Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/lib/libresolv Make libresolv handle the part that libc does ...
details: https://anonhg.NetBSD.org/src/rev/268be81a4aee
branches: trunk
changeset: 782703:268be81a4aee
user: christos <christos%NetBSD.org@localhost>
date: Thu Nov 15 18:48:48 2012 +0000
description:
Make libresolv handle the part that libc does not handle, update records
and signing.
diffstat:
lib/libresolv/Makefile | 19 +-
lib/libresolv/dst_api.c | 1057 +++++++++++++++++++++++++++++++++++
lib/libresolv/dst_internal.h | 166 +++++
lib/libresolv/hmac_link.c | 472 +++++++++++++++
lib/libresolv/ns_date.c | 134 ++++
lib/libresolv/ns_sign.c | 393 +++++++++++++
lib/libresolv/ns_verify.c | 486 ++++++++++++++++
lib/libresolv/res_findzonecut.c | 723 ++++++++++++++++++++++++
lib/libresolv/res_mkupdate.c | 1169 +++++++++++++++++++++++++++++++++++++++
lib/libresolv/res_mkupdate.h | 27 +
lib/libresolv/res_private.h | 24 +
lib/libresolv/res_sendsigned.c | 173 +++++
lib/libresolv/res_update.c | 219 +++++++
lib/libresolv/shlib_version | 4 +-
lib/libresolv/support.c | 347 +++++++++++
15 files changed, 5407 insertions(+), 6 deletions(-)
diffs (truncated from 5489 to 300 lines):
diff -r f29b8cadb7a7 -r 268be81a4aee lib/libresolv/Makefile
--- a/lib/libresolv/Makefile Thu Nov 15 16:43:30 2012 +0000
+++ b/lib/libresolv/Makefile Thu Nov 15 18:48:48 2012 +0000
@@ -1,17 +1,28 @@
-# $NetBSD: Makefile,v 1.11 2005/01/10 02:58:58 lukem Exp $
+# $NetBSD: Makefile,v 1.12 2012/11/15 18:48:48 christos Exp $
# from: @(#)Makefile 5.1 (Berkeley) 6/5/90
.include <bsd.own.mk>
+LIBC= ${NETBSDSRCDIR}/lib/libc
+
LIB=resolv
-CPPFLAGS+=-DLIBC_SCCS -I${NETBSDSRCDIR}/lib/libc/include -D_LIBC
+CPPFLAGS+=-I${LIBC}/include -I${LIBC}/resolv -D_LIBRESOLV
.if (${USE_INET6} != "no")
CPPFLAGS+=-DINET6
.endif
-.PATH: ${NETBSDSRCDIR}/lib/libc/net ${NETBSDSRCDIR}/lib/libc/resolv
+.PATH: ${LIBC}/net ${LIBC}/resolv ${LIBC}/nameser
-SRCS=gethnamaddr.c res_mkquery.c res_query.c res_send.c
+SRCS+= res_update.c res_findzonecut.c res_mkupdate.c
+SRCS+= res_sendsigned.c
+SRCS+= ns_date.c ns_samedomain.c ns_sign.c ns_verify.c
+SRCS+= dst_api.c support.c hmac_link.c
+
+# LIBC
+# CPPFLAGS+=-D_LIBC -DCOMPAT__RES -DUSE_POLL -DLIBC_SCCS
+# SRCS+= res_comp.c res_send.c res_data.c res_debug.c res_mkquery.c
+# SRCS+= res_query.c res_mkupdate.c res_init.c res_state.c
+# SRCS+= ns_netint.c ns_name.c ns_print.c ns_parse.c ns_ttl.c ns_samedomain.c
.include <bsd.lib.mk>
diff -r f29b8cadb7a7 -r 268be81a4aee lib/libresolv/dst_api.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lib/libresolv/dst_api.c Thu Nov 15 18:48:48 2012 +0000
@@ -0,0 +1,1057 @@
+/* $NetBSD: dst_api.c,v 1.1 2012/11/15 18:48:48 christos Exp $ */
+
+/*
+ * Portions Copyright (c) 1995-1998 by Trusted Information Systems, Inc.
+ *
+ * Permission to use, copy modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND TRUSTED INFORMATION SYSTEMS
+ * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
+ * TRUSTED INFORMATION SYSTEMS BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
+ * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ * WITH THE USE OR PERFORMANCE OF THE SOFTWARE.
