ISC_R_SUCCESS);
}
@@ -142,26 +138,28 @@ hmacmd5_compare(const dst_key_t *key1, const dst_key_t *key2) {
else if (hkey1 == NULL || hkey2 == NULL)
return (ISC_FALSE);
- if (memcmp(hkey1->key, hkey2->key, HMAC_LEN) == 0)
+ if (memcmp(hkey1->key, hkey2->key, ISC_SHA1_BLOCK_LENGTH) == 0)
return (ISC_TRUE);
else
return (ISC_FALSE);
}
static isc_result_t
-hmacmd5_generate(dst_key_t *key, int pseudorandom_ok) {
+hmacmd5_generate(dst_key_t *key, int pseudorandom_ok, void (*callback)(int)) {
isc_buffer_t b;
isc_result_t ret;
- int bytes;
- unsigned char data[HMAC_LEN];
+ unsigned int bytes;
+ unsigned char data[ISC_SHA1_BLOCK_LENGTH];
+
+ UNUSED(callback);
bytes = (key->key_size + 7) / 8;
- if (bytes > HMAC_LEN) {
- bytes = HMAC_LEN;
- key->key_size = HMAC_LEN * 8;
+ if (bytes > ISC_SHA1_BLOCK_LENGTH) {
+ bytes = ISC_SHA1_BLOCK_LENGTH;
+ key->key_size = ISC_SHA1_BLOCK_LENGTH * 8;
}
- memset(data, 0, HMAC_LEN);
+ memset(data, 0, ISC_SHA1_BLOCK_LENGTH);
ret = dst__entropy_getdata(data, bytes, ISC_TF(pseudorandom_ok != 0));
if (ret != ISC_R_SUCCESS)
@@ -170,7 +168,7 @@ hmacmd5_generate(dst_key_t *key, int pseudorandom_ok) {
isc_buffer_init(&b, data, bytes);
isc_buffer_add(&b, bytes);
ret = hmacmd5_fromdns(key, &b);
- memset(data, 0, HMAC_LEN);
+ memset(data, 0, ISC_SHA1_BLOCK_LENGTH);
return (ret);
}
@@ -184,6 +182,7 @@ hmacmd5_isprivate(const dst_key_t *key) {
static void
hmacmd5_destroy(dst_key_t *key) {
dst_hmacmd5_key_t *hkey = key->keydata.hmacmd5;
+
memset(hkey, 0, sizeof(dst_hmacmd5_key_t));
isc_mem_put(key->mctx, hkey, sizeof(dst_hmacmd5_key_t));
key->keydata.hmacmd5 = NULL;
@@ -223,7 +222,7 @@ hmacmd5_fromdns(dst_key_t *key, isc_buffer_t *data) {
memset(hkey->key, 0, sizeof(hkey->key));
- if (r.length > HMAC_LEN) {
+ if (r.length > ISC_SHA1_BLOCK_LENGTH) {
isc_md5_init(&md5ctx);
isc_md5_update(&md5ctx, r.base, r.length);
isc_md5_final(&md5ctx, hkey->key);
@@ -268,15 +267,17 @@ hmacmd5_tofile(const dst_key_t *key, const char *directory) {
}
static isc_result_t
-hmacmd5_parse(dst_key_t *key, isc_lex_t *lexer) {
+hmacmd5_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
dst_private_t priv;
isc_result_t result, tresult;
isc_buffer_t b;
isc_mem_t *mctx = key->mctx;
unsigned int i;
+ UNUSED(pub);
/* read private key file */
- result = dst__privstruct_parse(key, DST_ALG_HMACMD5, lexer, mctx, &priv);
+ result = dst__privstruct_parse(key, DST_ALG_HMACMD5, lexer, mctx,
+ &priv);
if (result != ISC_R_SUCCESS)
return (result);
@@ -324,6 +325,8 @@ static dst_func_t hmacmd5_functions = {
hmacmd5_parse,
NULL, /*%< cleanup */
NULL, /*%< fromlabel */
+ NULL, /*%< dump */
+ NULL, /*%< restore */
};
isc_result_t
@@ -337,7 +340,7 @@ dst__hmacmd5_init(dst_func_t **funcp) {
static isc_result_t hmacsha1_fromdns(dst_key_t *key, isc_buffer_t *data);
