"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/crypto.c" between
dnsmasq-2.84.tar.xz and dnsmasq-2.85.tar.xz

About: Dnsmasq is a lightweight caching DNS forwarder and DHCP server.

crypto.c  (dnsmasq-2.84.tar.xz):crypto.c  (dnsmasq-2.85.tar.xz)
skipping to change at line 21 skipping to change at line 21
GNU General Public License for more details. GNU General Public License for more details.
You should have received a copy of the GNU General Public License You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. along with this program. If not, see <http://www.gnu.org/licenses/>.
*/ */
#include "dnsmasq.h" #include "dnsmasq.h"
#ifdef HAVE_DNSSEC #ifdef HAVE_DNSSEC
/* Minimal version of nettle */
#define MIN_VERSION(major, minor) (NETTLE_VERSION_MAJOR == (major) && NETTLE_VER
SION_MINOR >= (minor)) || \
(NETTLE_VERSION_MAJOR > (major))
#include <nettle/rsa.h> #include <nettle/rsa.h>
#include <nettle/ecdsa.h> #include <nettle/ecdsa.h>
#include <nettle/ecc-curve.h> #include <nettle/ecc-curve.h>
#if !defined(NETTLE_VERSION_MAJOR)
#define NETTLE_VERSION_MAJOR 2
#endif
#if MIN_VERSION(3, 1)
#include <nettle/eddsa.h> #include <nettle/eddsa.h>
#if NETTLE_VERSION_MAJOR == 3 && NETTLE_VERSION_MINOR >= 6 #endif
#if MIN_VERSION(3, 6)
# include <nettle/gostdsa.h> # include <nettle/gostdsa.h>
#endif #endif
#endif #endif
#if defined(HAVE_DNSSEC) || defined(HAVE_CRYPTOHASH) #if defined(HAVE_DNSSEC) || defined(HAVE_CRYPTOHASH)
#include <nettle/nettle-meta.h> #include <nettle/nettle-meta.h>
#include <nettle/bignum.h> #include <nettle/bignum.h>
/* Implement a "hash-function" to the nettle API, which simply returns /* Implement a "hash-function" to the nettle API, which simply returns
the input data, concatenated into a single, statically maintained, buffer. the input data, concatenated into a single, statically maintained, buffer.
skipping to change at line 117 skipping to change at line 126
{ {
if (!name) if (!name)
return NULL; return NULL;
/* We provide a "null" hash which returns the input data as digest. */ /* We provide a "null" hash which returns the input data as digest. */
if (strcmp(null_hash.name, name) == 0) if (strcmp(null_hash.name, name) == 0)
return &null_hash; return &null_hash;
/* libnettle >= 3.4 provides nettle_lookup_hash() which avoids nasty ABI /* libnettle >= 3.4 provides nettle_lookup_hash() which avoids nasty ABI
incompatibilities if sizeof(nettle_hashes) changes between library incompatibilities if sizeof(nettle_hashes) changes between library
versions. It also #defines nettle_hashes, so use that to tell versions. */
if we have the new facilities. */ #if MIN_VERSION(3, 4)
#ifdef nettle_hashes
return nettle_lookup_hash(name); return nettle_lookup_hash(name);
#else #else
{ {
int i; int i;
for (i = 0; nettle_hashes[i]; i++) for (i = 0; nettle_hashes[i]; i++)
if (strcmp(nettle_hashes[i]->name, name) == 0) if (strcmp(nettle_hashes[i]->name, name) == 0)
return nettle_hashes[i]; return nettle_hashes[i];
} }
skipping to change at line 173 skipping to change at line 180
} }
*ctxp = ctx; *ctxp = ctx;
*digestp = digest; *digestp = digest;
hash->init(ctx); hash->init(ctx);
return 1; return 1;
} }
#endif #endif /* defined(HAVE_DNSSEC) || defined(HAVE_CRYPTOHASH) */
#ifdef HAVE_DNSSEC #ifdef HAVE_DNSSEC
static int dnsmasq_rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len, static int dnsmasq_rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