+ */
+/*
+ * This file contains the interface between the DST API and the crypto API.
+ * This is the only file that needs to be changed if the crypto system is
+ * changed. Exported functions are:
+ * void dst_init() Initialize the toolkit
+ * int dst_check_algorithm() Function to determines if alg is suppored.
+ * int dst_compare_keys() Function to compare two keys for equality.
+ * int dst_sign_data() Incremental signing routine.
+ * int dst_verify_data() Incremental verify routine.
+ * int dst_generate_key() Function to generate new KEY
+ * DST_KEY *dst_read_key() Function to retrieve private/public KEY.
+ * void dst_write_key() Function to write out a key.
+ * DST_KEY *dst_dnskey_to_key() Function to convert DNS KEY RR to a DST
+ * KEY structure.
+ * int dst_key_to_dnskey() Function to return a public key in DNS
+ * format binary
+ * DST_KEY *dst_buffer_to_key() Converst a data in buffer to KEY
+ * int *dst_key_to_buffer() Writes out DST_KEY key matterial in buffer
+ * void dst_free_key() Releases all memory referenced by key structure
+ */
+#include <sys/cdefs.h>
+#if 0
+static const char rcsid[] = "Header: /proj/cvs/prod/libbind/dst/dst_api.c,v 1.17 2007/09/24 17:18:25 each Exp ";
+#else
+__RCSID("$NetBSD: dst_api.c,v 1.1 2012/11/15 18:48:48 christos Exp $");
+#endif
+
+
+#include "port_before.h"
+#include <stdio.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <memory.h>
+#include <ctype.h>
+#include <time.h>
+#include <sys/param.h>
+#include <sys/stat.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <resolv.h>
+
+#include "dst_internal.h"
+#include "port_after.h"
+
+/* static variables */
+static int done_init = 0;
+dst_func *dst_t_func[DST_MAX_ALGS];
+const char *dst_path = "";
+
+/* internal I/O functions */
+static DST_KEY *dst_s_read_public_key(const char *in_name,
+ const u_int16_t in_id, int in_alg);
+static int dst_s_read_private_key_file(char *name, DST_KEY *pk_key,
+ u_int16_t in_id, int in_alg);
+static int dst_s_write_public_key(const DST_KEY *key);
+static int dst_s_write_private_key(const DST_KEY *key);
+
+/* internal function to set up data structure */
+static DST_KEY *dst_s_get_key_struct(const char *name, const int alg,
+ const int flags, const int protocol,
+ const int bits);
+
+/*%
+ * dst_init
+ * This function initializes the Digital Signature Toolkit.
+ * Right now, it just checks the DSTKEYPATH environment variable.
+ * Parameters
+ * none
+ * Returns
+ * none
+ */
+void
+dst_init(void)
+{
+ char *s;
+ size_t len;
+
+ if (done_init != 0)
+ return;
+ done_init = 1;
+
+ s = getenv("DSTKEYPATH");
+ len = 0;
+ if (s) {
+ struct stat statbuf;
+
+ len = strlen(s);
+ if (len > PATH_MAX) {
+ EREPORT(("%s: %s is longer than %d characters,"
+ " ignoring\n", __func__, s, PATH_MAX));
+ } else if (stat(s, &statbuf) != 0 ||
+ !S_ISDIR(statbuf.st_mode)) {
+ EREPORT(("%s: %s is not a valid directory\n",
+ __func__, s));
+ } else {
+ char *tmp;
+ tmp = (char *) malloc(len + 2);
+ memcpy(tmp, s, len + 1);
+ if (tmp[strlen(tmp) - 1] != '/') {
+ tmp[strlen(tmp) + 1] = 0;
+ tmp[strlen(tmp)] = '/';
+ }
+ dst_path = tmp;
+ }
+ }
+ memset(dst_t_func, 0, sizeof(dst_t_func));
+ /* first one is selected */
+ dst_hmac_md5_init();
+}
+
+/*%
+ * dst_check_algorithm
+ * This function determines if the crypto system for the specified
+ * algorithm is present.
+ * Parameters
+ * alg 1 KEY_RSA
+ * 3 KEY_DSA
+ * 157 KEY_HMAC_MD5
+ * future algorithms TBD and registered with IANA.