struct dst_hmacsha1_key {
- unsigned char key[ISC_SHA1_DIGESTLENGTH];
+ unsigned char key[ISC_SHA1_BLOCK_LENGTH];
};
static isc_result_t
@@ -348,7 +351,7 @@ hmacsha1_createctx(dst_key_t *key, dst_context_t *dctx) {
hmacsha1ctx = isc_mem_get(dctx->mctx, sizeof(isc_hmacsha1_t));
if (hmacsha1ctx == NULL)
return (ISC_R_NOMEMORY);
- isc_hmacsha1_init(hmacsha1ctx, hkey->key, ISC_SHA1_DIGESTLENGTH);
+ isc_hmacsha1_init(hmacsha1ctx, hkey->key, ISC_SHA1_BLOCK_LENGTH);
dctx->ctxdata.hmacsha1ctx = hmacsha1ctx;
return (ISC_R_SUCCESS);
}
@@ -411,26 +414,28 @@ hmacsha1_compare(const dst_key_t *key1, const dst_key_t *key2) {
else if (hkey1 == NULL || hkey2 == NULL)
return (ISC_FALSE);
- if (memcmp(hkey1->key, hkey2->key, ISC_SHA1_DIGESTLENGTH) == 0)
+ if (memcmp(hkey1->key, hkey2->key, ISC_SHA1_BLOCK_LENGTH) == 0)
return (ISC_TRUE);
else
return (ISC_FALSE);
}
static isc_result_t
-hmacsha1_generate(dst_key_t *key, int pseudorandom_ok) {
+hmacsha1_generate(dst_key_t *key, int pseudorandom_ok, void (*callback)(int)) {
isc_buffer_t b;
isc_result_t ret;
- int bytes;
- unsigned char data[HMAC_LEN];
+ unsigned int bytes;
+ unsigned char data[ISC_SHA1_BLOCK_LENGTH];
+
+ UNUSED(callback);
bytes = (key->key_size + 7) / 8;
- if (bytes > HMAC_LEN) {
- bytes = HMAC_LEN;
- key->key_size = HMAC_LEN * 8;
+ if (bytes > ISC_SHA1_BLOCK_LENGTH) {
+ bytes = ISC_SHA1_BLOCK_LENGTH;
+ key->key_size = ISC_SHA1_BLOCK_LENGTH * 8;
}
- memset(data, 0, HMAC_LEN);
+ memset(data, 0, ISC_SHA1_BLOCK_LENGTH);
ret = dst__entropy_getdata(data, bytes, ISC_TF(pseudorandom_ok != 0));
if (ret != ISC_R_SUCCESS)
@@ -439,7 +444,7 @@ hmacsha1_generate(dst_key_t *key, int pseudorandom_ok) {
isc_buffer_init(&b, data, bytes);
isc_buffer_add(&b, bytes);
ret = hmacsha1_fromdns(key, &b);
- memset(data, 0, ISC_SHA1_DIGESTLENGTH);
+ memset(data, 0, ISC_SHA1_BLOCK_LENGTH);
return (ret);
}
@@ -453,6 +458,7 @@ hmacsha1_isprivate(const dst_key_t *key) {
static void
hmacsha1_destroy(dst_key_t *key) {
dst_hmacsha1_key_t *hkey = key->keydata.hmacsha1;
+
memset(hkey, 0, sizeof(dst_hmacsha1_key_t));
isc_mem_put(key->mctx, hkey, sizeof(dst_hmacsha1_key_t));
key->keydata.hmacsha1 = NULL;
@@ -492,7 +498,7 @@ hmacsha1_fromdns(dst_key_t *key, isc_buffer_t *data) {
memset(hkey->key, 0, sizeof(hkey->key));
- if (r.length > ISC_SHA1_DIGESTLENGTH) {
+ if (r.length > ISC_SHA1_BLOCK_LENGTH) {
isc_sha1_init(&sha1ctx);
isc_sha1_update(&sha1ctx, r.base, r.length);
isc_sha1_final(&sha1ctx, hkey->key);
@@ -537,13 +543,14 @@ hmacsha1_tofile(const dst_key_t *key, const char *directory) {
}
static isc_result_t
-hmacsha1_parse(dst_key_t *key, isc_lex_t *lexer) {
+hmacsha1_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
dst_private_t priv;
isc_result_t result, tresult;
