verify() function must take a keydata chained buffer for input key.

2025-12-19 10:18:25 +00:00 · 2012-04-27 03:13:34 +02:00
parent 4c70046d93
commit 262ac85107
3 changed files with 7 additions and 23 deletions
--- a/src/dnssec-crypto.h
+++ b/src/dnssec-crypto.h
@@ -1,6 +1,8 @@
 #ifndef DNSSEC_CRYPTO_H
 #define DNSSEC_CRYPTO_H

+struct keydata;
+
 /* 
 * vtable for a signature verification algorithm.
 *
@@ -34,7 +36,7 @@ typedef struct
  void (*begin_data)(VerifyAlgCtx *ctx);
  void (*add_data)(VerifyAlgCtx *ctx, void *data, unsigned len);
  void (*end_data)(VerifyAlgCtx *ctx);
-  int (*verify)(VerifyAlgCtx *ctx, unsigned char *key, unsigned key_len);
+  int (*verify)(VerifyAlgCtx *ctx, struct keydata *key, unsigned key_len);
 } VerifyAlg;

 struct VerifyAlgCtx
--- a/src/dnssec-openssl.c
+++ b/src/dnssec-openssl.c
@@ -90,13 +90,13 @@ static void rsasha256_end_data(VerifyAlgCtx *ctx_)
  memcpy(ctx->digest, digest, 32);
 }

-static int rsasha1_verify(VerifyAlgCtx *ctx_, unsigned char *key, unsigned key_len)
+static int rsasha1_verify(VerifyAlgCtx *ctx_, struct keydata *key_data, unsigned key_len)
 {
  VACTX_rsasha1 *ctx = (VACTX_rsasha1 *)ctx_;
  return 0;
 }

-static int rsasha256_verify(VerifyAlgCtx *ctx_, unsigned char *key, unsigned key_len)
+static int rsasha256_verify(VerifyAlgCtx *ctx_, struct keydata *key, unsigned key_len)
 {
  VACTX_rsasha256 *ctx = (VACTX_rsasha256 *)ctx_;
  return 0;
@@ -107,7 +107,7 @@ static int rsasha256_verify(VerifyAlgCtx *ctx_, unsigned char *key, unsigned key
  void alg ## _begin_data(VerifyAlgCtx *ctx); \
  void alg ## _add_data(VerifyAlgCtx *ctx, void *data, unsigned len); \
  void alg ## _end_data(VerifyAlgCtx *ctx); \
-  int alg ## _verify(VerifyAlgCtx *ctx, unsigned char *key, unsigned key_len) \
+  int alg ## _verify(VerifyAlgCtx *ctx, struct keydata *key, unsigned key_len) \
  /**/

 #define VALG_VTABLE(alg) { \
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -285,25 +285,7 @@ int dnssec_parsekey(struct dns_header *header, size_t pktlen, char *owner, unsig
  if (!(flags & 0x100))
    return 0;

-  switch (alg)
-    {
-      case 5: /* RSASHA1 */
-        CHECKED_GETCHAR(explen, rdata, rdlen);
-        if (explen == 0)
-          {
-            printf("DNSKEY: RSASHA1: Unsupported huge exponents\n");
-            return 0;
-          }
-
-        if (rdlen < explen)
-          return 0;
-        key = keydata_alloc(rdata, rdlen);
-        break;
-
-      default:
-        printf("DNSKEY: Unsupported algorithm: %d\n", alg);
-        return 0;
-    }
+  key = keydata_alloc(rdata, rdlen);

  /* TODO: time(0) is correct here? */
  crecp = cache_insert(owner, NULL, time(0), ttl, F_FORWARD | F_DNSKEY);