+ * Returns
+ * 1 - The algorithm is available.
+ * 0 - The algorithm is not available.
+ */
+int
+dst_check_algorithm(const int alg)
+{
+ return (dst_t_func[alg] != NULL);
+}
+
+/*%
+ * dst_s_get_key_struct
+ * This function allocates key structure and fills in some of the
+ * fields of the structure.
+ * Parameters:
+ * name: the name of the key
+ * alg: the algorithm number
+ * flags: the dns flags of the key
+ * protocol: the dns protocol of the key
+ * bits: the size of the key
+ * Returns:
+ * NULL if error
+ * valid pointer otherwise
+ */
+static DST_KEY *
+dst_s_get_key_struct(const char *name, const int alg, const int flags,
+ const int protocol, const int bits)
+{
+ DST_KEY *new_key = NULL;
+
+ if (dst_check_algorithm(alg)) /*%< make sure alg is available */
+ new_key = (DST_KEY *) malloc(sizeof(*new_key));
+ if (new_key == NULL)
+ return (NULL);
+
+ memset(new_key, 0, sizeof(*new_key));
+ new_key->dk_key_name = strdup(name);
+ if (new_key->dk_key_name == NULL) {
+ free(new_key);
+ return (NULL);
+ }
+ new_key->dk_alg = alg;
+ new_key->dk_flags = flags;
+ new_key->dk_proto = protocol;
+ new_key->dk_KEY_struct = NULL;
+ new_key->dk_key_size = bits;
+ new_key->dk_func = dst_t_func[alg];
+ return (new_key);
+}
+
+/*%
+ * dst_compare_keys
+ * Compares two keys for equality.
+ * Parameters
+ * key1, key2 Two keys to be compared.
+ * Returns
+ * 0 The keys are equal.
+ * non-zero The keys are not equal.
+ */
+
+int
+dst_compare_keys(const DST_KEY *key1, const DST_KEY *key2)
+{
+ if (key1 == key2)
+ return (0);
+ if (key1 == NULL || key2 == NULL)
+ return (4);
+ if (key1->dk_alg != key2->dk_alg)
+ return (1);
+ if (key1->dk_key_size != key2->dk_key_size)
+ return (2);
+ if (key1->dk_id != key2->dk_id)
+ return (3);
+ return (key1->dk_func->compare(key1, key2));
+}
+
+/*%
+ * dst_sign_data
+ * An incremental signing function. Data is signed in steps.
+ * First the context must be initialized (SIG_MODE_INIT).
+ * Then data is hashed (SIG_MODE_UPDATE). Finally the signature
+ * itself is created (SIG_MODE_FINAL). This function can be called
+ * once with INIT, UPDATE and FINAL modes all set, or it can be
+ * called separately with a different mode set for each step. The
+ * UPDATE step can be repeated.
+ * Parameters
+ * mode A bit mask used to specify operation(s) to be performed.
+ * SIG_MODE_INIT 1 Initialize digest
+ * SIG_MODE_UPDATE 2 Add data to digest
+ * SIG_MODE_FINAL 4 Generate signature
+ * from signature
+ * SIG_MODE_ALL (SIG_MODE_INIT,SIG_MODE_UPDATE,SIG_MODE_FINAL
+ * data Data to be signed.
+ * len The length in bytes of data to be signed.
+ * in_key Contains a private key to sign with.
+ * KEY structures should be handled (created, converted,
+ * compared, stored, freed) by the DST.
+ * signature
+ * The location to which the signature will be written.
+ * sig_len Length of the signature field in bytes.
+ * Return
+ * 0 Successfull INIT or Update operation
+ * >0 success FINAL (sign) operation
+ * <0 failure
+ */
+
+int
+dst_sign_data(const int mode, DST_KEY *in_key, void **context,
+ const u_char *data, const int len,
+ u_char *signature, const int sig_len)
+{
+ DUMP(data, mode, len, "dst_sign_data()");
+
+ if (mode & SIG_MODE_FINAL &&
+ (in_key->dk_KEY_struct == NULL || signature == NULL))
+ return (MISSING_KEY_OR_SIGNATURE);
+
+ if (in_key->dk_func && in_key->dk_func->sign)
+ return (in_key->dk_func->sign(mode, in_key, context, data, len,
Home |
Main Index |
Thread Index |
Old Index