isc_buffer_t b;
isc_mem_t *mctx = key->mctx;
unsigned int i;
+ UNUSED(pub);
/* read private key file */
result = dst__privstruct_parse(key, DST_ALG_HMACSHA1, lexer, mctx,
&priv);
@@ -594,6 +601,8 @@ static dst_func_t hmacsha1_functions = {
hmacsha1_parse,
NULL, /* cleanup */
NULL, /* fromlabel */
+ NULL, /* dump */
+ NULL, /* restore */
};
isc_result_t
@@ -607,7 +616,7 @@ dst__hmacsha1_init(dst_func_t **funcp) {
static isc_result_t hmacsha224_fromdns(dst_key_t *key, isc_buffer_t *data);
struct dst_hmacsha224_key {
- unsigned char key[ISC_SHA224_DIGESTLENGTH];
+ unsigned char key[ISC_SHA224_BLOCK_LENGTH];
};
static isc_result_t
@@ -618,7 +627,7 @@ hmacsha224_createctx(dst_key_t *key, dst_context_t *dctx) {
hmacsha224ctx = isc_mem_get(dctx->mctx, sizeof(isc_hmacsha224_t));
if (hmacsha224ctx == NULL)
return (ISC_R_NOMEMORY);
- isc_hmacsha224_init(hmacsha224ctx, hkey->key, ISC_SHA224_DIGESTLENGTH);
+ isc_hmacsha224_init(hmacsha224ctx, hkey->key, ISC_SHA224_BLOCK_LENGTH);
dctx->ctxdata.hmacsha224ctx = hmacsha224ctx;
return (ISC_R_SUCCESS);
}
@@ -681,26 +690,30 @@ hmacsha224_compare(const dst_key_t *key1, const dst_key_t *key2) {
else if (hkey1 == NULL || hkey2 == NULL)
return (ISC_FALSE);
- if (memcmp(hkey1->key, hkey2->key, ISC_SHA224_DIGESTLENGTH) == 0)
+ if (memcmp(hkey1->key, hkey2->key, ISC_SHA224_BLOCK_LENGTH) == 0)
return (ISC_TRUE);
else
return (ISC_FALSE);
}
static isc_result_t
-hmacsha224_generate(dst_key_t *key, int pseudorandom_ok) {
+hmacsha224_generate(dst_key_t *key, int pseudorandom_ok,
+ void (*callback)(int))
+{
isc_buffer_t b;
isc_result_t ret;
- int bytes;
- unsigned char data[HMAC_LEN];
+ unsigned int bytes;
+ unsigned char data[ISC_SHA224_BLOCK_LENGTH];
+
+ UNUSED(callback);
bytes = (key->key_size + 7) / 8;
- if (bytes > HMAC_LEN) {
- bytes = HMAC_LEN;
- key->key_size = HMAC_LEN * 8;
+ if (bytes > ISC_SHA224_BLOCK_LENGTH) {
+ bytes = ISC_SHA224_BLOCK_LENGTH;
+ key->key_size = ISC_SHA224_BLOCK_LENGTH * 8;
}
- memset(data, 0, HMAC_LEN);
+ memset(data, 0, ISC_SHA224_BLOCK_LENGTH);
ret = dst__entropy_getdata(data, bytes, ISC_TF(pseudorandom_ok != 0));
if (ret != ISC_R_SUCCESS)
@@ -709,7 +722,7 @@ hmacsha224_generate(dst_key_t *key, int pseudorandom_ok) {
isc_buffer_init(&b, data, bytes);
isc_buffer_add(&b, bytes);
ret = hmacsha224_fromdns(key, &b);
- memset(data, 0, ISC_SHA224_DIGESTLENGTH);
+ memset(data, 0, ISC_SHA224_BLOCK_LENGTH);
return (ret);
}
@@ -723,6 +736,7 @@ hmacsha224_isprivate(const dst_key_t *key) {
static void
hmacsha224_destroy(dst_key_t *key) {
dst_hmacsha224_key_t *hkey = key->keydata.hmacsha224;
+
memset(hkey, 0, sizeof(dst_hmacsha224_key_t));
isc_mem_put(key->mctx, hkey, sizeof(dst_hmacsha224_key_t));
key->keydata.hmacsha224 = NULL;
@@ -762,7 +776,7 @@ hmacsha224_fromdns(dst_key_t *key, isc_buffer_t *data) {
