Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/external/mpl/bind/dist/lib/dns/tsec.c,v rcsdiff: /ftp/cvs/cvsroot/src/external/mpl/bind/dist/lib/dns/tsec.c,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.2.2.1 retrieving revision 1.2.2.2 diff -u -p -r1.2.2.1 -r1.2.2.2 --- src/external/mpl/bind/dist/lib/dns/tsec.c 2018/08/12 13:02:35 1.2.2.1 +++ src/external/mpl/bind/dist/lib/dns/tsec.c 2018/09/06 06:55:00 1.2.2.2 @@ -0,0 +1,160 @@ +/* $NetBSD: tsec.c,v 1.2.2.2 2018/09/06 06:55:00 pgoyette Exp $ */ + +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#include + +#include +#include + +#include + +#include +#include +#include + +#include + +#define DNS_TSEC_MAGIC ISC_MAGIC('T', 's', 'e', 'c') +#define DNS_TSEC_VALID(t) ISC_MAGIC_VALID(t, DNS_TSEC_MAGIC) + +/*% + * DNS Transaction Security object. We assume this is not shared by + * multiple threads, and so the structure does not contain a lock. + */ +struct dns_tsec { + unsigned int magic; + dns_tsectype_t type; + isc_mem_t *mctx; + union { + dns_tsigkey_t *tsigkey; + dst_key_t *key; + } ukey; +}; + +isc_result_t +dns_tsec_create(isc_mem_t *mctx, dns_tsectype_t type, dst_key_t *key, + dns_tsec_t **tsecp) +{ + isc_result_t result; + dns_tsec_t *tsec; + dns_tsigkey_t *tsigkey = NULL; + const dns_name_t *algname; + + REQUIRE(mctx != NULL); + REQUIRE(tsecp != NULL && *tsecp == NULL); + + tsec = isc_mem_get(mctx, sizeof(*tsec)); + if (tsec == NULL) + return (ISC_R_NOMEMORY); + + tsec->type = type; + tsec->mctx = mctx; + + switch (type) { + case dns_tsectype_tsig: + switch (dst_key_alg(key)) { +#ifndef PK11_MD5_DISABLE + case DST_ALG_HMACMD5: + algname = dns_tsig_hmacmd5_name; + break; +#endif + case DST_ALG_HMACSHA1: + algname = dns_tsig_hmacsha1_name; + break; + case DST_ALG_HMACSHA224: + algname = dns_tsig_hmacsha224_name; + break; + case DST_ALG_HMACSHA256: + algname = dns_tsig_hmacsha256_name; + break; + case DST_ALG_HMACSHA384: + algname = dns_tsig_hmacsha384_name; + break; + case DST_ALG_HMACSHA512: + algname = dns_tsig_hmacsha512_name; + break; + default: + isc_mem_put(mctx, tsec, sizeof(*tsec)); + return (DNS_R_BADALG); + } + result = dns_tsigkey_createfromkey(dst_key_name(key), + algname, key, ISC_FALSE, + NULL, 0, 0, mctx, NULL, + &tsigkey); + if (result != ISC_R_SUCCESS) { + isc_mem_put(mctx, tsec, sizeof(*tsec)); + return (result); + } + tsec->ukey.tsigkey = tsigkey; + break; + case dns_tsectype_sig0: + tsec->ukey.key = key; + break; + default: + INSIST(0); + } + + tsec->magic = DNS_TSEC_MAGIC; + + *tsecp = tsec; + return (ISC_R_SUCCESS); +} + +void +dns_tsec_destroy(dns_tsec_t **tsecp) { + dns_tsec_t *tsec; + + REQUIRE(tsecp != NULL && *tsecp != NULL); + tsec = *tsecp; + REQUIRE(DNS_TSEC_VALID(tsec)); + + switch (tsec->type) { + case dns_tsectype_tsig: + dns_tsigkey_detach(&tsec->ukey.tsigkey); + break; + case dns_tsectype_sig0: + dst_key_free(&tsec->ukey.key); + break; + default: + INSIST(0); + } + + tsec->magic = 0; + isc_mem_put(tsec->mctx, tsec, sizeof(*tsec)); + + *tsecp = NULL; +} + +dns_tsectype_t +dns_tsec_gettype(dns_tsec_t *tsec) { + REQUIRE(DNS_TSEC_VALID(tsec)); + + return (tsec->type); +} + +void +dns_tsec_getkey(dns_tsec_t *tsec, void *keyp) { + REQUIRE(DNS_TSEC_VALID(tsec)); + REQUIRE(keyp != NULL); + + switch (tsec->type) { + case dns_tsectype_tsig: + dns_tsigkey_attach(tsec->ukey.tsigkey, (dns_tsigkey_t **)keyp); + break; + case dns_tsectype_sig0: + *(dst_key_t **)keyp = tsec->ukey.key; + break; + default: + INSIST(0); + } +}