unsigned char *digest, size_t digest_len, int algo) unsigned char *digest, size_t digest_len, int algo)
{ {
unsigned char *p; unsigned char *p;
size_t exp_len; size_t exp_len;
static struct rsa_public_key *key = NULL; static struct rsa_public_key *key = NULL;
skipping to change at line 240 skipping to change at line 247
unsigned char *sig, size_t sig_len, unsigned char *sig, size_t sig_len,
unsigned char *digest, size_t digest_len, int alg o) unsigned char *digest, size_t digest_len, int alg o)
{ {
unsigned char *p; unsigned char *p;
unsigned int t; unsigned int t;
struct ecc_point *key; struct ecc_point *key;
static struct ecc_point *key_256 = NULL, *key_384 = NULL; static struct ecc_point *key_256 = NULL, *key_384 = NULL;
static mpz_t x, y; static mpz_t x, y;
static struct dsa_signature *sig_struct; static struct dsa_signature *sig_struct;
#if NETTLE_VERSION_MAJOR == 3 && NETTLE_VERSION_MINOR < 4 #if !MIN_VERSION(3, 4)
#define nettle_get_secp_256r1() (&nettle_secp_256r1) #define nettle_get_secp_256r1() (&nettle_secp_256r1)
#define nettle_get_secp_384r1() (&nettle_secp_384r1) #define nettle_get_secp_384r1() (&nettle_secp_384r1)
#endif #endif
if (!sig_struct) if (!sig_struct)
{ {
if (!(sig_struct = whine_malloc(sizeof(struct dsa_signature)))) if (!(sig_struct = whine_malloc(sizeof(struct dsa_signature))))
return 0; return 0;
nettle_dsa_signature_init(sig_struct); nettle_dsa_signature_init(sig_struct);
skipping to change at line 303 skipping to change at line 310
if (!ecc_point_set(key, x, y)) if (!ecc_point_set(key, x, y))
return 0; return 0;
mpz_import(sig_struct->r, t, 1, 1, 0, 0, sig); mpz_import(sig_struct->r, t, 1, 1, 0, 0, sig);
mpz_import(sig_struct->s, t, 1, 1, 0, 0, sig + t); mpz_import(sig_struct->s, t, 1, 1, 0, 0, sig + t);
return nettle_ecdsa_verify(key, digest_len, digest, sig_struct); return nettle_ecdsa_verify(key, digest_len, digest, sig_struct);
} }
#if NETTLE_VERSION_MAJOR == 3 && NETTLE_VERSION_MINOR >= 6 #if MIN_VERSION(3, 6)
static int dnsmasq_gostdsa_verify(struct blockdata *key_data, unsigned int key_l en, static int dnsmasq_gostdsa_verify(struct blockdata *key_data, unsigned int key_l en,
unsigned char *sig, size_t sig_len, unsigned char *sig, size_t sig_len,
unsigned char *digest, size_t digest_len, int a lgo) unsigned char *digest, size_t digest_len, int a lgo)
{ {
unsigned char *p; unsigned char *p;
static struct ecc_point *gost_key = NULL; static struct ecc_point *gost_key = NULL;
static mpz_t x, y; static mpz_t x, y;
static struct dsa_signature *sig_struct; static struct dsa_signature *sig_struct;
skipping to change at line 344 skipping to change at line 351
if (!ecc_point_set(gost_key, x, y)) if (!ecc_point_set(gost_key, x, y))
return 0; return 0;
mpz_import(sig_struct->r, 32, 1, 1, 0, 0, sig); mpz_import(sig_struct->r, 32, 1, 1, 0, 0, sig);
mpz_import(sig_struct->s, 32, 1, 1, 0, 0, sig + 32); mpz_import(sig_struct->s, 32, 1, 1, 0, 0, sig + 32);
return nettle_gostdsa_verify(gost_key, digest_len, digest, sig_struct); return nettle_gostdsa_verify(gost_key, digest_len, digest, sig_struct);
} }
#endif #endif
#if MIN_VERSION(3, 1)
static int dnsmasq_eddsa_verify(struct blockdata *key_data, unsigned int key_len , static int dnsmasq_eddsa_verify(struct blockdata *key_data, unsigned int key_len ,