memset(hkey->key, 0, sizeof(hkey->key));
- if (r.length > ISC_SHA224_DIGESTLENGTH) {
+ if (r.length > ISC_SHA224_BLOCK_LENGTH) {
isc_sha224_init(&sha224ctx);
isc_sha224_update(&sha224ctx, r.base, r.length);
isc_sha224_final(hkey->key, &sha224ctx);
@@ -807,13 +821,14 @@ hmacsha224_tofile(const dst_key_t *key, const char *directory) {
}
static isc_result_t
-hmacsha224_parse(dst_key_t *key, isc_lex_t *lexer) {
+hmacsha224_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
dst_private_t priv;
isc_result_t result, tresult;
isc_buffer_t b;
isc_mem_t *mctx = key->mctx;
unsigned int i;
+ UNUSED(pub);
/* read private key file */
result = dst__privstruct_parse(key, DST_ALG_HMACSHA224, lexer, mctx,
&priv);
@@ -864,6 +879,8 @@ static dst_func_t hmacsha224_functions = {
hmacsha224_parse,
NULL, /* cleanup */
NULL, /* fromlabel */
+ NULL, /* dump */
+ NULL, /* restore */
};
isc_result_t
@@ -877,7 +894,7 @@ dst__hmacsha224_init(dst_func_t **funcp) {
static isc_result_t hmacsha256_fromdns(dst_key_t *key, isc_buffer_t *data);
struct dst_hmacsha256_key {
- unsigned char key[ISC_SHA256_DIGESTLENGTH];
+ unsigned char key[ISC_SHA256_BLOCK_LENGTH];
};
static isc_result_t
@@ -888,7 +905,7 @@ hmacsha256_createctx(dst_key_t *key, dst_context_t *dctx) {
hmacsha256ctx = isc_mem_get(dctx->mctx, sizeof(isc_hmacsha256_t));
if (hmacsha256ctx == NULL)
return (ISC_R_NOMEMORY);
- isc_hmacsha256_init(hmacsha256ctx, hkey->key, ISC_SHA256_DIGESTLENGTH);
+ isc_hmacsha256_init(hmacsha256ctx, hkey->key, ISC_SHA256_BLOCK_LENGTH);
dctx->ctxdata.hmacsha256ctx = hmacsha256ctx;
return (ISC_R_SUCCESS);
}
@@ -951,26 +968,30 @@ hmacsha256_compare(const dst_key_t *key1, const dst_key_t *key2) {
else if (hkey1 == NULL || hkey2 == NULL)
return (ISC_FALSE);
- if (memcmp(hkey1->key, hkey2->key, ISC_SHA256_DIGESTLENGTH) == 0)
+ if (memcmp(hkey1->key, hkey2->key, ISC_SHA256_BLOCK_LENGTH) == 0)
return (ISC_TRUE);
else
return (ISC_FALSE);
}
static isc_result_t
-hmacsha256_generate(dst_key_t *key, int pseudorandom_ok) {
+hmacsha256_generate(dst_key_t *key, int pseudorandom_ok,
+ void (*callback)(int))
+{
isc_buffer_t b;
isc_result_t ret;
- int bytes;
- unsigned char data[HMAC_LEN];
+ unsigned int bytes;
+ unsigned char data[ISC_SHA256_BLOCK_LENGTH];
+
+ UNUSED(callback);
bytes = (key->key_size + 7) / 8;
- if (bytes > HMAC_LEN) {
- bytes = HMAC_LEN;
- key->key_size = HMAC_LEN * 8;
+ if (bytes > ISC_SHA256_BLOCK_LENGTH) {
+ bytes = ISC_SHA256_BLOCK_LENGTH;
+ key->key_size = ISC_SHA256_BLOCK_LENGTH * 8;
}
- memset(data, 0, HMAC_LEN);
+ memset(data, 0, ISC_SHA256_BLOCK_LENGTH);
ret = dst__entropy_getdata(data, bytes, ISC_TF(pseudorandom_ok != 0));
if (ret != ISC_R_SUCCESS)
@@ -979,7 +1000,7 @@ hmacsha256_generate(dst_key_t *key, int pseudorandom_ok) {
isc_buffer_init(&b, data, bytes);
isc_buffer_add(&b, bytes);
ret = hmacsha256_fromdns(key, &b);
- memset(data, 0, ISC_SHA256_DIGESTLENGTH);
+ memset(data, 0, ISC_SHA256_BLOCK_LENGTH);
return (ret);
}
@@ -993,6 +1014,7 @@ hmacsha256_isprivate(const dst_key_t *key) {
static void
hmacsha256_destroy(dst_key_t *key) {
dst_hmacsha256_key_t *hkey = key->keydata.hmacsha256;
+
memset(hkey, 0, sizeof(dst_hmacsha256_key_t));
isc_mem_put(key->mctx, hkey, sizeof(dst_hmacsha256_key_t));
key->keydata.hmacsha256 = NULL;
@@ -1032,7 +1054,7 @@ hmacsha256_fromdns(dst_key_t *key, isc_buffer_t *data) {
memset(hkey->key, 0, sizeof(hkey->key));
- if (r.length > ISC_SHA256_DIGESTLENGTH) {
+ if (r.length > ISC_SHA256_BLOCK_LENGTH) {
isc_sha256_init(&sha256ctx);
isc_sha256_update(&sha256ctx, r.base, r.length);
isc_sha256_final(hkey->key, &sha256ctx);
@@ -1077,13 +1099,14 @@ hmacsha256_tofile(const dst_key_t *key, const char *directory) {
}
static isc_result_t
-hmacsha256_parse(dst_key_t *key, isc_lex_t *lexer) {
+hmacsha256_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
dst_private_t priv;
isc_result_t result, tresult;
isc_buffer_t b;
isc_mem_t *mctx = key->mctx;
unsigned int i;
+ UNUSED(pub);
/* read private key file */
result = dst__privstruct_parse(key, DST_ALG_HMACSHA256, lexer, mctx,
&priv);
@@ -1134,6 +1157,8 @@ static dst_func_t hmacsha256_functions = {
hmacsha256_parse,
NULL, /* cleanup */
NULL, /* fromlabel */
+ NULL, /* dump */
+ NULL, /* restore */
};
isc_result_t
@@ -1147,7 +1172,7 @@ dst__hmacsha256_init(dst_func_t **funcp) {
static isc_result_t hmacsha384_fromdns(dst_key_t *key, isc_buffer_t *data);
struct dst_hmacsha384_key {
- unsigned char key[ISC_SHA384_DIGESTLENGTH];
+ unsigned char key[ISC_SHA384_BLOCK_LENGTH];
};
static isc_result_t
@@ -1158,7 +1183,7 @@ hmacsha384_createctx(dst_key_t *key, dst_context_t *dctx) {
hmacsha384ctx = isc_mem_get(dctx->mctx, sizeof(isc_hmacsha384_t));
if (hmacsha384ctx == NULL)
return (ISC_R_NOMEMORY);
- isc_hmacsha384_init(hmacsha384ctx, hkey->key, ISC_SHA384_DIGESTLENGTH);
+ isc_hmacsha384_init(hmacsha384ctx, hkey->key, ISC_SHA384_BLOCK_LENGTH);
dctx->ctxdata.hmacsha384ctx = hmacsha384ctx;
return (ISC_R_SUCCESS);
}
@@ -1221,26 +1246,30 @@ hmacsha384_compare(const dst_key_t *key1, const dst_key_t *key2) {
else if (hkey1 == NULL || hkey2 == NULL)
return (ISC_FALSE);
- if (memcmp(hkey1->key, hkey2->key, ISC_SHA384_DIGESTLENGTH) == 0)
+ if (memcmp(hkey1->key, hkey2->key, ISC_SHA384_BLOCK_LENGTH) == 0)
return (ISC_TRUE);
else
return (ISC_FALSE);
}
static isc_result_t
-hmacsha384_generate(dst_key_t *key, int pseudorandom_ok) {
+hmacsha384_generate(dst_key_t *key, int pseudorandom_ok,
+ void (*callback)(int))
+{
isc_buffer_t b;
isc_result_t ret;
- int bytes;