unsigned char *sig, size_t sig_len, unsigned char *sig, size_t sig_len,
unsigned char *digest, size_t digest_len, int alg o) unsigned char *digest, size_t digest_len, int alg o)
{ {
unsigned char *p; unsigned char *p;
if (digest_len != sizeof(struct null_hash_digest) || if (digest_len != sizeof(struct null_hash_digest) ||
!(p = blockdata_retrieve(key_data, key_len, NULL))) !(p = blockdata_retrieve(key_data, key_len, NULL)))
return 0; return 0;
skipping to change at line 370 skipping to change at line 378
case 15: case 15:
if (key_len != ED25519_KEY_SIZE || if (key_len != ED25519_KEY_SIZE ||
sig_len != ED25519_SIGNATURE_SIZE) sig_len != ED25519_SIGNATURE_SIZE)
return 0; return 0;
return ed25519_sha512_verify(p, return ed25519_sha512_verify(p,
((struct null_hash_digest *)digest)->len, ((struct null_hash_digest *)digest)->len,
((struct null_hash_digest *)digest)->buff, ((struct null_hash_digest *)digest)->buff,
sig); sig);
#if NETTLE_VERSION_MAJOR == 3 && NETTLE_VERSION_MINOR >= 6 #if MIN_VERSION(3, 6)
case 16: case 16:
if (key_len != ED448_KEY_SIZE || if (key_len != ED448_KEY_SIZE ||
sig_len != ED448_SIGNATURE_SIZE) sig_len != ED448_SIGNATURE_SIZE)
return 0; return 0;
return ed448_shake256_verify(p, return ed448_shake256_verify(p,
((struct null_hash_digest *)digest)->len, ((struct null_hash_digest *)digest)->len,
((struct null_hash_digest *)digest)->buff, ((struct null_hash_digest *)digest)->buff,
sig); sig);
#endif #endif
} }
return 0; return 0;
} }
#endif
static int (*verify_func(int algo))(struct blockdata *key_data, unsigned int key _len, unsigned char *sig, size_t sig_len, static int (*verify_func(int algo))(struct blockdata *key_data, unsigned int key _len, unsigned char *sig, size_t sig_len,
unsigned char *digest, size_t digest_len, int algo) unsigned char *digest, size_t digest_len, int algo)
{ {
/* Ensure at runtime that we have support for this digest */ /* Ensure at runtime that we have support for this digest */
if (!hash_find(algo_digest_name(algo))) if (!hash_find(algo_digest_name(algo)))
return NULL; return NULL;
/* This switch defines which sig algorithms we support, can't introspect Nettl e for that. */ /* This switch defines which sig algorithms we support, can't introspect Nettl e for that. */
switch (algo) switch (algo)
{ {
case 5: case 7: case 8: case 10: case 5: case 7: case 8: case 10:
return dnsmasq_rsa_verify; return dnsmasq_rsa_verify;
#if NETTLE_VERSION_MAJOR == 3 && NETTLE_VERSION_MINOR >= 6 #if MIN_VERSION(3, 6)
case 12: case 12:
return dnsmasq_gostdsa_verify; return dnsmasq_gostdsa_verify;
#endif #endif
case 13: case 14: case 13: case 14:
return dnsmasq_ecdsa_verify; return dnsmasq_ecdsa_verify;
#if MIN_VERSION(3, 1)
case 15: case 16: case 15: case 16:
return dnsmasq_eddsa_verify; return dnsmasq_eddsa_verify;
#endif
} }
return NULL; return NULL;
} }
int verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len, int verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
unsigned char *digest, size_t digest_len, int algo) unsigned char *digest, size_t digest_len, int algo)
{ {
int (*func)(struct blockdata *key_data, unsigned int key_len, unsigned char *s ig, size_t sig_len, int (*func)(struct blockdata *key_data, unsigned int key_len, unsigned char *s ig, size_t sig_len,
 End of changes. 13 change blocks. 
11 lines changed or deleted 22 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)