- unsigned char data[HMAC_LEN];
+ unsigned int bytes;
+ unsigned char data[ISC_SHA384_BLOCK_LENGTH];
+
+ UNUSED(callback);
bytes = (key->key_size + 7) / 8;
- if (bytes > HMAC_LEN) {
- bytes = HMAC_LEN;
- key->key_size = HMAC_LEN * 8;
+ if (bytes > ISC_SHA384_BLOCK_LENGTH) {
+ bytes = ISC_SHA384_BLOCK_LENGTH;
+ key->key_size = ISC_SHA384_BLOCK_LENGTH * 8;
}
- memset(data, 0, HMAC_LEN);
+ memset(data, 0, ISC_SHA384_BLOCK_LENGTH);
ret = dst__entropy_getdata(data, bytes, ISC_TF(pseudorandom_ok != 0));
if (ret != ISC_R_SUCCESS)
@@ -1249,7 +1278,7 @@ hmacsha384_generate(dst_key_t *key, int pseudorandom_ok) {
isc_buffer_init(&b, data, bytes);
isc_buffer_add(&b, bytes);
ret = hmacsha384_fromdns(key, &b);
- memset(data, 0, ISC_SHA384_DIGESTLENGTH);
+ memset(data, 0, ISC_SHA384_BLOCK_LENGTH);
return (ret);
}
@@ -1263,6 +1292,7 @@ hmacsha384_isprivate(const dst_key_t *key) {
static void
hmacsha384_destroy(dst_key_t *key) {
dst_hmacsha384_key_t *hkey = key->keydata.hmacsha384;
+
memset(hkey, 0, sizeof(dst_hmacsha384_key_t));
isc_mem_put(key->mctx, hkey, sizeof(dst_hmacsha384_key_t));
key->keydata.hmacsha384 = NULL;
@@ -1302,7 +1332,7 @@ hmacsha384_fromdns(dst_key_t *key, isc_buffer_t *data) {
memset(hkey->key, 0, sizeof(hkey->key));
- if (r.length > ISC_SHA384_DIGESTLENGTH) {
+ if (r.length > ISC_SHA384_BLOCK_LENGTH) {
isc_sha384_init(&sha384ctx);
isc_sha384_update(&sha384ctx, r.base, r.length);
isc_sha384_final(hkey->key, &sha384ctx);
@@ -1347,13 +1377,14 @@ hmacsha384_tofile(const dst_key_t *key, const char *directory) {
}
static isc_result_t
-hmacsha384_parse(dst_key_t *key, isc_lex_t *lexer) {
+hmacsha384_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
dst_private_t priv;
isc_result_t result, tresult;
isc_buffer_t b;
isc_mem_t *mctx = key->mctx;
unsigned int i;
+ UNUSED(pub);
/* read private key file */
result = dst__privstruct_parse(key, DST_ALG_HMACSHA384, lexer, mctx,
&priv);
@@ -1404,6 +1435,8 @@ static dst_func_t hmacsha384_functions = {
hmacsha384_parse,
NULL, /* cleanup */
NULL, /* fromlabel */
+ NULL, /* dump */
+ NULL, /* restore */
};
isc_result_t
@@ -1417,7 +1450,7 @@ dst__hmacsha384_init(dst_func_t **funcp) {
static isc_result_t hmacsha512_fromdns(dst_key_t *key, isc_buffer_t *data);
struct dst_hmacsha512_key {
- unsigned char key[ISC_SHA512_DIGESTLENGTH];
+ unsigned char key[ISC_SHA512_BLOCK_LENGTH];
};
static isc_result_t
@@ -1428,7 +1461,7 @@ hmacsha512_createctx(dst_key_t *key, dst_context_t *dctx) {
hmacsha512ctx = isc_mem_get(dctx->mctx, sizeof(isc_hmacsha512_t));
if (hmacsha512ctx == NULL)
return (ISC_R_NOMEMORY);
- isc_hmacsha512_init(hmacsha512ctx, hkey->key, ISC_SHA512_DIGESTLENGTH);
+ isc_hmacsha512_init(hmacsha512ctx, hkey->key, ISC_SHA512_BLOCK_LENGTH);
dctx->ctxdata.hmacsha512ctx = hmacsha512ctx;
return (ISC_R_SUCCESS);
}
@@ -1491,26 +1524,30 @@ hmacsha512_compare(const dst_key_t *key1, const dst_key_t *key2) {
else if (hkey1 == NULL || hkey2 == NULL)
return (ISC_FALSE);
- if (memcmp(hkey1->key, hkey2->key, ISC_SHA512_DIGESTLENGTH) == 0)
+ if (memcmp(hkey1->key, hkey2->key, ISC_SHA512_BLOCK_LENGTH) == 0)
return (ISC_TRUE);
else
return (ISC_FALSE);
}
static isc_result_t
-hmacsha512_generate(dst_key_t *key, int pseudorandom_ok) {
+hmacsha512_generate(dst_key_t *key, int pseudorandom_ok,
+ void (*callback)(int))
+{
isc_buffer_t b;
isc_result_t ret;
- int bytes;
- unsigned char data[HMAC_LEN];
+ unsigned int bytes;
+ unsigned char data[ISC_SHA512_BLOCK_LENGTH];
+
+ UNUSED(callback);
bytes = (key->key_size + 7) / 8;
- if (bytes > HMAC_LEN) {
- bytes = HMAC_LEN;
- key->key_size = HMAC_LEN * 8;
+ if (bytes > ISC_SHA512_BLOCK_LENGTH) {
+ bytes = ISC_SHA512_BLOCK_LENGTH;
+ key->key_size = ISC_SHA512_BLOCK_LENGTH * 8;
}
- memset(data, 0, HMAC_LEN);
+ memset(data, 0, ISC_SHA512_BLOCK_LENGTH);
ret = dst__entropy_getdata(data, bytes, ISC_TF(pseudorandom_ok != 0));
if (ret != ISC_R_SUCCESS)
@@ -1519,7 +1556,7 @@ hmacsha512_generate(dst_key_t *key, int pseudorandom_ok) {
isc_buffer_init(&b, data, bytes);
isc_buffer_add(&b, bytes);
ret = hmacsha512_fromdns(key, &b);
- memset(data, 0, ISC_SHA512_DIGESTLENGTH);
+ memset(data, 0, ISC_SHA512_BLOCK_LENGTH);
return (ret);
}
@@ -1533,6 +1570,7 @@ hmacsha512_isprivate(const dst_key_t *key) {
static void
hmacsha512_destroy(dst_key_t *key) {
dst_hmacsha512_key_t *hkey = key->keydata.hmacsha512;
+
memset(hkey, 0, sizeof(dst_hmacsha512_key_t));
isc_mem_put(key->mctx, hkey, sizeof(dst_hmacsha512_key_t));
key->keydata.hmacsha512 = NULL;
@@ -1572,7 +1610,7 @@ hmacsha512_fromdns(dst_key_t *key, isc_buffer_t *data) {
memset(hkey->key, 0, sizeof(hkey->key));
- if (r.length > ISC_SHA512_DIGESTLENGTH) {
+ if (r.length > ISC_SHA512_BLOCK_LENGTH) {
isc_sha512_init(&sha512ctx);
isc_sha512_update(&sha512ctx, r.base, r.length);
isc_sha512_final(hkey->key, &sha512ctx);
@@ -1617,13 +1655,14 @@ hmacsha512_tofile(const dst_key_t *key, const char *directory) {
}
static isc_result_t
-hmacsha512_parse(dst_key_t *key, isc_lex_t *lexer) {
+hmacsha512_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
dst_private_t priv;
isc_result_t result, tresult;
isc_buffer_t b;
isc_mem_t *mctx = key->mctx;
unsigned int i;
+ UNUSED(pub);
/* read private key file */
result = dst__privstruct_parse(key, DST_ALG_HMACSHA512, lexer, mctx,
&priv);
@@ -1674,6 +1713,8 @@ static dst_func_t hmacsha512_functions = {
hmacsha512_parse,
NULL, /* cleanup */
NULL, /* fromlabel */
+ NULL, /* dump */
+ NULL, /* restore */
};
isc_result_t
generated by cgit v1.2.3 (git 2.25.1) at 2025-03-22 20:18:24 +0000